Bug#1024057: slapd: service restart does not always restart slapd
--On Thursday, November 17, 2022 8:39 PM + Alister Winfield wrote: Last time I had this slapd was waiting until all clients disconnect.. Perhaps that still happens. This would not be the case. In fact you can see from the log snippet that was provided that when slapd got a shutdown notice, it disconnected all the existing clients (which caused a lot of the connection_read messages). --Quanah
Bug#1024057: slapd: service restart does not always restart slapd
Last time I had this slapd was waiting until all clients disconnect.. Perhaps that still happens. > On 17 Nov 2022, at 20:09, Mike Gabriel > wrote: > > Hi Ryan, > >> On Mi 16 Nov 2022 18:42:49 CET, Ryan Tandy wrote: >> >> Hi Mike, >> >> Sorry, I should have been more explicit. What I'm really looking for is >> journal output (journalctl -u slapd.service) or equivalent from the actual >> restart event. Specifically anything showing why slapd fails to restart, or >> any errors are emitted during the attempted restart. >> >> thanks, >> Ryan > > Unfortunately, the problem does not occur always and my journalctl -u > slapd.service only lasts an hour into the past (???, I use Debian's defaults > here, ???). > > I just tried to reproduce the issue manually, but failed (restarts worked). > > I will update this bug report if I will be able to reproduce the issue and > get a fresh log from journalctl. (However, we have work-around in place now > and maybe won't see the issue again). > > Greets, > Mike > > -- > > DAS-NETZWERKTEAM > c\o Technik- und Ökologiezentrum Eckernförde > Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde > mobile: +49 (1520) 1976 148 > landline: +49 (4351) 850 8940 > > GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 > mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de > > ___ > Pkg-openldap-devel mailing list > pkg-openldap-de...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-openldap-devel
Bug#1024057: slapd: service restart does not always restart slapd
Hi Ryan, On Mi 16 Nov 2022 18:42:49 CET, Ryan Tandy wrote: Hi Mike, Sorry, I should have been more explicit. What I'm really looking for is journal output (journalctl -u slapd.service) or equivalent from the actual restart event. Specifically anything showing why slapd fails to restart, or any errors are emitted during the attempted restart. thanks, Ryan Unfortunately, the problem does not occur always and my journalctl -u slapd.service only lasts an hour into the past (???, I use Debian's defaults here, ???). I just tried to reproduce the issue manually, but failed (restarts worked). I will update this bug report if I will be able to reproduce the issue and get a fresh log from journalctl. (However, we have work-around in place now and maybe won't see the issue again). Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpfY4cvITUXT.pgp Description: Digitale PGP-Signatur
Bug#1024057: slapd: service restart does not always restart slapd
Hi Mike, Sorry, I should have been more explicit. What I'm really looking for is journal output (journalctl -u slapd.service) or equivalent from the actual restart event. Specifically anything showing why slapd fails to restart, or any errors are emitted during the attempted restart. thanks, Ryan
Bug#1024057: slapd: service restart does not always restart slapd
--On Tuesday, November 15, 2022 7:16 AM + Mike Gabriel wrote: Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! After this failure and before I finally restart stop/start slapd, I get hundreds of these connection_read: no connection! lines. Sprinkled across the log. Sometimes 10 in a row, sometimes many 100. You can ignore those messages. It purely means a client disconnected without performing an unbind request. They are informational messages. You'll likely need to increase the slapd logging level to get any useful information from the logs. I would suggest starting with "stat" level logging. Regards, Quanah
Bug#1024057: slapd: service restart does not always restart slapd
Hi Ryan, On Di 15 Nov 2022 02:18:03 CET, Ryan Tandy wrote: Control: tag -1 moreinfo Hi Mike, thanks for reporting this. Can you elaborate about the failures you're seeing, or share any logs? I originally thought that there were no evident logs, but I guess I never really looked. There is indeed some messaging from slapd after the letsencrypt CRON job got executed: Nov 13 07:17:02 server systemd[1]: Started Session 5703 of user letsencrypt. Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection! After this failure and before I finally restart stop/start slapd, I get hundreds of these connection_read: no connection! lines. Sprinkled across the log. Sometimes 10 in a row, sometimes many 100. On Mon, Nov 14, 2022 at 08:12:08AM +, Mike Gabriel wrote: Unfortunately, I don't have any Debian testing systems in the field with a similar setup, but I assume that the fix is still present for slapd in bookworm, unless the issue has been explicitly addressed already. ^^^ I assume you mean "the *issue* is still present" and yes, I'd assume the same. Ah, yes. That's what I meant. thanks, Ryan Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpnZkY5M_wLZ.pgp Description: Digitale PGP-Signatur
Bug#1024057: slapd: service restart does not always restart slapd
Control: tag -1 moreinfo Hi Mike, thanks for reporting this. Can you elaborate about the failures you're seeing, or share any logs? On Mon, Nov 14, 2022 at 08:12:08AM +, Mike Gabriel wrote: Unfortunately, I don't have any Debian testing systems in the field with a similar setup, but I assume that the fix is still present for slapd in bookworm, unless the issue has been explicitly addressed already. ^^^ I assume you mean "the *issue* is still present" and yes, I'd assume the same. thanks, Ryan
Bug#1024057: slapd: service restart does not always restart slapd
Package: slapd Version: 2.4.57+dfsg-3+deb11u1 Severity: important For slapd on Debian 10 and Debian 11, we sometimes observe service restart failures. We use a self-written script [1] to update Let's Encrypt certificates. This script restarts services it knows after the SSL cert file has been updated. One of the services we restart is slapd. Over the past months we have seen various restart failures for slapd (LDAP service has been down in the morning after Let's Encrypt updates). Our work-around [2] for now is stopping slapd, waiting for 1 sec and then starting it again. However, I sense that the systemd unit file might need the real fix for this. Unfortunately, I don't have any Debian testing systems in the field with a similar setup, but I assume that the fix is still present for slapd in bookworm, unless the issue has been explicitly addressed already. Greets, Mike [1] https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/ [2] https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/-/commit/d52ee5a3bff1f5beee49767dde7e9077e0a23234 -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpbbuRWvgmXO.pgp Description: Digitale PGP-Signatur