Bug #18763
closed'5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted' after migration to 6.2
Description
When migrating to rudder 6.2, everything went fine but when openldap was restarting, I got several message like in the title:
5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETNODEHOSTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETPOLICYSERVERID" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETLOCALADMINISTRATORACCOUNTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETAGENTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETSYSTEMVARIABLE" inserted. 5fd350e5 UNKNOWN attributeDescription "SYSTEMVARIABLE" inserted. 5fd350e5 UNKNOWN attributeDescription "WRITTENTIMESTAMP" inserted. 5fd350e5 UNKNOWN attributeDescription "ISMODIFIED" inserted. 5fd350e5 UNKNOWN attributeDescription "LASTUPDATETIMESTAMP" inserted.
Updated by François ARMAND about 4 years ago
- Related to User story #17227: Prevent removal of 'system' global and group properties added
Updated by François ARMAND about 4 years ago
Reason is that in #17227 we removed some old (3.x old) attribute definition from LDAP schema. For old rudder, even if unused, some entries which uses these attributes can still exists. OpenLDAP then complains that it does not know what the attribute is.
Updated by François ARMAND about 4 years ago
If you are in that case (hey congrats, you're a very old time user!), you can get rid of these messages by:
1/ adding back the removed attribute/class definition.
Edit /opt/rudder/etc/openldap/schema/rudder.schema
and add at the end:
attributetype ( RudderAttributes:101 NAME 'targetPolicyServerId' DESC 'The identifier of a Node policy server' SUP uuid ) attributetype ( RudderAttributes:207 NAME 'lastUpdateTimestamp' DESC 'Last date when the item was updated' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch ) attributetype ( RudderAttributes:209 NAME 'writtenTimestamp' DESC 'Last date when the item was written' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch ) attributetype ( RudderAttributes:211 NAME 'isModified' DESC 'Define if the server is modified and should be processed as such or if it is up to date. Default to false if not specified' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( RudderAttributes:220 NAME 'systemVariable' DESC 'The current system variables of a node' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ) attributetype ( RudderAttributes:221 NAME 'targetSystemVariable' DESC 'The target system variables of a node' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ) attributetype ( RudderAttributes:222 NAME 'targetName' DESC 'Host name of the server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( RudderAttributes:223 NAME 'targetNodeHostname' DESC 'Host name of the server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( RudderAttributes:224 NAME 'targetAgentName' DESC 'List of name of the agent (Nova, Community, ...)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( RudderAttributes:225 NAME 'targetLocalAdministratorAccountName' DESC 'The local administrator account name (login) on the node' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( RudderAttributes:227 NAME 'parameter' DESC 'The current parameters applied to a node' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SUBSTR caseIgnoreSubstringsMatch ) attributetype ( RudderAttributes:228 NAME 'targetParameter' DESC 'The target parameters applied to a node' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseExactMatch SUBSTR caseIgnoreSubstringsMatch ) attributetype ( RudderAttributes:303 NAME 'overridable' DESC 'Define if the parameter may be overriden' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) objectclass ( RudderObjectClasses:101 NAME 'nodeConfiguration' DESC 'The mapping of the node configuration, a container for promises' SUP top STRUCTURAL MUST ( nodeId $ isPolicyServer ) MAY ( cn $ description $ isModified $ lastUpdateTimestamp $ writtenTimestamp $ targetName $ localAdministratorAccountName $ targetLocalAdministratorAccountName $ nodeHostname $ targetNodeHostname $ policyServerId $ targetPolicyServerId $ agentName $ targetAgentName $ systemVariable $ targetSystemVariable $ parameter $ targetParameter ) ) objectclass ( RudderObjectClasses:102 NAME 'rootPolicyServerNodeConfiguration' SUP nodeConfiguration DESC 'The ROOT policy server of an Rudder Domain' ) #cn is the policy name for the directive objectClass ( RudderObjectClasses:103 NAME 'abstractDirectiveNodeConfiguration' DESC 'An abstract instance of a Directive' SUP top ABSTRACT MUST ( techniqueId ) MAY ( lastUpdateTimestamp $ description $ ruleTarget $ directiveVariable $ isEnabled $ isSystem $ serial $ directivePriority $ techniqueId $ techniqueVersion $ ruleId ) ) objectclass ( RudderObjectClasses:104 NAME 'directiveNodeConfiguration' DESC 'An instance of a policy' SUP abstractDirectiveNodeConfiguration STRUCTURAL MUST ( directiveId ) ) objectclass ( RudderObjectClasses:105 NAME 'targetDirectiveNodeConfiguration' DESC 'An instance of a target state for a directive' SUP abstractDirectiveNodeConfiguration STRUCTURAL MUST ( targetdirectiveId ) )
2/ restart slapd
3/ find culprit entries and delete them:
3.1/ find them:
ENTRIES=$(ldapsearch -LLL -o ldif-wrap=no -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX -b "cn=rudder-configuration" -s sub "(|(objectClass=abstractDirectiveNodeConfiguration)(objectClass=directiveNodeConfiguration)(objectClass=targetDirectiveNodeConfiguration)(objectClass=nodeConfiguration))" "1.1" | sed -e "s/dn: //")
With "XXXX" replaced by your actual password.
3.2/ check that it looks lile dn:
echo $ENTRIES
3.3/ delete them:
Before actual deletion, you should backup your LDAP, just in case: https://docs.rudder.io/reference/6.1/administration/procedures.html#_backup
Then, delete:
for i in $(echo ${ENTRIES}); do if [ -n "$i" ]; then ldapdelete -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX $i; fi; done
Most likely, they are all under ou=Nodes Configuration,cn=rudder-configuration
and you can delete that branche enterily (but not the new cn=Nodes Configuration,cn=rudder-configuration
- ie, cn
in plance of ou
. The cn is the new one, still in use)
You can get errors if entries are not sorted starting by leaf. Do the above command several times if needed.
Updated by Benoît PECCATTE almost 3 years ago
- Category set to Web - Nodes & inventories
- Target version set to 6.2.13
Updated by Alexis Mousset almost 3 years ago
- Status changed from New to Rejected
Closing as it should be infrequent and the ticket contains a workaround.
Updated by Benoît PECCATTE almost 3 years ago
Slapd fails to start wit this workaround, remove those lines from the schema because they are duplicate
attributetype ( RudderAttributes:303 NAME 'overridable' DESC 'Define if the parameter may be overriden' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )