This bug is created as a clone of upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/84 A copy from IPA trac https://fedorahosted.org/freeipa/ticket/2924 (originaly reported by shanks): Version: freeipa-server-2.99.0-0.20120710T1130Zgit0d11b8b.fc17.x86_64 bind-9.9.1-2.P1.fc17.x86_64 bind-dyndb-ldap-1.1.0-0.20120618T1354Zgita7cd8ae.fc17.x86_64 {{{ [root@dhcp201-193 ~]# ipactl start Starting Directory Service Starting KDC Service Starting KPASSWD Service Starting DNS Service Job failed. See system journal and 'systemctl status' for details. Failed to start DNS Service Shutting down Aborting ipactl [root@dhcp201-193 ~]# }}} /var/log/messages: {{{ Jul 12 08:31:51 dhcp201-193 named[8040]: set up managed keys zone for view _default, file 'managed-keys.bind' Jul 12 08:32:01 dhcp201-193 named[8040]: bind to LDAP server failed: Timed out Jul 12 08:32:01 dhcp201-193 kernel: [258419.211587] named[8041] general protection ip:7f0a3e674e7b sp:7f0a40cdaa20 error:0 in libldap-2.4.so.2.8.3[7f0a3e65b000+4c000] Jul 12 08:32:01 dhcp201-193 abrt[8045]: /var/named/core.8040 fd(-1) is not a regular file with link count 1: Permission denied Jul 12 08:32:02 dhcp201-193 abrt[8045]: Saved core dump of pid 8040 (/usr/sbin/named) to /var/spool/abrt/ccpp-2012-07-12-08:32:01-8040 (42422272 bytes) Jul 12 08:32:02 dhcp201-193 abrtd: Directory 'ccpp-2012-07-12-08:32:01-8040' creation detected Jul 12 08:32:02 dhcp201-193 systemd[1]: named.service: control process exited, code=exited status=1 Jul 12 08:32:02 dhcp201-193 systemd[1]: Unit named.service entered failed state. }}} Further information is part of upstream ticket. Steps to reproduce: https://fedorahosted.org/bind-dyndb-ldap/ticket/84#comment:1
Per the attached SFDC ticket - applying bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.2.x86_64.rpm does not fix the issue on the client system. LDAP still fails to recover automatically on reboot.
I need more information. Lines from /var/log/messages related to this problem would help. Thanks.
Created attachment 611961 [details] /var/log/messages - as resquested
Unfortunatelly attachment 611961 [details] is quite old (3 months!). I need logs from machine with bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.2.x86_64.rpm installed. I analyzed last two BIND starts from logs you provided: Jun 13 16:30:20 vuwunicoipam001 named[28281]: bind to LDAP server failed: Timed out Jun 13 16:30:20 vuwunicoipam001 named[28281]: loading configuration: failure Jun 13 16:30:20 vuwunicoipam001 named[28281]: exiting (due to fatal error) BIND failed to start, because Directory Server not responded in time limit. This problem should be solved by bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.2.x86_64.rpm. The plugin will reconnect periodically. Last attempt to start BIND was sucessfull: Jun 13 16:30:42 vuwunicoipam001 named[28715]: running Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone ods.vuw.ac.nz/IN: sending notifies (serial 2016) Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone 0.0.195.130.in-addr.arpa/IN: sending notifies (serial 2012270301) Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone 0.7.70.10.in-addr.arpa/IN: sending notifies (serial 2012280301) Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone 0.33.80.10.in-addr.arpa/IN: sending notifies (serial 2012180401) Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone 3.70.10.in-addr.arpa/IN: sending notifies (serial 2012130601) Jun 13 16:30:42 vuwunicoipam001 named[28715]: zone 0.3.70.10.in-addr.arpa/IN: sending notifies (serial 2012120601) (Zones ods.vuw.ac.nz are stored in LDAP, I suppose. Correct me if I'm wrong.) Next log record from BIND was logged 16 hours later (Jun 14 09:09:18). Jun 14 09:09:18 vuwunicoipam001 named[28715]: LDAP query timed out. Try to adjust "timeout" parameter This indicates a DS problem, not a BIND one. This error message doesn't repeat in logs, so it was intermittent problem which disappeared.
regression test automated in ipa-ctl test suite
verified using ipa-server-3.0.0-8.el6.x86_64 Results of automated test: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-ctl bz840381 At times ipactl fails to start DNS service and a crash is detected. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Stopping pki-ca: [ OK ] Stopping httpd: [ OK ] Stopping ipa_memcached: [ OK ] Stopping named: .[ OK ] Stopping Kerberos 5 Admin Server: [ OK ] Stopping Kerberos 5 KDC: [ OK ] Shutting down dirsrv: PKI-IPA...[ OK ] TESTRELM-COM...[ OK ] Stopping CA Service Stopping HTTP Service Stopping MEMCACHE Service Stopping DNS Service Stopping KPASSWD Service Stopping KDC Service Stopping Directory Service :: [ PASS ] :: Stop all ipa services :: [ PASS ] :: Start ipa services, direct output to /dev/shm/bz840381.txt :: [ PASS ] :: Ensure that a DNS failure is not in the output file BZ 840381 :: [ PASS ] :: Make sure that bind has not crashed. BZ 840381 'f8c05b6c-b7bd-42b8-9162-9271b3447f90' ipa-ctl-bz840381-At-times-ipactl-fails-to-start-DNS-service-and-a-crash-is-detected- result: PASS
verified as above
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0359.html