Your message dated Sat, 12 Aug 2017 16:17:11 +0000 with message-id <e1dgz67-0008jx...@fasolo.debian.org> and subject line Bug#868753: fixed in openldap 2.4.44+dfsg-5+deb9u1 has caused the Debian Bug report #868753, regarding slapd: endless replication loop with 3-way delta-MMR to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868753 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: slapd Version: 2.4.44+dfsg-5 Severity: important Dear Maintainer, We noticed several issues related to delta-syncrepl in a 3-way multi-master setup. The issues seem to be caused by bugs in upstream, which are fixed in upstream version of Openldap 2.4.45. We successfully tested a build of Openldap 2.4.45: All issues (1-4) seem to be resolved. Please find below the list of issues 1-4 (incl. possibly rel. ITS#): 1. Endless replication loop after fast subsequent modifications Related ITS#: - ITS#8432: Never ending operation modifications with 3+ MMR nodes (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8432) Steps to reproduce: - Modify attribute A of cn=00000,ou=tt,dc=phys,dc=ethz,dc=ch on phd-aa1 - Wait for a short period of time (<= ~10-100ms), or not at all. - At this point the change was most probably not yet synced to the other nodes, before that sync happens, repeat the modify: - Modify attribute A of cn=00000,ou=tt,dc=phys,dc=ethz,dc=ch on phd-aa1 - Now the 3 slapds are somehow in a loop, sending cookies forever - Sometimes a restart of all slapds helps to kill the loop - Sometimes a stop of at least 2 slapds was nessecary to kill the loop - Subsequent modifications had to occur in a variable time frame lower than 10-100 ms in my tests to cause the loop. Outcome: - Endless syncrepl loop, 100% CPU load on all nodes 2. Occasionally slapd hangs on shutdown Steps to reproduce: - Occasionally when restarting/stopping the slapd service (using `systemctl restart/stop slapd`), process hangs with 100% CPU load. - Only a `kill -9 <PID>` helps. In the logs is stated that slapd is waiting for some tasks: `slapd shutdown: waiting for 2 operations/tasks to finish` 3. Occasionally slapd crashes when another master is restarted Possibly (not sure) related ITS# (same symptoms: slapd crash): - ITS#8413: Assertion in back-mdb/search.c during replication (http://www.openldap.org/its/index.cgi/?findid=8413) Steps to reproduce: - Occasionally when making an update using ldapmodify and after that restarting slapd on the same host, it happens that slapd process on one of the other masters crashes (nothing showing in the error log) 4. Unwilling slapd after service restart (Error code 53) This seems to be a temporary hickup under some circumstances, which fixes itself after another ldapmodify on the unwillig slapd. Steps to reproduce: - Setup phd-aa1 (ID 000): initial master config + add data dump - Setup phd-aa2 (ID 001): replicates all data - Setup phd-aa3 (ID 002): replicates all data - Test replication using ldapmodify of an attribute on each master separately: all syncing correctly - Restart slapd on phd-aa1: all ok (all syncing) - Restart slapd on phd-aa2: now this one starts reporting in the logs that phd-aa1 (rid=004) is unwilling: `do_syncrep2: rid=004 (53) Server is unwilling to perform` - Restart slapd on phd-aa3: now this one starts reporting the same. - Syncrepl tries to reconnect according to the retry parameter interval, logging the error above on each cycle. - After another ldapmodify on phd-aa1 all masters are syncing correctly the error message above is gone, all logs look ok. For more information on the exact setup and configuration, please refer to: - https://people.phys.ethz.ch/~rda/openldap/delta-syncrepl/questions_issues.html - https://people.phys.ethz.ch/~rda/openldap/delta-syncrepl/config.ldif -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages slapd depends on: ii adduser 3.115 ii coreutils 8.26-3 ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u1 ii libdb5.3 5.3.28-12+b1 ii libgnutls30 3.5.8-5+deb9u1 ii libldap-2.4-2 2.4.44+dfsg-5 ii libltdl7 2.4.6-2 ii libodbc1 2.3.4-1 ii libperl5.24 [libmime-base64-perl] 5.24.1-3 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii perl 5.24.1-3 ii psmisc 22.21-2.1+b2 Versions of packages slapd recommends: ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3 Versions of packages slapd suggests: ii ldap-utils 2.4.44+dfsg-5 ii libsasl2-modules-gssapi-mit 2.1.27~101-g0780600+dfsg-3 -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.4.44+dfsg-5+deb9u1 We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ryan Tandy <r...@nardis.ca> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Aug 2017 12:12:46 -0700 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-common libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source Version: 2.4.44+dfsg-5+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> Changed-By: Ryan Tandy <r...@nardis.ca> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap-common - OpenLDAP common files for libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 820244 860774 860947 864719 868753 Changes: openldap (2.4.44+dfsg-5+deb9u1) stretch; urgency=medium . * Relax the dependency of libldap-2.4-2 on libldap-common to also permit later versions. (Closes: #860774) * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until the underlying kernel bug #866122 is fixed. * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719) * Import upstream patch to avoid reading the value of the LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory. (ITS#8385) (Closes: #820244) * Import upstream patch to fix potential endless replication loop in a multi-master delta-syncrepl scenario with 3 or more nodes. (ITS#8432) (Closes: #868753) * Import upstream patches to fix memory corruption caused by calling sasl_client_init() multiple times and possibly concurrently. (ITS#8648) (Closes: #860947) Checksums-Sha1: 9cfaa4a157f37fd1e77df1605e0d7c886aecc42b 3009 openldap_2.4.44+dfsg-5+deb9u1.dsc 9b7a6f58266c688ea90c8c79f989673330edebe9 165640 openldap_2.4.44+dfsg-5+deb9u1.debian.tar.xz Checksums-Sha256: 49a6e5b8c90cd3743d29854e2c07a31cfc420075d3368832a7c4e16e47c6aaae 3009 openldap_2.4.44+dfsg-5+deb9u1.dsc 06c3aa004b251b5acd036f26db245bfc5207811acf42d20dc02850eb60afb6bd 165640 openldap_2.4.44+dfsg-5+deb9u1.debian.tar.xz Files: d243ee69c455d1433e9fd35db5fc04f0 3009 net optional openldap_2.4.44+dfsg-5+deb9u1.dsc 5823b2c03024bb2fbad10cd9537239df 165640 net optional openldap_2.4.44+dfsg-5+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAlmN7QUPHHJ5YW5AbmFy ZGlzLmNhAAoJECKfzxL11mu2+bMP/jxLApeKZ+FzusUfA7vILY4+K067M8/90uiR sNWSditvedlVV+x6gd5RUuJpuJmZakVTorjeQQ0UQIIxWOXhyyOGvw/77Kzkc4rl sZIeTZom9n1z0+NSKJwQKRmgRq1LPx4L43gOjwBdQsorEzEqKh5zwYOhheDJteCr zVB3KAzOFGdW6ejhlYH4G/JhtIpPspK7cQipKT/j31OunNpYUcngAITNs2X8DOt0 1jXM6wJs3h67OZymXlHHH7mt8DSxn64SBCH6TuWFABdqa4WiczBOazNAatBVfhzn zIfH2S1X6gLb7Z7lXx29XvHXIaSR2UvEZjmBEqP5zLyrH2mqoOEQuV0zcNelGWFo OfAM/h8tbjp4gx+tG7EtS0WwEWEgMJsCozbCc/BKe5vgg8A8tEgpySNJIQGYYWz9 WL+b3iT/NoBodOirVw855EnmDKmE9EhI1sGpEgjy11S/l0yPeYb0Lyf+GQ7Qt6ql /0M54RO85ITSEO1D6HBE1YnkEIR/WLFIriyL33/TucqkVP6fiCkfIT1gH5njNzHU sod17cXgRbFK5/KzKXhZsXt2m1nGkP2QnCGIof88u/LeP+D9D4S3wrbZru6F8tRS arGlp8upWIzbypuTE07UkbRNwffXNhKDChhr/EtnsMtr5WtuUpQExcws6AgfOv8x BYX4mAMz =nUgP -----END PGP SIGNATURE-----
--- End Message ---
