Project

General

Profile

Actions

Bug #18763

closed

'5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted' after migration to 6.2

Added by François ARMAND about 4 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Web - Nodes & inventories
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

When migrating to rudder 6.2, everything went fine but when openldap was restarting, I got several message like in the title:

5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted.
5fd350e5 UNKNOWN attributeDescription "TARGETNODEHOSTNAME" inserted.
5fd350e5 UNKNOWN attributeDescription "TARGETPOLICYSERVERID" inserted.
5fd350e5 UNKNOWN attributeDescription "TARGETLOCALADMINISTRATORACCOUNTNAME" inserted.
5fd350e5 UNKNOWN attributeDescription "TARGETAGENTNAME" inserted.
5fd350e5 UNKNOWN attributeDescription "TARGETSYSTEMVARIABLE" inserted.
5fd350e5 UNKNOWN attributeDescription "SYSTEMVARIABLE" inserted.
5fd350e5 UNKNOWN attributeDescription "WRITTENTIMESTAMP" inserted.
5fd350e5 UNKNOWN attributeDescription "ISMODIFIED" inserted.
5fd350e5 UNKNOWN attributeDescription "LASTUPDATETIMESTAMP" inserted.

Related issues 1 (0 open1 closed)

Related to Rudder - User story #17227: Prevent removal of 'system' global and group propertiesReleasedVincent MEMBRÉActions
Actions #1

Updated by François ARMAND about 4 years ago

  • Related to User story #17227: Prevent removal of 'system' global and group properties added
Actions #2

Updated by François ARMAND about 4 years ago

Reason is that in #17227 we removed some old (3.x old) attribute definition from LDAP schema. For old rudder, even if unused, some entries which uses these attributes can still exists. OpenLDAP then complains that it does not know what the attribute is.

Actions #3

Updated by François ARMAND about 4 years ago

If you are in that case (hey congrats, you're a very old time user!), you can get rid of these messages by:

1/ adding back the removed attribute/class definition.
Edit /opt/rudder/etc/openldap/schema/rudder.schema and add at the end:

attributetype ( RudderAttributes:101
  NAME 'targetPolicyServerId'
  DESC 'The identifier of a Node policy server'
  SUP uuid )

attributetype ( RudderAttributes:207
  NAME 'lastUpdateTimestamp'
  DESC 'Last date when the item was updated'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch )

attributetype ( RudderAttributes:209
  NAME 'writtenTimestamp'
  DESC 'Last date when the item was written'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch )

attributetype ( RudderAttributes:211
  NAME 'isModified'
  DESC 'Define if the server is modified and should be processed as such or if it is up to date. Default to false if not specified'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  )

attributetype ( RudderAttributes:220
  NAME 'systemVariable'
  DESC 'The current system variables of a node'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch )

attributetype ( RudderAttributes:221
  NAME 'targetSystemVariable'
  DESC 'The target system variables of a node'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch )

attributetype ( RudderAttributes:222
  NAME 'targetName'
  DESC 'Host name of the server'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( RudderAttributes:223
  NAME 'targetNodeHostname'
  DESC 'Host name of the server'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( RudderAttributes:224
  NAME 'targetAgentName'
  DESC 'List of name of the agent (Nova, Community, ...)'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( RudderAttributes:225
  NAME 'targetLocalAdministratorAccountName'
  DESC 'The local administrator account name (login) on the node'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

attributetype ( RudderAttributes:227
  NAME 'parameter'
  DESC 'The current parameters applied to a node'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  EQUALITY caseExactMatch
  SUBSTR caseIgnoreSubstringsMatch )

attributetype ( RudderAttributes:228
  NAME 'targetParameter'
  DESC 'The target parameters applied to a node'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  EQUALITY caseExactMatch
  SUBSTR caseIgnoreSubstringsMatch )

attributetype ( RudderAttributes:303
  NAME 'overridable'
  DESC 'Define if the parameter may be overriden'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  )

objectclass ( RudderObjectClasses:101
  NAME 'nodeConfiguration'
  DESC 'The mapping of the node configuration, a container for promises'
  SUP top
  STRUCTURAL
  MUST ( nodeId $ isPolicyServer )
  MAY ( cn $ description $ isModified $
        lastUpdateTimestamp $ writtenTimestamp $
        targetName $
        localAdministratorAccountName $ targetLocalAdministratorAccountName $
        nodeHostname $ targetNodeHostname $
        policyServerId $ targetPolicyServerId $
        agentName $ targetAgentName $
        systemVariable $ targetSystemVariable $
        parameter $ targetParameter  ) )

objectclass ( RudderObjectClasses:102
  NAME 'rootPolicyServerNodeConfiguration'
  SUP  nodeConfiguration
  DESC 'The ROOT policy server of an Rudder Domain' )

#cn is the policy name for the directive
objectClass ( RudderObjectClasses:103
  NAME 'abstractDirectiveNodeConfiguration'
  DESC 'An abstract instance of a Directive'
  SUP top
  ABSTRACT
  MUST ( techniqueId )
  MAY ( lastUpdateTimestamp $
        description $ ruleTarget $ directiveVariable $
        isEnabled $ isSystem $ serial $ directivePriority $
        techniqueId $ techniqueVersion $
        ruleId ) )

objectclass ( RudderObjectClasses:104
  NAME 'directiveNodeConfiguration'
  DESC 'An instance of a policy'
  SUP abstractDirectiveNodeConfiguration
  STRUCTURAL
  MUST ( directiveId ) )

objectclass ( RudderObjectClasses:105
  NAME 'targetDirectiveNodeConfiguration'
  DESC 'An instance of a target state for a directive'
  SUP abstractDirectiveNodeConfiguration
  STRUCTURAL
  MUST ( targetdirectiveId ) )

2/ restart slapd

3/ find culprit entries and delete them:

3.1/ find them:

ENTRIES=$(ldapsearch -LLL -o ldif-wrap=no -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX -b "cn=rudder-configuration" -s sub "(|(objectClass=abstractDirectiveNodeConfiguration)(objectClass=directiveNodeConfiguration)(objectClass=targetDirectiveNodeConfiguration)(objectClass=nodeConfiguration))" "1.1" | sed -e "s/dn: //")

With "XXXX" replaced by your actual password.

3.2/ check that it looks lile dn:

echo $ENTRIES

3.3/ delete them:

Before actual deletion, you should backup your LDAP, just in case: https://docs.rudder.io/reference/6.1/administration/procedures.html#_backup
Then, delete:

for i in $(echo ${ENTRIES}); do if [ -n "$i" ]; then ldapdelete -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX $i; fi; done

Most likely, they are all under ou=Nodes Configuration,cn=rudder-configuration and you can delete that branche enterily (but not the new cn=Nodes Configuration,cn=rudder-configuration - ie, cn in plance of ou. The cn is the new one, still in use)

You can get errors if entries are not sorted starting by leaf. Do the above command several times if needed.

Actions #4

Updated by Benoît PECCATTE almost 3 years ago

  • Category set to Web - Nodes & inventories
  • Target version set to 6.2.13
Actions #5

Updated by Alexis Mousset almost 3 years ago

  • Status changed from New to Rejected

Closing as it should be infrequent and the ticket contains a workaround.

Actions #6

Updated by Benoît PECCATTE almost 3 years ago

Slapd fails to start wit this workaround, remove those lines from the schema because they are duplicate

attributetype ( RudderAttributes:303
  NAME 'overridable'
  DESC 'Define if the parameter may be overriden'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7  )
Actions

Also available in: Atom PDF