[Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
Fraser Tweedale
ftweedal at redhat.com
Mon May 25 14:07:44 UTC 2015
On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
> On 25/05/15 13:57, Martin Basti wrote:
> >On 25/05/15 09:20, Fraser Tweedale wrote:
> >>On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
> >>>Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
> >>>>On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
> >>>>>On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
> >>>>>>This patch should fix following traceback.
> >>>>>>
> >>>>>>2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>>>>
> >>>>>>line 304, in __upgrade
> >>>>>> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>>>>line 314, in __init__
> >>>>>> self.create_connection()
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>>>>line 862, in create_connection
> >>>>>> autobind=self.ldapi)
> >>>>>> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
> >>>>>>66, in connect
> >>>>>> conn = self.create_connection(*args, **kw)
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> >>>>>>188, in create_connection
> >>>>>> client_controls=clientctrls)
> >>>>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>>>>>line
> >>>>>>1074, in external_bind
> >>>>>> '', auth_tokens, server_controls, client_controls)
> >>>>>> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> >>>>>> self.gen.throw(type, value, traceback)
> >>>>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>>>>>line
> >>>>>>976, in error_handler
> >>>>>> error=info)
> >>>>>>NetworkError: cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>
> >>>>>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>>>>>line
> >>>>>>388, in start_creation
> >>>>>> run_step(full_msg, method)
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>>>>>line
> >>>>>>378, in run_step
> >>>>>> method()
> >>>>>> File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>>>>
> >>>>>>line 315, in __upgrade
> >>>>>> raise RuntimeError(e)
> >>>>>>RuntimeError: cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>
> >>>>>>Reason was the ipa-server-install tried to connect before DS was
> >>>>>>ready.
> >>>>>>
> >>>>>>The patch adds waiting until DS is ready.
> >>>>>>
> >>>>>>Patch attached.
> >>>>>>
> >>>>>>Fraser can you please check if this fix works? I can't reproduce it.
> >>>>>>Thank you, Martin^2.
> >>>>>>
> >>>>>ACK; fixes the issue for me.
> >>>>>
> >>>>>One minor comment:
> >>>>>
> >>>>>>+ def __start(self):
> >>>>>>+ super(IPAUpgrade, self).start()
> >>>>>>
> >>>>>> def __stop_instance(self):
> >>>>>> """Stop only the main DS instance"""
> >>>>>>@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
> >>>>>> self.step("saving configuration", self.__save_config)
> >>>>>> self.step("disabling listeners", self.__disable_listeners)
> >>>>>> self.step("enabling DS global lock",
> >>>>>>self.__enable_ds_global_write_lock)
> >>>>>>- self.step("starting directory server", self.__start_nowait)
> >>>>>>+ self.step("starting directory server", self.__start)
> >>>>>I think you can just say `self.start' and remove `__start' function.
> >>>>>
> >>>>>Cheers,
> >>>>>Fraser
> >>>>>
> >>>>Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
> >>>This semi-breaks ipa-server-install for me:
> >>>
> >>>Configuring directory server (dirsrv): Estimated time 1 minute
> >>> [1/38]: creating directory server user
> >>> [2/38]: creating directory server instance
> >>>ipa : CRITICAL Failed to restart the directory server ([Errno
> >>>2] No
> >>>such file or directory). See the installation log for details.
> >>> [3/38]: adding default schema
> >>> [4/38]: enabling memberof plugin
> >>>
> >>>It would be nice to check if the socket exists before waiting for it.
> >>>
> >>This (non-catastrophic but annoying) regression occurred for me too.
> >>I wasn't paying enough attention to ipa-server-install before I
> >>ACKed the patch :/
> >>
> >>>--
> >>>Jan Cholasta
> >Hello,
> >
> >this patch fixes the issue.
> >
> >
> >
> >
> >
> Updated patch attached
>
> --
> Martin Basti
>
> From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
> From: Martin Basti <mbasti at redhat.com>
> Date: Mon, 25 May 2015 09:01:42 +0200
> Subject: [PATCH] Fix: use DS socket check only for upgrade
>
> To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
> for installation.
>
> Without enabled LDAPi socket checking doesnt work.
>
> https://fedorahosted.org/freeipa/ticket/4904
> ---
> ipaplatform/redhat/services.py | 43 ++++++++++++++++++++++++------------
> ipaserver/install/upgradeinstance.py | 3 ++-
> 2 files changed, 31 insertions(+), 15 deletions(-)
>
> diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
> index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644
> --- a/ipaplatform/redhat/services.py
> +++ b/ipaplatform/redhat/services.py
> @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
> import os
> import time
> import xml.dom.minidom
> +import contextlib
>
> from ipaplatform.tasks import tasks
> from ipaplatform.base import services as base_services
> @@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):
>
> return True
>
> - def restart(self, instance_name="", capture_output=True, wait=True):
> + def restart(self, instance_name="", capture_output=True, wait=True,
> + ldapi=False):
> # We need to explicitly enable instances to install proper symlinks as
> # dirsrv.target.wants/ dependencies. Standard systemd service class does it
> # on enable() method call. Unfortunately, ipa-server-install does not do
> @@ -150,22 +152,35 @@ class RedHatDirectoryService(RedHatService):
> os.unlink(srv_lnk)
> os.symlink(srv_etc, srv_lnk)
>
> - super(RedHatDirectoryService, self).restart(instance_name,
> - capture_output=capture_output, wait=wait)
> + with self.__wait(instance_name, wait, ldapi) as wait:
> + super(RedHatDirectoryService, self).restart(
> + instance_name, capture_output=capture_output, wait=wait)
>
> - def wait_for_open_ports(self, instance_name=""):
> - if instance_name.endswith('.service'):
> - instance_name = instance_name[:-8]
> - if instance_name.startswith('dirsrv@'):
> - instance_name = instance_name[7:]
> + def start(self, instance_name="", capture_output=True, wait=True,
> + ldapi=False):
> + with self.__wait(instance_name, wait, ldapi) as wait:
> + super(RedHatDirectoryService, self).start(
> + instance_name, capture_output=capture_output, wait=wait)
>
> - if instance_name:
> -
> - ipautil.wait_for_open_socket(
> - paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
> - self.api.env.startup_timeout)
> + @contextlib.contextmanager
> + def __wait(self, instance_name, wait, ldapi):
> + if ldapi:
> + instance_name = self.service_instance(instance_name)
> + if instance_name.endswith('.service'):
> + instance_name = instance_name[:-8]
> + if instance_name.startswith('dirsrv'):
> + # this is intentional, return the empty string if the instance
> + # name is 'dirsrv'
> + instance_name = instance_name[7:]
> + if not instance_name:
> + ldapi = False
> + if ldapi:
> + yield False
> + socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name
> + ipautil.wait_for_open_socket(socket_name,
> + self.api.env.startup_timeout)
> else:
> - super(RedHatDirectoryService, self).wait_for_open_ports()
> + yield wait
>
>
> class RedHatIPAService(RedHatService):
> diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
> index d58c934bc1bd926c0c0c068086c746ac28e8c737..10f7c2ce0c25e733fb572502add82eedadf73d05 100644
> --- a/ipaserver/install/upgradeinstance.py
> +++ b/ipaserver/install/upgradeinstance.py
> @@ -24,6 +24,7 @@ import shutil
> import random
> import traceback
> from ipaplatform.paths import paths
> +from ipaplatform import services
> from ipapython.ipa_log_manager import *
> from ipapython import ipaldap
>
> @@ -172,7 +173,7 @@ class IPAUpgrade(service.Service):
> self.realm = realm_name
>
> def __start(self):
> - super(IPAUpgrade, self).start()
> + services.service(self.service_name).start(self.serverid, ldapi=True)
>
> def __stop_instance(self):
> """Stop only the main DS instance"""
> --
> 2.1.0
>
I tested 0259.1 (it worked for install and update) but not 0259.2
yet. 0259.2 looks OK though; ACK if tested for install and update.
Fraser
More information about the Freeipa-devel
mailing list