#4552 Native systemd services
Opened 6 years ago by mkosek. Modified 5 months ago

Since the beginning, FreeIPA configures system init system to enable a single ipa service which, when starting, then starts all other services following the configuration from LDAP.

Instead of ipactl, ipa.service configuration should be able to natively start all IPA services, whether socket activated or always started.

Related thread: freeipa-devel.

Prerequisite is that the services we depend on implement systemd sd-notify mechanism allowing services to boot in proper order, but also when all it's dependencies are fully started and responding:

- Directory Server: https://fedorahosted.org/389/ticket/47977
- Kerberos KDC: https://bugzilla.redhat.com/show_bug.cgi?id=1174306
- Dogtag PKI: https://fedorahosted.org/pki/ticket/1233
- bind-dyndb-ldap: https://fedorahosted.org/bind-dyndb-ldap/ticket/150 #150
- Web Server: use [mod_systemd](http://httpd.apache.org/docs/trunk/mod/mod_systemd.html)
- NTP Server (ntpd): [already implemented](https://bugzilla.redhat.com/show_bug.cgi?id=797173)

Why is sd-notify needed? That is a mechanism primarily for notifying systemd that the startup has finished which can be achieved by other means, for example by the startup script finishing in the forking type.

We (or rather systemd) just need to know if the service was really started. In some cases it may be done via sd-notify, in others via different systemd service configuration. This may be also valid resolution of the sub-component requests.

The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.

If anyone is willing to help and contribute to this one, please let us know!

Using systemd target might be one way to address it.

Replying to [comment:7 adelton]:

Using systemd target might be one way to address it.

In containerized FreeIPA servers https://github.com/adelton/docker-freeipa we use container-ipa.target and set it as default target so any "systemctl enable" calls during ipa-server-install enable those service in that target.

If any refactoring of the service setup of FreeIPA is done, it might be good to synchronize the effort.

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

4 years ago

Metadata Update from @cheimes:
- Issue close_status updated to: None
- Issue set to the milestone: None (was: FreeIPA 4.5 backlog)

5 months ago

Login to comment on this ticket.

Metadata