[Freeipa-devel] [PATCH 3/3] Get list of service from LDAP only at startup
Rob Crittenden
rcritten at redhat.com
Mon Oct 29 19:41:49 UTC 2012
Simo Sorce wrote:
> On Fri, 2012-10-26 at 16:30 -0400, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> From: Simo Sorce <ssorce at redhat.com>
>>>
>>> We check (possibly different) data from LDAP only at (re)start.
>>> This way we always shutdown exactly the services we started even if the list
>>> changed in the meanwhile (we avoid leaving a service running even if it was
>>> removed from LDAP as the admin decided it should not be started in future).
>>>
>>> This should also fix a problematic deadlock with systemd when we try to read
>>> the list of service from LDAP at shutdown.
>>
>> I'm thinking that in patch 2 we need to be sure the name is unique, for
>> whatever reason, when starting a service. I'm not sure if it is related
>> to this or not:
>>
>> ...
>> Done configuring the web interface (httpd).
>> Applying LDAP updates
>> Restarting the directory server
>> Restarting the KDC
>> Sample zone file for bind has been created in /tmp/sample.zone.t1LC7e.db
>> Restarting the web server
>> Unexpected error - see /var/log/ipaserver-install.log for details:
>> CalledProcessError: Command '/bin/systemctl restart ipa.service'
>> returned non-zero exit status 1
>> [root at rawhide2 freeipa]# cat /var/run/ipa/services.list
>> ["messagebus", "certmonger", "ntpd", "messagebus", "certmonger",
>> "messagebus", "certmonger", "certmonger", "messagebus", "certmonger",
>> "certmonger", "krb5kdc", "messagebus", "certmonger", "certmonger"]
>
> Maybe I should add code to remove entries on stop() ?
> I haven't considered the case where our own code stop instances outside
> of ipactl stop
>
> Now having duplicate instances shouldn't be fatal but maybe systemd is
> returning an error to signal the instance was already started ?
Maybe converting the list to a set before starting would be enough.
>
>> I don't see any smoking gun in the install log:
>>
>> 2012-10-26T20:27:40Z DEBUG Starting external process
>> 2012-10-26T20:27:40Z DEBUG args=/bin/systemctl restart ipa.service
>> 2012-10-26T20:27:42Z DEBUG Process finished, return code=1
>> 2012-10-26T20:27:42Z DEBUG stdout=
>> 2012-10-26T20:27:42Z DEBUG stderr=Job for ipa.service failed. See
>> 'systemctl status ipa.service' and 'journalctl' for details.
>>
>> 2012-10-26T20:27:42Z INFO File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
>> line 614, in run_script
>> return_value = main_function()
>>
>> File "/usr/sbin/ipa-server-install", line 1100, in main
>> ipaservices.knownservices.ipa.enable()
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py", line
>> 129, in enable
>> self.restart(instance_name)
>>
>> File
>> "/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py", line
>> 104, in restart
>> ipautil.run(["/bin/systemctl", "restart",
>> self.service_instance(instance_name)], capture_output=capture_output)
>>
>> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
>> 323, in run
>> raise CalledProcessError(p.returncode, arg_string)
>>
>> 2012-10-26T20:27:42Z INFO The ipa-server-install command failed,
>> exception: CalledProcessError: Command '/bin/systemctl restart
>> ipa.service' returned non-zero exit status 1
>
> So it returned just 1 without any error message ?
>
> Simo.
>
>
# /bin/systemctl status ipa.service
ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled)
Active: failed (Result: exit-code) since Fri, 26 Oct 2012
16:27:42 -0400; 2 days ago
Process: 17543 ExecStart=/usr/sbin/ipactl start (code=exited,
status=1/FAILURE)
CGroup: name=systemd:/system/ipa.service
Oct 26 16:27:40 rawhide2.greyoak.com systemd[1]: Starting Identity,
Policy, Audit...
Oct 26 16:27:41 rawhide2.greyoak.com ipactl[17543]: IPA service already
started!
Oct 26 16:27:42 rawhide2.greyoak.com systemd[1]: Failed to start
Identity, Policy, Audit.
More information about the Freeipa-devel
mailing list