search

abbra / freeipa

Mirror of FreeIPA, an integrated security information management solution
http://www.freeipa.org
GNU General Public License v3.0
2 stars 1 forks source link

gc-wip: error message in log when running ipa-adtrust-install second time #48

Closed wladich closed 4 years ago

wladich commented 4 years ago

/var/log/ipa/globalcatalog.log:

# run ipa-adtrust-install first time

2020-10-05T14:51:43Z    34872   MainThread  ipa-gcsyncd INFO    LDAP bind...
2020-10-05T14:51:43Z    34872   MainThread  ipa-gcsyncd INFO    Commencing sync process
2020-10-05T14:51:43Z    34872   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on cn=editors,cn=groups,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-05T14:51:43Z    34872   MainThread  ipaserver.globalcatalog.gcsyncer    INFO    Initial LDAP dump is done, now synchronizing with GC

# run ipa-adtrust-install again

2020-10-05T14:55:04Z    34872   MainThread  ipa-gcsyncd ERROR   syncrepl_poll: LDAP error ({'desc': "Can't contact LDAP server"})
2020-10-05T14:56:09Z    35106   MainThread  ipa-gcsyncd INFO    LDAP bind...
2020-10-05T14:56:09Z    35106   MainThread  ipa-gcsyncd INFO    Commencing sync process
2020-10-05T14:56:09Z    35106   MainThread  ipaserver.globalcatalog.gcsyncer    ERROR   Failed to create GC entry based on cn=editors,cn=groups,cn=accounts,dc=testrelm,dc=test (Unable to create SID, missing data)
2020-10-05T14:56:09Z    35106   MainThread  ipaserver.globalcatalog.gcsyncer    INFO    Initial LDAP dump is done, now synchronizing with GC
flo-renaud commented 4 years ago

Hi @wladich this is expected. When ipa-adtrust-install is run, the command restarts the main ldap instance. As a consequence, ipa-gcsyncd looses the connection to the main ldap instance and exits, then it gets restarted 1 min later (you can check https://github.com/abbra/freeipa/blob/gc-wip/daemons/globalcatalog/ipa-gcsyncd.service.in). We can make the message more clear (for instance: lost connection with LDAP server, will restart in 60s...), make it a warning. What's your preferred solution?

wladich commented 4 years ago

@flo-renaud Thanks for explanation, I am fine with current state. I will simply ignore error with message "Can't contact LDAP server" in the tests. I think we can close the issue.