[Freeipa-devel] [PATCH] 88 ipa-adtrust-install: restart httpd to pick up new plugins

[Martin Kosek]

On 10/24/2012 12:48 PM, Sumit Bose wrote:
> On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote:
>> On 10/24/2012 12:19 PM, Sumit Bose wrote:
>>> Hi,
>>>
>>> this patches fixes https://fedorahosted.org/freeipa/ticket/3185 by
>>> restarting httpd as one of the last steps of ipa-adtrust-install.
>>>
>>> bye,
>>> Sumit
>>>
>>
>> This patch is targeted to pick up trust plugins (adtrustinstance, dcerpc)
>> installed during freeipa-server-trust-ad RPM install? I am still not sure if we
>> should not rather reload httpd server during freeipa-server update %post,
>> because this way, httpd will be restarted every time that someone runs
>> ipa-adtrust-install even though the plugins were already picked up long time ago...
> 
> yes, I think you are right. A restart during the package installation
> might be better. Also the the case of updates we might want to restart
> httpd in the %post section.

Exactly. I think simple reload would be enough to force httpd load all new
Python bits, we do not need to do a full blown restart, IMO.

We will just need to find out if IPA is actually configured so that we do not
reload httpd in that case. Checking that
/var/lib/ipa/sysrestore/sysrestore.index
exists and has at least two lines should be enough for the check. We do it
similarly in is_ipa_configured() function.

I am thinking that we will need the check+reload for both freeipa-server +
freeipa-server-trust-ad, right? Because someone can install freeipa-server at
once and then install freeipa-server-trust-ad after that.

> 
> I can create a new patch for the upstream spec file. How is this
> propagated to the spec files for RHEL and Fedora? Shall I clone the
> RHEL-6 ticket https://bugzilla.redhat.com/show_bug.cgi?id=866966 for Fedora?

The ticket 3185 is already the clone, i.e. I don't think there is anything we
need to do with ticket or BZ. RHEL spec will be updated when Rob processes the
Bugzilla :-)

Martin