freeipa

Clone
Source Code
GIT

#7927 Wrong logic in ipactl restart leads to start instead of restart pki-tomcatd
Closed: fixed 4 years ago by frenaud. Opened 5 years ago by frenaud.

Closed: fixed
Reopen Issue

Issue

The first call to ipactl restart writes a wrong service list in /var/run/ipa/services.list (it removes pki-tomcatd). As a consequence, subsequent calls to ipactl restart call systemctl start pki-tomcatd instead of systemctl restart pki-tomcatd, and the service is not restarted, the current service is left running.

In some circumstances this can be problematic, for instance when a restart is needed in order to use a new server certificate.

Steps to Reproduce

  1. Check pki-tomcat pid with ps -ef | grep pki-tomcat
  2. Check the content of services.list:
$ cat /var/run/ipa/services.list
["dirsrv", "krb5kdc", "kadmin", "named", "httpd", "ipa-custodia", "ipa-otpd", "ipa-dnskeysyncd", "pki-tomcatd"]
  1. restart the services
# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

Note the first line contains Stopping pki-tomcatd Service, which is unexpected
4. Check the PID of pki-tomcatd: this is a new process
5. Check the content of services.list:

# cat /var/run/ipa/services.list
["dirsrv", "krb5kipactl restart", "ipa-custodia", "ipa-otpd", "ipa-dnskeysyncd"]

Note that pki-tomcatd has disappeared
6. restart the services

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
Starting pki-tomcatd Service
ipa: INFO: The ipactl command was successful

Note the line Starting pki-tomcatd instead of Restarting pki-tomcatd.
7. Check the PID of pki-tomcatd: this is the same PID as in step 4, i.e. pki-tomcatd was not restarted.

Actual behavior

The second occurrence of ipactl restart did not restart pki-tomcatd.

Expected behavior

ipactl restart should restart pki-tomcatd.

Version/Release/Distribution

freeipa-server-4.7.2-1.1.fc29.x86_64

Metadata Update from @frenaud:
- Issue assigned to frenaud
5 years ago

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.6.6
5 years ago

Note that the issue happens only when KRA is not installed.

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3084
5 years ago

master:

  • 161008d ipactl restart: fix wrong logic when checking service list

Failed to apply patches onto origin/ipa-4-6. Manual backport is needed.

ipa-4-7:

  • d792544 ipactl restart: fix wrong logic when checking service list

ipa-4-6:

  • 0a8ca73 ipactl restart: fix wrong logic when checking service list

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1704227
4 years ago

Issue linked to Bugzilla: Bug 1704227

master:

  • 581b714 Test if ipactl restart restarts the pki-tomcatd

ipa-4-6:

  • 4076c79 Test if ipactl restart restarts the pki-tomcatd

ipa-4-7:

  • b4410ee Test if ipactl restart restarts the pki-tomcatd

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/3084
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1704227
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.