Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install - lldap exited code 132 #756

Closed
tylerpace opened this issue Dec 10, 2023 · 18 comments
Closed

[BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install - lldap exited code 132 #756

tylerpace opened this issue Dec 10, 2023 · 18 comments
Labels
bug Something isn't working

Comments

@tylerpace
Copy link
Contributor

Describe the bug
lldap v0.5.0 is stuck in a restart loop on a fresh install due to failed UNIQUE database constraints in sqlite.

To Reproduce
For context, I tried to upgrade from 0.4.3 to 0.5.0 and got the expected UNIQUE constraint error on emails that I had shared across different users. I updated the emails directly in users.db using sqlite3 but lldap continued to restart with failed UNIQUE constraints.

So, I started with a fresh v0.5.0 install with a clean data directory with the following docker compose specification:

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - ${DOCKER_DIR}/lldap:/data

lldap continues to get stuck in a restart loop with this output:

Loading configuration from /data/lldap_config.toml
2023-12-10T22:18:02.298303464+00:00  INFO     set_up_server [ 1.21ms | 100.00% ]
2023-12-10T22:18:02.298319013+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:18:02.305599549+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:18:02.306208556+00:00  ERROR    ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`
2023-12-10T22:18:02.306269670+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-10T22:18:02.306326767+00:00  INFO     i [info]: End.

I stopped lldap and manually updated the admin email via sqlite3 with this command:

update users set email = 'name@domain.com' where user_id = 'admin';

Then, I restarted lldap and got stuck in a similar restart loop due to a failed UNIQUE constrains on users.user_id. The following output will loop every few seconds.

Loading configuration from /data/lldap_config.toml
2023-12-10T22:24:48.328008495+00:00  INFO     set_up_server [ 1.37ms | 100.00% ]
2023-12-10T22:24:48.328020708+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-10T22:24:48.333270604+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-10T22:24:48.333914867+00:00  ERROR    ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`
2023-12-10T22:24:48.333964970+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id`: Execution Error: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id: error returned from database: (code: 1555) UNIQUE constraint failed: users.user_id
2023-12-10T22:24:48.334002630+00:00  INFO     i [info]: End.

Expected behavior
I expect lldap to instantiate with a default admin account that I can use to login and to complete my configuration.

Additional context
I can't get 0.4.3 to work on a fresh install either. lldap immediately falls into a restart loop even though logs appear to be successful. The following output will loop every few seconds.

> Setup permissions..
> Starting lldap..

Loading configuration from /data/lldap_config.toml
2023-12-10T22:37:21.478722792+00:00  INFO     set_up_server [ 1.11ms | 100.00% ]
2023-12-10T22:37:21.478731288+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.4.3
2023-12-10T22:37:21.482793217+00:00  INFO     ┝━ i [info]: Starting the LDAP server on port 3890
2023-12-10T22:37:21.484134880+00:00  INFO     ┕━ i [info]: Starting the API/web server on port 17170
2023-12-10T22:37:21.484198849+00:00  INFO     i [info]: starting 1 workers
2023-12-10T22:37:21.484202095+00:00  INFO     i [info]: Actix runtime found; starting in Actix runtime
@tylerpace tylerpace added the bug Something isn't working label Dec 10, 2023
@nitnelave
Copy link
Member

nitnelave commented Dec 11, 2023 via email

@tylerpace
Copy link
Contributor Author

Verbose log output from lldap 0.5.0 with a fresh install (empty /data directory).

> Setup permissions..
> Starting lldap..

Loading configuration from /data/lldap_config.toml
Configuration: Configuration {
    ldap_host: "0.0.0.0",
    ldap_port: 3890,
    http_host: "0.0.0.0",
    http_port: 17170,
    jwt_secret: ***SECRET***,
    ldap_base_dn: "dc=mydomain,dc=net",
    ldap_user_dn: UserId(
        "admin",
    ),
    ldap_user_email: "",
    ldap_user_pass: ***SECRET***,
    database_url: "sqlite:///data/users.db?mode=rwc",
    ignored_user_attributes: [],
    ignored_group_attributes: [],
    verbose: true,
    key_file: "/data/private_key",
    key_seed: None,
    smtp_options: MailOptions {
        enable_password_reset: false,
        from: None,
        reply_to: None,
        server: "localhost",
        port: 587,
        user: "",
        password: ***SECRET***,
        smtp_encryption: Tls,
        tls_required: None,
    },
    ldaps_options: LdapsOptions {
        enabled: false,
        port: 6360,
        cert_file: "cert.pem",
        key_file: "key.pem",
    },
    http_url: Url {
        scheme: "http",
        cannot_be_a_base: false,
        username: "",
        password: None,
        host: Some(
            Domain(
                "localhost",
            ),
        ),
        port: None,
        path: "/",
        query: None,
        fragment: None,
    },
    server_setup: None,
}
2023-12-13T21:05:17.125183439+00:00  INFO     set_up_server [ 1.58ms | 15.53% / 100.00% ]
2023-12-13T21:05:17.125197947+00:00  INFO     ┝━ i [info]: Starting LLDAP version 0.5.0
2023-12-13T21:05:17.125685596+00:00  DEBUG    ┝━ get_schema_version [ 77.3µs | 4.89% ]
2023-12-13T21:05:17.126603889+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: Some(SchemaVersion(5))
2023-12-13T21:05:17.126627002+00:00  DEBUG    ┝━ list_groups [ 364µs | 23.04% ] filters: Some(DisplayName("lldap_admin"))
2023-12-13T21:05:17.128725726+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-12-13T21:05:12.828061965, uuid: Uuid("a0217d78-0fdf-37f8-9e2c-1bca6daab8fd"), users: [], attributes: [] }]
2023-12-13T21:05:17.128732228+00:00  DEBUG    ┝━ list_groups [ 249µs | 15.76% ] filters: Some(DisplayName("lldap_password_manager"))
2023-12-13T21:05:17.129571373+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(2), display_name: "lldap_password_manager", creation_date: 2023-12-13T21:05:12.830701057, uuid: Uuid("6a5748f1-8700-3f9e-b76a-2bf400ac4b17"), users: [], attributes: [] }]
2023-12-13T21:05:17.129576412+00:00  DEBUG    ┝━ list_groups [ 184µs | 11.65% ] filters: Some(DisplayName("lldap_strict_readonly"))
2023-12-13T21:05:17.130364643+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: [Group { id: GroupId(3), display_name: "lldap_strict_readonly", creation_date: 2023-12-13T21:05:12.833115129, uuid: Uuid("d2291864-6400-310d-ba5e-76eae69a9d17"), users: [], attributes: [] }]
2023-12-13T21:05:17.130376615+00:00  DEBUG    ┝━ list_users [ 290µs | 18.38% ] filters: Some(MemberOf("lldap_admin")) | _get_groups: false
2023-12-13T21:05:17.133956571+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | return: []
2023-12-13T21:05:17.133971399+00:00  WARN     ┝━ 🚧 [warn]: Could not find an admin user, trying to create the user "admin" with the config-provided password
2023-12-13T21:05:17.133985855+00:00  DEBUG    ┕━ create_user [ 170µs | 10.75% ] request: CreateUserRequest { user_id: UserId("admin"), email: "", display_name: Some("Administrator"), first_name: None, last_name: None, avatar: None } | user_id: "admin"
2023-12-13T21:05:17.134680201+00:00  ERROR       ┕━ 🚨 [error]:  | error: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`
2023-12-13T21:05:17.134794414+00:00  ERROR    🚨 [error]: Could not bring up the servers: while creating the admin user: Error setting up admin login/account: Error creating admin user: Database error: `Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email`: Execution Error: error returned from database: (code: 2067) UNIQUE constraint failed: users.email: error returned from database: (code: 2067) UNIQUE constraint failed: users.email
2023-12-13T21:05:17.134843125+00:00  INFO     i [info]: End.

The user list:

sqlite> SELECT user_id, email FROM users;
admin|

lldap_admin members:

sqlite> SELECT user_id FROM memberships WHERE
group_id = 0;
sqlite>

@nitnelave
Copy link
Member

There's something weird, that cannot be the logs from a fresh install with an empty data directory: the database already exists (you can see that no migration was done, it directly returned the latest schema version).

I'm guessing that there is an issue, and you're not looking at the correct /data directory. Can you post the LLDAP section of your docker compose?

That, or it's not actually the very first logs you get after deleting the DB, only the second time you start the service.

@tylerpace
Copy link
Contributor Author

tylerpace commented Dec 13, 2023
edited

My compose specification for lldap.

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_VERBOSE: true
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - ${DOCKER_DIR}/lldap:/data

${DOCKER_DIR}/lldap is completely empty at startup. I'm rming after every attempt as part of this troubleshooting.

But, you raise a good point -- I was grabbing the most recent copy of the lldap logs by mistake. The restart cycle happens almost instantly so it's hard to capture the initial startup from docker logs. However, I pipe all my container logs to grafana and took a look over there to see if I can find the first execution of lldap.

Here's a lldap log export from grafana that covers the initial startup and subsequent restarts. It looks like lldap starts and silently fails (?) and then gets stuck in the loop caused by the UNIQUE constraint.

lldap_v050_startup.txt
Same logs in a Github Gist

@martadinata666
Copy link
Member

martadinata666 commented Dec 14, 2023
edited

Is this work if using volume?

  lldap:
    container_name: lldap
    image: lldap/lldap:v0.5.0
    restart: unless-stopped
    environment:
      TZ: ${TZ}
      UID: ${PUID}
      GID: ${PGID}
      LLDAP_VERBOSE: true
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_LDAP_USER_PASS: ${LLDAP_LDAP_USER_PASS}
      LLDAP_LDAP_BASE_DN: ${LLDAP_LDAP_BASE_DN}
    volumes:
      - lldap-data:/data

volumes:
  lldap-data:

And about the command, docker compose up and docker compose down -v (will wipe the volume also, just ensuring it empty. Is the ${DOCKER_DIR}/lldap on remote mounts such as nfs, smb?

@nitnelave
Copy link
Member

Interesting! Maybe you can remove the "restart: unless-stopped" from compose? That way you'd only get the first start.

I think grafana only captured stdout, but docker will also give you stderr. Or can you get that in grafana as well?
I feel like there was a panic before it finished the "setting up server" part and didn't get to log anything.

@tylerpace
Copy link
Contributor Author

@martadinata666 I modified my compose to start with a fresh volume and appear to be in the same restart loop.

Here's the initial output from docker compose up:

> sudo docker compose up
[+] Running 2/0
 ✔ Volume "auth_lldap-data"  Created                                                                                                                                0.0s 
 ✔ Container lldap           Created                                                                                                                                0.0s 
Attaching to lldap
lldap  | [entrypoint] Copying the default config to /data/lldap_config.toml
lldap  | [entrypoint] Edit this file to configure LLDAP.
lldap  | > Setup permissions..
lldap  | > Starting lldap..
lldap  | 
lldap  | Loading configuration from /data/lldap_config.toml
lldap  | Configuration: Configuration {
lldap  |     ldap_host: "0.0.0.0",
lldap  |     ldap_port: 3890,
lldap  |     http_host: "0.0.0.0",
lldap  |     http_port: 17170,
lldap  |     jwt_secret: ***SECRET***,
lldap  |     ldap_base_dn: "dc=mydomain,dc=net",
lldap  |     ldap_user_dn: UserId(
lldap  |         "admin",
lldap  |     ),
lldap  |     ldap_user_email: "",
lldap  |     ldap_user_pass: ***SECRET***,
lldap  |     database_url: "sqlite:///data/users.db?mode=rwc",
lldap  |     ignored_user_attributes: [],
lldap  |     ignored_group_attributes: [],
lldap  |     verbose: true,
lldap  |     key_file: "/data/private_key",
lldap  |     key_seed: None,
lldap  |     smtp_options: MailOptions {
lldap  |         enable_password_reset: false,
lldap  |         from: None,
lldap  |         reply_to: None,
lldap  |         server: "localhost",
lldap  |         port: 587,
lldap  |         user: "",
lldap  |         password: ***SECRET***,
lldap  |         smtp_encryption: Tls,
lldap  |         tls_required: None,
lldap  |     },
lldap  |     ldaps_options: LdapsOptions {
lldap  |         enabled: false,
lldap  |         port: 6360,
lldap  |         cert_file: "cert.pem",
lldap  |         key_file: "key.pem",
lldap  |     },
lldap  |     http_url: Url {
lldap  |         scheme: "http",
lldap  |         cannot_be_a_base: false,
lldap  |         username: "",
lldap  |         password: None,
lldap  |         host: Some(
lldap  |             Domain(
lldap  |                 "localhost",
lldap  |             ),
lldap  |         ),
lldap  |         port: None,
lldap  |         path: "/",
lldap  |         query: None,
lldap  |         fragment: None,
lldap  |     },
lldap  |     server_setup: None,
lldap  | }
lldap exited with code 0

But, checking docker logs lldap and grafana show the same restart cycle ending in the UNIQUE constraint problem.

My docker volumes are hosted via NFS via TrueNAS. I know it's not ideal to run sqlite dbs on NFS, but this setup ran fine for a long while on v0.4.x and now I can't even rollback to that version family. I can try a setup without sqlite, but probably not until middle of next week.

@nitnelave Progress! I removed restart: unless-stopped and got a new exit code of 132.

> sudo docker compose up     
[+] Running 2/0
 ✔ Volume "auth_lldap-data"  Created                                                                                                                                0.0s 
 ✔ Container lldap           Created                                                                                                                                0.0s 
Attaching to lldap
lldap  | [entrypoint] Copying the default config to /data/lldap_config.toml
lldap  | [entrypoint] Edit this file to configure LLDAP.
lldap  | > Setup permissions..
lldap  | > Starting lldap..
lldap  | 
lldap  | Loading configuration from /data/lldap_config.toml
lldap  | Configuration: Configuration {
lldap  |     ldap_host: "0.0.0.0",
lldap  |     ldap_port: 3890,
lldap  |     http_host: "0.0.0.0",
lldap  |     http_port: 17170,
lldap  |     jwt_secret: ***SECRET***,
lldap  |     ldap_base_dn: "dc=mydomain,dc=net",
lldap  |     ldap_user_dn: UserId(
lldap  |         "admin",
lldap  |     ),
lldap  |     ldap_user_email: "",
lldap  |     ldap_user_pass: ***SECRET***,
lldap  |     database_url: "sqlite:///data/users.db?mode=rwc",
lldap  |     ignored_user_attributes: [],
lldap  |     ignored_group_attributes: [],
lldap  |     verbose: true,
lldap  |     key_file: "/data/private_key",
lldap  |     key_seed: None,
lldap  |     smtp_options: MailOptions {
lldap  |         enable_password_reset: false,
lldap  |         from: None,
lldap  |         reply_to: None,
lldap  |         server: "localhost",
lldap  |         port: 587,
lldap  |         user: "",
lldap  |         password: ***SECRET***,
lldap  |         smtp_encryption: Tls,
lldap  |         tls_required: None,
lldap  |     },
lldap  |     ldaps_options: LdapsOptions {
lldap  |         enabled: false,
lldap  |         port: 6360,
lldap  |         cert_file: "cert.pem",
lldap  |         key_file: "key.pem",
lldap  |     },
lldap  |     http_url: Url {
lldap  |         scheme: "http",
lldap  |         cannot_be_a_base: false,
lldap  |         username: "",
lldap  |         password: None,
lldap  |         host: Some(
lldap  |             Domain(
lldap  |                 "localhost",
lldap  |             ),
lldap  |         ),
lldap  |         port: None,
lldap  |         path: "/",
lldap  |         query: None,
lldap  |         fragment: None,
lldap  |     },
lldap  |     server_setup: None,
lldap  | }
lldap exited with code 132

Thank you both for the troubleshooting help!

@nitnelave
Copy link
Member

132? That's illegal instruction (unless you have a weird Linux). That would indeed stop the program in it's tracks with no hope of logging, to stderr or stdout.
What is your cpu/architecture? And which docker image were you using?

A potential way forward would be to recompile lldap yourself (which is very easy with cargo, check the readme). If you compile it on the machine itself, it shouldn't generate illegal instructions.

Let's see if it solves the problem (you should be able to just copy the new binary into the container and restart it).

@tylerpace
Copy link
Contributor Author

@martadinata666 To clarify my earlier comment about NFS.

My normal process is to host persistent docker volumes on NFS, but in your test case using the lldap-data volume that volume is hosted directly on my docker host. My docker host is ubuntu server virtualized on TrueNAS using a zvol for storage.

@nitnelave
Copy link
Member

What's the output of uname -a and cat /proc/cpuinfo (you can truncate to just one core)?

@tylerpace
Copy link
Contributor Author

@nitnelave I'm running virtualized Ubuntu on TrueNAS with Host CPU mode (AMD Ryzen).

lldap worked great for months on this setup. It all went south when I first tried to upgrade to v0.5.0 and I've been stuck in this restart loop every since. There have been no changes to server HW or the ubuntu virtualization settings, just the normal course of ubuntu OS updates, updates to other containers, etc.

OS info:

> lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.3 LTS
Release:	22.04
Codename:	jammy

CPU info:

> lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         40 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  8
  On-line CPU(s) list:   0-7
Vendor ID:               AuthenticAMD
  Model name:            AMD EPYC-Rome Processor
    CPU family:          23
    Model:               49
    Thread(s) per core:  2
    Core(s) per socket:  4
    Socket(s):           1
    Stepping:            0
    BogoMIPS:            7785.34
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext
                         fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic
                          movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowpr
                         efetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed ad
                         x smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities
Virtualization features:
  Hypervisor vendor:     KVM
  Virtualization type:   full
Caches (sum of all):
  L1d:                   128 KiB (4 instances)
  L1i:                   128 KiB (4 instances)
  L2:                    2 MiB (4 instances)
  L3:                    16 MiB (1 instance)
NUMA:
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-7
Vulnerabilities:
  Gather data sampling:  Not affected
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Not affected
  Retbleed:              Mitigation; untrained return thunk; SMT enabled with STIBP protection
  Spec rstack overflow:  Mitigation; safe RET
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl and seccomp
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Retpolines, IBPB conditional, STIBP always-on, RSB filling, PBRSB-eIBRS Not affected
  Srbds:                 Not affected
  Tsx async abort:       Not affected

Docker info:

Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 50
  Running: 49
  Paused: 0
  Stopped: 1
 Images: 94
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc version: v1.1.9-0-gccaecfc
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-89-generic
 Operating System: Ubuntu 22.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.61GiB
 Name: **REMOVED**
 ID: **REMOVED**
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Container info:

> sudo docker inspect lldap | jq '.[0].Config.Labels'
{
  "com.docker.compose.config-hash": "e027b1be1bf62ec73579ee5736a8a82a02763620529bd2530e7af7eab8a350b3",
  "com.docker.compose.container-number": "1",
  "com.docker.compose.depends_on": "",
  "com.docker.compose.image": "sha256:e92dcf81c7792530df5bb73405a2839e0efaa7a26eac436db74aba0d6f852d8e",
  "com.docker.compose.oneoff": "False",
  "com.docker.compose.project": "auth",
  "com.docker.compose.project.config_files": "**REMOVED**/auth/docker-compose.yml",
  "com.docker.compose.project.working_dir": "**REMOVED**/auth",
  "com.docker.compose.service": "lldap",
  "com.docker.compose.version": "2.21.0",
  "org.opencontainers.image.created": "2023-09-14T18:55:41.163Z",
  "org.opencontainers.image.description": "Light LDAP implementation",
  "org.opencontainers.image.licenses": "GPL-3.0",
  "org.opencontainers.image.revision": "6f04530700cbe00e979c84483a8310b1339e9d6e",
  "org.opencontainers.image.source": "https://github.com/lldap/lldap",
  "org.opencontainers.image.title": "lldap",
  "org.opencontainers.image.url": "https://github.com/lldap/lldap",
  "org.opencontainers.image.version": "v0.5.0-alpine"
}

@tylerpace
Copy link
Contributor Author 

> uname -a
Linux **REMOVED** 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

> cat /proc/cpuinfo
processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 23
model		: 49
model name	: AMD EPYC-Rome Processor
stepping	: 0
microcode	: 0x1000065
cpu MHz		: 3892.674
cache size	: 512 KB
physical id	: 0
siblings	: 8
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 smep bmi2 erms invpcid rdseed adx smap clflushopt clwb sha_ni clzero xsaveerptr wbnoinvd arat umip ospke rdpid fsrm arch_capabilities
bugs		: sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass retbleed smt_rsb srso
bogomips	: 7785.34
TLB size	: 1024 4K pages
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

@nitnelave
Copy link
Member

You could try the non-alpine container, but I'm not sure it'd change anything.

Actually if you could get a coredump, we could see where the invalid instruction is and try to see if there's anything specific to the dependency that we could change.

@nitnelave
Copy link
Member

Note that given the state of the DB after the crash, it's almost certainly in the crypto operations to set the password.

@martadinata666 v4 to v5, could it be due to the libc change? I remember something about musl, did we change anything with the Alpine container?

@nitnelave
Copy link
Member

Could be relevant: https://gitlab.torproject.org/tpo/core/arti/-/issues/571

Note that SIGILL can also occur when panicking while processing a panic.

@martadinata666
Copy link
Member

martadinata666 commented Dec 15, 2023
edited

Oh interesting, 132 is about missing cpu instructions. Mostly avx or sse. Thus used by some cryptography/random number generation.

1st let's rule out a VM issue or a Host issue:

  1. Run the docker image on host. I predicted this will run fine
  2. Try setting up the VM using passthrough CPU settings, this way all CPU features on host will pass on VM.

@tylerpace
Copy link
Contributor Author

FYI I'll be AFK until Tuesday of next week. I don't want you to think that I've ghosted you after all the support.

I'll take a swing at the latest suggestions upon my return.

@tylerpace
Copy link
Contributor Author

Good news, it appears the issue was related to my virtualization settings in TrueNAS.

Changing CPU Mode from Host Model to Host Passthrough resolved the 132 exit code which allowed for the proper initialization of the user database and prevented the UNIQUE constraint cycle on future runs.

Thanks for the troubleshooting!

@martadinata666 martadinata666 changed the title [BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install [BUG] LLDAP stuck in restart loop with UNIQUE constraint failures on fresh sqlite install - lldap exited code 132 Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nitnelave @martadinata666 @tylerpace