Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Traceback when running ipa-healthcheck if LDAP server is down #300

Closed
flo-renaud opened this issue Sep 28, 2023 · 0 comments · Fixed by #301
Closed

Traceback when running ipa-healthcheck if LDAP server is down #300

flo-renaud opened this issue Sep 28, 2023 · 0 comments · Fixed by #301

Comments

@flo-renaud
Copy link
Contributor

With ipa-healthcheck 0.14, ipa-healthcheck reports a traceback if the LDAP server is not running:

# rpm -qa freeipa-healthcheck
freeipa-healthcheck-0.14-1.fc38.noarch
# systemctl stop dirsrv@IPA-TEST.service
# ipa-healthcheck 
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1088, in error_handler
    yield
  File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1246, in external_bind
    self.conn.sasl_interactive_bind_s(
  File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 270, in sasl_interactive_bind_s
    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
             ^^^^^^^^^^^^^^^^^^^^
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/ipa-healthcheck", line 33, in <module>
    sys.exit(load_entry_point('ipahealthcheck==0.14', 'console_scripts', 'ipa-healthcheck')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/main.py", line 54, in main
    sys.exit(ipachecks.run_healthcheck())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 440, in run_healthcheck
    results, available = run_service_plugins(plugins,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipahealthcheck/core/core.py", line 145, in run_service_plugins
    for result in plugin.check():
                  ^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 122, in check
    self.service_name = self.get_service_name('KEYS')
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipahealthcheck/meta/services.py", line 31, in get_service_name
    api.Backend.ldap2.connect()
  File "/usr/lib/python3.11/site-packages/ipalib/backend.py", line 69, in connect
    conn = self.create_connection(*args, **kw)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/ipaserver/plugins/ldap2.py", line 187, in create_connection
    client.external_bind(server_controls=serverctrls,
  File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1243, in external_bind
    with self.error_handler():
  File "/usr/lib64/python3.11/contextlib.py", line 155, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/lib/python3.11/site-packages/ipapython/ipaldap.py", line 1141, in error_handler
    raise errors.NetworkError(uri=self.ldap_uri,
ipalib.errors.NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused

The regression was introduced with this commit that discovers the service name based on roles stored in LDAP.
ipa-healthcheck 0.12 doesn't have the issue:

# rpm -qa freeipa-healthcheck
freeipa-healthcheck-0.12-2.fc38.noarch
# systemctl stop dirsrv@IPA-TEST.service
# ipa-healthcheck 
[
  {
    "source": "ipahealthcheck.meta.services",
    "check": "dirsrv",
    "result": "ERROR",
    "uuid": "837c5b0c-3b7b-4fce-b9e4-c86fe7d99956",
    "when": "20230928143504Z",
    "duration": "0.005293",
    "kw": {
      "status": false,
      "msg": "dirsrv: not running"
    }
  }
]
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Sep 28, 2023
@rcritten
Add a dirsrv requires to services that look up their names in LDAP
5aa7bae 
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.

If dirsrv isn't started then this will blow up spectacularly
so use requires as a guard against it.

Fixes: freeipa#300

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten added a commit to rcritten/freeipa-healthcheck that referenced this issue Sep 28, 2023
@rcritten
Add a dirsrv requires to services that look up their names in LDAP
63dc51b 
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.

If dirsrv isn't started then this will blow up spectacularly
so use requires as a guard against it.

Fixes: freeipa#300

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten rcritten mentioned this issue Sep 28, 2023
Merged
This was referenced Sep 29, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a dirsrv requires to services that look up their names in LDAP rcritten/freeipa-healthcheck
1 participant
@flo-renaud