A failed connection to OpenLDAP breaks the migration

[DavidePrincipi]

The issue comes when we try to migrate a NS7 to NS8, the migration stops and display an error, to reproduce it you need to restrict to localhost the slapd services

Steps to reproduce

• install on NS7 an openldap account provider with the mail module
• set the slapd access to '' (restricted to localhost)
• trigger : signal-event nethserver-directory-update
• install nethserver-ns8-migration
• configure with the host and the credentials of the admin of NS8
• the join action will display an error nothing in NS7 log

  [root@NS2 ~]# cat /var/log/ns8-migration.log 
  =========== Join cluster Fri, 02 Aug 2024 12:16:57 +0200

• reload the web page, we allow you to continue the migration
• start to migrate the mail stack: press sync data
• finish the mail migration : press finish migration
• you have another error message

  ----------- finish nethserver-mail Fri, 02 Aug 2024 12:36:15 +0200
  /usr/share/nethesis/nethserver-ns8-migration/apps/nethserver-mail/migrate: line 51: USER_DOMAIN: parameter null or not set

Expected behavior

I expect no error, the migration should work or a notice or log fragment should explain what is occuring, for example what is the error, here I cannot connect to the openldap server because it is restricted to the localhost

Actual behavior

the failure comes that the openldap server is not reachable from the NS8 even with the VPN enabled, the localhost restricted access stops the migration when the action cannot handle a remote ldap connexion.

this is what you can see in the UI

in the NS8 journald log we can find

Aug 02 12:16:59 R1-pve.rocky9-pve.org traefik[2628]: 192.168.13.210 - - [02/Aug/2024:10:16:59 +0000] "GET /cluster-admin/api/cluster/task/bedce06f-47f0-4598-adc8-d70f2d4ffa6f/context HTTP/2.0" 200 340 "-" "-" 1097 "ApiServer-https@file" "http://127.0.0.1:9311" 13ms
Aug 02 12:17:00 R1-pve.rocky9-pve.org agent@cluster[783]: LDAPSocketOpenError: socket connection error while opening: [Errno 111] Connection refused
Aug 02 12:17:00 R1-pve.rocky9-pve.org agent@cluster[783]: task/cluster/bedce06f-47f0-4598-adc8-d70f2d4ffa6f: action "add-external-domain" status is "validation-failed" (3) at step 10validate_ldap_provider

the NS7 log just explain the join to the cluster is done

[root@NS2 ~]# cat /var/log/ns8-migration.log 
=========== Join cluster Fri, 02 Aug 2024 12:16:57 +0200

So the join cluster action is already done but we have an error relevant to the remote LDAP connexion failure hence the failure of the mail migration that it will come later if you continue to migrate the server by reloading the page. Since the script has failed you will have more errors for the migration, at the end the only way is to leave the migration, write errors to logs and leave before to migrate anything

Components version 1.0.14

See also

Forum Thread https://community.nethserver.org/t/ns7-ns8-mail-migration-failed/24120/12?u=davidep

[nethbot]

in 7.9.2009/testing:

• nethserver-ns8-migration-1.0.14-1.4.g6d81f38.ns7.x86_64.rpm x86_64

[stephdl]

QA

• test 1 openldap install an openldap account provider remove the access property of slapd

  config setprop slapd access ''
  signal-event nethserver-directory-update

  install nethserver-ns8-migration from testing yum install http://packages.nethserver.org/nethserver/7.9.2009/testing/x86_64/Packages/nethserver-ns8-migration-1.0.14-1.4.g6d81f38.ns7.x86_64.rpm try to migrate to a brand new ns8 server you must have an error but without migration started, you can read the join and the leave in the /var/log/ns8-migration.log you can save as many time the form the migration step is never started

• test nsdc install a samba4 account provider once configured stop the service install nethserver-ns8-migration from testing yum install http://packages.nethserver.org/nethserver/7.9.2009/testing/x86_64/Packages/nethserver-ns8-migration-1.0.14-1.4.g6d81f38.ns7.x86_64.rpm try to migrate to a brand new ns8 server you must have an error but without migration started, you can read the join and the leave in the /var/log/ns8-migration.log you can save as many time the form the migration step is never started

[nethbot]

in 7.9.2009/testing:

• nethserver-ns8-migration-1.0.14-1.5.gbd8ff96.ns7.x86_64.rpm x86_64

[nethbot]

in 7.9.2009/testing:

• nethserver-ns8-migration-1.0.14-1.6.g4283973.ns7.x86_64.rpm x86_64

[DavidePrincipi]

VERIFIED

Both cases were verified. Furthermore with commit https://github.com/NethServer/nethserver-ns8-migration/commit/bd8ff96389a31e6abc9bd3c090560e53da0caa03 the join procedure UI reports the error detail.

[nethbot]

in 7.9.2009/updates:

• nethserver-ns8-migration-1.0.15-1.ns7.x86_64.rpm x86_64