Hi all, last year I set up a authentication system based on two fedora ds server set up with multimaster replica. Now a node is down:from errors I have [09/Jun/2008:15:04:07 +0200] - Fedora-Directory/1.0.4 B2006.312.1539 starting up [09/Jun/2008:15:04:07 +0200] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [09/Jun/2008:15:04:07 +0200] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [09/Jun/2008:15:04:07 +0200] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init [09/Jun/2008:15:04:07 +0200] - Failed to initialize cipher AES in attrcrypt_init [09/Jun/2008:15:04:07 +0200] - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [09/Jun/2008:15:04:07 +0200] - Failed to retrieve key for cipher AES in attrcrypt_cipher_init [09/Jun/2008:15:04:07 +0200] - Failed to initialize cipher AES in attrcrypt_init I mean, the only thing I did is moving the node from a hypervisor to another (it''s a virtual machine)>From logs I read that there''s a problem with keys but I really don''t knowwhat to check. What do you suggest? Thanks Marco Strullato
Marco Strullato wrote:> Hi all, last year I set up a authentication system based on two fedora > ds server set up with multimaster replica. > > Now a node is down:from errors I have > [09/Jun/2008:15:04:07 +0200] - Fedora-Directory/1.0.4 B2006.312.1539 > starting up > [09/Jun/2008:15:04:07 +0200] - Detected Disorderly Shutdown last time > Directory Server was running, recovering database. > [09/Jun/2008:15:04:07 +0200] - attrcrypt_unwrap_key: failed to unwrap > key for cipher AES > [09/Jun/2008:15:04:07 +0200] - Failed to retrieve key for cipher AES > in attrcrypt_cipher_init > [09/Jun/2008:15:04:07 +0200] - Failed to initialize cipher AES in > attrcrypt_init > [09/Jun/2008:15:04:07 +0200] - attrcrypt_unwrap_key: failed to unwrap > key for cipher AES > [09/Jun/2008:15:04:07 +0200] - Failed to retrieve key for cipher AES > in attrcrypt_cipher_init > [09/Jun/2008:15:04:07 +0200] - Failed to initialize cipher AES in > attrcrypt_init > > > I mean, the only thing I did is moving the node from a hypervisor to > another (it''s a virtual machine) > > From logs I read that there''s a problem with keys but I really don''t > know what to check. What do you suggest?I think those attrcrypt failures are benign. What other problems do you have?> > Thanks > > Marco Strullato > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
> I think those attrcrypt failures are benign. What other problems do you have?Simply the server doesn''t start. Here the output of this command ./ns-slapd -d 3 -D /opt/fedora-ds/slapd-vm02 -i /opt/fedora-ds/slapd-vm02/logs/pid -w /opt/fedora-ds/slapd-vm02/logs/startpid 2> /tmp/err I hope you can receive the attachment. Thanks Marco
Marco Strullato wrote:>> I think those attrcrypt failures are benign. What other problems do you have? >> > > Simply the server doesn''t start. Here the output of this command > ./ns-slapd -d 3 -D /opt/fedora-ds/slapd-vm02 -i > /opt/fedora-ds/slapd-vm02/logs/pid -w > /opt/fedora-ds/slapd-vm02/logs/startpid 2> /tmp/err > > > I hope you can receive the attachment. >Yes. The last thing I see is "Checkpointing database..." - if for some reason the database was corrupted or had a lot of recovery to do, for whatever reason, it may take a long time to recover at startup. I don''t see anything after the checkpointing message which would indicate the server ran into an error and exited unexpectedly. Either the server is running into an exceptional condition which causes it to exit without reporting, or it is crashing. For the former, strace would show that the server is calling exit(). For the latter, try increasing the core file size - ulimit -c unlimited - then look for files called core.*> > Thanks > > Marco > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >