On systemd-enabled platforms (like Fedora/RHEL), use sd_notify mechanism to notify systemd when the PKI service is fully started and can serve FreeIPA clients or other components.
Currently, a specialized REST call is used (/ca/admin/ca/getStatus) but this is not integrated in the systemd.
/ca/admin/ca/getStatus
Given that this service is FreeIPA required service, completing this RFE is a prerequisite for the FreeIPA project to convert it's service to native systemd services. See upstream ticket for details:
https://fedorahosted.org/freeipa/ticket/4552
Per CS/DS meeting of 12/15/2014: Milestone 10.3
sd_notify is not directly supported by JRE. I see three options:
Metadata Update from @mkosek: - Issue set to the milestone: UNTRIAGED
I would greatly appreciate if this issue could be resolved. In FreeIPA I had to implement an inefficient workaround to block service startup until Dogtag's REST API becomes responsive. The script https://github.com/freeipa/freeipa/blob/master/install/tools/ipa-pki-wait-running.in is an ExecStartPost hook that polls and parses SystemStatusClient().get_status until the endpoint returns success.
ExecStartPost
SystemStatusClient().get_status
I made an attempt to create a JNI wrapper for SDNotify API from libsystemd. SDNotify needs two trivial methods to work:
libsystemd
<img alt="SDNotify.java" src="/dogtagpki/issue/raw/files/c372cbd178a21633f956a89a19a9a451917e8a087073b639cd77095673a0323c-SDNotify.java" />
<img alt="SDNotify.c" src="/dogtagpki/issue/raw/files/121fa6796c07fb7223179b34e77884847aad224b837e2faa39ad6989c9b51ef3-SDNotify.c" />
Metadata Update from @cheimes: - Custom field feature adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field version adjusted to None - Issue close_status updated to: None
pki team discussion:
10:02 < edewata> ftweedal: I have no objection as long as it doesn't make pki dependent on systemd 10:03 < edewata> ftweedal: I mean if it can be optionally enabled that's fine 10:04 < edewata> ftweedal: for pki standalone containers (instead of monolithic) we want to remove dependency on systemd 10:11 < ftweedal> edewata: understood, I might make it another small subpackage then? pki-systemd? and provide an interface and class configuration to hook it into the CMS startup. 10:11 < ftweedal> FreeIPA could depend on pki-systemd and wire it up via CS.cfg 10:12 < edewata> ftweedal: I think it can go into the existing packages, but we just need a param to enable it. 10:14 < ftweedal> edewata: OK, so you are happy for it to be on by default so brew builds yet will have it? 10:14 < edewata> ftweedal: I mean build dependency is fine, but runtime dependency should be optional since we might not want to use systemd in all scenarios 10:14 < edewata> ftweedal: yes, either opt in or opt out, doesn't really matter for me
Metadata Update from @ftweedal: - Issue assigned to ftweedal
You can safely assume that libsystemd is always available, even in a minimal container image. The library is provied by systemd-libs package. Core packages like util-linux and procps-ng as well as 389-DS depend on systemd-libs.
systemd-libs
util-linux
procps-ng
My PoC only invokes the sd-notify API when it detects that the system was booted with systemd (sd_booted()) and the env variable for sd-notify socket is set. This disables notifications on platforms without a running systemd daemon, e.g. containers.
sd_booted()
PR: https://github.com/dogtagpki/pki/pull/569
Metadata Update from @ftweedal: - Issue set to the milestone: None (was: UNTRIAGED)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1795
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.