ipa-ods-enforcer: stop must also stop the socket

ipa-ods-enforcer is a socket-activated service. In order to fully stop the service, IPA needs to call systemctl stop ipa-ods-enforcer.service ipa-ods-enforcer.socket otherwise the socket remains active (listening) and can restart the service. A consequence of the issue is the backup / uninstall / restore scenario that is failing to sign the zones. The uninstaller removes the socket /run/opendnssec/engine.sock but leaves the ipa-ods-enforcer.socket active. A subsequent restore or install will not re-create the socket. Fixes: https://pagure.io/freeipa/issue/9613 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2024-06-27 15:42:47 +02:00 · 2024-06-27 15:42:47 +02:00 · 2f902efd0e
commit 2f902efd0e
parent 90b22ff888
1 changed files with 4 additions and 0 deletions
--- a/ipaplatform/base/services.py
+++ b/ipaplatform/base/services.py
@ -290,6 +290,10 @@ class SystemdService(PlatformService):
        # https://bugzilla.redhat.com/show_bug.cgi?id=973331#c11
        if instance == "ipa-otpd.socket":
            args.append("--ignore-dependencies")
+        # ipa-ods-exporter is socket-activated, both the service and the
+        # socket have to be stopped
+        if instance == "ipa-ods-exporter.service":
+            args.append("ipa-ods-exporter.socket")

        ipautil.run(args, skip_output=not capture_output)