Tuesday, August 3, 2021

[389-users] Re: Unable to promote a replica

On 8/3/21 7:26 PM, John Thurston wrote:
> Using that method, I was able to promote my consumer. Thanks again.
>
> Today, I tried (and failed) to disable replication on a consumer.
> Either I don't understand how to disable replication (which is
> entirely possible), or the replication-disabling-function of the
> scripts is also broken.
>
> When done with cockpit, using the red "Disable" button on the
> Replication screen seems to kill the instance of directory without
> affecting its replication status. Replication is still enabled when I
> restart the instance.

Are you saying the server is crashing when trying to disable
replication?  If it is can you please get a stack trace of the core dump?

https://www.port389.org/docs/389ds/FAQ/faq.html#sts=Debugging%C2%A0Crashes

I was just disabling replication in the UI (which uses dsconf) on
389-ds-base-2.0.7 as it was fine.  Something must be really off with
1.4.4 (and you are on the latest version of 1.4.4)  :-(

Mark

>
> When I tried to disable with dsconf, I got similar results. The
> directory stops, but replication is still enabled when I restart it.
>
> I ran:
>
>> dsconf -v -D "cn=Directory Manager" ldap://localhost:1389 replication
>> disable --suffix o=foo.bar.com
>
> and the instance listening on port 1389 disappeared, and the error log
> contained:
>
>> [03/Aug/2021:15:15:24.090599240 -0800] - DEBUG - PBKDF2_SHA256 -
>> Comparing password
>> [03/Aug/2021:15:15:24.136930743 -0800] - DEBUG - replication -
>> copy_operation_parameters - replica is null.
>> [03/Aug/2021:15:15:24.139180666 -0800] - WARN - NSMMReplicationPlugin
>> - replica_config_delete - The changelog for replica o=foo.bar.com is
>> no longer valid since the replica config is being deleted.  Removing
>> the changelog.
>
> and the output of dsconf was:
>
>> DEBUG: The 389 Directory Server Configuration Tool
>> DEBUG: Inspired by works of: ITS, The University of Adelaide
>> DEBUG: dsrc path: /root/.dsrc
>> DEBUG: dsrc container path: /data/config/container.inf
>> DEBUG: dsrc instances: []
>> DEBUG: dsrc no such section: slapd-ldap://localhost:1389
>> DEBUG: Called with: Namespace(basedn=None, binddn='cn=Directory
>> Manager', bindpw=None, func=<function disable_replication at
>> 0x7f1b96485a60>, instance='ldap://localhost:1389', json=False,
>> prompt=False, pwdfile=None, starttls=False, suffix='o=foo.bar.com',
>> verbose=True)
>> DEBUG: Instance details: {'uri': 'ldap://localhost:1389', 'basedn':
>> None, 'binddn': 'cn=Directory Manager', 'bindpw': None, 'saslmech':
>> None, 'tls_cacertdir': None, 'tls_cert': None, 'tls_key': None,
>> 'tls_reqcert': None, 'starttls': False, 'prompt': False, 'pwdfile':
>> None, 'args': {'ldapurl': 'ldap://localhost:1389', 'root-dn':
>> 'cn=Directory Manager'}}
>> DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
>> DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
>> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
>> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
>> Enter password for cn=Directory Manager on ldap://localhost:1389:
>> DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
>> DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
>> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
>> DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
>> DEBUG: open(): Connecting to uri ldap://localhost:1389
>> DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-{instance_name}
>> DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
>> DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
>> DEBUG: Using /etc/openldap/ldap.conf certificate policy
>> DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2
>> DEBUG: open(): bound as cn=Directory Manager
>> DEBUG: Retrieving entry with [('',)]
>> DEBUG: Retrieved entry [dn:
>> vendorVersion: 389-Directory/1.4.4.16 B2021.175.1723
>>
>> ]
>> DEBUG: _gen_selector filter =
>> (&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=o=foo.bar.com)))
>> DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config
>> getVal('nsDS5ReplicaRoot')
>> DEBUG: list filter = (&(objectclass=nsds5replicationagreement))
>> DEBUG: list filter = (&(objectclass=nsDSWindowsReplicationAgreement))
>> DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config delete
>> DEBUG: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}
>> Traceback (most recent call last):
>>   File "/sbin/dsconf", line 134, in <module>
>>     result = args.func(inst, None, log, args)
>>   File
>> "/usr/lib/python3.6/site-packages/lib389/cli_conf/replication.py",
>> line 236, in disable_replication
>>     replica.delete()
>>   File "/usr/lib/python3.6/site-packages/lib389/replica.py", line
>> 1351, in delete
>>     return super(Replica, self).delete()
>>   File "/usr/lib/python3.6/site-packages/lib389/_mapped_object.py",
>> line 825, in delete
>>     self._instance.delete_ext_s(self._dn,
>> serverctrls=self._server_controls, clientctrls=self._client_controls,
>> escapehatch='i am sure')
>>   File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line
>> 173, in inner
>>     return f(*args, **kwargs)
>>   File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line
>> 562, in delete_ext_s
>>     resp_type, resp_data, resp_msgid, resp_ctrls =
>> self.result3(msgid,all=1,timeout=self.timeout)
>>   File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line
>> 173, in inner
>>     return f(*args, **kwargs)
>>   File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line
>> 767, in result3
>>     resp_ctrl_classes=resp_ctrl_classes
>>   File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line
>> 173, in inner
>>     return f(*args, **kwargs)
>>   File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line
>> 774, in result4
>>     ldap_result =
>> self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
>>   File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line
>> 173, in inner
>>     return f(*args, **kwargs)
>>   File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line
>> 340, in _ldap_call
>>     reraise(exc_type, exc_value, exc_traceback)
>>   File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46,
>> in reraise
>>     raise exc_value
>>   File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line
>> 324, in _ldap_call
>>     result = func(*args,**kwargs)
>> ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server",
>> 'ctrls': []}
>> ERROR: Error: -1 - Can't contact LDAP server - []
>
>
>
> --
> Do things because you should, not just because you can.
>
> John Thurston    907-465-8591
> John.Thurston@alaska.gov
> Department of Administration
> State of Alaska
>
> On 8/2/2021 3:35 PM, Mark Reynolds wrote:
>> Looks like there might be some patch missing on the 1.4.4 branch because
>> dsconf should not be trying to create the changelog.
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure

--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment