[Pkg-freeipa-devel] Bug#1016167: 389-ds-base: dscreate does not work due to race condition when starting and connecting to LDAP server instance

Mariusz Gronczewski mgronczewski at efigence.com
Thu Jul 28 12:31:23 BST 2022 

Package: 389-ds-base
Version: 1.4.4.11-2
Severity: important
X-Debbugs-Cc: mgronczewski at efigence.com

I've tried to create the new instance via dscreate from-file (tried interactive version with default config with no changes too) and it crashes after starting server and questionnaire, because it tries to connect to server that is *started* but not yet listening on the socket:

    Enter the Directory Manager password: 
    Confirm the Directory Manager Password: 

    Enter the database suffix (or enter "none" to skip) [dc=ldap,dc=example,dc=com]: none

    Do you want to start the instance after the installation? [yes]: yes

    Are you ready to install? [no]: yes
    Starting installation...
    Error: Can't contact LDAP server - 111 - Connection refused

after turning the verbose mode:

    ...
    DEBUG: systemd status -> True
    DEBUG: systemd status -> True
    DEBUG: open(): Connecting to uri ldapi://%2Fvar%2Frun%2Fslapd-main.socket
    DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-main
    DEBUG: Using external ca certificate /etc/dirsrv/slapd-main
    DEBUG: Using external ca certificate /etc/dirsrv/slapd-main
    DEBUG: Using /etc/openldap/ldap.conf certificate policy
    DEBUG: ldap.OPT_X_TLS_REQUIRE_CERT = 2
    DEBUG: open(): Using root autobind ...
    DEBUG: {'desc': "Can't contact LDAP server", 'errno': 111, 'info': 'Connection refused'}
    Traceback (most recent call last):
      File "/sbin/dscreate", line 80, in <module>
        result = args.func(inst, log, args)
      File "/usr/lib/python3/dist-packages/lib389/cli_ctl/instance.py", line 68, in instance_create
        if sd.create_from_inf(args.file):
      File "/usr/lib/python3/dist-packages/lib389/instance/setup.py", line 538, in create_from_inf
        self.create_from_args(general, slapd, backends, self.extra)
    ...

Currently I've applied an ugly fix to my system that appears to solve the problem:

--- /tmp/__init__.py	2022-07-28 13:10:08.806516127 +0200
+++ /usr/lib/python3/dist-packages/lib389/__init__.py	2022-07-28 13:10:20.274329837 +0200
@@ -934,6 +934,7 @@
             uri = self.toLDAPURL()
 
         self.log.debug('open(): Connecting to uri %s', uri)
+        time.sleep(10)
         if hasattr(ldap, 'PYLDAP_VERSION') and MAJOR >= 3:
             super(DirSrv, self).__init__(uri, bytes_mode=False, trace_level=TRACE_LEVEL)
         else:


and confirms my suspicion script tries to connect to the server that isn't up yet (system service dirmgr at main.service is up and responding after installer fails)


I've checked and both earlier(buster) and newer(bookworm) versions of package appear to be working fine

-- System Information:
Debian Release: 11.4
  APT prefers bullseye-security
  APT policy: (500, 'bullseye-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages 389-ds-base depends on:
ii  389-ds-base-libs             1.4.4.11-2
ii  acl                          2.2.53-10
ii  adduser                      3.118
ii  debconf [debconf-2.0]        1.5.77
ii  ldap-utils                   2.4.57+dfsg-3+deb11u1
ii  libc6                        2.31-13+deb11u3
ii  libcrypt1                    1:4.4.18-4
ii  libdb5.3                     5.3.28+dfsg1-0.8
ii  libicu67                     67.1-7
ii  libldap-2.4-2                2.4.57+dfsg-3+deb11u1
ii  libmozilla-ldap-perl         1.5.3-3+b2
ii  libnetaddr-ip-perl           4.079+dfsg-1+b5
ii  libnspr4                     2:4.29-1
ii  libnss3                      2:3.61-1+deb11u2
ii  libpam0g                     1.4.0-9+deb11u1
ii  libsasl2-2                   2.1.27+dfsg-2.1+deb11u1
ii  libsasl2-modules-gssapi-mit  2.1.27+dfsg-2.1+deb11u1
ii  libsnmp40                    5.9+dfsg-3+b1
ii  libsocket-getaddrinfo-perl   0.22-3
ii  libsystemd0                  247.3-7
ii  perl                         5.32.1-4+deb11u2
ii  python3                      3.9.2-3
ii  python3-lib389               1.4.4.11-2
ii  python3-selinux              3.1-3
ii  python3-semanage             3.1-1+b2
ii  python3-sepolicy             3.1-1
ii  systemd                      247.3-7

389-ds-base recommends no packages.

389-ds-base suggests no packages.

-- no debconf information


-- 
Mariusz Gronczewski, Administrator

Efigence S. A.
ul. Wołoska 9a, 02-583 Warszawa
T:   [+48] 22 380 13 13
NOC: [+48] 22 380 10 20
E: admin at efigence.com

More information about the Pkg-freeipa-devel mailing list