[Freeipa-devel] [PATCH, 2.1] 0021 Fedora 16 and systemd support
Martin Kosek
mkosek at redhat.com
Tue Oct 18 13:29:47 UTC 2011
On Tue, 2011-10-18 at 15:48 +0300, Alexander Bokovoy wrote:
> On Tue, 18 Oct 2011, Alexander Bokovoy wrote:
> > > ipa.init was removed from the git, but it was never moved to
> > > init/SystemV/.
> > It should have been moved (rm+new file). I'll check what's happening
> > there, maybe Simo's patch omitted that one?
> >
> > http://koji.fedoraproject.org/koji/taskinfo?taskID=3437275 is current
> > scratch build of 2.1 for F-16. It is 2.1.2+diff up to current ipa-2-1
> > git tree + systemd patch.
> I did another rebase and current version of systemd support for
> ipa-2-1 is in systemd-ipa-2-1 branch of my tree:
> http://fedorapeople.org/gitweb?p=abbra/public_git/freeipa.git;a=shortlog;h=refs/heads/systemd-ipa-2-1
>
Yep, ipa.init is now correctly moved and I was able to compile ipa on
both F-15 and F-16. I still have few question/issues:
1) When ipa is not configured, it is ok that ipa.service status returns
error. However, I still got ipa.service status error after the ipa was
configured:
# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
Loaded: loaded (/lib/systemd/system/ipa.service; disabled)
Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 1min 50s ago
Main PID: 18499 (code=exited, status=6)
CGroup: name=systemd:/system/ipa.service
# /usr/sbin/ipactl status
IPA is not configured (see man pages of ipa-server-install for help)
# ipa-server-install
...
Applying LDAP updates
Restarting IPA to initialize updates before performing deletes:
[1/2]: stopping directory server
[2/2]: starting directory server
done configuring dirsrv.
Restarting the directory server
Restarting the KDC
Restarting the web server
Sample zone file for bind has been created in /tmp/sample.zone.teFbNR.db
==============================================================================
Setup complete
Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
UDP Ports:
* 88, 464: kerberos
* 123: ntp
2. You can now obtain a kerberos ticket using the command: 'kinit admin'
This ticket will allow you to use the IPA tools (e.g., ipa user-add)
and the web user interface.
Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password
# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
Active: failed since Tue, 18 Oct 2011 09:04:41 -0400; 6min ago
Main PID: 18499 (code=exited, status=6)
CGroup: name=systemd:/system/ipa.service
2) ipactl shows stopped dirsrv and CA service even though they should be
up (cert-show command worked):
# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: STOPPED
HTTP Service: RUNNING
CA Service: STOPPED
When I restarted the ipa service, everything was OK including the status
I mentioned in my previous mail:
# systemctl restart ipa.service
# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
# systemctl status ipa.service
ipa.service - Identity, Policy, Audit
Loaded: loaded (/lib/systemd/system/ipa.service; enabled)
Active: active (exited) since Tue, 18 Oct 2011 09:18:32 -0400; 2min 41s ago
Process: 20069 ExecStart=/usr/sbin/ipactl start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/ipa.service
Martin
More information about the Freeipa-devel
mailing list