syncrepl connection / reconnect

Discussion:

Thorsten Mueller

2010-03-26 08:40:41 UTC

Hi,

I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.

When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The remaining slapd seems not to recognize a loss of the network connection.
Is this a bug in openldap, or a configuration issue on my side?

Thanks,
Thorsten

Benjamin Griese

2010-03-26 09:05:01 UTC

Permalink

Hi Thorsten,

please provide more information for example your slapd.conf / slapd.d. The
more infos you give the more feedback you get.

Bye.

On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <

Post by Thorsten Mueller
Hi,
I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine.
When I shut down slapd_A, I can see the connection retries in the log of B.
After restarting A everything is fine. Replication works in both directions.
When I switch off the machine hosting A, B does not log anything. After
starting machine A, replication only works from B to A and not from A to B.
Only after restarting slapd_B the connection is reestablished and the
changes are synced. I see the same behavior, if I just do a ifconfig eth0
down. The remaining slapd seems not to recognize a loss of the network
connection.
Is this a bug in openldap, or a configuration issue on my side?
Thanks,
Thorsten

--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is
to do -- Sartre | Do be do be do -- Sinatra

Thorsten Mueller

2010-03-26 09:35:44 UTC

Permalink

Here you are, the config of the second machine is identical, apart from the different provider

#######################################################################
#
# Global settings
#
#######################################################################

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
ucdata-path /usr/ucdata

serverID 1

moduleload syncprov

###################################
# Useful settings for enabling LDAPS (i.e. LDAP over SSL/TLS) access to this server
###################################

TLSCACertificateFile /etc/TLS/ca-certs/trusted_CAs.pem
TLSCACertificatePath /etc/TLS/links
TLSCertificateFile /etc/TLS/server/server.pem
TLSCertificateKeyFile /etc/TLS/server/server_key.pem
TLSCipherSuite HIGH:MEDIUM:SSLv3
TLSVerifyClient try

###################################
# Public LDAP schemas
###################################

include /etc/schema/core.schema
include /etc/schema/cosine.schema
include /etc/schema/inetorgperson.schema

###################################
# Gateway specific LDAP schemas
###################################

include /etc/schema/database.schema

loglevel 256

###################################
# Access control
###################################

access to attrs=userPassword
by anonymous auth
by * none

access to dn.subtree="dc=SpecialBranch,dc=head"
by dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write
by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write
by * none

access to *
by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write
by * none

access to * by * none

#######################################################################
#
# Database definitions
#
#######################################################################

###################################
# Database for SpecialBranch
###################################

database bdb
suffix "dc=SpecialBranch,dc=head"
subordinate
rootdn "cn=admin,dc=head"
directory /var/db-SpecialBranch
monitoring off
index objectClass eq
index entryCSN eq
index entryUUID eq
index contextCSN eq
index DatabaseAttrRuleID eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directiv
syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=SpecialBranch,dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist
retry="5 12 60 +"

mirrormode on

###################################
# Database for the general configuration
###################################

database bdb
suffix "dc=head"
rootdn "cn=admin,dc=head"
rootpw "{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj"
directory /var/db-general
monitoring off
index objectClass eq
index entryCSN eq
index entryUUID eq
index contextCSN eq
index mail eq,sub
index DatabaseAttrIssuerDN eq,sub
index DatabaseAttrSubjectDN eq,sub
index DatabaseAttrSerial eq
index DatabaseAttrFingerprint eq,sub
index DatabaseAttrKeyID eq,sub
index DatabaseAttrKeySigner pres
index DatabaseAttrKeyHash eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directiv
syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist
retry="5 12 60 +"

mirrormode on

#eof

Von: Benjamin Griese [mailto:***@gmail.com]
Gesendet: Freitag, 26. März 2010 10:05
An: Thorsten Mueller
Cc: openldap-***@openldap.org
Betreff: Re: syncrepl connection / reconnect

Hi Thorsten,

please provide more information for example your slapd.conf / slapd.d. The more infos you give the more feedback you get.

Bye.
On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <***@aachen.utimaco.de<mailto:***@aachen.utimaco.de>> wrote:
Hi,

I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.

When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The remaining slapd seems not to recognize a loss of the network connection.
Is this a bug in openldap, or a configuration issue on my side?

Thanks,
Thorsten

--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra

Dieter Kluenter

2010-03-26 14:03:33 UTC

Permalink

Post by Thorsten Mueller
Here you are, the config of the second machine is identical, apart from the
different provider

[...]

Post by Thorsten Mueller
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directiv
syncrepl      rid=001
              provider=ldap://192.168.120.237:388
              bindmethod=simple
              binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
              credentials="fdet2zS3"
              searchbase="dc=head"
              starttls=critical
              tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
              tls_cert=etc/TLS/client/client.pem
              tls_key=etc/TLS/client/client_key.pem
              schemachecking=on
              type=refreshAndPersist
              retry="5 12 60 +"
mirrormode on

[...]

order matters, syncrepl has to be declared within a database
specification, modules are loaded last, after all database specific
configuration parameters.

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Dieter Kluenter

2010-03-26 14:40:19 UTC

Permalink

Post by Dieter Kluenter

Post by Thorsten Mueller
Here you are, the config of the second machine is identical, apart from the
different provider

[...]

[...]
order matters, syncrepl has to be declared within a database
specification, modules are loaded last, after all database specific
configuration parameters.

Sorry my bad, this should read ..overlays are loaded last...

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,

Thorsten Mueller

2010-03-26 15:11:32 UTC

Permalink

Jap, changing the order did not really help. When calling netstat, I see the connection is still ESTABLISHED, even if the second machine is switched off. May be I need to wait for the tcp_keepalive_timeout. I would expect the slapd somehow recognizes the loss of the connection to the second slapd.

-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces+thorsten.mueller=***@OpenLDAP.org [mailto:openldap-technical-bounces+thorsten.mueller=***@OpenLDAP.org] Im Auftrag von Dieter Kluenter
Gesendet: Freitag, 26. März 2010 15:40
An: openldap-***@openldap.org
Betreff: Re: AW: syncrepl connection / reconnect

Post by Dieter Kluenter

Post by Thorsten Mueller
Here you are, the config of the second machine is identical, apart from the
different provider

[...]

[...]
order matters, syncrepl has to be declared within a database
specification, modules are loaded last, after all database specific
configuration parameters.

Sorry my bad, this should read ..overlays are loaded last...

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N