[389-users] Re: Unable to promote a replica

Tue, 03 Aug 2021 16:26:59 -0700 

Using that method, I was able to promote my consumer. Thanks again.
Today, I tried (and failed) to disable replication on a consumer. Either I don't understand how to disable replication (which is entirely possible), or the replication-disabling-function of the scripts is also broken.
When done with cockpit, using the red "Disable" button on the Replication screen seems to kill the instance of directory without affecting its replication status. Replication is still enabled when I restart the instance.
When I tried to disable with dsconf, I got similar results. The directory stops, but replication is still enabled when I restart it. 

I ran:


dsconf -v -D "cn=Directory Manager" ldap://localhost:1389 replication disable 
--suffix o=foo.bar.com
and the instance listening on port 1389 disappeared, and the error log contained: 


[03/Aug/2021:15:15:24.090599240 -0800] - DEBUG - PBKDF2_SHA256 - Comparing 
password
[03/Aug/2021:15:15:24.136930743 -0800] - DEBUG - replication - 
copy_operation_parameters - replica is null.
[03/Aug/2021:15:15:24.139180666 -0800] - WARN - NSMMReplicationPlugin - 
replica_config_delete - The changelog for replica o=foo.bar.com is no longer 
valid since the replica config is being deleted.  Removing the changelog.


and the output of dsconf was:


DEBUG: The 389 Directory Server Configuration Tool
DEBUG: Inspired by works of: ITS, The University of Adelaide
DEBUG: dsrc path: /root/.dsrc
DEBUG: dsrc container path: /data/config/container.inf
DEBUG: dsrc instances: []
DEBUG: dsrc no such section: slapd-ldap://localhost:1389
DEBUG: Called with: Namespace(basedn=None, binddn='cn=Directory Manager', 
bindpw=None, func=<function disable_replication at 0x7f1b96485a60>, 
instance='ldap://localhost:1389', json=False, prompt=False, pwdfile=None, 
starttls=False, suffix='o=foo.bar.com', verbose=True)
DEBUG: Instance details: {'uri': 'ldap://localhost:1389', 'basedn': None, 
'binddn': 'cn=Directory Manager', 'bindpw': None, 'saslmech': None, 
'tls_cacertdir': None, 'tls_cert': None, 'tls_key': None, 'tls_reqcert': None, 
'starttls': False, 'prompt': False, 'pwdfile': None, 'args': {'ldapurl': 
'ldap://localhost:1389', 'root-dn': 'cn=Directory Manager'}}
DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
Enter password for cn=Directory Manager on ldap://localhost:1389:
DEBUG: SER_SERVERID_PROP not provided, assuming non-local instance
DEBUG: Allocate <class 'lib389.DirSrv'> with ldap://localhost:1389
DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
DEBUG: Allocate <class 'lib389.DirSrv'> with server1.foo.bar.com:389
DEBUG: open(): Connecting to uri ldap://localhost:1389
DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using /etc/openldap/ldap.conf certificate policy
DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2
DEBUG: open(): bound as cn=Directory Manager
DEBUG: Retrieving entry with [('',)]
DEBUG: Retrieved entry [dn:
vendorVersion: 389-Directory/1.4.4.16 B2021.175.1723

]
DEBUG: _gen_selector filter = 
(&(&(objectclass=nsds5Replica))(|(nsDS5ReplicaRoot=o=foo.bar.com)))
DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config 
getVal('nsDS5ReplicaRoot')
DEBUG: list filter = (&(objectclass=nsds5replicationagreement))
DEBUG: list filter = (&(objectclass=nsDSWindowsReplicationAgreement))
DEBUG: cn=replica,cn=o\3Dfoo.bar.com,cn=mapping tree,cn=config delete
DEBUG: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}
Traceback (most recent call last):
  File "/sbin/dsconf", line 134, in <module>
    result = args.func(inst, None, log, args)
  File "/usr/lib/python3.6/site-packages/lib389/cli_conf/replication.py", line 
236, in disable_replication
    replica.delete()
  File "/usr/lib/python3.6/site-packages/lib389/replica.py", line 1351, in 
delete
    return super(Replica, self).delete()
  File "/usr/lib/python3.6/site-packages/lib389/_mapped_object.py", line 825, 
in delete
    self._instance.delete_ext_s(self._dn, serverctrls=self._server_controls, 
clientctrls=self._client_controls, escapehatch='i am sure')
  File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
    return f(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 562, in 
delete_ext_s
    resp_type, resp_data, resp_msgid, resp_ctrls = 
self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
    return f(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 767, in 
result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
    return f(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 774, in 
result4
    ldap_result = 
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 173, in inner
    return f(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 340, in 
_ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib64/python3.6/site-packages/ldap/compat.py", line 46, in reraise
    raise exc_value
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in 
_ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': 
[]}
ERROR: Error: -1 - Can't contact LDAP server - []




--
Do things because you should, not just because you can.

John Thurston    907-465-8591
[email protected]
Department of Administration
State of Alaska

On 8/2/2021 3:35 PM, Mark Reynolds wrote:

Looks like there might be some patch missing on the 1.4.4 branch because
dsconf should not be trying to create the changelog.

_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to