[Freeipa-devel] [PATCH] 88 ipa-adtrust-install: restart httpd to pick up new plugins
Rob Crittenden
rcritten at redhat.com
Mon Oct 29 21:11:27 UTC 2012
Sumit Bose wrote:
> On Wed, Oct 24, 2012 at 01:07:03PM +0200, Martin Kosek wrote:
>> On 10/24/2012 12:48 PM, Sumit Bose wrote:
>>> On Wed, Oct 24, 2012 at 12:31:57PM +0200, Martin Kosek wrote:
>>>> On 10/24/2012 12:19 PM, Sumit Bose wrote:
>>>>> Hi,
>>>>>
>>>>> this patches fixes https://fedorahosted.org/freeipa/ticket/3185 by
>>>>> restarting httpd as one of the last steps of ipa-adtrust-install.
>>>>>
>>>>> bye,
>>>>> Sumit
>>>>>
>>>>
>>>> This patch is targeted to pick up trust plugins (adtrustinstance, dcerpc)
>>>> installed during freeipa-server-trust-ad RPM install? I am still not sure if we
>>>> should not rather reload httpd server during freeipa-server update %post,
>>>> because this way, httpd will be restarted every time that someone runs
>>>> ipa-adtrust-install even though the plugins were already picked up long time ago...
>>>
>>> yes, I think you are right. A restart during the package installation
>>> might be better. Also the the case of updates we might want to restart
>>> httpd in the %post section.
>>
>> Exactly. I think simple reload would be enough to force httpd load all new
>> Python bits, we do not need to do a full blown restart, IMO.
>>
>> We will just need to find out if IPA is actually configured so that we do not
>> reload httpd in that case. Checking that
>> /var/lib/ipa/sysrestore/sysrestore.index
>> exists and has at least two lines should be enough for the check. We do it
>> similarly in is_ipa_configured() function.
>>
>> I am thinking that we will need the check+reload for both freeipa-server +
>> freeipa-server-trust-ad, right? Because someone can install freeipa-server at
>> once and then install freeipa-server-trust-ad after that.
>
> The new version of the patch add a conditional restart to the
> freeipa-server-trust-ad package. So far I do not see the reason why it
> must be done for freeipa-server. Maybe freeipa-python?
Would this be overkill to determine if IPA is already configured rather
than counting values in sysrestore?
python -c "from ipaserver.install import installutils; print
installutils.is_ipa_configured()"
We don't have to address it in this patch but at what point do we want
to drop the sysV checks in our dev spec file?
rob
More information about the Freeipa-devel
mailing list