Project

General

Profile

Actions

Bug #8000

closed

Bug #6780: Node not included in dynamic group due to openldap bug with modrdn not showing node children

Broken LDAP on Rudder nightly

Added by Alexis Mousset about 8 years ago. Updated about 8 years ago.

Status:
Released
Priority:
1
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

When installing Rudder 3.1 nightly on CentOS 7, rudder-init gets stuck:

root     14815  0.0  0.1 113388  1768 ?        S    15:41   0:00  |                   \_ /bin/sh /usr/local/bin/rudder-setup setup-server 3.1-nightly
root     16213  0.0  0.1 113120  1576 ?        S    15:43   0:00  |                       \_ /bin/bash /opt/rudder/bin/rudder-init.sh server no yes yes 192.168.45.0/24
root     16307  0.1  0.7  77140 11860 ?        Ss   15:43   0:01  |                           \_ cf-agent -b propagatePromises,install_rsyslogd,root_component_check
root     16864  0.0  0.0   9508  1148 ?        S    15:43   0:00  |                               \_ sh -c /sbin/service rudder-slapd restart </dev/null >/dev/null 2>/dev/null
root     16865  0.0  0.1 113248  1688 ?        S    15:43   0:00  |                                   \_ /bin/sh /sbin/service rudder-slapd restart
root     16873  0.0  0.1  11740  1656 ?        S    15:43   0:00  |                                       \_ /bin/sh /etc/init.d/rudder-slapd restart
root     16910  0.0 10.9 1370744 167656 ?      S    15:43   0:00  |                                           \_ /opt/rudder/sbin/slapcat -b cn=rudder-configuration -f /opt/rudder/etc/openldap/slapd.conf -l /var/rudder/ldap/backup/openldap-data-20160229154334.ldif
root@server:/home/vagrant# strace -p 16910
Process 16910 attached
futex(0x7fc2c47f20d4, FUTEX_WAIT, 1, NULL

Added slapcat debug logs during rudder-init and after killing the slapcat process.

Does not happen on CentOS 6 but the logs say:

==> centos6_server: Running rudder-init.sh...
==> centos6_server: Done.
==> centos6_server: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Which is also unexpected.


Files

after-kill.log (107 KB) after-kill.log Alexis Mousset, 2016-02-29 17:32
during-rudder-init.log (107 KB) during-rudder-init.log Alexis Mousset, 2016-02-29 17:32
Actions #1

Updated by Nicolas CHARLES about 8 years ago

  • Priority changed from N/A to 1

Happens also on Debian
But on debian, slapd works for a few seconds, then fails
slapcat get stuck in mid-output

Actions #2

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from New to In progress
  • Assignee set to Jonathan CLARKE
  • Target version changed from 3.1.7 to 2.11.19
  • Parent task set to #6780

This is a direct result of the OpenLDAP patch I introduced in #6780.

In short, that patch adds a check to see if any entry added to a hdb tree has children, and if so resets some related idlcache entries to avoid the orginal bug from #6780. However, it turns out that the function used to check if the entry has children (hdb_dn2id_children) segfaults while trying to update an internal statistic because it's containing struct is not initialized.

The fix is trivial: if there's no internal structure to update it, don't try.

Actions #3

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/894
Actions #4

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #5

Updated by Nicolas CHARLES about 8 years ago

  • Subject changed from Broken LDAP after install of 3.1 on CentOS 7 to Broken LDAP on Rudder nightly
Actions #6

Updated by Vincent MEMBRÉ about 8 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.19, 3.0.14, 3.1.8 and 3.2.1 which were released today.

Actions

Also available in: Atom PDF