Hi,
We recently had a failure causing an IPA server to experience an
immediate powerloss. When the server power was switched back on, the
dirsrv service refused to start. The following we're logged in
journalctl.
Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]:
[19/Apr/2022:10:58:13.757492036 +0200] - INFO - dse_check_file - The
config /etc/dirsrv/slapd-REDACTED/dse.ldif can not be accessed.
Attempting restore ... (reason: 0)
Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]:
[19/Apr/2022:10:58:13.757544913 +0200] - ERR - dse_check_file - The
backup file /etc/dirsrv/slapd-REDACTED/dse.ldif.bak has zero length,
refusing to restore it.
Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]:
[19/Apr/2022:10:58:13.757548466 +0200] - ERR - slapd_bootstrap_config -
No valid configurations can be accessed! You must restore
/etc/dirsrv/slapd-REDACTED/dse.ldif from backup!
Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]:
[19/Apr/2022:10:58:13.757551275 +0200] - EMERG - main - The
configuration files in directory /etc/dirsrv/slapd-REDACTED could not be
read or were not found. Please refer to the error log or output for
more info
Upon further troubleshooting we discovered that
/etc/dirsrv/slapd-REDACTED/dse.ldif was missing, and
/etc/dirsrv/slapd-REDACTED/dse.ldif.backup was 0 bytes long. The
dse.ldif.startOK file is still there, however it is now over 2 months
old.
# ls -la dse.ldif.*
-rw-------. 1 dirsrv dirsrv 0 Apr 11 14:42 dse.ldif.bak
-rw-------. 1 dirsrv root 173135 Feb 9 13:33
dse.ldif.ipa.dd88c8e1bbf92a7c
-rw-rw----. 1 dirsrv root 194829 Feb 9 13:33 dse.ldif.modified.out
-rw-------. 1 dirsrv dirsrv 226867 Feb 17 11:41 dse.ldif.startOK
When inspecting some of our other still running IPA servers, the
difference between the dse.ldif and the dse.ldif.startOK displays
updates to modifyTimestamp and nsState on entries such as:
dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
dn: cn=uniqueid generator,cn=config
dn: cn=abort cleanallruv,cn=tasks,cn=config
dn: cn=automember export updates,cn=tasks,cn=config
dn: cn=automember rebuild membership,cn=tasks,cn=config
dn: cn=backup,cn=tasks,cn=config
dn: cn=cleanallruv,cn=tasks,cn=config
dn: cn=compact db,cn=tasks,cn=config
dn: cn=des2aes,cn=tasks,cn=config
dn: cn=entryuuid task,cn=tasks,cn=config
... and the list goes on ...
I would presume the list on the faulty IPA server to be similar if I
still had the files available for comparison.
What is the recommended action to enable the faulty IPA server to
successfully start the dirsrv service?
Regards,
Siggi
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
