this happens a lot. We use a cron job to save copies of dse.ldif. ________________________________ From: Sigbjorn Lie via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: Tuesday, April 19, 2022 6:25 AM To: freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.org> Cc: Sigbjorn Lie <sigbj...@nixtra.com> Subject: [Freeipa-users] dse.ldif and dse.ldif.bak gone after powerloss
Hi, We recently had a failure causing an IPA server to experience an immediate powerloss. When the server power was switched back on, the dirsrv service refused to start. The following we're logged in journalctl. Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]: [19/Apr/2022:10:58:13.757492036 +0200] - INFO - dse_check_file - The config /etc/dirsrv/slapd-REDACTED/dse.ldif can not be accessed. Attempting restore ... (reason: 0) Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]: [19/Apr/2022:10:58:13.757544913 +0200] - ERR - dse_check_file - The backup file /etc/dirsrv/slapd-REDACTED/dse.ldif.bak has zero length, refusing to restore it. Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]: [19/Apr/2022:10:58:13.757548466 +0200] - ERR - slapd_bootstrap_config - No valid configurations can be accessed! You must restore /etc/dirsrv/slapd-REDACTED/dse.ldif from backup! Apr 19 10:58:13 ipa2.redacted.tld ns-slapd[2811868]: [19/Apr/2022:10:58:13.757551275 +0200] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-REDACTED could not be read or were not found. Please refer to the error log or output for more info Upon further troubleshooting we discovered that /etc/dirsrv/slapd-REDACTED/dse.ldif was missing, and /etc/dirsrv/slapd-REDACTED/dse.ldif.backup was 0 bytes long. The dse.ldif.startOK file is still there, however it is now over 2 months old. # ls -la dse.ldif.* -rw-------. 1 dirsrv dirsrv 0 Apr 11 14:42 dse.ldif.bak -rw-------. 1 dirsrv root 173135 Feb 9 13:33 dse.ldif.ipa.dd88c8e1bbf92a7c -rw-rw----. 1 dirsrv root 194829 Feb 9 13:33 dse.ldif.modified.out -rw-------. 1 dirsrv dirsrv 226867 Feb 17 11:41 dse.ldif.startOK When inspecting some of our other still running IPA servers, the difference between the dse.ldif and the dse.ldif.startOK displays updates to modifyTimestamp and nsState on entries such as: dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config dn: cn=uniqueid generator,cn=config dn: cn=abort cleanallruv,cn=tasks,cn=config dn: cn=automember export updates,cn=tasks,cn=config dn: cn=automember rebuild membership,cn=tasks,cn=config dn: cn=backup,cn=tasks,cn=config dn: cn=cleanallruv,cn=tasks,cn=config dn: cn=compact db,cn=tasks,cn=config dn: cn=des2aes,cn=tasks,cn=config dn: cn=entryuuid task,cn=tasks,cn=config ... and the list goes on ... I would presume the list on the faulty IPA server to be similar if I still had the files available for comparison. What is the recommended action to enable the faulty IPA server to successfully start the dirsrv service? Regards, Siggi _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure