Bug#419560: [Pkg-openldap-devel] Bug#419560: Upgrade problems.

Ola Lundqvist ola at opalsys.net
Wed Apr 18 11:48:40 UTC 2007 

Hi Steve

Thanks a lot for the response.

On Wed, Apr 18, 2007 at 04:34:55AM -0700, Steve Langasek wrote:
> tags 419560 unreproducible
> thanks
> 
> On Mon, Apr 16, 2007 at 06:13:01PM +0200, Ola Lundqvist wrote:
> > I know that this is not a very good bugreport as I did the upgrade
> > yesterday and I write this report from today. However I think it
> > could be good to know that there are problems while upgrading.
> 
> > I started with a sarge system and upgraded to etch. I do not know
> > exactly know which other programs I upgrade at the same time but
> > I do not think it was that many, as I selectively upgraded a few
> > and slapd was one of the services in the middle.
> 
> > This is what I remember:
> > 1) I get information that the new user that slapd will run as is
> >    openldap.
> > 2) On upgrade it can not start slapd as the user do not exist and
> >    the upgrade of that package exit.
> 
> Sorry, I don't see how this is possible at all, and no one else has reported
> seeing this problem on upgrade.  The slapd package depends on adduser, and
> the current slapd postinst unconditionally calls:

Can it be so that the old postinst script was used for some strange reason?
It is the best thing I can consider. Or maybe prerm or preinst?

> MODE="$1"               # install, upgrade, etc. - see debian-policy
> [...]
> if [ "$MODE" = "configure" ]; then
>         create_new_user
> fi
> 
> where create_new_user() does all of the user and group setup.

Ok.

> There are no invocations of invoke-rc.d slapd prior to this anywhere in the
> upgrade process, the daemon restart is the last thing done in the postinst;
> and nothing but the init script uses the openldap user/group, which is
> referenced only from /etc/default/slapd.  So without a log of the *earliest*
> stages of this upgrade, I don't see that there's any hope of figuring out
> what happened to cause this problem for you.

I see. Too bad that I do not think I have that left.

> > 3) The upgrade continue, and now the user is created it chowns
> >    a number of files and do convert from old data to the new.
> > 4) But the start of slapd do not work well and the upgrade
> >    of the package terminates.
> 
> Well, again here we would need to know what didn't "work well".

In this case I have figured out that I needed the -4 option as I do
not have IPv6 support in this virtual server. That is probably the
reason for it.

> > 10) I now find out that the ldap data directory contain files with
> >    root.root permission, and that is the reason why it do not start.
> 
> Hmm, this had been reported previously, but I thought we had addressed that
> bug...

This one could have been triggered by me when trying to debug what went
wrong. So it is likely to be my own fault. Maybe an improvement is to always
change the owner on restart, but I'm not sure if that is a good solution.
You probably agree with that it may not be the best thing to do.

> > I think the main problem is that I have to manually remove the
> > data backup directory. I think it should exit silently and not with
> > an error.
> 
> No, I disagree.  The slapd maintainer scripts are deliberately very
> conservative with what they do with all user data.  Inconveniencing users
> with a requirement to manually fix up the data directory is better (not
> good, but better) than trashing the user's directory by mistake.

Ok. In this case I suggest to improve the log message with an suggestion
on how to proceed.

> > However you are probably better to determine what the real problem is.
> 
> > I assume that you can reproduce this way:
> > * Install sarge version of slapd
> > * Remove the openldap user and group.
> > * Upgrade slapd.
> 
> No, you cannot.

Interesting!

Regards,

// Ola

> -- 
> Steve Langasek                   Give me a lever long enough and a Free OS
> Debian Developer                   to set it on, and I can move the world.
> vorlon at debian.org                                   http://www.debian.org/
> 

-- 
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/  ola at opalsys.net                   Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://opalsys.net/               Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the Pkg-openldap-devel mailing list