Actions
Bug #18763
closed
'5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted' after migration to 6.2
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
Description
When migrating to rudder 6.2, everything went fine but when openldap was restarting, I got several message like in the title:
5fd350e5 UNKNOWN attributeDescription "TARGETNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETNODEHOSTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETPOLICYSERVERID" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETLOCALADMINISTRATORACCOUNTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETAGENTNAME" inserted. 5fd350e5 UNKNOWN attributeDescription "TARGETSYSTEMVARIABLE" inserted. 5fd350e5 UNKNOWN attributeDescription "SYSTEMVARIABLE" inserted. 5fd350e5 UNKNOWN attributeDescription "WRITTENTIMESTAMP" inserted. 5fd350e5 UNKNOWN attributeDescription "ISMODIFIED" inserted. 5fd350e5 UNKNOWN attributeDescription "LASTUPDATETIMESTAMP" inserted.
Updated by François ARMAND almost 4 years ago
- Related to User story #17227: Prevent removal of 'system' global and group properties added
Updated by François ARMAND almost 4 years ago
Reason is that in #17227 we removed some old (3.x old) attribute definition from LDAP schema. For old rudder, even if unused, some entries which uses these attributes can still exists. OpenLDAP then complains that it does not know what the attribute is.
Updated by François ARMAND almost 4 years ago
If you are in that case (hey congrats, you're a very old time user!), you can get rid of these messages by:
1/ adding back the removed attribute/class definition.
Edit /opt/rudder/etc/openldap/schema/rudder.schema and add at the end:
attributetype ( RudderAttributes:101
NAME 'targetPolicyServerId'
DESC 'The identifier of a Node policy server'
SUP uuid )
attributetype ( RudderAttributes:207
NAME 'lastUpdateTimestamp'
DESC 'Last date when the item was updated'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch )
attributetype ( RudderAttributes:209
NAME 'writtenTimestamp'
DESC 'Last date when the item was written'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch )
attributetype ( RudderAttributes:211
NAME 'isModified'
DESC 'Define if the server is modified and should be processed as such or if it is up to date. Default to false if not specified'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( RudderAttributes:220
NAME 'systemVariable'
DESC 'The current system variables of a node'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch )
attributetype ( RudderAttributes:221
NAME 'targetSystemVariable'
DESC 'The target system variables of a node'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch )
attributetype ( RudderAttributes:222
NAME 'targetName'
DESC 'Host name of the server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( RudderAttributes:223
NAME 'targetNodeHostname'
DESC 'Host name of the server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( RudderAttributes:224
NAME 'targetAgentName'
DESC 'List of name of the agent (Nova, Community, ...)'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( RudderAttributes:225
NAME 'targetLocalAdministratorAccountName'
DESC 'The local administrator account name (login) on the node'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( RudderAttributes:227
NAME 'parameter'
DESC 'The current parameters applied to a node'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch )
attributetype ( RudderAttributes:228
NAME 'targetParameter'
DESC 'The target parameters applied to a node'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch )
attributetype ( RudderAttributes:303
NAME 'overridable'
DESC 'Define if the parameter may be overriden'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
objectclass ( RudderObjectClasses:101
NAME 'nodeConfiguration'
DESC 'The mapping of the node configuration, a container for promises'
SUP top
STRUCTURAL
MUST ( nodeId $ isPolicyServer )
MAY ( cn $ description $ isModified $
lastUpdateTimestamp $ writtenTimestamp $
targetName $
localAdministratorAccountName $ targetLocalAdministratorAccountName $
nodeHostname $ targetNodeHostname $
policyServerId $ targetPolicyServerId $
agentName $ targetAgentName $
systemVariable $ targetSystemVariable $
parameter $ targetParameter ) )
objectclass ( RudderObjectClasses:102
NAME 'rootPolicyServerNodeConfiguration'
SUP nodeConfiguration
DESC 'The ROOT policy server of an Rudder Domain' )
#cn is the policy name for the directive
objectClass ( RudderObjectClasses:103
NAME 'abstractDirectiveNodeConfiguration'
DESC 'An abstract instance of a Directive'
SUP top
ABSTRACT
MUST ( techniqueId )
MAY ( lastUpdateTimestamp $
description $ ruleTarget $ directiveVariable $
isEnabled $ isSystem $ serial $ directivePriority $
techniqueId $ techniqueVersion $
ruleId ) )
objectclass ( RudderObjectClasses:104
NAME 'directiveNodeConfiguration'
DESC 'An instance of a policy'
SUP abstractDirectiveNodeConfiguration
STRUCTURAL
MUST ( directiveId ) )
objectclass ( RudderObjectClasses:105
NAME 'targetDirectiveNodeConfiguration'
DESC 'An instance of a target state for a directive'
SUP abstractDirectiveNodeConfiguration
STRUCTURAL
MUST ( targetdirectiveId ) )
2/ restart slapd
3/ find culprit entries and delete them:
3.1/ find them:
ENTRIES=$(ldapsearch -LLL -o ldif-wrap=no -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX -b "cn=rudder-configuration" -s sub "(|(objectClass=abstractDirectiveNodeConfiguration)(objectClass=directiveNodeConfiguration)(objectClass=targetDirectiveNodeConfiguration)(objectClass=nodeConfiguration))" "1.1" | sed -e "s/dn: //")
With "XXXX" replaced by your actual password.
3.2/ check that it looks lile dn:
echo $ENTRIES
3.3/ delete them:
Before actual deletion, you should backup your LDAP, just in case: https://docs.rudder.io/reference/6.1/administration/procedures.html#_backup
Then, delete:
for i in $(echo ${ENTRIES}); do if [ -n "$i" ]; then ldapdelete -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w XXXX $i; fi; done
Most likely, they are all under ou=Nodes Configuration,cn=rudder-configuration and you can delete that branche enterily (but not the new cn=Nodes Configuration,cn=rudder-configuration - ie, cn in plance of ou. The cn is the new one, still in use)
You can get errors if entries are not sorted starting by leaf. Do the above command several times if needed.
Updated by Benoît PECCATTE almost 3 years ago
- Category set to Web - Nodes & inventories
- Target version set to 6.2.13
Updated by Alexis Mousset almost 3 years ago
- Status changed from New to Rejected
Closing as it should be infrequent and the ticket contains a workaround.
Updated by Benoît PECCATTE over 2 years ago
Slapd fails to start wit this workaround, remove those lines from the schema because they are duplicate
attributetype ( RudderAttributes:303 NAME 'overridable' DESC 'Define if the parameter may be overriden' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
Actions