Description of problem: If a sync result thread fails to acquire a connection the plugin's thread count is not properly updated. This causes the plugin to hang when shutting down the server. Version-Release number of selected component (if applicable): 389-ds-base-1.3.3 and up are affected dirsrv error log: [14/Mar/2017:17:37:02.765911998 +0100] - ERR - slapi_connection_acquire - conn=29 fd=107 Attempt to acquire connection in the closing state [14/Mar/2017:17:37:02.768441567 +0100] - ERR - content-sync-plugin - sync_send_results - conn=29 op=0 Could not acquire the connection - aborted
Hi Mark, request you to add steps to reproduce.
Hi Sankar, This was only discovered and reproduced during an IPA install. It was really a side effect of several other "nunc-stans" bugs that triggered this connection failure that lead to the hang in the content sync plugin. All of nunc-stans bugs are now fixed, and the potential hang is fixed in the sync plugin. So I'm sorry there is no easy reproducer. The only way would be to find a way to block the sync plugin's connections, and then immediately restart the server. I'm afraid I don't know of a way to do that without adding instrumented code to internally trigger the error condition in DS.
Thanks Mark! for the clarification. Installed IPA server with the latest build of 389-ds-base on RHEL-7.4 and I didn't observe any hang. Installation went through fine as well. ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificates stored in /root/cacert.p12 These files are required to create replicas. The password for these files is the Directory Manager password [root@qeos-237 upstream]# rpm -qa |egrep 'ipa-server|389-ds-base' ipa-server-dns-4.5.0-15.el7.noarch 389-ds-base-libs-1.3.6.1-16.el7.x86_64 389-ds-base-snmp-1.3.6.1-16.el7.x86_64 389-ds-base-debuginfo-1.3.6.1-16.el7.x86_64 389-ds-base-1.3.6.1-16.el7.x86_64 ipa-server-4.5.0-15.el7.x86_64 ipa-server-common-4.5.0-15.el7.noarch Marking it as Verified as Sanity only since it cannot be reproduced by QE.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2086