On 7/19/24 8:26 AM, Rob Crittenden via FreeIPA-users wrote:
seojeong kim via FreeIPA-users wrote:
389 directory service automatically restarted. I can't find specific error to
trigger restart. there is no PANIC error and deadlock detect error...
there is only just 'Incomming BER element was too long'
This error situation can trigger LDAP restart automatically ?
I'd recommend checking your system logs. It could be an OOM killer.
There are ~30 seconds in between so it may not be directly related.
But when DS crashes there should be a "Detected disorderly shutdown"
message in its error log when it starts back up - which I don't see in
your log clip. Perhaps the server ran out of memory, like Rob
suggested, and it quietly shut itself down? When malloc fails, or some
other critical C library call fails the server will exit, or try to
gracefully shutdown. It's hard to say, but the server would normally
log something if that type of failure occurred. The only good news is
that the database was not corrupted. So it's a bit of mystery how it
could just exit, but not log the reason or trigger a database recovery
at the next startup. But like I said the good news is that the database
was not impacted by the crash/exit.
Mark
A 369-ish GB attribute is enormous. I'd look into that as well, if not
the culprit then as something that stands out on its own.
rob
[19/Jul/2024:06:22:59.279311026 +0000] - ERR - log_ber_too_big_error -
conn=6079847 fd=396 Incoming BER Element was too long, max allowable is
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to
increase.
[19/Jul/2024:06:23:01.700334149 +0000] - ERR - log_ber_too_big_error -
conn=6079857 fd=1452 Incoming BER Element was too long, max allowable is
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to
increase.
[19/Jul/2024:06:27:57.779058899 +0000] - ERR - NSMMReplicationPlugin -
changelog program - _cl5WriteOperationTxn - retry (49) the transaction
(csn=669a075e000900e90000) failed (rc=-30993 (BDB0068 DB_LOCK_DEADLOCK: Locker
killed to resolve a deadlock))
[19/Jul/2024:06:27:57.780583532 +0000] - ERR - NSMMReplicationPlugin -
changelog program - _cl5WriteOperationTxn - Failed to write entry with csn
(669a075e000900e90000); db error - -30993 BDB0068 DB_LOCK_DEADLOCK: Locker
killed to resolve a deadlock
[19/Jul/2024:06:27:57.781557073 +0000] - ERR - NSMMReplicationPlugin -
write_changelog_and_ruv - Can't add a change for
cn=penup-pre,cn=hostgroups,cn=accounts,dc=mydomain,dc=com (uniqid:
000f3c05-70fc11eb-87e9f15a-5f2429bf, optype: 8) to changelog csn
669a075e000900e90000
[19/Jul/2024:06:27:58.125647535 +0000] - ERR - NSMMReplicationPlugin -
process_postop - Failed to apply update (669a075e000900e90000) error (1).
Aborting replication session(conn=6075545 op=2978)
[19/Jul/2024:06:30:38.073674777 +0000] - ERR - log_ber_too_big_error -
conn=6081159 fd=400 Incoming BER Element was 369736146107 bytes, max allowable
is 209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to
increase.
[19/Jul/2024:06:32:09.283886791 +0000] - ERR - connection_read_operation -
conn=6081404 received a non-LDAP message (tag 0x18, expected 0x30)
[19/Jul/2024:06:33:29.585984549 +0000] - ERR - log_ber_too_big_error -
conn=6081679 fd=311 Incoming BER Element was too long, max allowable is
209715200 bytes. Change the nsslapd-maxbersize attribute in cn=config to
increase.
[19/Jul/2024:06:34:04.617847679 +0000] - ERR - slapd_system_isFIPS - Can not
access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF
[19/Jul/2024:06:34:04.619891225 +0000] - ERR - slapd_system_isFIPS - Can not
access /proc/sys/crypto/fips_enabled - assuming FIPS is OFF
[19/Jul/2024:06:34:04.931778931 +0000] - INFO - util_get_hardware_threads -
Automatically configuring 16 threads
[19/Jul/2024:06:34:05.521184530 +0000] - WARN - Security Initialization - /tmp
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.522737820 +0000] - INFO - slapd_extract_cert - CA CERT
NAME: MYDOMAIN.COM IPA CA
[19/Jul/2024:06:34:05.524500653 +0000] - WARN - Security Initialization - SSL
alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
[19/Jul/2024:06:34:05.624809111 +0000] - INFO - slapd_extract_cert - SERVER
CERT NAME: Server-Cert
[19/Jul/2024:06:34:05.626359141 +0000] - WARN - Security Initialization - /tmp
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.627801709 +0000] - WARN - Security Initialization - /tmp
is not a private namespace. pem files not exported there
[19/Jul/2024:06:34:05.854933657 +0000] - INFO - Security Initialization - SSL
info: Enabling default cipher set.
[19/Jul/2024:06:34:05.856382522 +0000] - INFO - Security Initialization - SSL
info: Configured NSS Ciphers
[19/Jul/2024:06:34:05.857556371 +0000] - INFO - Security Initialization - SSL
info: TLS_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.858503393 +0000] - INFO - Security Initialization - SSL
info: TLS_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.859485862 +0000] - INFO - Security Initialization - SSL
info: TLS_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.860543982 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.861588021 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.862625065 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.863601471 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.864790795 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.865759945 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.866807116 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.867919186 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.868910775 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.869828849 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.870846944 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.871884481 +0000] - INFO - Security Initialization - SSL
info: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.872960919 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.873942777 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
[19/Jul/2024:06:34:05.874915469 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.875865057 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.876812156 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.877842946 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.878878446 +0000] - INFO - Security Initialization - SSL
info: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.879941260 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[19/Jul/2024:06:34:05.880887578 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[19/Jul/2024:06:34:05.881905650 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[19/Jul/2024:06:34:05.882724291 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[19/Jul/2024:06:34:05.883536996 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[19/Jul/2024:06:34:05.884375320 +0000] - INFO - Security Initialization - SSL
info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[19/Jul/2024:06:34:06.172298339 +0000] - INFO - Security Initialization -
slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
[19/Jul/2024:06:34:06.174035089 +0000] - INFO - Security Initialization -
slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
[19/Jul/2024:06:34:06.175409580 +0000] - INFO - main - 389-Directory/1.4.3.12
B2020.213.0000 starting up
--
Identity Management Development Team
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue