[Fedora-directory-users] Infinite loop during installation process

[Richard Megginson]

Graham Leggett wrote:
> Richard Megginson wrote:
>
>>> Now the admin server won't start at all, and no error message is 
>>> logged to the console or error log.
>> There's more to making it use ssl than disabling ssl.  The easiest 
>> way is to use the script at 
>> http://directory.fedora.redhat.com/wiki/Howto:SSL to generate the 
>> keys/certs, then use the console.  You first have to go to 
>> Directory->Configuration->Data->Security and check the button that 
>> tells the console to use SSL.  Then, go to Admin 
>> Server->Configuration->Security and tell Admin Server to use SSL.
>
> Trouble is, if you've made the smallest config error, the console is 
> left in a corrupt state. There seems to be no way to correct an error 
> once its been made.
Yes, this is poorly documented, and scattered about in a half dozen 
config files, as well as several entries under o=netscaperoot
>
> I managed to get this right once, then made a config error somewhere, 
> and the directory config for this member of the cluster has been 
> corrupt ever since.
>
>>> A couple of questions at this point:
>>>
>>> - How does the console know whether to contact the admin server 
>>> using SSL or clear?
>> It should go off the url you specify when using startconsole, either 
>> http or https.
>
> Ok... the URL I used in startconsole pointed at the configuration 
> directory's admin server, not the new admin server I am trying to set up.
>
> Is the startconsole somehow assuming that because the admin server 
> belonging to the configuration directory is secure, then all other 
> admin servers are secure too?
No, once it uses the url you type in to bootstrap, it reads the security 
settings for the other servers from the config ds o=netscaperoot.
>
> Should I point startconsole at the new admin server, rather than the 
> configuration admin server, when I want to edit the new admin server?
You could try that.
>
>>> - Which files in the config directory can be edited by a human and 
>>> have an actual effect?
>> Only local.conf is read-only.  It is basically a cache of the 
>> information under the admin server instance entry under o=NetscapeRoot.
>>
>> http://directory.fedora.redhat.com/wiki/AdminServer#Admin_Server_Config_Files 
>
>
> If I delete all the files in the admin server config directory, will 
> the restart-admin script rebuild these files from the directory?
No.  Only local.conf will be rebuilt.
>
>>> - How do you refresh the files in the config directory, so that they 
>>> reflect changes you've made in the directory itself?
>> The surest way to make the Admin Server refresh its config based on 
>> changes made in the DS is to restart the admin server.
>
> The behaviour I was seeing was that after modifying the directory and 
> restarting the admin server, the only file that changed was local.conf.
Right.  console.conf, adm.conf, and shared/config/dbswitch.conf are 
modified via console operations, via CGI programs.  They are not 
modified via LDAP operations, and the admin server + console code has to 
jump through some hoops to keep the data stored in LDAP in sync with the 
corresponding data in those config files.
>
> All other files remained untouched, meaning that despite the directory 
> having been modified, the admin server did not pick up the changes.
>
> Regards,
> Graham
> -- 
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061106/e6585585/attachment.bin>