6848 – wait timeout for slapd startup

Issue 6848 - wait timeout for slapd startup

Summary: wait timeout for slapd startup

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.24
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-02-28 21:36 UTC by Quanah Gibson-Mount
Modified:	2014-08-01 21:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Howard Chu 2011-02-28 16:20:13 UTC

changed notes
changed state Open to Test
moved from Incoming to Software Enhancements

Comment 1 Quanah Gibson-Mount 2011-02-28 21:36:01 UTC

Full_Name: Quanah Gibson-Mount
Version: 2.4.24
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.45.108)


When LDAP is used as a dependency for other software during the init process (as
a kerberos backend, for example), the fact that slapd exits with success prior
to it being ready to accept connections can cause problems for the later
services that depend on it.  It would be useful to have an (optional) flag "-w
<seconds>" that if provided, would have slapd wait up until <seconds> amount of
time has passed for the daemon to fully initialize.  If it fails to initialize
and be ready to accept connections by the end of the time period (when
specified), slapd should exit with a new unique error code.  This would allow
for avoiding the startup problem.  An example of this (and a terrible solution)
can be found in:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589915

Debian implemented a broken solution for this, but it is a general issue for
anyone who has dependencies on slapd being ready.

Comment 2 Andrew Findlay 2011-03-01 13:28:54 UTC

On Mon, Feb 28, 2011 at 09:36:01PM +0000, quanah@OpenLDAP.org wrote:

> When LDAP is used as a dependency for other software during the init process (as
> a kerberos backend, for example), the fact that slapd exits with success prior
> to it being ready to accept connections can cause problems for the later
> services that depend on it.  It would be useful to have an (optional) flag "-w
> <seconds>" that if provided, would have slapd wait up until <seconds> amount of
> time has passed for the daemon to fully initialize.

Some distros already deal with this in other ways - e.g. OpenSuSE waits
until an ldapsearch on the null DN succeeds. This is done in the init.d
script.

One advantage of putting explicit support into OpenLDAP for this is
that it may be possible to have an option to delay starting the
listners on a replication consumer until a full refresh has been done
from the master (this would need a timeout option too). There are
obvious deadlock issues in multi-master configs, but admins would at
least have the option of using this on pure consumers.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Comment 3 Howard Chu 2011-03-01 13:57:59 UTC

andrew.findlay@skills-1st.co.uk wrote:
> On Mon, Feb 28, 2011 at 09:36:01PM +0000, quanah@OpenLDAP.org wrote:
>
>> When LDAP is used as a dependency for other software during the init process (as
>> a kerberos backend, for example), the fact that slapd exits with success prior
>> to it being ready to accept connections can cause problems for the later
>> services that depend on it.  It would be useful to have an (optional) flag "-w
>> <seconds>" that if provided, would have slapd wait up until<seconds>  amount of
>> time has passed for the daemon to fully initialize.
>
> Some distros already deal with this in other ways - e.g. OpenSuSE waits
> until an ldapsearch on the null DN succeeds. This is done in the init.d
> script.

This is still by far the best solution. The current patch simply shifts the 
slapd parent process' exit a little later, to after the databases are started 
up. The listener thread still has not yet been created by this time. On a 
lightly loaded system the time till that is running should be trivial, but on 
a heavily loaded system who knows.

> One advantage of putting explicit support into OpenLDAP for this is
> that it may be possible to have an option to delay starting the
> listners on a replication consumer until a full refresh has been done
> from the master (this would need a timeout option too). There are
> obvious deadlock issues in multi-master configs, but admins would at
> least have the option of using this on pure consumers.

We've discussed this option many times in the past but it generally seems to 
come out being more bad than good. Also it implies an expectation for 
consistency that simply isn't offered by the syncrepl spec. Best to leave this 
alone for now. When we get to LDAP Transactions, and figuring out how to 
represent them in a syncrepl exchange, then it would be meaningful.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 4 Quanah Gibson-Mount 2011-11-04 20:26:41 UTC

changed notes
changed state Test to Release

Comment 5 Quanah Gibson-Mount 2011-11-28 18:34:54 UTC

changed notes
changed state Release to Closed

Comment 6 OpenLDAP project 2014-08-01 21:04:55 UTC

added in HEAD
added in RE24