[Freeipa-devel] [PATCH 0259] Server Upgrade: Wait until DS is ready after restart
Jan Cholasta
jcholast at redhat.com
Tue May 26 11:31:42 UTC 2015
Dne 25.5.2015 v 16:07 Fraser Tweedale napsal(a):
> On Mon, May 25, 2015 at 03:38:39PM +0200, Martin Basti wrote:
>> On 25/05/15 13:57, Martin Basti wrote:
>>> On 25/05/15 09:20, Fraser Tweedale wrote:
>>>> On Mon, May 25, 2015 at 08:13:35AM +0200, Jan Cholasta wrote:
>>>>> Dne 22.5.2015 v 15:53 Petr Vobornik napsal(a):
>>>>>> On 05/21/2015 03:16 PM, Fraser Tweedale wrote:
>>>>>>> On Thu, May 21, 2015 at 01:38:43PM +0200, Martin Basti wrote:
>>>>>>>> This patch should fix following traceback.
>>>>>>>>
>>>>>>>> 2015-05-20T03:50:41Z ERROR Upgrade failed with cannot connect to
>>>>>>>> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
>>>>>>>> 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
>>>>>>>>
>>>>>>>> line 304, in __upgrade
>>>>>>>> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True)
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
>>>>>>>> line 314, in __init__
>>>>>>>> self.create_connection()
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
>>>>>>>> line 862, in create_connection
>>>>>>>> autobind=self.ldapi)
>>>>>>>> File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line
>>>>>>>> 66, in connect
>>>>>>>> conn = self.create_connection(*args, **kw)
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line
>>>>>>>> 188, in create_connection
>>>>>>>> client_controls=clientctrls)
>>>>>>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
>>>>>>>> line
>>>>>>>> 1074, in external_bind
>>>>>>>> '', auth_tokens, server_controls, client_controls)
>>>>>>>> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
>>>>>>>> self.gen.throw(type, value, traceback)
>>>>>>>> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py",
>>>>>>>> line
>>>>>>>> 976, in error_handler
>>>>>>>> error=info)
>>>>>>>> NetworkError: cannot connect to
>>>>>>>> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
>>>>>>>>
>>>>>>>> 2015-05-20T03:50:41Z DEBUG Traceback (most recent call last):
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>>>>>>> line
>>>>>>>> 388, in start_creation
>>>>>>>> run_step(full_msg, method)
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>>>>>>> line
>>>>>>>> 378, in run_step
>>>>>>>> method()
>>>>>>>> File
>>>>>>>> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
>>>>>>>>
>>>>>>>> line 315, in __upgrade
>>>>>>>> raise RuntimeError(e)
>>>>>>>> RuntimeError: cannot connect to
>>>>>>>> 'ldapi://%2fvar%2frun%2fslapd-IPA-LOCAL.socket':
>>>>>>>>
>>>>>>>> Reason was the ipa-server-install tried to connect before DS was
>>>>>>>> ready.
>>>>>>>>
>>>>>>>> The patch adds waiting until DS is ready.
>>>>>>>>
>>>>>>>> Patch attached.
>>>>>>>>
>>>>>>>> Fraser can you please check if this fix works? I can't reproduce it.
>>>>>>>> Thank you, Martin^2.
>>>>>>>>
>>>>>>> ACK; fixes the issue for me.
>>>>>>>
>>>>>>> One minor comment:
>>>>>>>
>>>>>>>> + def __start(self):
>>>>>>>> + super(IPAUpgrade, self).start()
>>>>>>>>
>>>>>>>> def __stop_instance(self):
>>>>>>>> """Stop only the main DS instance"""
>>>>>>>> @@ -187,7 +185,7 @@ class IPAUpgrade(service.Service):
>>>>>>>> self.step("saving configuration", self.__save_config)
>>>>>>>> self.step("disabling listeners", self.__disable_listeners)
>>>>>>>> self.step("enabling DS global lock",
>>>>>>>> self.__enable_ds_global_write_lock)
>>>>>>>> - self.step("starting directory server", self.__start_nowait)
>>>>>>>> + self.step("starting directory server", self.__start)
>>>>>>> I think you can just say `self.start' and remove `__start' function.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Fraser
>>>>>>>
>>>>>> Pushed to master: 3d17bf8e639616893d6937d98662ccc7541d1e23
>>>>> This semi-breaks ipa-server-install for me:
>>>>>
>>>>> Configuring directory server (dirsrv): Estimated time 1 minute
>>>>> [1/38]: creating directory server user
>>>>> [2/38]: creating directory server instance
>>>>> ipa : CRITICAL Failed to restart the directory server ([Errno
>>>>> 2] No
>>>>> such file or directory). See the installation log for details.
>>>>> [3/38]: adding default schema
>>>>> [4/38]: enabling memberof plugin
>>>>>
>>>>> It would be nice to check if the socket exists before waiting for it.
>>>>>
>>>> This (non-catastrophic but annoying) regression occurred for me too.
>>>> I wasn't paying enough attention to ipa-server-install before I
>>>> ACKed the patch :/
>>>>
>>>>> --
>>>>> Jan Cholasta
>>> Hello,
>>>
>>> this patch fixes the issue.
>>>
>>>
>>>
>>>
>>>
>> Updated patch attached
>>
>> --
>> Martin Basti
>>
>
>> From 25c90638f02d36f3d992b6b20dbb66afb09e74f2 Mon Sep 17 00:00:00 2001
>> From: Martin Basti <mbasti at redhat.com>
>> Date: Mon, 25 May 2015 09:01:42 +0200
>> Subject: [PATCH] Fix: use DS socket check only for upgrade
>>
>> To detect if DS server is running, use the slapd socket for upgrade, and the LDAP port
>> for installation.
>>
>> Without enabled LDAPi socket checking doesnt work.
>>
>> https://fedorahosted.org/freeipa/ticket/4904
>> ---
>> ipaplatform/redhat/services.py | 43 ++++++++++++++++++++++++------------
>> ipaserver/install/upgradeinstance.py | 3 ++-
>> 2 files changed, 31 insertions(+), 15 deletions(-)
>>
>> diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
>> index 565bf1fdef27e9a780ad2e2638b5051a95782bd2..757908f9581d5f04176dd5243fc64bec4c074c7f 100644
>> --- a/ipaplatform/redhat/services.py
>> +++ b/ipaplatform/redhat/services.py
>> @@ -25,6 +25,7 @@ Contains Red Hat OS family-specific service class implementations.
>> import os
>> import time
>> import xml.dom.minidom
>> +import contextlib
>>
>> from ipaplatform.tasks import tasks
>> from ipaplatform.base import services as base_services
>> @@ -124,7 +125,8 @@ class RedHatDirectoryService(RedHatService):
>>
>> return True
>>
>> - def restart(self, instance_name="", capture_output=True, wait=True):
>> + def restart(self, instance_name="", capture_output=True, wait=True,
>> + ldapi=False):
>> # We need to explicitly enable instances to install proper symlinks as
>> # dirsrv.target.wants/ dependencies. Standard systemd service class does it
>> # on enable() method call. Unfortunately, ipa-server-install does not do
>> @@ -150,22 +152,35 @@ class RedHatDirectoryService(RedHatService):
>> os.unlink(srv_lnk)
>> os.symlink(srv_etc, srv_lnk)
>>
>> - super(RedHatDirectoryService, self).restart(instance_name,
>> - capture_output=capture_output, wait=wait)
>> + with self.__wait(instance_name, wait, ldapi) as wait:
>> + super(RedHatDirectoryService, self).restart(
>> + instance_name, capture_output=capture_output, wait=wait)
>>
>> - def wait_for_open_ports(self, instance_name=""):
>> - if instance_name.endswith('.service'):
>> - instance_name = instance_name[:-8]
>> - if instance_name.startswith('dirsrv@'):
>> - instance_name = instance_name[7:]
>> + def start(self, instance_name="", capture_output=True, wait=True,
>> + ldapi=False):
>> + with self.__wait(instance_name, wait, ldapi) as wait:
>> + super(RedHatDirectoryService, self).start(
>> + instance_name, capture_output=capture_output, wait=wait)
>>
>> - if instance_name:
>> -
>> - ipautil.wait_for_open_socket(
>> - paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name,
>> - self.api.env.startup_timeout)
>> + @contextlib.contextmanager
>> + def __wait(self, instance_name, wait, ldapi):
>> + if ldapi:
>> + instance_name = self.service_instance(instance_name)
>> + if instance_name.endswith('.service'):
>> + instance_name = instance_name[:-8]
>> + if instance_name.startswith('dirsrv'):
>> + # this is intentional, return the empty string if the instance
>> + # name is 'dirsrv'
>> + instance_name = instance_name[7:]
>> + if not instance_name:
>> + ldapi = False
>> + if ldapi:
>> + yield False
>> + socket_name = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % instance_name
>> + ipautil.wait_for_open_socket(socket_name,
>> + self.api.env.startup_timeout)
>> else:
>> - super(RedHatDirectoryService, self).wait_for_open_ports()
>> + yield wait
>>
>>
>> class RedHatIPAService(RedHatService):
>> diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
>> index d58c934bc1bd926c0c0c068086c746ac28e8c737..10f7c2ce0c25e733fb572502add82eedadf73d05 100644
>> --- a/ipaserver/install/upgradeinstance.py
>> +++ b/ipaserver/install/upgradeinstance.py
>> @@ -24,6 +24,7 @@ import shutil
>> import random
>> import traceback
>> from ipaplatform.paths import paths
>> +from ipaplatform import services
>> from ipapython.ipa_log_manager import *
>> from ipapython import ipaldap
>>
>> @@ -172,7 +173,7 @@ class IPAUpgrade(service.Service):
>> self.realm = realm_name
>>
>> def __start(self):
>> - super(IPAUpgrade, self).start()
>> + services.service(self.service_name).start(self.serverid, ldapi=True)
>>
>> def __stop_instance(self):
>> """Stop only the main DS instance"""
>> --
>> 2.1.0
>>
> I tested 0259.1 (it worked for install and update) but not 0259.2
> yet. 0259.2 looks OK though; ACK if tested for install and update.
The new patch has only one additional minor fix for a potential problem
that currently does not appear anywhere in install and update (see
interdiff below), so I consider the ACK transitive.
- if instance_name.startswith('dirsrv@'):
+ if instance_name.startswith('dirsrv'):
+ # this is intentional, return the empty string if the
instance
+ # name is 'dirsrv'
Pushed to master: f903c2d5bff3e420519f7bbf026b9bfcc5460fb0
--
Jan Cholasta
More information about the Freeipa-devel
mailing list