Kyley Engle
2007-Apr-26 21:16 UTC
[Fedora-directory-users] Problem with Admin Console failover using FedoraDS
Hello, I am having problems with the admin-serv when doing failure testing in my multi-master environmnet. What I have: 2 masters replicating the userRoot and NetscapeRoot directories various hub and consumer/search servers When I installed the instances on each of these servers, i pointed them at one of the masters, let''s call it primary-master, for it''s configuration directory. when both masters are up and running, i can connect my admin consoel to either directory and manage my fleet of servers While doing failure mode testing, I discovered that if the primary-master was turned off, that the secondary master admin-serv would not start properly. it gives the following in /opt/fedora-ds/admin-serv/logs/error: [Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN Configuration Failed I followed the instructions found here: http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server to change the admin server running on secondary-master to point to itself instead of to the primary master. this did not resolve the issue. Has anyone out there gotten the configuration directory successfully working in a failover capacity in a multi-master environment? ke _________________________________________________________________ The average US Credit Score is 675. The cost to see yours: $0 by Experian. http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE
Richard Megginson
2007-Apr-26 21:17 UTC
Re: [Fedora-directory-users] Problem with Admin Console failover using FedoraDS
Kyley Engle wrote:> > Hello, > > I am having problems with the admin-serv when doing failure testing in > my multi-master environmnet. > > What I have: > > 2 masters replicating the userRoot and NetscapeRoot directories > various hub and consumer/search servers > > When I installed the instances on each of these servers, i pointed > them at one of the masters, let''s call it primary-master, for it''s > configuration directory. when both masters are up and running, i can > connect my admin consoel to either directory and manage my fleet of > servers > > While doing failure mode testing, I discovered that if the > primary-master was turned off, that the secondary master admin-serv > would not start properly. it gives the following in > /opt/fedora-ds/admin-serv/logs/error: > > [Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to > build user/group LDAP server info: unable to set User/Group baseDN > Configuration Failed > > I followed the instructions found here: > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server > > > to change the admin server running on secondary-master to point to > itself instead of to the primary master. this did not resolve the issue. > > Has anyone out there gotten the configuration directory successfully > working in a failover capacity in a multi-master environment?Try updating shared/config/dbswitch.conf to point to the backup configuration ds.> > ke > > _________________________________________________________________ > The average US Credit Score is 675. The cost to see yours: $0 by > Experian. > http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Kyley Engle
2007-Apr-26 21:46 UTC
Re: [Fedora-directory-users] Problem with Admin Console failoverusing FedoraDS
i have done that, as well as changing the directory in the nsDirectoryURL entry and the file /opt/fedora-ds/admin-serv/config/adm.conf is there maybe a way to increase the debug logging on the admin-serv? i''m not finding very much documentation on it. ke>From: Richard Megginson <rmeggins@redhat.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: Re: [Fedora-directory-users] Problem with Admin Console >failoverusing FedoraDS >Date: Thu, 26 Apr 2007 15:17:43 -0600 > >Kyley Engle wrote: >> >>Hello, >> >>I am having problems with the admin-serv when doing failure testing in my >>multi-master environmnet. >> >>What I have: >> >>2 masters replicating the userRoot and NetscapeRoot directories >>various hub and consumer/search servers >> >>When I installed the instances on each of these servers, i pointed them at >>one of the masters, let''s call it primary-master, for it''s configuration >>directory. when both masters are up and running, i can connect my admin >>consoel to either directory and manage my fleet of servers >> >>While doing failure mode testing, I discovered that if the primary-master >>was turned off, that the secondary master admin-serv would not start >>properly. it gives the following in /opt/fedora-ds/admin-serv/logs/error: >> >>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to >>build user/group LDAP server info: unable to set User/Group baseDN >>Configuration Failed >> >>I followed the instructions found here: >>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server >> >> >>to change the admin server running on secondary-master to point to itself >>instead of to the primary master. this did not resolve the issue. >> >>Has anyone out there gotten the configuration directory successfully >>working in a failover capacity in a multi-master environment? >Try updating shared/config/dbswitch.conf to point to the backup >configuration ds. >> >>ke >> >>_________________________________________________________________ >>The average US Credit Score is 675. The cost to see yours: $0 by Experian. >>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users@redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users><< smime.p7s >>>-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users_________________________________________________________________ Download Messenger. Join the i’m Initiative. Help make a difference today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07
Richard Megginson
2007-Apr-26 22:01 UTC
Re: [Fedora-directory-users] Problem with Admin Console failoverusing FedoraDS
Kyley Engle
2007-Apr-26 22:52 UTC
Re: [Fedora-directory-users] Problem with Admin Console failoverusingFedoraDS
so here''s where i''m at now..... primary-master and secondary-master running...everything is fine. i shut down the primary-master and i can log into the admin console on the secondary-master fine. however, if i try to restart the admin server, it fails with: [Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library [Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. [Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for SSL [Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface: mod_nss/2.0.52, Library: NSS/3.11 [Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache expiration set to 600 seconds [Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN Configuration Failed I change the 2 files and 1 directory entry listed in the HowTo: and i get the exact same behavior. I have no pass through authentication configured. I''m doing some testing on 2 freshly installed instances that don''t have anything other than o=NetscapeRoot replication enabled and working. hope this is useful.... -ke>From: Richard Megginson <rmeggins@redhat.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: Re: [Fedora-directory-users] Problem with Admin Console >failoverusingFedoraDS >Date: Thu, 26 Apr 2007 16:01:22 -0600 > >Kyley Engle wrote: >> >> >>i have done that, as well as changing the directory in the nsDirectoryURL >>entry and the file /opt/fedora-ds/admin-serv/config/adm.conf >> >>is there maybe a way to increase the debug logging on the admin-serv? i''m >>not finding very much documentation on it. >I think you''ll also need to change or disable the pass through >authentication plug-in in your backup configuration directory server. > >edit admin-serv/config/httpd.conf and set the LogLevel to debug >> >>ke >> >>>From: Richard Megginson <rmeggins@redhat.com> >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." <fedora-directory-users@redhat.com> >>>To: "General discussion list for the Fedora Directory server project." >>><fedora-directory-users@redhat.com> >>>Subject: Re: [Fedora-directory-users] Problem with Admin Console >>>failoverusing FedoraDS >>>Date: Thu, 26 Apr 2007 15:17:43 -0600 >>> >>>Kyley Engle wrote: >>>> >>>>Hello, >>>> >>>>I am having problems with the admin-serv when doing failure testing in >>>>my multi-master environmnet. >>>> >>>>What I have: >>>> >>>>2 masters replicating the userRoot and NetscapeRoot directories >>>>various hub and consumer/search servers >>>> >>>>When I installed the instances on each of these servers, i pointed them >>>>at one of the masters, let''s call it primary-master, for it''s >>>>configuration directory. when both masters are up and running, i can >>>>connect my admin consoel to either directory and manage my fleet of >>>>servers >>>> >>>>While doing failure mode testing, I discovered that if the >>>>primary-master was turned off, that the secondary master admin-serv >>>>would not start properly. it gives the following in >>>>/opt/fedora-ds/admin-serv/logs/error: >>>> >>>>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to >>>>build user/group LDAP server info: unable to set User/Group baseDN >>>>Configuration Failed >>>> >>>>I followed the instructions found here: >>>>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server >>>> >>>> >>>> >>>>to change the admin server running on secondary-master to point to >>>>itself instead of to the primary master. this did not resolve the issue. >>>> >>>>Has anyone out there gotten the configuration directory successfully >>>>working in a failover capacity in a multi-master environment? >>>Try updating shared/config/dbswitch.conf to point to the backup >>>configuration ds. >>>> >>>>ke >>>> >>>>_________________________________________________________________ >>>>The average US Credit Score is 675. The cost to see yours: $0 by >>>>Experian. >>>>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE >>>> >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users@redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>><< smime.p7s >> >> >> >> >> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users@redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >>_________________________________________________________________ >>Download Messenger. Join the i’m Initiative. Help make a difference today. >>http://im.live.com/messenger/im/home/?source=TAGHM_APR07 >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users@redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users><< smime.p7s >>>-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users_________________________________________________________________ Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117
Richard Megginson
2007-Apr-27 14:17 UTC
Re: [Fedora-directory-users] Problem with Admin Console failoverusingFedoraDS
Kyley Engle
2007-Apr-27 22:37 UTC
Re: [Fedora-directory-users] Problem with AdminConsole failoverusingFedoraDS
bah, you were right earlier, and i missed something. examining the dse.ldif file, i found that it was indeed the passthrough authentication plug-in. i manually turned it off for the secondary-master, shut down the primary-master, and was then able to restart the secondary-master admin-server they entry is: dn: cn=Pass Through Authentication,cn=plugins,cn=config nsslapd-pluginEnabled it might help to update the HowTo to reference that change>From: Richard Megginson <rmeggins@redhat.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: Re: [Fedora-directory-users] Problem with >AdminConsole failoverusingFedoraDS >Date: Fri, 27 Apr 2007 08:17:43 -0600 > >Kyley Engle wrote: >> >>so here''s where i''m at now..... >> >>primary-master and secondary-master running...everything is fine. i shut >>down the primary-master and i can log into the admin console on the >>secondary-master fine. however, if i try to restart the admin server, it >>fails with: >> >>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library >>[Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size >>10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. >>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for >>SSL >>[Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface: >>mod_nss/2.0.52, Library: NSS/3.11 >>[Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache >>expiration set to 600 seconds >>[Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to >>build user/group LDAP server info: unable to set User/Group baseDN >>Configuration Failed >> >>I change the 2 files and 1 directory entry listed in the HowTo: and i get >>the exact same behavior. >There are probably some other values under o=NetscapeRoot somewhere that >reference the old directory server. Try this: >cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D >"cn=directory manager" -w password -s sub -b o=netscaperoot "objectclass=*" >| grep "old ldap server host and/or port" >> >>I have no pass through authentication configured. I''m doing some testing >>on 2 freshly installed instances that don''t have anything other than >>o=NetscapeRoot replication enabled and working. >> >>hope this is useful.... >> >>-ke >> >> >>>From: Richard Megginson <rmeggins@redhat.com> >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." <fedora-directory-users@redhat.com> >>>To: "General discussion list for the Fedora Directory server project." >>><fedora-directory-users@redhat.com> >>>Subject: Re: [Fedora-directory-users] Problem with Admin Console >>>failoverusingFedoraDS >>>Date: Thu, 26 Apr 2007 16:01:22 -0600 >>> >>>Kyley Engle wrote: >>>> >>>> >>>>i have done that, as well as changing the directory in the >>>>nsDirectoryURL entry and the file >>>>/opt/fedora-ds/admin-serv/config/adm.conf >>>> >>>>is there maybe a way to increase the debug logging on the admin-serv? >>>>i''m not finding very much documentation on it. >>>I think you''ll also need to change or disable the pass through >>>authentication plug-in in your backup configuration directory server. >>> >>>edit admin-serv/config/httpd.conf and set the LogLevel to debug >>>> >>>>ke >>>> >>>>>From: Richard Megginson <rmeggins@redhat.com> >>>>>Reply-To: "General discussion list for the Fedora Directory server >>>>>project." <fedora-directory-users@redhat.com> >>>>>To: "General discussion list for the Fedora Directory server project." >>>>><fedora-directory-users@redhat.com> >>>>>Subject: Re: [Fedora-directory-users] Problem with Admin Console >>>>>failoverusing FedoraDS >>>>>Date: Thu, 26 Apr 2007 15:17:43 -0600 >>>>> >>>>>Kyley Engle wrote: >>>>>> >>>>>>Hello, >>>>>> >>>>>>I am having problems with the admin-serv when doing failure testing in >>>>>>my multi-master environmnet. >>>>>> >>>>>>What I have: >>>>>> >>>>>>2 masters replicating the userRoot and NetscapeRoot directories >>>>>>various hub and consumer/search servers >>>>>> >>>>>>When I installed the instances on each of these servers, i pointed >>>>>>them at one of the masters, let''s call it primary-master, for it''s >>>>>>configuration directory. when both masters are up and running, i can >>>>>>connect my admin consoel to either directory and manage my fleet of >>>>>>servers >>>>>> >>>>>>While doing failure mode testing, I discovered that if the >>>>>>primary-master was turned off, that the secondary master admin-serv >>>>>>would not start properly. it gives the following in >>>>>>/opt/fedora-ds/admin-serv/logs/error: >>>>>> >>>>>>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to >>>>>>build user/group LDAP server info: unable to set User/Group baseDN >>>>>>Configuration Failed >>>>>> >>>>>>I followed the instructions found here: >>>>>>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>to change the admin server running on secondary-master to point to >>>>>>itself instead of to the primary master. this did not resolve the >>>>>>issue. >>>>>> >>>>>>Has anyone out there gotten the configuration directory successfully >>>>>>working in a failover capacity in a multi-master environment? >>>>>Try updating shared/config/dbswitch.conf to point to the backup >>>>>configuration ds. >>>>>> >>>>>>ke >>>>>> >>>>>>_________________________________________________________________ >>>>>>The average US Credit Score is 675. The cost to see yours: $0 by >>>>>>Experian. >>>>>>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>-- >>>>>>Fedora-directory-users mailing list >>>>>>Fedora-directory-users@redhat.com >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>>><< smime.p7s >> >>>> >>>> >>>> >>>> >>>>>-- >>>>>Fedora-directory-users mailing list >>>>>Fedora-directory-users@redhat.com >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>>_________________________________________________________________ >>>>Download Messenger. Join the i’m Initiative. Help make a difference >>>>today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07 >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users@redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>><< smime.p7s >> >> >> >> >> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users@redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >>_________________________________________________________________ >>Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings >>https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117 >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users@redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users><< smime.p7s >>>-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users_________________________________________________________________ Exercise your brain! Try Flexicon. http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07