[Freeipa-users] ns-slapd segfault
Giulio Casella
giulio at di.unimi.it
Tue Nov 29 13:46:21 UTC 2016
Il 29/11/2016 14:19, Mark Reynolds ha scritto:
>
>
> On 11/29/2016 03:14 AM, Giulio Casella wrote:
>> Il 28/11/2016 19:22, Mark Reynolds ha scritto:
>>>
>>>
>>> On 11/28/2016 10:22 AM, Giulio Casella wrote:
>>>> Il 28/11/2016 15:25, Lukas Slebodnik ha scritto:
>>>>> On (28/11/16 12:39), Giulio Casella wrote:
>>>>>> Hello,
>>>>>>
>>>>>> I have a setup with two ipa server in replica, based on CentOS 7.
>>>>>> On one server (since a couple of days) ipa cannot start, the failing
>>>>>> service
>>>>>> is dirsrv@<REALM-NAME>.service.
>>>>>> In journal I have:
>>>>>>
>>>>>> ns-slapd[4617]: segfault at 7fb53b1ce515 ip 00007fb50126e1a6sp
>>>>>> 00007ffc0b80d6c8 error 4 in libc-2.17.so[7fb501124000+1b7000]
>>>>>>
>>>>>> (just after a lot of SSL alerts complaining about some enabled
>>>>>> cypher suite,
>>>>>> but I cannot say if this could be related).
>>>>>>
>>>>>> I'm using ipa 4.2.0, and 389-ds-base 1.3.4.
>>>>>>
>>>>> It would be good to know the exact version.
>>>>> rpm -q 389-ds-base
>>>>
>>>> Installed version is:
>>>>
>>>> 389-ds-base-1.3.4.0-33.el7_2.x86_64
>>>>
>>>>>
>>>>> Please provide backtrace or coredump; other developers will know
>>>>> wheter it's know bug or a new bug.
>>>>
>>>> Ok, you can find attached full stacktrace.
>>> It's crashing trying to read updates from the replication changelog.
>>>
>>> Are you using attribute encryption?
>>> Any chance you have a way to reproduce this?
>>>
>>> Since this is happening on only one server then I think recreating the
>>> replication changelog will "fix" the issue. Just re-initializing that
>>> replica should do it. Does this server start - so it can be reinited?
>>> If not, you need to manually remove the changelog and start the
>>> directory server, and reinit it. Or perform a manual ldif
>>> initialization. (I can help with either one if needed)
>>>
>>
>> No, directory server can't start, so I think I have to manually remove
>> the changelog.
> Probably best:
>
> Its under /var/lib/dirsrv/slapd-INSTANCE/db/changelog (something like that)
>
>> Any help is obviously welcome.
>> BTW: Do you confirm I won't lose data on second (working) server doing
>> removal of changelog?
> Well the changelog appears to be hosed. So if something is lost, its
> already lost and is not recoverable. As long as you have another master
> you are okay, and IPA only creates masters so you should be good.
>
Thank you Mark,
I moved away and recreated entire
/var/lib/dirsrv/slapd-INSTANCE/db/changelog directory, rebooted server
and now it's up and running!
Thank you again.
Bye,
gc
More information about the Freeipa-users
mailing list