Hide Forgot
Description of problem: With IPA / IdM installed, stopping the kadmin.service makes the state of the service Active: failed (Result: exit-code) since Wed 2016-09-07 08:07:39 EDT; 2s ago Version-Release number of selected component (if applicable): krb5-server-1.14.1-26.el7.x86_64 How reproducible: Deterministic. Steps to Reproduce: 1. yum install ipa-server-dns 2. ipa-server-install with some options 3. systemctl stop kadmin.service 4. systemctl status kadmin.service -l Actual results: ● kadmin.service - Kerberos 5 Password-changing and Administration Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2016-09-07 08:07:39 EDT; 2s ago Process: 8987 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=0/SUCCESS) Main PID: 8988 (code=exited, status=2) Sep 07 08:06:38 ipa.example.test systemd[1]: Starting Kerberos 5 Password-changing and Administration... Sep 07 08:06:38 ipa.example.test systemd[1]: Started Kerberos 5 Password-changing and Administration. Sep 07 08:07:39 ipa.example.test systemd[1]: Stopping Kerberos 5 Password-changing and Administration... Sep 07 08:07:39 ipa.example.test systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT Sep 07 08:07:39 ipa.example.test systemd[1]: Stopped Kerberos 5 Password-changing and Administration. Sep 07 08:07:39 ipa.example.test systemd[1]: Unit kadmin.service entered failed state. Sep 07 08:07:39 ipa.example.test systemd[1]: kadmin.service failed. Expected results: No failed. Additional info:
I fails on RHEL 7.2 with krb5-server-1.13.2-10.el7.x86_64 as well.
I'm a bit confused what you're asking for here. Our service file is really simple; we don't do any mangling of return codes or anything from kadmind. Additionally, return code from kadmind is not defined. This is especially true in the case where it dies from signal, which is the normal exit route. What information do you think is being lost here?
The ability to say "all is clean and fine on the system" is lost. When you run systemctl, you see red bullet next to this service. When you run systemctl status, it will say State: degraded When you run systemctl status kadmin, it says Active: failed but it should not be failed -- it should be marked inactive (dead) like all other services seem to do.
We haven't done anything special to our service. It is literally this: [Service] Type=forking PIDFile=/var/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmin ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecReload=/bin/kill -HUP $MAINPID where _kadmind execs kadmind. It matches krb5kdc, which is presumably working correctly. If someone who knows more about systemd knows what's wrong here, I'm happy to fix it, but to my untrained eye I think you have a "behavior" in systemd.
If the exit status 2 marks correct exit, then something like SuccessExitStatus=2 is probably called for.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3071