[Freeipa-devel] [PATCHES] 0039-0040 systemd ipactl fixes

Simo Sorce simo at redhat.com
Mon Jul 8 13:25:43 UTC 2013 

On Mon, 2013-07-08 at 16:18 +0300, Alexander Bokovoy wrote:
> On Mon, 08 Jul 2013, Simo Sorce wrote:
> >On Thu, 2013-06-20 at 17:13 +0200, Ana Krivokapic wrote:
> >> -After=network.target
> >> +After=network.target dirsrv.target
> >> pki-tomcatd at pki-tomcat.service pki-cad.target certmonger.service
> >> httpd.service krb5kdc.service messagebus.service nslcd.service
> >> nscd.service ntpd.service portmap.service rpcbind.service
> >> kadmin.service sshd.service autofs.service rpcgssd.service
> >> rpcidmapd.service chronyd.service
> >>
> >Won't this cause ipa.service to try to restart things twice ?
> >Also this will unconditionally try to start the CA even if not
> >installed.
> No, this is for dependency ordering only, not for actual start/stop
> dependency action.
> 
> From systemd.unit(5):
> 
> Note that this setting is independent of and orthogonal to the
> requirement dependencies as configured by Requires=. It is a common
> pattern to include a unit name in both the After= and Requires= option
> in which case the unit listed will be started before the unit that is
> configured with these options. This option may be specified more than
> once, in which case ordering dependencies for all listed names are
> created.

Yes but what is the point of "starting" ipa.service "after" its own
components ?

I can understand putting there the following:
 * network.target
 * certmonger.service
 * messagebus.service

I do not understand putting there these:
 * dirsrv.target
 * pki-tomcatd at pki-tomcat.service
 * pki-cad.target
 * httpd.service
 * krb5kdc.service
 * kadmin.service
 * ntpd.service
As these are started by ipa.service itself

I am not sure why these are put there either:
 * nslcd.service
 * nscd.service
 * portmap.service
 * rpcbind.service
 * sshd.service
 * autofs.service
 * rpcgssd.service
 * rpcidmapd.service
 * chronyd.service
Why do we need to be started after these ? We have no direct dependency.
Besides we do not use nslcd, nscd, chronyd at all when installing
freeipa as we replace all of them with sssd (actually not listed at all)
and ntpd

Also why nfs and the rpc stuff should be started earlier ?
rpcgssd in particular may try to kinit with the nfs keytab, so starting
it before the kdc wouldn't work well.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list