[Freeipa-users] Fedora 16 failing to start dirsrv process
Alexander Bokovoy
abokovoy at redhat.com
Mon Nov 14 18:06:15 UTC 2011
On Mon, 14 Nov 2011, Dan Scott wrote:
> > Could you make sure 'systemctl start dirsrv.target' actually starts
> > slapd for EXAMPLE-COM? If not, please show output of
> >
> > ls -l /etc/systemd/system/dirsrv.target.wants
>
> 'systemctl start dirsrv.target' doesn't appear to do anything, nothing
> shown on the command line and the logs don't change. The directory is
> empty:
>
> [root at fileserver1 schema]# ls -l /etc/systemd/system/dirsrv.target.wants/
> total 0
Yes, as I expected (below).
> > It may be that we would need to make a small upgrade script that
> > re-installs proper systemd instances for dirsrv.target as those are
> > produced during ipa-server-install and cannot be done automatically on
> > upgrade without proper intervention yet.
>
> Is this related to this:
> https://fedoraproject.org/wiki/Common_F16_bugs#Upgrade_from_previous_releases_resets_the_enablement_status_of_services
>
> Or is it to do with the dependencies of FreeIPA startup?
It is mixture of those cases. systemd is more complicated and if in
F15 we were able to get away via SystemV emulation, in F16 dirsrv migrated
natively to systemd, managing instances through native systemd
mechanism (dirsrv at EXAMPLE-COM.service as a service name, for
example).
This new mechanism is not accessible via SystemV emulation and we had
to migrate to systemd as well -- which means ipa-server-install
creates proper links and edits systemd service files as needed.
In addition, systemd does not really support our model of enabling
services, as systemd is per-host while we need to replicate service
state to multiple replicas. Thus, we do some of enable/disable/restart
management in ipactl.
> In any case, the process is still failing to start. Do I need to
> create a link in dirsrv.target.wants to somewhere?
You need to do some steps like ipa-server-install does. I'm trying to
get them separated in a small upgrade script but something like
following needs to be done, completely untested, may eat your kitten,
and realm/dirsrv instance names need to be replaced before running:
----------------------------------------------------------------
#! /usr/bin/python -E
from ipaserver.install.krbinstance import update_val_in_file
from ipapython import ipautil
from ipapython import services as ipaservices
# 1. Upgrade /etc/sysconfig/dirsrv for systemd
update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
# 2. Upgrade /etc/sysconfig/krb5kdc for systemd
replacevars = {'KRB5REALM':"EXAMPLE.COM"}
appendvars = {}
ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
replacevars=replacevars, appendvars=appendvars)
ipaservices.restore_context("/etc/sysconfig/krb5kdc")
# 3. Enable DS instances:
ipaservices.knownservices.dirsrv.enable("EXAMPLE-COM")
ipaservices.knownservices.dirsrv.enable("PKI-IPA")
# 4. Enable FreeIPA
ipaservices.knownservices.ipa.enable()
-------------------------------------------------------
Note that these .enable() calls on Fedora 16 do much more than just
'systemctl enable foo.service', they copy and modify service files,
create symlinks and so on, all the dirty work required by systemd.
You may look at ipapython/platform/fedora16.py and systemd.py for
details.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list