On Mon, 14 Nov 2011, Dan Scott wrote: > > Could you make sure 'systemctl start dirsrv.target' actually starts > > slapd for EXAMPLE-COM? If not, please show output of > > > > ls -l /etc/systemd/system/dirsrv.target.wants > > 'systemctl start dirsrv.target' doesn't appear to do anything, nothing > shown on the command line and the logs don't change. The directory is > empty: > > [root@fileserver1 schema]# ls -l /etc/systemd/system/dirsrv.target.wants/ > total 0 Yes, as I expected (below).
> > It may be that we would need to make a small upgrade script that > > re-installs proper systemd instances for dirsrv.target as those are > > produced during ipa-server-install and cannot be done automatically on > > upgrade without proper intervention yet. > > Is this related to this: > https://fedoraproject.org/wiki/Common_F16_bugs#Upgrade_from_previous_releases_resets_the_enablement_status_of_services > > Or is it to do with the dependencies of FreeIPA startup? It is mixture of those cases. systemd is more complicated and if in F15 we were able to get away via SystemV emulation, in F16 dirsrv migrated natively to systemd, managing instances through native systemd mechanism ([email protected] as a service name, for example). This new mechanism is not accessible via SystemV emulation and we had to migrate to systemd as well -- which means ipa-server-install creates proper links and edits systemd service files as needed. In addition, systemd does not really support our model of enabling services, as systemd is per-host while we need to replicate service state to multiple replicas. Thus, we do some of enable/disable/restart management in ipactl. > In any case, the process is still failing to start. Do I need to > create a link in dirsrv.target.wants to somewhere? You need to do some steps like ipa-server-install does. I'm trying to get them separated in a small upgrade script but something like following needs to be done, completely untested, may eat your kitten, and realm/dirsrv instance names need to be replaced before running: ---------------------------------------------------------------- #! /usr/bin/python -E from ipaserver.install.krbinstance import update_val_in_file from ipapython import ipautil from ipapython import services as ipaservices # 1. Upgrade /etc/sysconfig/dirsrv for systemd update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab") update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab") # 2. Upgrade /etc/sysconfig/krb5kdc for systemd replacevars = {'KRB5REALM':"EXAMPLE.COM"} appendvars = {} ipautil.config_replace_variables("/etc/sysconfig/krb5kdc", replacevars=replacevars, appendvars=appendvars) ipaservices.restore_context("/etc/sysconfig/krb5kdc") # 3. Enable DS instances: ipaservices.knownservices.dirsrv.enable("EXAMPLE-COM") ipaservices.knownservices.dirsrv.enable("PKI-IPA") # 4. Enable FreeIPA ipaservices.knownservices.ipa.enable() ------------------------------------------------------- Note that these .enable() calls on Fedora 16 do much more than just 'systemctl enable foo.service', they copy and modify service files, create symlinks and so on, all the dirty work required by systemd. You may look at ipapython/platform/fedora16.py and systemd.py for details. -- / Alexander Bokovoy _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
