[Freeipa-users] start and stop of ipa commands in systemd
Alexander Bokovoy
abokovoy at redhat.com
Mon Apr 4 08:01:20 UTC 2016
On Mon, 04 Apr 2016, Martin Babinsky wrote:
>On 04/01/2016 08:53 PM, Martin (Lists) wrote:
>>Hallo
>>
>>I have a question regarding enabling/disabling separate ipa parts in
>>systemd. Is it necessarry or required to have httpd, directory server,
>>named memcache and all the other ipa services to be enabled in systemd?
>>Or is it recomended to have only the main ipa service enabled (and all
>>the other disabled)?
>>
>>Regards
>>Martin
>>
>Hi Martin,
>
>ipa.service actually calls `ipactl` command which starts/stops all
>individual components at once (dirsrv, http, kdc, kpasswd, memcache,
>pki-tomcat etc.). All of these services (which are listed in `ipactl
>status`) must be up and running for IPA server to work correctly in
>all aspects.
>
>So in this sense 'ipa.service' is just an umbrella that groups all the
>components of FreeIPA installation.
I think Martin's question was more about those services being enabled in
systemd by themselves. The answer is 'no', because ipa.service takes
care of that based on the state of services we keep in LDAP.
Unfortunately, all init systems to date only care about a single host's
status. In IPA case we have multinode environment where different
services may be activated on the nodes depending on what was enabled.
You can have base IPA (dirsrv, KDC, httpd) running on majority of
masters but then some of them would be also running CAs and potentially
they can run Samba services for AD integration. The status of these
services is recorded in LDAP because this is what we have as a
replicated store that all IPA masters know about. This information is
needed for more uses than just init system on a specific host, though.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list