changed notes changed state Open to Test moved from Incoming to Software Enhancements
Full_Name: Quanah Gibson-Mount Version: 2.4.24 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108) When LDAP is used as a dependency for other software during the init process (as a kerberos backend, for example), the fact that slapd exits with success prior to it being ready to accept connections can cause problems for the later services that depend on it. It would be useful to have an (optional) flag "-w <seconds>" that if provided, would have slapd wait up until <seconds> amount of time has passed for the daemon to fully initialize. If it fails to initialize and be ready to accept connections by the end of the time period (when specified), slapd should exit with a new unique error code. This would allow for avoiding the startup problem. An example of this (and a terrible solution) can be found in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589915 Debian implemented a broken solution for this, but it is a general issue for anyone who has dependencies on slapd being ready.
On Mon, Feb 28, 2011 at 09:36:01PM +0000, quanah@OpenLDAP.org wrote: > When LDAP is used as a dependency for other software during the init process (as > a kerberos backend, for example), the fact that slapd exits with success prior > to it being ready to accept connections can cause problems for the later > services that depend on it. It would be useful to have an (optional) flag "-w > <seconds>" that if provided, would have slapd wait up until <seconds> amount of > time has passed for the daemon to fully initialize. Some distros already deal with this in other ways - e.g. OpenSuSE waits until an ldapsearch on the null DN succeeds. This is done in the init.d script. One advantage of putting explicit support into OpenLDAP for this is that it may be possible to have an option to delay starting the listners on a replication consumer until a full refresh has been done from the master (this would need a timeout option too). There are obvious deadlock issues in multi-master configs, but admins would at least have the option of using this on pure consumers. Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
andrew.findlay@skills-1st.co.uk wrote: > On Mon, Feb 28, 2011 at 09:36:01PM +0000, quanah@OpenLDAP.org wrote: > >> When LDAP is used as a dependency for other software during the init process (as >> a kerberos backend, for example), the fact that slapd exits with success prior >> to it being ready to accept connections can cause problems for the later >> services that depend on it. It would be useful to have an (optional) flag "-w >> <seconds>" that if provided, would have slapd wait up until<seconds> amount of >> time has passed for the daemon to fully initialize. > > Some distros already deal with this in other ways - e.g. OpenSuSE waits > until an ldapsearch on the null DN succeeds. This is done in the init.d > script. This is still by far the best solution. The current patch simply shifts the slapd parent process' exit a little later, to after the databases are started up. The listener thread still has not yet been created by this time. On a lightly loaded system the time till that is running should be trivial, but on a heavily loaded system who knows. > One advantage of putting explicit support into OpenLDAP for this is > that it may be possible to have an option to delay starting the > listners on a replication consumer until a full refresh has been done > from the master (this would need a timeout option too). There are > obvious deadlock issues in multi-master configs, but admins would at > least have the option of using this on pure consumers. We've discussed this option many times in the past but it generally seems to come out being more bad than good. Also it implies an expectation for consistency that simply isn't offered by the syncrepl spec. Best to leave this alone for now. When we get to LDAP Transactions, and figuring out how to represent them in a syncrepl exchange, then it would be meaningful. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Test to Release
changed notes changed state Release to Closed
added in HEAD added in RE24