[Freeipa-devel] [PATCH 0083] Make CS.cfg edits with CA instance stopped

Tomas Babej tbabej at redhat.com
Fri Aug 23 12:23:15 UTC 2013 

On 08/05/2013 05:43 PM, Martin Kosek wrote:
> On 08/02/2013 03:32 PM, Tomas Babej wrote:
>> Hi,
>>
>> This patch makes sure that all edits to CS.cfg configuration file
>> are performed while pki-tomcatd service is stopped.
>>
>> Introduces a new contextmanager stopped_service for handling
>> a general problem of performing a task that needs certain service
>> being stopped.
>>
>> https://fedorahosted.org/freeipa/ticket/3804
>>
>> Tomas
>>
> 1) I think it would make sense to ideally run the steps updating CS.cfg close
> together, stop PKI before this group and start it after it finishes. Otherwise,
> installer runs many service stops and starts which may be error prone,
> especially given the fragile (and sometimes slow) java server handling.
>
> 2) I am thinking that stopped_service context manager could be as well defined
> in ipaserver/install/service.py, as a context manager of the class. That way,
> every installer class could use that like:
>
> class CAInstance():
>     ...
>     def __some_step(self):
>        with self.stopped_service(start_when_finished=True):
>            # do something

I considered this approach, but this might introduce unnecessary errors if
we ever reorder the install steps in cainstance.py. I rather added two
explicit steps to stop and start the CA instance.

> That way, context manager could just use self.name to avoid numerous hardcoded
> service names like:
>
> ...
>          with stopped_service('pki_tomcatd',
>                          instance_name=self.dogtag_constants.PKI_INSTANCE_NAME):
> ...
>

Yes, but there are functions outside CAInstance class that leverage this
context.

> 3) After I installed pki-ca, I saw no published CRL files:
> # ls -la /var/lib/ipa/pki-ca/publish/
>
> I am not sure what is the root cause, maybe some of the numerous start/restarts
> broke the publisher process.
I'm not seeing this with the updated version of the patch anymore.

> Martin

Updated patch attached.

-- 
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0083-2-Make-CS.cfg-edits-with-CA-instance-stopped.patch
Type: text/x-patch
Size: 13815 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130823/5a6f371d/attachment.bin>

More information about the Freeipa-devel mailing list