A bit more info. Looking at errors, a normal backup terminates with
[20/Dec/2023:23:01:32.943228301 -0500] - INFO - archive_copyfile - Copying
/etc/dirsrv/slapd-CS-RUTGERS-EDU/pwdfile.txt to /var/lib/dirsrv/slapd-\
CS-RUTGERS-EDU/bak/CS-RUTGERS-EDU/config_files/pwdfile.txt
[20/Dec/2023:23:01:32.957342035 -0500] - INFO - archive_copyfile - Copying
/etc/dirsrv/slapd-CS-RUTGERS-EDU/certmap.conf to /var/lib/dirsrv/slapd\
-CS-RUTGERS-EDU/bak/CS-RUTGERS-EDU/config_files/certmap.conf
[20/Dec/2023:23:01:32.969828971 -0500] - INFO - archive_copyfile - Copying
/etc/dirsrv/slapd-CS-RUTGERS-EDU/slapd-collations.conf to /var/lib/dir\
srv/slapd-CS-RUTGERS-EDU/bak/CS-RUTGERS-EDU/config_files/slapd-collations.conf
[20/Dec/2023:23:01:32.983763256 -0500] - INFO - task_backup_thread - Backup finished.
[2
The backup that hung is missing the last line, "Backup finished." ldap stopped
giving normal responses about a minute later, according to the access log.
________________________________
From: Charles Hedrick
Sent: Friday, December 22, 2023 9:56 AM
To: freeipa-users(a)lists.fedorahosted.org <freeipa-users(a)lists.fedorahosted.org>
Subject: possible issue with ipa-backup on RHEL 9.3
I just upgraded one of three servers from RHEL 9.2. to 9.3. I have a clone of our three
servers, on which all three have been upgraded to 9.3.
All of the servers run a cron job
/sbin/ipa-backup --online --data > /usr/local/scripts/ipa-backup.log 2>&1
The LDAP server hung (needed kill -9) at about the time that job ran, on the production
server but not the testing copy. Obviously I can't prove that the backup caused the
hang, but it's suspicious. I've commented out the cron job, since the backup
isn't actually all the useful. If we have to restore we'd use a snapshot of the
VM.
The backup completed successfully on the clone. On the production server it failed. Here
is the log:
Preparing backup on
krb4.cs.rutgers.edu
Local roles match globally used roles, proceeding.
Backing up userRoot in CS-RUTGERS-EDU to LDIF
Waiting for LDIF to finish
Backing up CS-RUTGERS-EDU
Waiting for BAK to finish
cannot connect to 'ldapi://%2Frun%2Fslapd-CS-RUTGERS-EDU.socket':
The ipa-backup command failed. See /var/log/ipabackup.log for more information
I'm wondering whether there's a bug that only happens under load.
We're been doing this in production for years with no trouble up to RHEL 9.2.