Project

General

Profile

Actions

Bug #16432

closed

slapd configuration is not correctly updated during migration from 5.0 to 6.0

Added by François ARMAND about 5 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
N/A
Category:
System integration
Target version:
-
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
63
Name check:
To do
Fix check:
To do
Regression:

Description

When migrating Rudder from 5.0 to 6.0 (on centos 7, but no reason it will be better elsewhere), slapd won't start anymore.

First, it complains about right access to /opt/rudder/run/slapd.pid. It's because the line about it was removed from /opt/rudder/etc/openldap/slapd.conf.

It's because we have a new /opt/rudder/etc/openldap/slapd.conf.rpmnew.

Beut then, you move /opt/rudder/etc/openldap/slapd.conf.rpmnew to /opt/rudder/etc/openldap/slapd.conf, we still have authorisation errors:

Dec 18 12:40:30 server systemd[1]: Starting Rudder OpenLDAP Server Daemon...
Dec 18 12:40:30 server rudder-slapd[11392]: @(#) $OpenLDAP: slapd 2.4.47 (Dec 15 2019 01:39:55) $
                                                    root@centos-builder-7-64:/usr/src/rudder-packages/package/SOURCES/openldap-source/servers/slapd
Dec 18 12:40:30 server rudder-slapd[11392]: could not open config file "/opt/rudder/etc/openldap/slapd.conf": Permission denied (13)
Dec 18 12:40:30 server rudder-slapd[11392]: rudder-slapd destroy: freeing system resources.
Dec 18 12:40:30 server rudder-slapd[11392]: slapd stopped.

The file exists and is readable, and I tested with "setenforce 0".

I needed to gave read rights to "others" to be able to start slapd.


Subtasks 1 (0 open1 closed)

Bug #16437: rudder-webapp postinst tries to stop slapd instead of preinstReleasedBenoît PECCATTEActions
Actions #1

Updated by François ARMAND about 5 years ago

  • Subject changed from Missing migration script 5.0 to 6.0 for slapd to slapd configuration is not correctly updated during migration from 5.0 to 6.0
Actions #2

Updated by Félix DALLIDET about 5 years ago

On debian upgrade I had package dependencies conflicts which I did not understand.

root@server:/vagrant# apt-get install rudder-server-root
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libpython2.7
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
  libapache2-mod-wsgi-py3 libpython3.5 libpython3.5-minimal libpython3.5-stdlib python3-bs4 python3-chardet python3-html5lib python3-lxml python3-pkg-resources python3-requests python3-six
  python3-urllib3 python3-webencodings python3.5 python3.5-minimal rudder-agent rudder-reports rudder-server-relay rudder-webapp
Suggested packages:
  python3-genshi python3-lxml-dbg python-lxml-doc python3-setuptools python3-cryptography python3-idna python3-openssl python3-socks python3.5-venv python3.5-doc binfmt-support
The following packages will be REMOVED:
  libapache2-mod-wsgi ncf ncf-api-virtualenv rudder-inventory-endpoint rudder-inventory-ldap rudder-jetty rudder-techniques
The following NEW packages will be installed:
  libapache2-mod-wsgi-py3 libpython3.5 python3-bs4 python3-chardet python3-html5lib python3-lxml python3-pkg-resources python3-requests python3-six python3-urllib3 python3-webencodings
The following packages will be upgraded:
  libpython3.5-minimal libpython3.5-stdlib python3.5 python3.5-minimal rudder-agent rudder-reports rudder-server-relay rudder-server-root rudder-webapp
9 upgraded, 11 newly installed, 7 to remove and 149 not upgraded.
Need to get 133 MB of archives.
After this operation, 51.3 MB disk space will be freed.
Do you want to continue? [Y/n] Y
Get:1 http://ftp.fr.debian.org/debian stretch/main amd64 python3.5 amd64 3.5.3-1+deb9u1 [229 kB]
Get:2 http://repository.rudder.io/apt/6.0-nightly stretch/main amd64 rudder-server-root all 6.0.1~rc1~git201912180215-debian9 [3,316 B]
Get:3 http://repository.rudder.io/apt/6.0-nightly stretch/main amd64 rudder-webapp amd64 6.0.1~rc1~git201912180215-debian9 [117 MB]
Get:4 http://ftp.fr.debian.org/debian stretch/main amd64 python3.5-minimal amd64 3.5.3-1+deb9u1 [1,691 kB]
Get:5 http://ftp.fr.debian.org/debian stretch/main amd64 libpython3.5-stdlib amd64 3.5.3-1+deb9u1 [2,167 kB]
Get:6 http://ftp.fr.debian.org/debian stretch/main amd64 libpython3.5-minimal amd64 3.5.3-1+deb9u1 [573 kB]                                                                                   
Get:7 http://ftp.fr.debian.org/debian stretch/main amd64 python3-six all 1.10.0-3 [14.4 kB]                                                                                                   
Get:8 http://ftp.fr.debian.org/debian stretch/main amd64 python3-urllib3 all 1.19.1-1 [77.6 kB]                                                                                               
Get:9 http://ftp.fr.debian.org/debian stretch/main amd64 python3-pkg-resources all 33.1.1-1 [137 kB]                                                                                          
Get:10 http://ftp.fr.debian.org/debian stretch/main amd64 python3-chardet all 2.3.0-2 [96.0 kB]                                                                                               
Get:11 http://ftp.fr.debian.org/debian stretch/main amd64 python3-requests all 2.12.4-1 [101 kB]                                                                                              
Get:12 http://ftp.fr.debian.org/debian stretch/main amd64 python3-lxml amd64 3.7.1-1 [900 kB]                                                                                                 
Get:13 http://ftp.fr.debian.org/debian stretch/main amd64 libpython3.5 amd64 3.5.3-1+deb9u1 [1,372 kB]                                                                                        
Get:14 http://ftp.fr.debian.org/debian stretch/main amd64 libapache2-mod-wsgi-py3 amd64 4.5.11-1 [92.2 kB]                                                                                    
Get:15 http://ftp.fr.debian.org/debian stretch/main amd64 python3-bs4 all 4.5.3-1 [86.6 kB]                                                                                                   
Get:16 http://ftp.fr.debian.org/debian stretch/main amd64 python3-webencodings all 0.5-2 [10.4 kB]                                                                                            
Get:17 http://ftp.fr.debian.org/debian stretch/main amd64 python3-html5lib all 0.999999999-1 [86.3 kB]                                                                                        
Get:18 http://repository.rudder.io/apt/6.0-nightly stretch/main amd64 rudder-reports all 6.0.1~rc1~git201912180215-debian9 [8,376 B]                                                          
Get:19 http://repository.rudder.io/apt/6.0-nightly stretch/main amd64 rudder-agent amd64 6.0.1~rc1~git201912180215-debian9 [5,773 kB]                                                         
Get:20 http://repository.rudder.io/apt/6.0-nightly stretch/main amd64 rudder-server-relay amd64 6.0.1~rc1~git201912180215-debian9 [2,254 kB]                                                  
Fetched 133 MB in 1min 41s (1,308 kB/s)                                                                                                                                                       
Reading changelogs... Done
Preconfiguring packages ...
dpkg: ncf-api-virtualenv: dependency problems, but removing anyway as you requested:
 rudder-webapp depends on ncf-api-virtualenv (= 5.0.15-debian9).

(Reading database ... 47414 files and directories currently installed.)
Removing ncf-api-virtualenv (5.0.15-debian9) ...
dpkg: ncf: dependency problems, but removing anyway as you requested:
 rudder-techniques depends on ncf (= 5.0.15-debian9).
etc...

The root problem seems to come from rudder-webapp which does not install /opt/rudder/etc/rudder-slapd.conf and is sourced by /etc/init.d/rudder-slapd.
A potential fix is to copy the /opt/rudder/etc/rudder-slapd.conf from another install (a 5.0 one) on the faulty server, and run "apt --fix-broken install".
It prompted several errors (duplicated body def in cf-engine, most likely due to upgrade conflict). Which are auto fixed by the packaging which falls back to initial-promises.
And then everything seem to work.

I have no idea of the impact of the /opt/rudder/etc/rudder-slapd.conf file since a fresh install of 6.0 does not need it.

Actions #3

Updated by François ARMAND about 5 years ago

  • Description updated (diff)
Actions #4

Updated by François ARMAND over 3 years ago

  • Status changed from New to Rejected
  • Priority changed from 76 to 63

5.0 is no more supported and we did a lot of cleaning and reliability enhancement on that in 6.1 and 6.2.

Actions

Also available in: Atom PDF