Using that method, I was able to promote my consumer. Thanks again.
Today, I tried (and failed) to disable replication on a consumer. Either
I don't understand how to disable replication (which is entirely
possible), or the replication-disabling-function of the scripts is also
broken.
When done with cockpit, using the red "Disable" button on the
Replication screen seems to kill the instance of directory without
affecting its replication status. Replication is still enabled when I
restart the instance.
When I tried to disable with dsconf, I got similar results. The
directory stops, but replication is still enabled when I restart it.
I ran:
> dsconf -v -D "cn=Directory Manager" ldap://localhost:1389 replication disable --suffix o=foo.bar.com
and the instance listening on port 1389 disappeared, and the error log
contained:
> [03/Aug/2021:15:15:24.090599240 -0800] - DEBUG - PBKDF2_SHA256 - Comparing password
> [03/Aug/2021:15:15:24.136930743 -0800] - DEBUG - replication - copy_operation_parameters - replica is null.
> [03/Aug/2021:15:15:24.139180666 -0800] - WARN - NSMMReplicationPlugin - replica_config_delete - The changelog for replica o=foo.bar.com is no longer valid since the replica config is being deleted. Removing the changelog.
and the output of dsconf was:
> DEBUG: The 389 Directory Server Configuration Tool
> DEBUG: Inspired by works of: ITS, The University of Adelaide
> DEBUG: dsrc path: /root/.dsrc
> DEBUG: dsrc container path: /data/config/container.inf
> DEBUG: dsrc instances: []
> DEBUG: dsrc no such section: slapd-ldap://localhost:1389
> DEBUG: Called with: Namespace(basedn=None, binddn='cn=Directory Manager', bindpw=None, func=<function disable_replication at 0x7f1b96485a60>, instance='ldap://localhost:1389', json=False, prompt=False, pwdfile=None, starttls=False, suffix='o=foo.bar.com', verbose=True)
> DEBUG: Instance details: {'uri': 'ldap://localhost:1389', 'basedn': None, 'binddn': 'cn=Directory Manager', 'bindpw': None, 'saslmech': None, 'tls_cacertdir': None, 'tls_cert': None, 'tls_key': None, 'tls_reqcert': None, 'starttls': False, 'prompt': False, 'pwdfile': None, 'args': {'ldapurl': 'ldap://localhost:1389', 'root-dn': 'cn=Directory Manager'}}
> DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
> DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
> Enter password for cn=Directory Manager on ldap://localhost:1389:
> DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
> DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
> DEBUG: open(): Connecting to uri ldap://localhost:1389
> DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-{instance_name}
> DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
> DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
> DEBUG: Using /etc/openldap/ldap.conf certificate policy
> DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2
> DEBUG: open(): bound as cn=Directory Manager
> DEBUG: Retrieving entry with [('',)]
> DEBUG: Retrieved entry [dn:
> vendorVersion: 389-Directory/1.4.4.16 B2021.175.1723
>
> ]
> DEBUG: _gen_selector filter = (&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=o=foo.bar.com)))
> DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config getVal('nsDS5ReplicaRoot')
> DEBUG: list filter = (&(objectclass=nsds5replicationagreement))
> DEBUG: list filter = (&(objectclass=nsDSWindowsReplicationAgreement))
> DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config delete
> DEBUG: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}
> Traceback (most recent call last):
> File "/sbin/dsconf", line 134, in <module>
> result = args.func(inst, None, log, args)
> File "/usr/lib/python3.6/site-packages/lib389/cli_conf/replication.py", line 236, in disable_replication
> replica.delete()
> File "/usr/lib/python3.6/site-packages/lib389/replica.py", line 1351, in delete
> return super(Replica, self).delete()
> File "/usr/lib/python3.6/site-packages/lib389/_mapped_object.py", line 825, in delete
> self._instance.delete_ext_s(self._dn, serverctrls=self._server_controls, clientctrls=self._client_controls, escapehatch='i am sure')
> File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
> return f(*args, **kwargs)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 562, in delete_ext_s
> resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
> File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
> return f(*args, **kwargs)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in result3
> resp_ctrl_classes=resp_ctrl_classes
> File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
> return f(*args, **kwargs)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in result4
> ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
> File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
> return f(*args, **kwargs)
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in _ldap_call
> reraise(exc_type, exc_value, exc_traceback)
> File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in reraise
> raise exc_value
> File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in _ldap_call
> result = func(*args,**kwargs)
> ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}
> ERROR: Error: -1 - Can't contact LDAP server - []
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston@alaska.gov
Department of Administration
State of Alaska
On 8/2/2021 3:35 PM, Mark Reynolds wrote:
> Looks like there might be some patch missing on the 1.4.4 branch because
> dsconf should not be trying to create the changelog.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment