running fedora 27 here. I'm attempting to run slapd from a fresh openldap install. When I try and run with systemctl start openldap, the daemon fails to start. journalctl gives the following output:
Jun 19 00:30:25 slapd[1325]: #(#) $OpenLDAP: slapd 2.4.45 (Dec 6 2017 14:25:36) $
mockbuild#buildhw-08.phx2.fedoraproject.org:/builddir/build/BUILD/openldap-2.4.45/openldap-2.4.45/servers/slapd
Jun 19 00:30:25 slapd[1326]: mdb_db_open: database "dc=my-domain,dc=com" cannot be opened: Permission denied (13). Restore from backup!
Jun 19 00:30:25 slapd[1326]: backend_startup_one (type=mdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (13)
Jun 19 00:30:25 slapd[1326]: slapd stopped.
Jun 19 00:30:25 audit[1326]: AVC avc: denied { map } for pid=1326 comm="slapd" path="/var/lib/ldap/lock.mdb" dev="xvda1" ino=1716389 scontext=system_u:system_r:slapd_t:s0 tcontext=system_u:object_r:slapd_db_t:s0 tclass=file permissive=0
However, if I run the daemon directly with /usr/sbin/slapd -u ldap -d -1 -h "ldap:/// ldaps:/// ldapi:///", the daemon starts with no issue.
My systemctl script is below:
[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network-online.target
Documentation=man:slapd
Documentation=man:slapd-config
Documentation=man:slapd-hdb
Documentation=man:slapd-mdb
Documentation=file:///usr/share/doc/openldap-servers/guide.html
[Service]
Type=forking
ExecStartPre=/usr/libexec/openldap/check-config.sh
ExecStart=/usr/sbin/slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"
[Install]
WantedBy=multi-user.target
Alias=openldap.service
I've checked permissions on the ldap config directory and db directory and they seem correct for the ldap user:
[root#localhost operations]# ll /etc/openldap/slapd.d/cn\=config
total 24
drwxr-x---. 2 ldap ldap 4096 Jun 15 23:00 'cn=schema'
-rw-------. 1 ldap ldap 378 Jun 15 23:00 'cn=schema.ldif'
-rw-------. 1 ldap ldap 513 Jun 15 23:00 'olcDatabase={0}config.ldif'
-rw-------. 1 ldap ldap 412 Jun 15 23:00 'olcDatabase={-1}frontend.ldif'
-rw-------. 1 ldap ldap 562 Jun 15 23:00 'olcDatabase={1}monitor.ldif'
-rw-------. 1 ldap ldap 609 Jun 15 23:00 'olcDatabase={2}mdb.ldif'
[root#localhost operations]# ll /var/lib/| grep ldap
drwx------. 2 ldap ldap 4096 Jun 19 00:30 ldap
[root#localhost operations]# ll /var/lib/ldap/
total 0
-rw-------. 1 ldap ldap 8192 Jun 19 00:30 lock.mdb
Any advice would be much appreciated.
It seems you're using back-mdb. Good.
Does your DB directory /var/lib/ldap/ really contain only file lock.mdb?
There should also be a bigger file called data.mdb with the actual data.
Related
I´m trying to implement the TLS server feature available with pgBackRest to use a secure connection between the DB server and the repo server, replacing the previous SSH passwordless setup (that was working fine).
After following the online documentation, I´m having the following error when issuing the stanza-create command :
pgbackrest#pgb-repo$ pgbackrest --stanza=training --log-level-console=info stanza-create
2022-06-13 12:56:55.677 P00 INFO: stanza-create command begin 2.39: --buffer-size=16MB --exec-id=8994-62e5ecac --log-level-console=info --log-level-file=info --pg1-host=pg1-primary --pg1-host-ca-file=/etc/pgbackrest/cert/ca.crt --pg1-host-cert-file=/etc/pgbackrest/cert/pg1-primary.crt --pg1-host-key-file=/etc/pgbackrest/cert/pg1-primary.key --pg1-host-type=tls --pg1-host-user=postgres --pg1-path=/data/postgres/13/pg_data --repo1-path=/backup/pgbackrest --stanza=training
WARN: unable to check pg1: [HostConnectError] unable to connect to 'pg1-primary:8432': [113] No route to host
ERROR: [056]: unable to find primary cluster - cannot proceed
HINT: are all available clusters in recovery?
2022-06-13 12:58:55.835 P00 INFO: stanza-create command end: aborted with exception [056]
The PostgreSQL server is up and running on the the DB host:
[postgres#pg1-primary ~]$ psql -c "SELECT pg_is_in_recovery();"
pg_is_in_recovery
-------------------
f
(1 row)
Question
Why am I having this [113] No route to host error ?
Configuration for each server :
pg1-primary
[postgres#pg1-primary ~]$ cat /etc/pgbackrest/pgbackrest.conf
[global]
repo1-path=/backup/pgbackrest
repo1-host-ca-file=/etc/pgbackrest/cert/ca.crt
repo1-host-cert-file=/etc/pgbackrest/cert/pgb-repo.crt
repo1-host-key-file=/etc/pgbackrest/cert/pgb-repo.key
repo1-host-type=tls
tls-server-address=*
tls-server-auth=pgb-repo=training
tls-server-ca-file=/etc/pgbackrest/cert/ca.crt
tls-server-cert-file=/etc/pgbackrest/cert/pg1-primary.crt
tls-server-key-file=/etc/pgbackrest/cert/pg1-primary.key
[postgres#pg1-primary ~]$ cat /etc/pgbackrest/conf.d/training.conf
[training]
pg1-path=/data/postgres/13/pg_data
pg1-socket-path=/tmp
repo1-host=pgb-repo
repo1-host-user=pgbackrest
[postgres#pg1-primary ~]$ ll /etc/pgbackrest/cert/
total 20
-rw-------. 1 postgres postgres 1090 Jun 13 12:12 ca.crt
-rw-------. 1 postgres postgres 977 Jun 13 12:12 pg1-primary.crt
-rw-------. 1 postgres postgres 1708 Jun 13 12:12 pg1-primary.key
-rw-------. 1 postgres postgres 977 Jun 13 12:23 pgb-repo.crt
-rw-------. 1 postgres postgres 1704 Jun 13 12:23 pgb-repo.key
pgb-repo
pgbackrest#pgb-repo$ cat /etc/pgbackrest/pgbackrest.conf
[global]
repo1-path=/backup/pgbackrest
tls-server-address=*
tls-server-auth=pg1-primary=training
tls-server-ca-file=/etc/pgbackrest/cert/ca.crt
tls-server-cert-file=/etc/pgbackrest/cert/pgb-repo.crt
tls-server-key-file=/etc/pgbackrest/cert/pgb-repo.key
pgbackrest#pgb-repo$ cat /etc/pgbackrest/conf.d/training.conf
[training]
pg1-host=pg1-primary
pg1-host-user=postgres
pg1-path=/data/postgres/13/pg_data
pg1-host-ca-file=/etc/pgbackrest/cert/ca.crt
pg1-host-cert-file=/etc/pgbackrest/cert/pg1-primary.crt
pg1-host-key-file=/etc/pgbackrest/cert/pg1-primary.key
pg1-host-type=tls
pgbackrest#pgb-repo$ ll /etc/pgbackrest/cert/
total 20
-rw-------. 1 pgbackrest pgbackrest 1090 Jun 13 12:27 ca.crt
-rw-------. 1 pgbackrest pgbackrest 977 Jun 13 12:27 pg1-primary.crt
-rw-------. 1 pgbackrest pgbackrest 1708 Jun 13 12:27 pg1-primary.key
-rw-------. 1 pgbackrest pgbackrest 977 Jun 13 12:27 pgb-repo.crt
-rw-------. 1 pgbackrest pgbackrest 1704 Jun 13 12:27 pgb-repo.key
The servers are reachable from one another:
[postgres#pg1-primary ~]$ ping pgb-repo
PING pgb-repo.xxxx.com (XXX.XX.XXX.117) 56(84) bytes of data.
64 bytes from pgb-repo.xxxx.com (XXX.XX.XXX.117): icmp_seq=1 ttl=64 time=0.365 ms
64 bytes from pgb-repo.xxxx.com (XXX.XX.XXX.117): icmp_seq=2 ttl=64 time=0.421 ms
pgbackrest#pgb-repo$ ping pg1-primary
PING pg1-primary.xxxx.com (XXX.XX.XXX.116) 56(84) bytes of data.
64 bytes from pg1-primary.xxxx.com (XXX.XX.XXX.116): icmp_seq=1 ttl=64 time=0.325 ms
64 bytes from pg1-primary.xxxx.com (XXX.XX.XXX.116): icmp_seq=2 ttl=64 time=0.298 ms
So actually the issue had to do with the firewall preventing access to the default TLS port (8432) used by pgBackRest.
[root#pgb-server ~]# firewall-cmd --zone=public --add-port=8432/tcp --permanent
[root#pgb-server ~]# firewall-cmd --reload
Once the port was accessible through the firewall I could issue a telnet command successfully (for testing access) - and of course run my pgBackRest commands too.
[pgbackrest#pgb-server]$ telnet pg1-server 8432
Trying 172.XX.XXX.XXX...
Connected to pg1-server.
Escape character is '^]'.
I am trying to create a service file that will allow me to automatically startup my Oracle 12C database and listener automatically on reboot. I have written the service file which contains the following:
# /etc/systemd/system/oracle-rdbms.service
# Invoking Oracle scripts to start/shutdown Instances defined in /etc/oratab
# and starts Listener
[Unit]
Description=Oracle Database(s) and Listener
Requires=network.target
[Service]
Type=forking
Restart=no
ExecStart=/u01/app/oracle/product/12.2.0/dbhome_1/bin/dbstart /u01/app/oracle/product/12.2.0/dbhome_1/
ExecStop=/u01/app/oracle/product/12.2.0/dbhome_1/bin/dbshut /u01/app/oracle/product/12.2.0/dbhome_1/
User=oracle
[Install]
WantedBy=multi-user.target
When I enabled the service and checked the status, I get the following error:
● oracle-rdbms.service - Oracle Database(s) and Listener
Loaded: loaded (/etc/systemd/system/oracle-rdbms.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Mon 2018-10-22 11:45:02 EDT; 1 day 23h ago
Process: 1377 ExecStop=/u01/app/oracle/product/12.2.0/dbhome_1/bin/dbshut /u01/app/oracle/product/12.2.0/dbhome_1 (code=exited, status=0/SUCCESS)
Process: 615 ExecStart=/u01/app/oracle/product/12.2.0/dbhome_1/bin/dbstart /u01/app/oracle/product/12.2.0/dbhome_1 (code=exited, status=0/SUCCESS)
Oct 22 11:45:00 oracle-dev dbstart[615]: /u01/app/oracle/product/12.2.0/dbhome_1/bin/dbstart: line 94: /u01/app/oracle/product/12.2.0/dbhome_1/listener.log: Permission denied
Oct 22 11:45:02 oracle-dev dbstart[615]: touch: cannot touch ‘/u01/app/oracle/product/12.2.0/dbhome_1/startup.log’: Permission denied
Oct 22 11:45:02 oracle-dev dbstart[615]: chmod: changing permissions of ‘/u01/app/oracle/product/12.2.0/dbhome_1/startup.log’: Operation not permitted
Oct 22 11:45:02 oracle-dev dbstart[615]: Processing Database instance "orcl": log file /u01/app/oracle/product/12.2.0/dbhome_1/startup.log
Oct 22 11:45:02 oracle-dev dbstart[615]: /u01/app/oracle/product/12.2.0/dbhome_1/bin/dbstart: line 346: /u01/app/oracle/product/12.2.0/dbhome_1/startup.log: Permission denied
Oct 22 11:45:02 oracle-dev dbshut[1377]: /u01/app/oracle/product/12.2.0/dbhome_1/bin/dbshut: line 63: /u01/app/oracle/product/12.2.0/dbhome_1/listener.log: Permission denied
Oct 22 11:45:02 oracle-dev dbshut[1377]: /u01/app/oracle/product/12.2.0/dbhome_1/bin/dbshut: line 64: /u01/app/oracle/product/12.2.0/dbhome_1/listener.log: Permission denied
Oct 22 11:45:02 oracle-dev dbshut[1377]: Processing Database instance "orcl": log file /u01/app/oracle/product/12.2.0/dbhome_1/shutdown.log
Oct 22 11:45:02 oracle-dev dbshut[1377]: /u01/app/oracle/product/12.2.0/dbhome_1/bin/dbshut: line 160: /u01/app/oracle/product/12.2.0/dbhome_1/shutdown.log: Permission denied
Oct 22 11:45:02 oracle-dev systemd[1]: Started Oracle Database(s) and Listener.
I am logged in as root and am still not sure what the problem is. Thank you
Your startup.log and listerner.log don't have the correct permissions set up. Use the chmod command on those two files to the appropriate permissions and it should work
Fix as jayant say.
cat upload.sh
/home/Dropbox-Uploader/dropbox_uploader.sh upload -f /home/Dropbox-Uploader/.dropbox_uploader /home/material/* /
date >> /home/upload.log
All files in directory material can be uploaded into my dropbox with bash upload.sh.
I want to write a autorun service at shutdown to upload files into dropbox.
vim /etc/systemd/system/upload.service
[Unit]
Description=upload files into dropbox
Before=network.target shutdown.target reboot.target
[Service]
ExecStart=/bin/true
ExecStop=/bin/bash /home/upload.sh
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Enable it with:
sudo systemctl enable upload.service
To reboot it.
journalctl -u upload
-- Logs begin at Thu 2018-01-18 22:38:54 EST, end at Tue 2018-04-10 06:55:43 EDT. --
Apr 10 06:48:27 localhost systemd[1]: Started upload files into dropbox.
Apr 10 06:48:27 localhost systemd[1]: Starting upload files into dropbox...
Apr 10 06:48:27 localhost bash[111]: which: no shasum in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
Apr 10 06:48:27 localhost bash[111]: > Uploading "/home/material/test.txt" to "/test.txt"...
Apr 10 06:48:27 localhost bash[111]: Error: Couldn't resolve host.
ln -s /usr/bin/sha1sum /usr/bin/shasum according to google's result.
Reboot the second time.
journalctl -u dropbox
Apr 10 06:55:04 localhost systemd[1]: Started upload files into dropbox.
Apr 10 06:55:04 localhost systemd[1]: Starting upload files into dropbox...
Apr 10 06:55:04 localhost bash[113]: shasum: invalid option -- 'a'
Apr 10 06:55:04 localhost bash[113]: Try 'shasum --help' for more information.
Apr 10 06:55:04 localhost bash[113]: shasum: invalid option -- 'a'
Apr 10 06:55:04 localhost bash[113]: Try 'shasum --help' for more information.
Apr 10 06:55:04 localhost bash[113]: > Uploading "/home/material/test.txt" to "/test.txt"...
Apr 10 06:55:04 localhost bash[113]: Error: Couldn't resolve host.
Do as Raushan say,new issue arised,
Uploading by 4 chunks *** FAILED dropbox
For the problem Uploading by 4 chunks *** FAILED dropbox ,some material say that if files exceeding 150 mb should be uploaded in chunks.
split -b 10m /home/upload.tar.gz /home/material/dropbox
ls /home/material
dropboxaa dropboxac dropboxae dropboxag ......
Both of them is less than 10m.
journalctl -u upload
Apr 19 01:45:26 localhost systemd[1]: Started upload files into dropbox.
Apr 19 01:45:26 localhost systemd[1]: Starting upload files into dropbox...
Apr 19 01:45:27 localhost bash[401]: > Uploading "/home/material/dropboxaa" to "/dropboxaa"... FAILED
Apr 19 01:45:27 localhost bash[401]: An error occurred requesting /upload
Apr 19 01:45:28 localhost bash[401]: > Uploading "/home/material/dropboxab" to "/dropboxab"... FAILED
Apr 19 01:45:40 localhost bash[401]: Some error occured. Please check the log.
Apr 19 01:45:40 localhost systemd[1]: upload.service: main process exited, code=exited, status=1/FAILURE
Apr 19 01:45:40 localhost systemd[1]: Unit upload.service entered failed state.
Apr 19 01:45:40 localhost systemd[1]: upload.service failed.
Why > Uploading "/home/material/dropboxaa" to "/dropboxaa"... FAILED?
It is not possible that the second instruction of your script executes without executing the first one. Try redirecting the error output of the dropbox_uploader.sh to see what is failing.
Assuming you are using dropbox-uploader, try specifying the exact location of the configuration file. See Running as cron job section in their README.md
/home/Dropbox-Uploader/dropbox_uploader.sh -f /path/to/.dropbox_uploader upload /home/material/* /
For the Couldn't resolve host problem :
Unit configuration should have dependency like
After=network.target instead of Before=network.target as the default shutdown order is inverse of startup
[Unit]
Description=upload files into dropbox
Before=shutdown.target reboot.target
After=network.target
[Service]
ExecStart=/bin/true
ExecStop=/bin/bash /home/upload.sh
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Refer: https://serverfault.com/a/785355
For the shasum problem :
I am not sure about your OS distro, I am using Fedora 25.
In my case shasum binary is from perl-Digest-SHA package which can be installed by command yum install perl-Digest-SHA on RedHat based linux distro
Refer: https://superuser.com/a/1180163
I'm getting the "Could not open the requested SVN filesystem" error when accessing my SVN repository via HTTP (Apache)
httpd.conf
<...>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
<...>
User svn
Group svn
<...>
<Location /svn>
DAV svn
SVNPath /srv/svn
</Location>
SVN repository seems to have correct permissions
[ec2-user#ip-xxx ~]$ ls -lart /srv/svn
total 16
drwxrwxrwx. 3 root root 16 Oct 20 10:58 ..
-rw-rw-r--. 1 svn svn 229 Oct 20 10:58 README.txt
drwxrwxr-x. 2 svn svn 39 Oct 20 10:58 locks
drwxrwxr-x. 2 svn svn 4096 Oct 20 10:58 hooks
drwxrwxr-x. 2 svn svn 51 Oct 20 10:58 conf
-r--r--r--. 1 svn svn 2 Oct 20 10:58 format
drwxrwxr-x. 6 svn svn 80 Oct 20 10:58 .
drwxrwsr-x. 6 svn svn 4096 Oct 20 10:58 db
I am running Apache as user svn
[ec2-user#ip-xxx ~]$ ps auxwww|grep httpd
ec2-user 14304 0.0 0.0 110276 996 pts/0 T 06:07 0:00 less /etc/httpd/conf/httpd.conf
root 15102 0.0 0.5 240004 5496 ? Ss 08:39 0:00 /usr/sbin/httpd -DFOREGROUND
svn 15103 0.0 0.3 240004 3116 ? S 08:40 0:00 /usr/sbin/httpd -DFOREGROUND
svn 15104 0.0 0.3 240004 3116 ? S 08:40 0:00 /usr/sbin/httpd -DFOREGROUND
svn 15105 0.0 0.3 240004 3116 ? S 08:40 0:00 /usr/sbin/httpd -DFOREGROUND
svn 15106 0.0 0.3 240004 3116 ? S 08:40 0:00 /usr/sbin/httpd -DFOREGROUND
svn 15107 0.0 0.4 240164 4124 ? S 08:40 0:00 /usr/sbin/httpd -DFOREGROUND
Apache error log
[Tue Oct 27 08:40:10.515487 2015] [authz_core:debug] [pid 15107] mod_authz_core.c(835): [client ::1:56072] AH01628: authorization result: granted (no directives)
[Tue Oct 27 08:40:10.515747 2015] [:error] [pid 15107] (20014)Internal error: [client ::1:56072] Can't open file '/srv/svn/format': Permission denied
[Tue Oct 27 08:40:10.515760 2015] [dav:error] [pid 15107] [client ::1:56072] Could not fetch resource information. [500, #0]
[Tue Oct 27 08:40:10.515763 2015] [dav:error] [pid 15107] [client ::1:56072] Could not open the requested SVN filesystem [500, #13]
[Tue Oct 27 08:40:10.515765 2015] [dav:error] [pid 15107] [client ::1:56072] Could not open the requested SVN filesystem [500, #13]
SVN works with file access but not http:
[ec2-user#ip-xxx ~]$ svn list file://localhost/srv/svn
branches/
src/
[ec2-user#ip-xxx ~]$ svn list http://localhost/svn
svn: E000013: Unable to connect to a repository at URL 'http://localhost/svn'
svn: E000013: Could not open the requested SVN filesystem
I also tried to change permissions for /srv/svn/format to 666, but it did not help.
Red Hat Enterprise Linux Server release 7.1. SVN version 1.8.8
The reason for the error was SELinux module preventing access to the files. I've disabled SELinux by editing /etc/selinux/config file (see how) and, after reboot, svn list http://localhost/svn finally works.
I am new to apache. I am using apache 2.2.26 in mac.
I want to give link to user for a folder, using which he will download files from that folder. i created a conf file under /Private/etc/apache2/other/ with following settings
Alias /outputfiles/ /Users/XXXX/sharing
<Directory "/Users/XXXX/sharing">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
when i issued "localhost/outputfiles/" in browser, i got 403 Forbidden message.
and error_log contains following at end of file.
[Thu Oct 30 10:20:22 2014] [notice] Apache/2.2.26 (Unix) DAV/2 mod_ssl/2.2.26 OpenSSL/0.9.8za configured -- resuming normal operations
[Thu Oct 30 10:20:26 2014] [error] [client ::1] client denied by server configuration: /Users/XXXX/sharingindex.html
ls -la for /Users/XXXX/sharing
commmand gives following output
total 128
drwxr-xr-x 7 755 110063367 238 Oct 29 16:07 .
drwxr-xr-x+ 43 XXXX 110063367 1462 Oct 30 10:18 ..
-rw-r--r--# 1 755 110063367 6148 Oct 30 10:17 .DS_Store
-rw-r--r--# 1 755 110063367 37441 Sep 1 12:28 Trade.txt
-rw-r--r-- 1 755 110063367 3727 Sep 1 11:44 census.txt
-rw-r--r-- 1 755 110063367 4683 Sep 19 15:23 script.sh
-rw-r--r-- 1 755 110063367 22 Sep 23 15:27 testing.sql
Can you please guide me in this.