Bug 2151864 - non-root instance fails to start on creation
Summary: non-root instance fails to start on creation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: 389-ds-base
Version: 12.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: DS12.3
: dirsrv-12.3
Assignee: Pierre Rogier
QA Contact: LDAP QA Team
Evgenia Martynyuk
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-08 11:35 UTC by Viktor Ashirov
Modified: 2023-11-21 15:13 UTC (History)
5 users (show)

Fixed In Version: redhat-ds-12-9030020230711000312-1674d57
Doc Type: Bug Fix
Doc Text:
.A non-root instance no longer fails to start after creation Previously, Rust plug-ins were incorrectly disabled in the non-root instance template and the default password scheme was moved to Rust-based hasher. As a result, the non-root instance could not be created. With this update, a non-root instance supports Rust plug-ins and you can create the instance with thePBKDF2-SHA512 default password scheme.
Clone Of:
Environment:
Last Closed: 2023-11-21 15:13:16 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 5558 0 None closed non-root instance fails to start on creation 2023-01-12 16:21:21 UTC
Red Hat Issue Tracker IDMDS-2676 0 None None None 2022-12-08 14:16:41 UTC
Red Hat Issue Tracker IDMDS-3536 0 None None None 2023-08-09 10:14:13 UTC
Red Hat Product Errata RHEA-2023:7429 0 None None None 2023-11-21 15:13:34 UTC

Description Viktor Ashirov 2022-12-08 11:35:25 UTC 
Description of problem:
I'm trying to create an instance under non-root user, but the instance fails to start with the following error:

Failed to start ns-slapd: "[08/Dec/2022:06:29:47.991585733 -0500] - ERR - slapd_bootstrap_config - The default password storage scheme could not be read or was not found in the file /home/user/test/etc/dirsrv/slapd-localhost/dse.ldif. It is mandatory.

Version-Release number of selected component (if applicable):
389-ds-base-2.1.5-4.module+el9dsrv+16995+8a75ed16.x86_64


How reproducible:
always

Steps to Reproduce:
$ mkdir -p bin
$ dscreate ds-root $HOME/test $HOME/bin
$ cat /tmp/inst.inf
[general]
[slapd]
instance_name = localhost
root_password = password
[backend-userroot]
create_suffix_entry = True
sample_entries = yes
suffix = dc=example,dc=com

$ hash -r
$ dscreate from-file /tmp/inst.inf


Actual results:
Starting installation ...
Validate installation settings ...
Create file system structures ...
Create self-signed certificate database ...
Non privileged user cannot use semanage, will not relabel ports or files.
Perform SELinux labeling ...
setxattr failed: /home/user/test/var/lib/dirsrv/slapd-localhost/bak: Operation not permitted
setxattr failed: /home/user/test/etc/dirsrv/slapd-localhost: Operation not permitted
setxattr failed: /home/user/test/etc/dirsrv/slapd-localhost/schema: Operation not permitted
setxattr failed: /home/user/test/etc/dirsrv/slapd-localhost: Operation not permitted
setxattr failed: /home/user/test/etc/dirsrv/slapd-localhost/schema: Operation not permitted
setxattr failed: /home/user/test/var/lib/dirsrv/slapd-localhost/db: Operation not permitted
setxattr failed: /home/user/test/var/lib/dirsrv/slapd-localhost/ldif: Operation not permitted
setxattr failed: /home/user/test/run/lock/dirsrv/slapd-localhost: Operation not permitted
setxattr failed: /home/user/test/var/log/dirsrv/slapd-localhost: Operation not permitted
setxattr failed: /home/user/test/dev/shm/slapd-localhost: Operation not permitted
setxattr failed: /home/user/test/run/dirsrv: Operation not permitted
setxattr failed: /home/user/test/etc/dirsrv/slapd-localhost/schema: Operation not permitted
setxattr failed: /home/user/test/tmp: Operation not permitted
Non privileged user cannot use semanage, will not relabel ports or files.
Failed to start ns-slapd: "[08/Dec/2022:06:29:47.991585733 -0500] - ERR - slapd_bootstrap_config - The default password storage scheme could not be read or was not found in the file /home/user/test/etc/dirsrv/slapd-localhost/dse.ldif. It is mandatory.
"
Command '['/usr/sbin/ns-slapd', '-D', '/home/user/test/etc/dirsrv/slapd-localhost', '-i', '/home/user/test/run/dirsrv/slapd-localhost.pid']' returned non-zero exit status 1.
Non privileged user cannot use semanage, will not relabel ports or files.
Error: Instance creation failed!  Failed to start DS


Expected results:
Instance should be created successfully

Additional info:
Comment 1 Pierre Rogier 2022-12-08 14:12:51 UTC 
The recent change of the default password scheme caused a regression
That is because ds_create root disables the Rust plugins 
but now that DS is always built with Rust we should keep them..
Comment 2 Viktor Ashirov 2023-08-15 12:01:35 UTC 
Build tested: 389-ds-base-2.3.5-1.module+el9dsrv+19320+04706864.x86_64

$ mkdir -p bin
$ dscreate ds-root $HOME/test $HOME/bin
$ cat /tmp/inst.inf
[general]
[slapd]
instance_name = localhost
root_password = password
[backend-userroot]
create_suffix_entry = True
sample_entries = yes
suffix = dc=example,dc=com

$ hash -r
$ dscreate from-file /tmp/inst.inf

$ ps -ef | grep [n]s-slapd
user        9614       1  2 07:59 ?        00:00:00 /usr/sbin/ns-slapd -D /home/user/test/etc/dirsrv/slapd-localhost -i /home/user/test/run/dirsrv/slapd-localhost.pid

Instance is created and successfully started.
Marking as VERIFIED.
Comment 4 Evgenia Martynyuk 2023-11-20 17:02:37 UTC 
RN text passed all reviews
Comment 6 errata-xmlrpc 2023-11-21 15:13:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (redhat-ds:12 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:7429
Note You need to log in before you can comment on or make changes to this bug.