Project

General

Profile

Actions

Bug #15120

closed

Error after upgrade from 4.1 to 5.0 on RPM because slapd is not restarted: apiAuthorizationKind: attribute type undefined

Added by Nicolas CHARLES over 5 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

[2019-06-25 09:34:58] ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to modify entry 'apiAccountId=a92b486d-379a-4e96-b2e8-b1ac6f7fd4a5,ou=API Accounts,ou=Rudder,cn=rudder-configuration'.  Reported exception was: apiAuthorizationKind: attribute type undefined
com.unboundid.ldap.sdk.LDAPException: apiAuthorizationKind: attribute type undefined
        at com.unboundid.ldap.sdk.LDAPConnection.modify(LDAPConnection.java:2867)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$modifyAction$3(LDAPConnection.scala:539)
        at scala.util.control.Exception$Catch.apply(Exception.scala:224)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$modifyAction$1(LDAPConnection.scala:539)
        at com.normation.ldap.sdk.RwLDAPConnection.applyMod(LDAPConnection.scala:487)
        at com.normation.ldap.sdk.RwLDAPConnection.$anonfun$applyModify$2(LDAPConnection.scala:545)
        at com.normation.ldap.sdk.RwLDAPConnection.save(LDAPConnection.scala:602)
        at bootstrap.liftweb.checks.CheckApiTokenAutorizationKind.$anonfun$checks$2(CheckApiTokenAutorizationKind.scala:79)
        at bootstrap.liftweb.checks.CheckApiTokenAutorizationKind.$anonfun$checks$2$adapted(CheckApiTokenAutorizationKind.scala:73)
        at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:58)

Slapd was not correctly restarted, log says:

  Mise à jour  : 1398866025:rudder-inventory-ldap-5.0.12.rc1.git201906250320-1.EL.7.x86_64                                                                                                                                               4/24 
warning: /opt/rudder/etc/openldap/slapd.conf created as /opt/rudder/etc/openldap/slapd.conf.rpmnew
INFO: Setting rudder-slapd as a boot service...rudder-slapd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig rudder-slapd on
 Done
INFO: Restarting rudder-slapd... Done

but

# ps afux | grep slap
root     12779  0.0  0.0 112680   968 pts/0    S+   10:06   0:00                          \_ grep --color=auto slap
root     10619  0.0  2.9 105367048 44824 ?     Ssl  07:42   0:02 /opt/rudder/libexec/slapd -h ldap://localhost:389 -n rudder-slapd -f /opt/rudder/etc/openldap/slapd.conf

it can also cause error at acceptance of inventories

 ERROR com.normation.ldap.sdk.RwLDAPConnection - Exception ignored (by configuration) when trying to add entry 'networkInterface=eth2,nodeId=bfcf227a-d296-41a5-b073-9476b1647f1a,ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration'.  Reported exception was: networkSubnet: attribute type undefined

Actions #1

Updated by Nicolas CHARLES over 5 years ago

most likely happens also on sles

Actions #2

Updated by Nicolas CHARLES over 5 years ago

  • Subject changed from Error after upgrade from 4.1 to 5.0 on RHEL7: apiAuthorizationKind: attribute type undefined to Error after upgrade from 4.1 to 5.0 on RPM because slapd is not restarted: apiAuthorizationKind: attribute type undefined
Actions #3

Updated by Nicolas CHARLES over 5 years ago

journalctl says

juin 25 09:33:42 server systemd[1]: Starting LSB: OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5900]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5905]: [OK] virtual memory limit set to unlimited
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] virtual memory limit set to unlimited
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP configuration test...
juin 25 09:33:42 server rudder-slapd[5906]: [INFO] Launching OpenLDAP configuration test...
juin 25 09:33:42 server rudder-slapd[5913]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd[5913]: [INFO] Using /etc/default/rudder-slapd for configuration
juin 25 09:33:42 server rudder-slapd[5921]: [OK] OpenLDAP configuration test successful
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] OpenLDAP configuration test successful
juin 25 09:33:42 server rudder-slapd[5922]: [INFO] Launching OpenLDAP replication...
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP replication...
juin 25 09:33:42 server rudder-slapd[5923]: [INFO] no replica found in configuration, aborting lauching slurpd
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] no replica found in configuration, aborting lauching slurpd
juin 25 09:33:42 server rudder-slapd[5924]: [INFO] no db_recover done
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] no db_recover done
juin 25 09:33:42 server rudder-slapd[5925]: [INFO] Launching OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [INFO] Launching OpenLDAP...
juin 25 09:33:42 server rudder-slapd[5926]: [OK] file descriptor limit set to 1024
juin 25 09:33:42 server rudder-slapd[5887]: rudder-slapd: [OK] file descriptor limit set to 1024
juin 25 09:33:43 server rudder-slapd[5928]: @(#) $OpenLDAP: slapd 2.4.46 (Jun 25 2019 03:44:54) $
                                                    root@centos-builder-7-64:/usr/src/rudder-packages/package/BUILD/openldap-source/servers/slapd
juin 25 09:33:43 server rudder-slapd[5928]: daemon: bind(7) failed errno=98 (Address already in use)
juin 25 09:33:43 server rudder-slapd[5928]: daemon: bind(7) failed errno=98 (Address already in use)
juin 25 09:33:43 server rudder-slapd[5928]: slapd stopped.
juin 25 09:33:43 server slapd[5928]: connections_destroy: nothing to destroy.
juin 25 09:33:44 server rudder-slapd[5931]: [OK] OpenLDAP started on port 389 and 636
juin 25 09:33:44 server rudder-slapd[5887]: rudder-slapd: [OK] OpenLDAP started on port 389 and 636
juin 25 09:33:44 server rudder-slapd[5932]: [INFO] Prefetching data for cache warmup
juin 25 09:33:44 server rudder-slapd[5887]: rudder-slapd: [INFO] Prefetching data for cache warmup
juin 25 09:33:44 server systemd[1]: Started LSB: OpenLDAP.

but given that the process was started a 7:42, this is a lie

Actions #4

Updated by Nicolas CHARLES over 5 years ago

Ok, the issue is that systemctl restart rudder-slapd doesn't restart it, because it doesn't know it's running, as it's been started by services
from man command

       restart PATTERN...
           Restart one or more units specified on the command line. If the units are not running yet, they will be started.

Actions #5

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #6

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1972
Actions #7

Updated by Rudder Quality Assistant over 5 years ago

  • Assignee changed from Alexis Mousset to Nicolas CHARLES
Actions #8

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #9

Updated by Nicolas CHARLES over 5 years ago

  • Fix check changed from To do to Checked
Actions #10

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.12 which was released today.

Actions

Also available in: Atom PDF