Project

General

Profile

Bug #15120

Error after upgrade from 4.1 to 5.0 on RPM because slapd is not restarted: apiAuthorizationKind: attribute type undefined

Added by Nicolas CHARLES 6 months ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

[2019-06-25 09:34:58] ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to modify entry 'apiAccountId=a92b486d-379a-4e96-b2e8-b1ac6f7fd4a5,ou=API Accounts,ou=Rudder,cn=rudder-configuration'.  Reported exception was: apiAuthorizationKind: attribute type undefined
com.unboundid.ldap.sdk.LDAPException: apiAuthorizationKind: attribute type undefined
        at com.unboundid.ldap.sdk.LDAPConnection.modify(LDAPConnection.java:2867)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$modifyAction$3(LDAPConnection.scala:539)
        at scala.util.control.Exception$Catch.apply(Exception.scala:224)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$modifyAction$1(LDAPConnection.scala:539)
        at com.normation.ldap.sdk.RwLDAPConnection.applyMod(LDAPConnection.scala:487)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$applyModify$2(LDAPConnection.scala:545)
        at com.normation.ldap.sdk.RwLDAPConnection.save(LDAPConnection.scala:602)
        at bootstrap.liftweb.checks.CheckApiTokenAutorizationKind.$anonfun$checks$2(CheckApiTokenAutorizationKind.scala:79)
        at bootstrap.liftweb.checks.CheckApiTokenAutorizationKind.$anonfun$checks$2$adapted(CheckApiTokenAutorizationKind.scala:73)
        at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:58)

Slapd was not correctly restarted, log says:

  Mise à jour  : 1398866025:rudder-inventory-ldap-5.0.12.rc1.git201906250320-1.EL.7.x86_64                                                                                                                                               4/24 
warning: /opt/rudder/etc/openldap/slapd.conf created as /opt/rudder/etc/openldap/slapd.conf.rpmnew
INFO: Setting rudder-slapd as a boot service...rudder-slapd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig rudder-slapd on
 Done
INFO: Restarting rudder-slapd... Done

but

# ps afux | grep slap
root     12779  0.0  0.0 112680   968 pts/0    S+   10:06   0:00                          \_ grep --color=auto slap
root     10619  0.0  2.9 105367048 44824 ?     Ssl  07:42   0:02 /opt/rudder/libexec/slapd -h ldap://localhost:389 -n rudder-slapd -f /opt/rudder/etc/openldap/slapd.conf

it can also cause error at acceptance of inventories

 ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to add entry 'networkInterface=eth2,nodeId=bfcf227a-d296-41a5-b073-9476b1647f1a,ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration'.  Reported exception was: networkSubnet: attribute type undefined

Associated revisions

Revision 54c26986 (diff)
Added by Nicolas CHARLES 6 months ago

Fixes #15120: Error after upgrade from 4.1 to 5.0 on RPM because slapd is not restarted: apiAuthorizationKind: attribute type undefined

History

#1

Updated by Nicolas CHARLES 6 months ago

most likely happens also on sles

#2

Updated by Nicolas CHARLES 6 months ago

  • Subject changed from Error after upgrade from 4.1 to 5.0 on RHEL7: apiAuthorizationKind: attribute type undefined to Error after upgrade from 4.1 to 5.0 on RPM because slapd is not restarted: apiAuthorizationKind: attribute type undefined
#3

Updated by Nicolas CHARLES 6 months ago

journalctl says

juin 25 09:33:42 server systemd[1]: Starting LSB: OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5900]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5905]: [OK] virtual memory limit set to unlimited
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] virtual memory limit set to unlimited
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP configuration test...
juin 25 09:33:42 server rudder-slapd[5906]: [INFO] Launching OpenLDAP configuration test...
juin 25 09:33:42 server rudder-slapd[5913]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd[5913]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5921]: [OK] OpenLDAP configuration test successful
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] OpenLDAP configuration test successful
juin 25 09:33:42 server rudder-slapd[5922]: [INFO] Launching OpenLDAP replication...
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP replication...
juin 25 09:33:42 server rudder-slapd[5923]: [INFO] no replica found in configuration, aborting lauching slurpd
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] no replica found in configuration, aborting lauching slurpd
juin 25 09:33:42 server rudder-slapd[5924]: [INFO] no db_recover done
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] no db_recover done
juin 25 09:33:42 server rudder-slapd[5925]: [INFO] Launching OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5926]: [OK] file descriptor limit set to 1024
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] file descriptor limit set to 1024
juin 25 09:33:43 server rudder-slapd[5928]: @(#) $OpenLDAP: slapd 2.4.46 (Jun 25 2019 03:44:54) $
                                                    root@centos-builder-7-64:/usr/src/rudder-packages/package/BUILD/openldap-source/servers/slapd
juin 25 09:33:43 server rudder-slapd[5928]: daemon: bind(7) failed errno=98 (Address already in use)
juin 25 09:33:43 server rudder-slapd[5928]: daemon: bind(7) failed errno=98 (Address already in use)
juin 25 09:33:43 server rudder-slapd[5928]: slapd stopped.
juin 25 09:33:43 server slapd[5928]: connections_destroy: nothing to destroy.
juin 25 09:33:44 server rudder-slapd[5931]: [OK] OpenLDAP started on port 389 and 636
juin 25 09:33:44 server rudder-slapd[5887]: rudder-slapd: [OK] OpenLDAP started on port 389 and 636
juin 25 09:33:44 server rudder-slapd[5932]: [INFO] Prefetching data for cache warmup
juin 25 09:33:44 server rudder-slapd[5887]: rudder-slapd: [INFO] Prefetching data for cache warmup
juin 25 09:33:44 server systemd[1]: Started LSB: OpenLDAP.

but given that the process was started a 7:42, this is a lie

#4

Updated by Nicolas CHARLES 6 months ago

Ok, the issue is that systemctl restart rudder-slapd doesn't restart it, because it doesn't know it's running, as it's been started by services
from man command

       restart PATTERN...
           Restart one or more units specified on the command line. If the units are not running yet, they will be started.

#5

Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
#6

Updated by Nicolas CHARLES 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1972
#7

Updated by Rudder Quality Assistant 5 months ago

  • Assignee changed from Alexis MOUSSET to Nicolas CHARLES
#8

Updated by Nicolas CHARLES 5 months ago

  • Status changed from Pending technical review to Pending release
#10

Updated by Vincent MEMBRÉ 5 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.12 which was released today.

Also available in: Atom PDF