[Freeipa-devel] [PATCH] 0097 Avoid --list option of chkconfig

Martin Kosek mkosek at redhat.com
Fri May 6 14:00:28 UTC 2011 

On Thu, 2011-05-05 at 07:56 -0400, Simo Sorce wrote:
> On Thu, 2011-05-05 at 12:29 +0200, Martin Kosek wrote:
> > On Wed, 2011-05-04 at 17:16 -0400, Simo Sorce wrote:
> > > On Wed, 2011-05-04 at 16:57 -0400, Simo Sorce wrote:
> > > > On Wed, 2011-05-04 at 17:12 +0200, Martin Kosek wrote:
> > > > > On Wed, 2011-05-04 at 11:01 -0400, Simo Sorce wrote:
> > > > > > On Wed, 2011-05-04 at 16:56 +0200, Martin Kosek wrote:
> > > > > > > On Wed, 2011-05-04 at 10:28 -0400, Simo Sorce wrote:
> > > > > > > > The chkconfig --list option is not reliable as it works differently on a
> > > > > > > > F15 system with systemd enabled services, avoid using it as we have
> > > > > > > > alternative better ways.
> > > > > > > > 
> > > > > > > > Simo.
> > > > > > > > 
> > > > > > > 
> > > > > > > NACK. This breaks the installation:
> > > > > > > 
> > > > > > > # ipa-server-install
> > > > > > > ...
> > > > > > > Configuring ntpd
> > > > > > >   [1/4]: stopping ntpd
> > > > > > >   [2/4]: writing configuration
> > > > > > >   [3/4]: configuring ntpd to start on boot
> > > > > > > Unexpected error - see ipaserver-install.log for details:
> > > > > > >  Command '/sbin/chkconfig --level 3 ntpd' returned non-zero exit status 1
> > > > > > > 
> > > > > > > I think you want to make use of raiseonerr=False parameter in
> > > > > > > ipautil.run().
> > > > > > > 
> > > > > > > Plus, I would prefer integers to be used in runlevels array instead of a
> > > > > > > string containing an integer. Makes more sense to do it this way.
> > > > > > 
> > > > > > New patch attached.
> > > > > > 
> > > > > > Simo.
> > > > > > 
> > > > > 
> > > > > ACK. Worked for me on both F-14 and F-15.
> > > > 
> > > > Hold on pushing this one, it seem that chkconfig service and chkconfig
> > > > service --list were not mututally exchangable in this context as we
> > > > thought ...
> > > 
> > > After the conversation here [1] and after looking more closely at how
> > > the functions that used --list were actually used in the code I came to
> > > the conclusion that the use of chkconfig service --list was not really
> > > needed in either cases.
> > > 
> > > In the client we assume all services we need to be present through
> > > packaging dependencies anyway, and even if we fail we properly catch any
> > > exception so it is never a fatal issue.
> > > 
> > > In the server install we used to check if the service was enabled at all
> > > run levels before considering it really enabled, but upon careful
> > > consideration I believe we do not really care. In each place we called
> > > is_enabled() what we care about is really just if the service is enabled
> > > in the current runlevel, not if it is normally enabled at other run
> > > levels, and actually checking for other runlevels could cause issue
> > > because a service not enabled at runlevel 4 but currently enabled at the
> > > one the install is running with would result disabled, and that's not
> > > what callers are really expecting from that test.
> > > 
> > > So long story short I have a patch the basically radically strips away
> > > the previous code and radically simplifies it to one simple call in the
> > > server code and none at all in the client code.
> > > 
> > > Simo.
> > > 
> > 
> > The concept looks usable, but I am having some problems with chkconfig
> > $SERVICE for systemd native package (our favorite ntpd):
> > 
> > # systemctl disable ntpd.service
> > # chkconfig ntpd; echo $?
> > Note: Forwarding request to 'systemctl is-enabled ntpd.service'.
> > 0
> > # systemctl enable ntpd.service
> > ln -s '/lib/systemd/system/ntpd.service'
> > '/etc/systemd/system/multi-user.target.wants/ntpd.service'
> > # chkconfig ntpd; echo $?
> > Note: Forwarding request to 'systemctl is-enabled ntpd.service'.
> > 0
> > 
> > Does this work for you? Looks like a bug in `systemctl is-enabled`.
> > 
> > I am running systemd-26-1.fc15.x86_64.
> 
> See: https://bugzilla.redhat.com/show_bug.cgi?id=699027
> 
> Simo.

Yeah, that's exactly the issue I am experiencing. Anyway, I think we are
safe with this change even with the bug 699027 as we don't use
`chkconfig $SERVICE` to confirm a change to service boot status.

I have found a minor issue with IPA client installation. After you
modified ipa-client-install the function does not return when the
service is not installed. Thus producing an error message, e.g. with
nscd service:

# ipa-client-install 
...
Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM
Failed to configure automatic startup of the NSCD daemon   <====
SSSD enabled
Kerberos 5 enabled
NTP enabled
Client configuration complete.


I have created a ticket for this whole issue with chkconfig - #1206. It
should be noted in the commit message.

Martin

More information about the Freeipa-devel mailing list