#1233 [RFE] Implement sd_notify mechanism
Closed: migrated 3 years ago by dmoluguw. Opened 9 years ago by mkosek.

On systemd-enabled platforms (like Fedora/RHEL), use sd_notify mechanism to notify systemd when the PKI service is fully started and can serve FreeIPA clients or other components.

Currently, a specialized REST call is used (/ca/admin/ca/getStatus) but this is not integrated in the systemd.

Given that this service is FreeIPA required service, completing this RFE is a prerequisite for the FreeIPA project to convert it's service to native systemd services. See upstream ticket for details:

https://fedorahosted.org/freeipa/ticket/4552


Per CS/DS meeting of 12/15/2014: Milestone 10.3

sd_notify is not directly supported by JRE. I see three options:

Metadata Update from @mkosek:
- Issue set to the milestone: UNTRIAGED

7 years ago

I would greatly appreciate if this issue could be resolved. In FreeIPA I had to implement an inefficient workaround to block service startup until Dogtag's REST API becomes responsive. The script https://github.com/freeipa/freeipa/blob/master/install/tools/ipa-pki-wait-running.in is an ExecStartPost hook that polls and parses SystemStatusClient().get_status until the endpoint returns success.

I made an attempt to create a JNI wrapper for SDNotify API from libsystemd. SDNotify needs two trivial methods to work:

SDNotify.java

SDNotify.c

Metadata Update from @cheimes:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None

3 years ago

pki team discussion:

10:02 < edewata> ftweedal: I have no objection as long as it doesn't make pki dependent on systemd
10:03 < edewata> ftweedal: I mean if it can be optionally enabled that's fine
10:04 < edewata> ftweedal: for pki standalone containers (instead of monolithic) we want to remove dependency on 
                 systemd
10:11 < ftweedal> edewata: understood, I might make it another small subpackage then?  pki-systemd?  and provide an 
                  interface and class configuration to hook it into the CMS startup.
10:11 < ftweedal> FreeIPA could depend on pki-systemd and wire it up via CS.cfg
10:12 < edewata> ftweedal: I think it can go into the existing packages, but we just need a param to enable it.
10:14 < ftweedal> edewata: OK, so you are happy for it to be on by default so brew builds yet will have it?
10:14 < edewata> ftweedal: I mean build dependency is fine, but runtime dependency should be optional since we might 
                 not want to use systemd in all scenarios
10:14 < edewata> ftweedal: yes, either opt in or opt out, doesn't really matter for me

Metadata Update from @ftweedal:
- Issue assigned to ftweedal

3 years ago

You can safely assume that libsystemd is always available, even in a minimal container image. The library is provied by systemd-libs package. Core packages like util-linux and procps-ng as well as 389-DS depend on systemd-libs.

My PoC only invokes the sd-notify API when it detects that the system was booted with systemd (sd_booted()) and the env variable for sd-notify socket is set. This disables notifications on platforms without a running systemd daemon, e.g. containers.

Metadata Update from @ftweedal:
- Issue set to the milestone: None (was: UNTRIAGED)

3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1795

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata
Attachments 2
Attached 3 years ago View Comment
Attached 3 years ago View Comment