Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1024057: slapd: service restart does not always restart slapd
41 views
Skip to first unread message
Mike Gabriel
Nov 14, 2022, 3:21:09 AM11/14/22
to
Package: slapd
Version: 2.4.57+dfsg-3+deb11u1
Severity: important
For slapd on Debian 10 and Debian 11, we sometimes observe service
restart failures.
We use a self-written script [1] to update Let's Encrypt certificates.
This script restarts services it knows after the SSL cert file has
been updated.
One of the services we restart is slapd. Over the past months we have
seen various restart failures for slapd (LDAP service has been down in
the morning after Let's Encrypt updates).
Our work-around [2] for now is stopping slapd, waiting for 1 sec and
then starting it again.
However, I sense that the systemd unit file might need the real fix for this.
Unfortunately, I don't have any Debian testing systems in the field
with a similar setup, but I assume that the fix is still present for
slapd in bookworm, unless the issue has been explicitly addressed
already.
Greets,
Mike
[1] https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/
[2]
https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/-/commit/d52ee5a3bff1f5beee49767dde7e9077e0a23234
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
Version: 2.4.57+dfsg-3+deb11u1
Severity: important
For slapd on Debian 10 and Debian 11, we sometimes observe service
restart failures.
We use a self-written script [1] to update Let's Encrypt certificates.
This script restarts services it knows after the SSL cert file has
been updated.
One of the services we restart is slapd. Over the past months we have
seen various restart failures for slapd (LDAP service has been down in
the morning after Let's Encrypt updates).
Our work-around [2] for now is stopping slapd, waiting for 1 sec and
then starting it again.
However, I sense that the systemd unit file might need the real fix for this.
Unfortunately, I don't have any Debian testing systems in the field
with a similar setup, but I assume that the fix is still present for
slapd in bookworm, unless the issue has been explicitly addressed
already.
Greets,
Mike
[1] https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/
[2]
https://gitlab.das-netzwerkteam.de/sunweaver/setup-letsencrypt/-/commit/d52ee5a3bff1f5beee49767dde7e9077e0a23234
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
Ryan Tandy
Nov 14, 2022, 8:30:04 PM11/14/22
to
Control: tag -1 moreinfo
Hi Mike, thanks for reporting this.
Can you elaborate about the failures you're seeing, or share any logs?
On Mon, Nov 14, 2022 at 08:12:08AM +0000, Mike Gabriel wrote:
>Unfortunately, I don't have any Debian testing systems in the field
>with a similar setup, but I assume that the fix is still present for
>slapd in bookworm, unless the issue has been explicitly addressed
>already.
^^^ I assume you mean "the *issue* is still present" and yes, I'd assume
the same.
thanks,
Ryan
Hi Mike, thanks for reporting this.
Can you elaborate about the failures you're seeing, or share any logs?
On Mon, Nov 14, 2022 at 08:12:08AM +0000, Mike Gabriel wrote:
>Unfortunately, I don't have any Debian testing systems in the field
>with a similar setup, but I assume that the fix is still present for
>slapd in bookworm, unless the issue has been explicitly addressed
>already.
the same.
thanks,
Ryan
Mike Gabriel
Nov 15, 2022, 2:30:04 AM11/15/22
to
Hi Ryan,
On Di 15 Nov 2022 02:18:03 CET, Ryan Tandy wrote:
> Control: tag -1 moreinfo
>
> Hi Mike, thanks for reporting this.
>
> Can you elaborate about the failures you're seeing, or share any logs?
I originally thought that there were no evident logs, but I guess I
never really looked.
There is indeed some messaging from slapd after the letsencrypt CRON
job got executed:
Nov 13 07:17:02 server systemd[1]: Started Session 5703 of user letsencrypt.
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
After this failure and before I finally restart stop/start slapd, I
get hundreds of these connection_read: no connection! lines. Sprinkled
across the log. Sometimes 10 in a row, sometimes many 100.
> On Mon, Nov 14, 2022 at 08:12:08AM +0000, Mike Gabriel wrote:
>> Unfortunately, I don't have any Debian testing systems in the field
>> with a similar setup, but I assume that the fix is still present
>> for slapd in bookworm, unless the issue has been explicitly
>> addressed already.
>
> ^^^ I assume you mean "the *issue* is still present" and yes, I'd
> assume the same.
Ah, yes. That's what I meant.
> thanks,
> Ryan
Greets,
Mike
On Di 15 Nov 2022 02:18:03 CET, Ryan Tandy wrote:
> Control: tag -1 moreinfo
>
> Hi Mike, thanks for reporting this.
>
> Can you elaborate about the failures you're seeing, or share any logs?
never really looked.
There is indeed some messaging from slapd after the letsencrypt CRON
job got executed:
Nov 13 07:17:02 server systemd[1]: Started Session 5703 of user letsencrypt.
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
Nov 13 07:17:04 server slapd[11167]: connection_read(17): no connection!
After this failure and before I finally restart stop/start slapd, I
get hundreds of these connection_read: no connection! lines. Sprinkled
across the log. Sometimes 10 in a row, sometimes many 100.
> On Mon, Nov 14, 2022 at 08:12:08AM +0000, Mike Gabriel wrote:
>> Unfortunately, I don't have any Debian testing systems in the field
>> with a similar setup, but I assume that the fix is still present
>> for slapd in bookworm, unless the issue has been explicitly
>> addressed already.
>
> ^^^ I assume you mean "the *issue* is still present" and yes, I'd
> assume the same.
> thanks,
> Ryan
Greets,
Mike
Ryan Tandy
Nov 16, 2022, 12:50:04 PM11/16/22
to
Hi Mike,
Sorry, I should have been more explicit. What I'm really looking for is
journal output (journalctl -u slapd.service) or equivalent from the
actual restart event. Specifically anything showing why slapd fails to
restart, or any errors are emitted during the attempted restart.
thanks,
Ryan
Sorry, I should have been more explicit. What I'm really looking for is
journal output (journalctl -u slapd.service) or equivalent from the
actual restart event. Specifically anything showing why slapd fails to
restart, or any errors are emitted during the attempted restart.
thanks,
Ryan
Mike Gabriel
Nov 17, 2022, 3:10:04 PM11/17/22
to
Hi Ryan,
Unfortunately, the problem does not occur always and my journalctl -u
slapd.service only lasts an hour into the past (???, I use Debian's
defaults here, ???).
I just tried to reproduce the issue manually, but failed (restarts worked).
I will update this bug report if I will be able to reproduce the issue
and get a fresh log from journalctl. (However, we have work-around in
place now and maybe won't see the issue again).
Greets,
Mike
slapd.service only lasts an hour into the past (???, I use Debian's
defaults here, ???).
I just tried to reproduce the issue manually, but failed (restarts worked).
I will update this bug report if I will be able to reproduce the issue
and get a fresh log from journalctl. (However, we have work-around in
place now and maybe won't see the issue again).
Greets,
Mike
Alister Winfield
Nov 17, 2022, 4:30:04 PM11/17/22
to
Last time I had this slapd was waiting until all clients disconnect.. Perhaps that still happens.
> On 17 Nov 2022, at 20:09, Mike Gabriel <mike.g...@das-netzwerkteam.de> wrote:
>
> Hi Ryan,
> _______________________________________________
> Pkg-openldap-devel mailing list
> Pkg-openl...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-openldap-devel
> On 17 Nov 2022, at 20:09, Mike Gabriel <mike.g...@das-netzwerkteam.de> wrote:
>
> Hi Ryan,
> Pkg-openldap-devel mailing list
> Pkg-openl...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-openldap-devel
0 new messages