pki-bot
commented
4 years ago Comment from mharmsen (@mharmsen) at 2014-12-16 01:54:18
Per CS/DS meeting of 12/15/2014: Milestone 10.3
Open pki-bot opened 4 years ago
pki-bot
commented
4 years ago Comment from mharmsen (@mharmsen) at 2014-12-16 01:54:18
Per CS/DS meeting of 12/15/2014: Milestone 10.3
pki-bot
commented
4 years ago Comment from cheimes (@tiran) at 2016-04-18 16:22:02
sd_notify is not directly supported by JRE. I see three options:
pki-bot
commented
4 years ago Comment from mkosek (@mkosek) at 2017-02-27 14:01:44
Metadata Update from @mkosek:
pki-bot
commented
4 years ago Comment from cheimes (@tiran) at 2020-09-28 05:11:08
I would greatly appreciate if this issue could be resolved. In FreeIPA I had to implement an inefficient workaround to block service startup until Dogtag's REST API becomes responsive. The script https://github.com/freeipa/freeipa/blob/master/install/tools/ipa-pki-wait-running.in is an ExecStartPost hook that polls and parses SystemStatusClient().get_status until the endpoint returns success.
I made an attempt to create a JNI wrapper for SDNotify API from libsystemd. SDNotify needs two trivial methods to work:
pki-bot
commented
4 years ago Comment from cheimes (@tiran) at 2020-09-28 05:11:09
Metadata Update from @tiran:
pki-bot
commented
4 years ago Comment from ftweedal (@frasertweedale) at 2020-09-28 20:15:43
pki team discussion:
10:02 < edewata> frasertweedale: I have no objection as long as it doesn't make pki dependent on systemd
10:03 < edewata> frasertweedale: I mean if it can be optionally enabled that's fine
10:04 < edewata> frasertweedale: for pki standalone containers (instead of monolithic) we want to remove dependency on
systemd
10:11 < frasertweedale> edewata: understood, I might make it another small subpackage then? pki-systemd? and provide an
interface and class configuration to hook it into the CMS startup.
10:11 < frasertweedale> FreeIPA could depend on pki-systemd and wire it up via CS.cfg
10:12 < edewata> frasertweedale: I think it can go into the existing packages, but we just need a param to enable it.
10:14 < frasertweedale> edewata: OK, so you are happy for it to be on by default so brew builds yet will have it?
10:14 < edewata> frasertweedale: I mean build dependency is fine, but runtime dependency should be optional since we might
not want to use systemd in all scenarios
10:14 < edewata> frasertweedale: yes, either opt in or opt out, doesn't really matter for meComment from ftweedal (@frasertweedale) at 2020-09-28 21:33:54
Metadata Update from @frasertweedale:
pki-bot
commented
4 years ago Comment from cheimes (@tiran) at 2020-09-29 07:03:56
You can safely assume that libsystemd is always available, even in a minimal container image. The library is provied by systemd-libs package. Core packages like util-linux and procps-ng as well as 389-DS depend on systemd-libs.
My PoC only invokes the sd-notify API when it detects that the system was booted with systemd (sd_booted()) and the env variable for sd-notify socket is set. This disables notifications on platforms without a running systemd daemon, e.g. containers.
pki-bot
commented
4 years ago Comment from ftweedal (@frasertweedale) at 2020-09-29 09:49:30
pki-bot
commented
4 years ago Comment from ftweedal (@frasertweedale) at 2020-09-29 09:49:30
Metadata Update from @frasertweedale:
This issue was migrated from Pagure Issue #1233. Originally filed by mkosek (@mkosek) on 2014-12-15 17:44:04:
On systemd-enabled platforms (like Fedora/RHEL), use sd_notify mechanism to notify systemd when the PKI service is fully started and can serve FreeIPA clients or other components.
Currently, a specialized REST call is used (
/ca/admin/ca/getStatus) but this is not integrated in the systemd.Given that this service is FreeIPA required service, completing this RFE is a prerequisite for the FreeIPA project to convert it's service to native systemd services. See upstream ticket for details:
https://fedorahosted.org/freeipa/ticket/4552