[Freeipa-devel] [PATCH] 350 Upgrade process should not crash on named restart

Tue Jan 15 15:44:01 UTC 2013

On 01/15/2013 04:17 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 01/15/2013 03:44 PM, Simo Sorce wrote:
>>> On Tue, 2013-01-15 at 15:37 +0100, Martin Kosek wrote:
>>>> On 01/15/2013 02:43 PM, Simo Sorce wrote:
>>>>> On Tue, 2013-01-15 at 13:30 +0100, Martin Kosek wrote:
>>>>>> When either dirsrv or krb5kdc is down, named service restart in
>>>>>> ipa-upgradeconfig will fail and cause a crash of the whole upgrade
>>>>>> process.
>>>>>>
>>>>>> Rather only report a failure to restart the service and continue
>>>>>> with the upgrade as it does not need the named service running. Do
>>>>>> the same precaution for pki-ca service restart.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/3350
>>>>>
>>>>> Shouldn't we note it failed and retry later ?
>>>>> Is there a risk it will be down at the end of the upgrade process ?
>>>>>
>>>>> Simo.
>>>>>
>>>>
>>>> Seems like an overkill to me. It would not certainly help in this
>>>> case, because
>>>> the processes that named requires are down. As Rob suggested, user
>>>> upgrading
>>>> the IPA may be running in a lower run level for example, it that case
>>>> I think
>>>> we may not even try to restart the service.
>>>
>>> Oh I guess I wasn't clear, I did not mean to try to restart the service
>>> immediately or multiple times, I meant to make sure that if the service
>>> was running when the *whole* update started to make sure it is still
>>> running when the whole update finishes.
>>>
>>> The scenario is:
>>>
>>> 1. ipa runnig
>>> 2. do upgrade
>>> 3. restart fails for some reason
>>> 4. update completes
>>>
>>> now what I would like to make sure is that if the restart failed at 3 we
>>> try a restart after 4 so that we try to get things up when all the
>>> updates are done.
>>>
>>> Makes sense ?
>>
>> Sort of. To be able to do this, I think we would need to at first get a
>> list of all running services (as user may have purposefully shut down
>> some service), then run the upgrades and check that all services in this
>> list are still running at the end of the upgrade. If not, try to amend it.
>>
>> While this looks useful-ish, I would rather keep the patch 350 simple as
>> we are close to the release and I do not want to get too wild.
>>
>>>
>>>> Now when I am thinking about it, maybe we should only try to restart
>>>> if the
>>>> service is running - because otherwise it would be started later and the
>>>> changes that were done in scope of upgrade script would be applied.
>>>
>>> Yes we should do a conditional restart only, and it is ok to proceeded
>>> if it fails, we want to complete the upgrade process in any case, not
>>> break out in the middle if at all possible.
>>>
>>> Simo.
>>>
>>
>> Right, I will send an updated patch which restarts the named/pki-ca
>> service only if it is running.
>
> ACK on this patch as-is. I think we have room for improvement/discussion. Can
> you open a RFE ticket to investigate any further work we might want to do?

Sure, this is the ticket: https://fedorahosted.org/freeipa/ticket/3351

Anyway, I rebased the patch also for master and ipa-3-1 and pushed it to all 
three branches, i.e. master, ipa-3-1, ipa-3-0.

Martin

>
> rob
>