Re: Problems Setting up 1.0.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Richard Megginson wrote:
> Sergey Ivanov wrote:
>> For me it was a problem with ownership of directories in
>> /opt/fedora-ds/slapd-<name>/ tree. logs, locks and config ownership was
>> changed by upgrade process to root. So the ns-slpad process was unable
>> to start. Also the file
>> /opt/fedora-ds/slapd-<name>/config/dse.ldif.startOK was there in the
>> way, being unable to deleted, - lack of permissions.
>>   
> Very odd.  It doesn't appear that setup does this, the chown is done in
> the server itself:
> main.c:
> fix_ownership()
> {
>    struct passwd* pw=NULL;
>    char dirname[MAXPATHLEN + 1];
> 
>    slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
> 
> 
>    if ( slapdFrontendConfig->localuser != NULL )  {
>            if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL )
>              return;
> localuser should be "nobody" or the uid of the server user.  So one
> possible problem is that if this is set to "root" for some reason.
>    }
>    else {
>        return;
>    }
> 
>    /* The instance directory needs to be owned by the local user */
>    slapd_chown_if_not_owner( slapdFrontendConfig->instancedir,
> pw->pw_uid, -1 );
> instancedir is "/opt/fedora-ds/slapd-instance"
>   
> PR_snprintf(dirname,sizeof(dirname),"%s/config",slapdFrontendConfig->instancedir);
> 
>    chown_dir_files(dirname, pw, PR_FALSE); /* config directory */
>    chown_dir_files(slapdFrontendConfig->accesslog, pw, PR_TRUE); /* do
> access log directory */
>    chown_dir_files(slapdFrontendConfig->auditlog, pw, PR_TRUE);  /* do
> audit log directory */
>    chown_dir_files(slapdFrontendConfig->errorlog, pw, PR_TRUE);  /* do
> error log directory */
> 
> chown_dir_files chowns the directory and all of the files in it (does
> not recurse).  If given a file name, it will strip off the file name
> (PR_TRUE).
> 
> It would appear that the only way this can happen is if either
> slapdFrontendConfig->localuser is "root" or getpwnam(
> slapdFrontendConfig->localuser ) returns uid 0.  If someone can come up
> with a reproducible test case, please let me know.  So far, I've just
> done simple fds102 install followed by upgrade to fds103 on RHEL4 using
> the default values.  I cannot reproduce this problem.
> 
> }
> 
> 
Hi Richard,
I have upgraded yesterday the last of my ldap servers. The most
difficult problem there is described in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213626
And this problem with ownership and permission denied was reproduced
once more. I have screenlog of the session, and logs of admin and ldap
servers. Also I see a file /opt/fedora-ds/setup/myinstall.inf with the
following contents:
---
[General]
FullMachineName=   <hostname>
SuiteSpotUserID=   root
SuitespotGroup=   root
ServerRoot=   /opt/fedora-ds
ConfigDirectoryLdapURL=  \ ldap://<hostname>.<domainname>:389/o=NetscapeRoot
ConfigDirectoryAdminID=   admin
AdminDomain=   <domainname>
ConfigDirectoryAdminPwd=   <password>

[admin]
ServerAdminID=   admin
ServerAdminPwd=   <password>
SysUser=   root
Port=   18080
ServerIpAddress=
---
Is this 'root' in [admin] part of this file connected to the problem?

I also attach a snippet from screen session log, with ip addresses,
passwords and host/domain names replaced.
-- 
	With best regards,
		Sergey Ivanov.

[root@<hostname> fedora-ds]# netstat -tlpn |grep 636
tcp        0      0 ::ffff:10.0.0.<ip>:636      :::*                        LISTEN      15481/ns-slapd
[root@<hostname> fedora-ds]# netstat -tlpn |grep 389
tcp        0      0 ::ffff:10.0.0.<ip>:389      :::*                        LISTEN      15481/ns-slapd
[root@<hostname> opt]# rpm -Uvh /data/users/seriv/fedora-ds/downloads/fedora-ds-1.0.3-1.RHEL4.x86_64.opt.rpm
Preparing...                ########################################### [100%]
        package fedora-ds-1.0.3-1.RHEL4 is already installed
[root@<hostname> opt]# rpm -Uvh /data/users/seriv/fedora-ds/downloads/fedora-ds-1.0.3-1.RHEL4.x86_64.opt.rpm --force
Preparing...                ########################################### [100%]
   1:fedora-ds              ########################################### [100%]

Upgrade finished.  Please run /opt/fedora-ds/setup/setup to complete the upgrade.
[root@<hostname> opt]# netstat -tlpn |grep 636
[root@<hostname> opt]# netstat -tlpn |grep 389
[root@<hostname> opt]# pwd
/opt
[root@<hostname> opt]# cd fedora-ds
[root@<hostname> fedora-ds]# setup/setup
INFO Begin Setup . . .



LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
FEDORA(TM) DIRECTORY SERVER
[contents skipped]

Do you accept the license terms? (yes/no) yes
=======================================================================
                       Fedora Directory Server 1.0.3
=======================================================================

The Fedora Directory Server is subject to the terms detailed in the
license agreement file called LICENSE.txt.

Late-breaking news and information on the Fedora Directory Server is
available at the following location:

    http://directory.fedora.redhat.com

Continue? (yes/no) yes
No ns-slapd PID file found. Server is probably not running
/opt/fedora-ds/slapd-<hostname>/config/dse.ldif: SSL off ...
In order to reconfigure your installation, the Configuration Directory
Administrator password is required.  Here is your current information:

Configuration Directory: ldap://<hostname>.<domainname>:389/o=NetscapeRoot
Configuration Administrator ID: admin

At the prompt, please enter the password for the Configuration Administrator.

administrator ID: admin
Password: <password>
Converting slapd-<hostname> to new format password file . . .
Copying new schema ldiffiles . . .
Starting slapd-<hostname> . . .

[slapd-<hostname>]: starting up server ...
[slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.)
[slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] - slapd started.  Listening on 10.0.0.<ip> port 389 for LDAP requests

NMC_Status: 0
NMC_Description: Success! The server has been started.

Start Slapd Starting Slapd server reconfiguration.
Fatal Slapd ERROR: Could not find Directory Server Configuration
URL ldap://<hostname>.<domainname>:389/o=NetscapeRoot user id admin DN cn=<hostname>.<domainname>, ou=<domainname>, o=NetscapeRoot (153:Unknown error)
Configuring Administration Server...
InstallInfo: Apache Directory "ApacheDir" is missing.
/opt/fedora-ds/slapd-<hostname>/config/dse.ldif: SSL on ...
Restarting Directory Server: /opt/fedora-ds/slapd-<hostname>/start-slapd
Server failed to start !!! Please check errors log for problems

You can now use the console.  Here is the command to use to start the console:
cd /opt/fedora-ds
./startconsole -u admin -a http://<hostname>.<domainname>:18080/

INFO Finished with setup, logfile is setup/setup.log
[root@<hostname> fedora-ds]# netstat -tlpn |grep 636
[root@<hostname> fedora-ds]# netstat -tlpn |grep 389
[root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
No ns-slapd PID file found. Server is probably not running
Server failed to start !!! Please check errors log for problems
[root@<hostname> fedora-ds]# tail -n 22 slapd-<hostname>/logs/errors
[01/Nov/2006:22:34:31 -0500] - slapd shutting down - closing down internal subsystems and plugins
[01/Nov/2006:22:34:35 -0500] - Waiting for 4 database threads to stop
[01/Nov/2006:22:34:36 -0500] - All database threads now stopped
[01/Nov/2006:22:34:38 -0500] - slapd stopped.
[01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Net
scape Portable Runtime error -5961 (TCP connection reset by peer.)
[01/Nov/2006:22:36:26 -0500] - slapd started.  Listening on 10.0.0.<ip> port 389 for LDAP requests
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - signaling operation threads
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - waiting for 29 threads to terminate
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - closing down internal subsystems and plugins
[01/Nov/2006:22:36:27 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:28 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:29 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:30 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:31 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:32 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:32 -0500] - Waiting for 4 database threads to stop
[01/Nov/2006:22:36:33 -0500] - All database threads now stopped
[01/Nov/2006:22:36:33 -0500] - slapd stopped.
[01/Nov/2006:22:36:34 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:36:34 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
 error 17 (File exists)
[01/Nov/2006:22:37:08 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:37:08 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
 error 17 (File exists)
[root@<hostname> fedora-ds]# ls -al slapd-<hostname>/config/
total 424
drwxr-xr-x   4 root   root    4096 Nov  1 22:37 .
drwxr-xr-x  12 nobody root    4096 Nov  1 22:37 ..
-rw-r--r--   1 nobody root   57967 Nov  1 22:36 dse.ldif
-rw-r--r--   2 nobody root   57969 Nov  1 22:36 dse.ldif.bak
-rw-r--r--   2 nobody root   57969 Nov  1 22:36 dse.ldif.startOK
-rw-------   1 nobody root   33781 Aug 29 11:17 dse_original.ldif
drwxr-xr-x   2 nobody root    4096 Nov  1 22:37 schema
drwxr-xr-x   2 nobody root    4096 Nov  1 01:43 schema-bak
-rw-r--r--   1 nobody root    5400 Aug 29 11:17 slapd-collations.conf
[root@<hostname> fedora-ds]# chown nobody slapd-<hostname>/config
[root@<hostname> fedora-ds]# mv slapd-<hostname>/config/dse.ldif.startOK .
[root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
No ns-slapd PID file found. Server is probably not running
Server failed to start !!! Please check errors log for problems
[root@<hostname> fedora-ds]# tail -n 22 slapd-<hostname>/logs/errors
[01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Net
scape Portable Runtime error -5961 (TCP connection reset by peer.)
[01/Nov/2006:22:36:26 -0500] - slapd started.  Listening on 10.0.0.<ip> port 389 for LDAP requests
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - signaling operation threads
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - waiting for 29 threads to terminate
[01/Nov/2006:22:36:27 -0500] - slapd shutting down - closing down internal subsystems and plugins
[01/Nov/2006:22:36:27 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:28 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:29 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:30 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:31 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:32 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
[01/Nov/2006:22:36:32 -0500] - Waiting for 4 database threads to stop
[01/Nov/2006:22:36:33 -0500] - All database threads now stopped
[01/Nov/2006:22:36:33 -0500] - slapd stopped.
[01/Nov/2006:22:36:34 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:36:34 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
 error 17 (File exists)
[01/Nov/2006:22:37:08 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[01/Nov/2006:22:37:08 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
 error 17 (File exists)
[01/Nov/2006:22:38:49 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
[root@<hostname> fedora-ds]# netstat -tlpn |grep 389
[root@<hostname> fedora-ds]# netstat -tlpn |grep 636
[root@<hostname> fedora-ds]# ls -al slapd-<hostname>/logs/
total 32468
drwx------   2 root   root       4096 Nov  1 22:36 .
drwxr-xr-x  12 nobody root       4096 Nov  1 22:38 ..
-rw-------   1 nobody root   33124743 Nov  1 22:36 access
-rw-------   1 nobody root         63 Oct 31 23:40 access.rotationinfo
-rw-------   1 nobody root          0 Oct 31 23:40 audit
-rw-------   1 nobody root         63 Oct 31 23:40 audit.rotationinfo
-rw-------   1 nobody root      18211 Nov  1 22:38 errors
-rw-------   1 nobody root         63 Oct 31 23:40 errors.rotationinfo
-rw-r--r--   1 nobody nobody     1952 Nov  1 22:36 slapd.stats
[root@<hostname> fedora-ds]# chown nobody:nobody slapd-<hostname>/logs
[root@<hostname> fedora-ds]# chown nobody:nobody slapd-<hostname>/logs/*
[root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
No ns-slapd PID file found. Server is probably not running
[root@<hostname> fedora-ds]# netstat -tlpn |grep 636
tcp        0      0 ::ffff:10.0.0.<ip>:636      :::*                        LISTEN      15481/ns-slapd
[root@<hostname> fedora-ds]# netstat -tlpn |grep 389
tcp        0      0 ::ffff:10.0.0.<ip>:389      :::*                        LISTEN      15481/ns-slapd

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux