Project

General

Profile

Bug #658

Ensure LDAP is started before services using it

Added by Marc Dequènes about 1 year ago. Updated about 1 month ago.

Status:
Resolved
Priority:
High
Category:
-
Start date:
2019-07-14
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

For example PHP-FPM is started too early on Toushirou. We need to list all the affected services,

As it is specific to our use of LDAP account for certain services, I think a DC-specific service file distributed by the dc-ldap role could ensure all affected services wait until slapd is up (on LDAP servers only).

History

#1

Updated by Marc Dequènes about 1 month ago

PHP-FPM needs to wait for LDAP:

Aug 18 05:55:50 Toushirou php-fpm7.3[2175]: [18-Aug-2020 05:55:50] ERROR: [pool albums.georgesleyeti.fr] cannot get uid for user 'georgesleyeti'
Aug 18 05:55:50 Toushirou php-fpm7.3[2175]: [18-Aug-2020 05:55:50] ERROR: FPM initialization failed
Aug 18 05:55:50 Toushirou systemd[1]: php7.3-fpm.service: Main process exited, code=exited, status=78/CONFIG
Aug 18 05:55:50 Toushirou systemd[1]: php7.3-fpm.service: Failed with result 'exit-code'.

#2

Updated by Marc Dequènes about 1 month ago

One more:

Aug 18 14:21:45 Elwing systemd[5160]: duck-calibre-server.service: Failed to determine user credentials: No such process
Aug 18 14:21:45 Elwing systemd[5160]: duck-calibre-server.service: Failed at step USER spawning /usr/bin/calibre-server: No such process
Aug 18 14:21:45 Elwing systemd[1]: duck-calibre-server.service: Main process exited, code=exited, status=217/USER
Aug 18 14:21:45 Elwing systemd[1]: duck-calibre-server.service: Failed with result 'exit-code'.

#3

Updated by Marc Dequènes about 1 month ago

  • Status changed from New to Resolved
  • Assignee set to Marc Dequènes
  • % Done changed from 0 to 100

There was a fix for duck-calibre-server.service but that was not sufficient; it should be ok now.

I also added a fix in the httpd_php_fpm role.

Since we rebooted all machines today, that should be all.

Also available in: Atom PDF