#49860 Ticket 49854 - ns-slapd should create run_dir and lock_dir directories at startup
Closed 2 years ago by spichugi. Opened 3 years ago by mreynolds.
mreynolds/389-ds-base ticket49854  into  master

@@ -40,6 +40,7 @@ 

  inst_dir = @serverdir@/slapd-{instance_name}

  plugin_dir = @serverplugindir@

  system_schema_dir = @systemschemadir@

+ tmpfiles_d = @with_tmpfiles_d@

  

  ; These values can be altered in an installation of ds

  user = dirsrv

@@ -7,7 +7,7 @@ 

  

      # You can get any variable from the list bellow. Like this:

      product = standalone.ds_paths.product

-      

+ 

      variables = [

          'product',

          'version',
@@ -33,6 +33,7 @@ 

          'backup_dir',

          'ldif_dir',

          'initconfig_dir',

+         'tmpfiles_d',

      ]

  

  Module documentation

@@ -35,6 +35,7 @@ 

      remove_paths['lock_dir'] = dirsrv.ds_paths.lock_dir

      remove_paths['log_dir'] = dirsrv.ds_paths.log_dir

      # remove_paths['run_dir'] = dirsrv.ds_paths.run_dir

+     remove_paths['tmpfiles_d'] = dirsrv.ds_paths.tmpfiles_d + "/dirsrv-" + dirsrv.serverid + ".conf"

  

      marker_path = "%s/sysconfig/dirsrv-%s" % (dirsrv.ds_paths.sysconf_dir, dirsrv.serverid)

  

@@ -636,6 +636,14 @@ 

                                      "enable",

                                      "dirsrv@%s" % slapd['instance_name']])

  

+         # Setup tmpfiles_d

+         tmpfile_d = ds_paths.tmpfiles_d + "/dirsrv-" + slapd['instance_name'] + ".conf"

+         with open(tmpfile_d, "w") as TMPFILE_D:

+             TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['run_dir'], slapd['user'], slapd['group']))

+             TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'].replace("slapd-" + slapd['instance_name'], ""),

+                                                        slapd['user'], slapd['group']))

+             TMPFILE_D.write("d {} 0770 {} {}\n".format(slapd['lock_dir'], slapd['user'], slapd['group']))

+ 

          # Else we need to detect other init scripts?

  

          # Bind sockets to our type?

@@ -60,6 +60,7 @@ 

      'backup_dir',

      'ldif_dir',

      'initconfig_dir',

+     'tmpfiles_d',

  ]

  

  # will need to add the access, error, audit log later.

Description: dscreate was not creating its config file in /etc/tmpfiles.d/ like
setup-ds.pl used to do. The absence of this config file prevented
the server from being started afetr a reboot.

https://pagure.io/389-ds-base/issue/49854

Reviewed by: ?

If using prefixed install, then tmpfiles directory won't be picked up by systemd-tmpfiles-setup service, since it looks only in these directories:

       /etc/tmpfiles.d/*.conf
       /run/tmpfiles.d/*.conf
       /usr/lib/tmpfiles.d/*.conf

       ~/.config/user-tmpfiles.d/*.conf
       $XDG_RUNTIME_DIR/user-tmpfiles.d/*.conf
       ~/.local/share/user-tmpfiles.d/*.conf
       ...
       /usr/share/user-tmpfiles.d/*.conf

as listed in https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

rebased onto 780021d79c453309172a9a0a05299e81303b7e1b

3 years ago

Thanks @vashirov , changes made, please review...

rebased onto dd18389

3 years ago

Pull-Request has been merged by mreynolds

3 years ago

Hey, this isn't the fix. The point is that content on /run maybe destroyed at any time.

We should not be relying on lib389 to provide supporting content for ns-slapd.

The fix is that ns-slapd should only need a dse.ldif, and then it should make every other resource it requires. This is critical for newer systemd, tmpfs /run, and containers that don't always ship with state provided.

I would like this to be rolled back, and the fix should be in ns-slapd after dse.ldif is read, we should make all the directory paths we require, with the correct permissions.

Thanks,

Ahh okay. I'll work on this shortly...

@mreynolds Thanks, there is a longer justification on the mailing list. Really appreciate your help with this :)

@mreynolds Thanks, there is a longer justification on the mailing list. Really appreciate your help with this :)

Absolutely! Nice catch! I forgot about containers in this regard, just like we are not going to use upgrade scripts anymore - ns-slapd has to do it all. I'll get to it soon!

Great! Maybe I should get you to do nothing but containers for a few months ;)

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/2919

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

2 years ago