[Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart

Fraser Tweedale ftweedal at redhat.com
Mon May 25 14:07:44 UTC 2015 

On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
> On 25/05/15 13:57, Martin Basti wrote:
> >On 25/05/15 09:20, Fraser Tweedale wrote:
> >>On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
> >>>Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
> >>>>On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
> >>>>>On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
> >>>>>>This patch should fix following traceback.
> >>>>>>
> >>>>>>2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>>>>
> >>>>>>line 304, in __upgrade
> >>>>>>     ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>>>>line 314, in __init__
> >>>>>>     self.create_connection()
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> >>>>>>line 862, in create_connection
> >>>>>>     autobind=self.ldapi)
> >>>>>>   File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
> >>>>>>66, in connect
> >>>>>>     conn = self.create_connection(*args, **kw)
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
> >>>>>>188, in create_connection
> >>>>>>     client_controls=clientctrls)
> >>>>>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>>>>>line
> >>>>>>1074, in external_bind
> >>>>>>     '', auth_tokens, server_controls, client_controls)
> >>>>>>   File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> >>>>>>     self.gen.throw(type, value, traceback)
> >>>>>>   File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
> >>>>>>line
> >>>>>>976, in error_handler
> >>>>>>     error=info)
> >>>>>>NetworkError: cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>
> >>>>>>2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>>>>>line
> >>>>>>388, in start_creation
> >>>>>>     run_step(full_msg, method)
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> >>>>>>line
> >>>>>>378, in run_step
> >>>>>>     method()
> >>>>>>   File
> >>>>>>"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> >>>>>>
> >>>>>>line 315, in __upgrade
> >>>>>>     raise RuntimeError(e)
> >>>>>>RuntimeError: cannot connect to
> >>>>>>'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
> >>>>>>
> >>>>>>Reason was the ipa-server-install tried to connect before DS was
> >>>>>>ready.
> >>>>>>
> >>>>>>The patch adds waiting until DS is ready.
> >>>>>>
> >>>>>>Patch attached.
> >>>>>>
> >>>>>>Fraser can you please check if this fix works? I can't reproduce it.
> >>>>>>Thank you, Martin^2.
> >>>>>>
> >>>>>ACK; fixes the issue for me.
> >>>>>
> >>>>>One minor comment:
> >>>>>
> >>>>>>+    def __start(self):
> >>>>>>+        super(IPAUpgrade, self).start()
> >>>>>>
> >>>>>>      def __stop_instance(self):
> >>>>>>          """Stop only the main DS instance"""
> >>>>>>@@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
> >>>>>>          self.step("saving configuration", self.__save_config)
> >>>>>>          self.step("disabling listeners", self.__disable_listeners)
> >>>>>>          self.step("enabling DS global lock",
> >>>>>>self.__enable_ds_global_write_lock)
> >>>>>>-        self.step("starting directory server", self.__start_nowait)
> >>>>>>+        self.step("starting directory server", self.__start)
> >>>>>I think you can just say `self.start' and remove `__start' function.
> >>>>>
> >>>>>Cheers,
> >>>>>Fraser
> >>>>>
> >>>>Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
> >>>This semi-breaks ipa-server-install for me:
> >>>
> >>>Configuring directory server (dirsrv): Estimated time 1 minute
> >>>   [1/38]: creating directory server user
> >>>   [2/38]: creating directory server instance
> >>>ipa         : CRITICAL Failed to restart the directory server ([Errno
> >>>2] No
> >>>such file or directory). See the installation log for details.
> >>>   [3/38]: adding default schema
> >>>   [4/38]: enabling memberof plugin
> >>>
> >>>It would be nice to check if the socket exists before waiting for it.
> >>>
> >>This (non-catastrophic but annoying) regression occurred for me too.
> >>I wasn't paying enough attention to ipa-server-install before I
> >>ACKed the patch :/
> >>
> >>>-- 
> >>>Jan Cholasta
> >Hello,
> >
> >this patch fixes the issue.
> >
> >
> >
> >
> >
> Updated patch attached
> 
> -- 
> Martin Basti
> 

> From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
> From: Martin Basti <mbasti at redhat.com>
> Date: Mon, 25 May 2015 09:01:42 +0200
> Subject: [PATCH] Fix: use DS socket check only for upgrade
> 
> To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
> for installation.
> 
> Without enabled LDAPi socket checking doesnt work.
> 
> https://fedorahosted.org/freeipa/ticket/4904
> ---
>  ipaplatform/redhat/services.py       | 43 ++++++++++++++++++++++++------------
>  ipaserver/install/upgradeinstance.py |  3 ++-
>  2 files changed, 31 insertions(+), 15 deletions(-)
> 
> diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
> index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644
> --- a/ipaplatform/redhat/services.py
> +++ b/ipaplatform/redhat/services.py
> @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
>  import os
>  import time
>  import xml.dom.minidom
> +import contextlib
>  
>  from ipaplatform.tasks import tasks
>  from ipaplatform.base import services as base_services
> @@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):
>  
>          return True
>  
> -    def restart(self, instance_name="", capture_output=True, wait=True):
> +    def restart(self, instance_name="", capture_output=True, wait=True,
> +                ldapi=False):
>      # We need to explicitly enable instances to install proper symlinks as
>      # dirsrv.target.wants/ dependencies. Standard systemd service class does it
>      # on enable() method call. Unfortunately, ipa-server-install does not do
> @@ -150,22 +152,35 @@ class RedHatDirectoryService(RedHatService):
>                  os.unlink(srv_lnk)
>                  os.symlink(srv_etc, srv_lnk)
>  
> -        super(RedHatDirectoryService, self).restart(instance_name,
> -            capture_output=capture_output, wait=wait)
> +        with self.__wait(instance_name, wait, ldapi) as wait:
> +            super(RedHatDirectoryService, self).restart(
> +                instance_name, capture_output=capture_output, wait=wait)
>  
> -    def wait_for_open_ports(self, instance_name=""):
> -        if instance_name.endswith('.service'):
> -            instance_name = instance_name[:-8]
> -        if instance_name.startswith('dirsrv@'):
> -            instance_name = instance_name[7:]
> +    def start(self, instance_name="", capture_output=True, wait=True,
> +              ldapi=False):
> +        with self.__wait(instance_name, wait, ldapi) as wait:
> +            super(RedHatDirectoryService, self).start(
> +                instance_name, capture_output=capture_output, wait=wait)
>  
> -        if instance_name:
> -
> -            ipautil.wait_for_open_socket(
> -                paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
> -                self.api.env.startup_timeout)
> +    @contextlib.contextmanager
> +    def __wait(self, instance_name, wait, ldapi):
> +        if ldapi:
> +            instance_name = self.service_instance(instance_name)
> +            if instance_name.endswith('.service'):
> +                instance_name = instance_name[:-8]
> +            if instance_name.startswith('dirsrv'):
> +                # this is intentional, return the empty string if the instance
> +                # name is 'dirsrv'
> +                instance_name = instance_name[7:]
> +            if not instance_name:
> +                ldapi = False
> +        if ldapi:
> +            yield False
> +            socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name
> +            ipautil.wait_for_open_socket(socket_name,
> +                                         self.api.env.startup_timeout)
>          else:
> -            super(RedHatDirectoryService, self).wait_for_open_ports()
> +            yield wait
>  
>  
>  class RedHatIPAService(RedHatService):
> diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
> index d58c934bc1bd926c0c0c068086c746ac28e8c737..10f7c2ce0c25e733fb572502add82eedadf73d05 100644
> --- a/ipaserver/install/upgradeinstance.py
> +++ b/ipaserver/install/upgradeinstance.py
> @@ -24,6 +24,7 @@ import shutil
>  import random
>  import traceback
>  from ipaplatform.paths import paths
> +from ipaplatform import services
>  from ipapython.ipa_log_manager import *
>  from ipapython import ipaldap
>  
> @@ -172,7 +173,7 @@ class IPAUpgrade(service.Service):
>          self.realm = realm_name
>  
>      def __start(self):
> -        super(IPAUpgrade, self).start()
> +        services.service(self.service_name).start(self.serverid, ldapi=True)
>  
>      def __stop_instance(self):
>          """Stop only the main DS instance"""
> -- 
> 2.1.0
> 
I tested 0259.1 (it worked for install and update) but not 0259.2
yet.  0259.2 looks OK though; ACK if tested for install and update.

Fraser

More information about the Freeipa-devel mailing list