Just updated:
2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f will be upgraded 2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 will be an upgrade
After a restart I see the following in my log:
Nov 14 17:21:14 ipa01 systemd[1]: Starting 389 Directory Server IPA-MYDOMAIN-COM.... Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.506510437 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5975: /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol: gost_yescrypt_pwd_storage_scheme_init Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.508430711 +0100] - ERR - symload_report_error - Could not load symbol "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for plugin GOST_YESCRYPT Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509110542 +0100] - ERR - slapd_bootstrap_config - The plugin entry [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the configfile /etc/dirsrv/slapd-IPA-MYDOMAIN-COM/dse.ldif was invalid. Failed to load plugin's init function. Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509762642 +0100] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-IPA-MYDOMAIN-COM could not be read or were not found. Please refer to the error log or output for more information. Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Main process exited, code=exited, status=1/FAILURE Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Failed with result 'exit-code'. Nov 14 17:21:14 ipa01 systemd[1]: Failed to start 389 Directory Server IPA-MYDOMAIN-COM..
After removing GOST_YESCRYPT section from the dse.ldif the server starts up again.
Moring,
We saw the exact same thing. Yesterdaymorning (on a sundaymorning) two-thirds of our IPA servers were in limbo. I had the on-duty engineer undo the (automagic)updates.
Is it sufficient to update and remove the section?
Kind regards,
Arjen Heidinga
On 14-11-2021 17:34, Pascal Pascher via FreeIPA-users wrote:
Just updated:
2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f will be upgraded 2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 will be an upgrade
After a restart I see the following in my log:
Nov 14 17:21:14 ipa01 systemd[1]: Starting 389 Directory Server IPA-MYDOMAIN-COM.... Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.506510437 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5975: /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol: gost_yescrypt_pwd_storage_scheme_init Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.508430711 +0100] - ERR - symload_report_error - Could not load symbol "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for plugin GOST_YESCRYPT Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509110542 +0100] - ERR - slapd_bootstrap_config - The plugin entry [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the configfile /etc/dirsrv/slapd-IPA-MYDOMAIN-COM/dse.ldif was invalid. Failed to load plugin's init function. Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509762642 +0100] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-IPA-MYDOMAIN-COM could not be read or were not found. Please refer to the error log or output for more information. Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Main process exited, code=exited, status=1/FAILURE Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Failed with result 'exit-code'. Nov 14 17:21:14 ipa01 systemd[1]: Failed to start 389 Directory Server IPA-MYDOMAIN-COM..
After removing GOST_YESCRYPT section from the dse.ldif the server starts up again. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On ma, 15 marras 2021, Arjen Heidinga via FreeIPA-users wrote:
Moring,
We saw the exact same thing. Yesterdaymorning (on a sundaymorning) two-thirds of our IPA servers were in limbo. I had the on-duty engineer undo the (automagic)updates.
Is it sufficient to update and remove the section?
Yes. Somebody also opened a bug yesterday: https://bugzilla.redhat.com/show_bug.cgi?id=2023056
I think it is a bug in 389-ds-base where removing GOST_YESCRYPT support from RHEL build did not take into account previously deployed systems.
You can disable the plugin manually with:
# dsconf IPA-MYDOMAIN-COM plugin set GOST_YESCRYPT --enabled off
Kind regards,
Arjen Heidinga
On 14-11-2021 17:34, Pascal Pascher via FreeIPA-users wrote:
Just updated:
2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-7.module_el8.5.0+889+90e0384f will be upgraded 2021-11-14T16:37:18+0100 DEBUG ---> Package 389-ds-base.x86_64 1.4.3.23-10.module_el8.5.0+946+51aba098 will be an upgrade
After a restart I see the following in my log:
Nov 14 17:21:14 ipa01 systemd[1]: Starting 389 Directory Server IPA-MYDOMAIN-COM.... Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.506510437 +0100] - ERR - symload_report_error - Netscape Portable Runtime error -5975: /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so: undefined symbol: gost_yescrypt_pwd_storage_scheme_init Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.508430711 +0100] - ERR - symload_report_error - Could not load symbol "gost_yescrypt_pwd_storage_scheme_init" from "libpwdstorage-plugin" for plugin GOST_YESCRYPT Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509110542 +0100] - ERR - slapd_bootstrap_config - The plugin entry [cn=GOST_YESCRYPT,cn=Password Storage Schemes,cn=plugins,cn=config] in the configfile /etc/dirsrv/slapd-IPA-MYDOMAIN-COM/dse.ldif was invalid. Failed to load plugin's init function. Nov 14 17:21:14 ipa01 ns-slapd[2040]: [14/Nov/2021:17:21:14.509762642 +0100] - EMERG - main - The configuration files in directory /etc/dirsrv/slapd-IPA-MYDOMAIN-COM could not be read or were not found. Please refer to the error log or output for more information. Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Main process exited, code=exited, status=1/FAILURE Nov 14 17:21:14 ipa01 systemd[1]: dirsrv@IPA-MYDOMAIN-COM.service: Failed with result 'exit-code'. Nov 14 17:21:14 ipa01 systemd[1]: Failed to start 389 Directory Server IPA-MYDOMAIN-COM..
After removing GOST_YESCRYPT section from the dse.ldif the server starts up again. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
freeipa-users@lists.fedorahosted.org
-
Alexander Bokovoy -
Arjen Heidinga -
Pascal Pascher