Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault at first start #26

Open
bmalynovytch opened this issue Aug 19, 2021 · 7 comments
Open

Segmentation fault at first start #26

bmalynovytch opened this issue Aug 19, 2021 · 7 comments
Labels
bug Something isn't working

Comments

@bmalynovytch
Copy link

Summary

When starting 1.4 image, with no previous data, a segfault occurs.

To reproduce, run the container and wait for the error to occur.
To retry, just open a shell and run the following (⚠️ you'll loose your data !!):
rm -rf /etc/openldap/slapd.d/* /var/lib/openldap/* ; kill 1

What is the expected correct behavior?

No segfault, which would allow initial setup to run smoothly until it's end.

Relevant logs and/or screenshots

[DEBUG] /etc/cont-init.d/10-openldap ** [openldap] Bootstrap LDIF: Processing file /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ ldap_add_or_modify /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ local ldif_file=/assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ sed -i 's|<BASE_DN>|dc=sso|g' /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ sed -i 's|<BACKEND>|mdb|g' /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ grep -iq changetype /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ silent ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /assets/slapd/config/bootstrap/ldif/01-acls.ldif
+ '[' TRUE = TRUE ']'
+ ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /assets/slapd/config/bootstrap/ldif/01-acls.ldif
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
[cont-init.d] 10-openldap: exited 255.
[cont-init.d] 99-container: executing...
+ PROCESS_NAME=container
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ output_off
+ '[' TRUE = TRUE ']'
+ set +x
611e7acd slapd starting
**********************************************************************************************************************
**********************************************************************************************************************
****                                                                                                              ****
****       ERROR - Some initialization scripts haven't completed - All services are now halted                    ****
****             - The following scripts in '/etc/cont-init.d' did not pass their completion check                ****
****                                                                                                              ****
**********************************************************************************************************************
**********************************************************************************************************************
10-openldap
**********************************************************************************************************************
**********************************************************************************************************************
****                                                                                                              ****
****       This could have happened for a variety of reasons. Please make sure you have followed the README       ****
****       relating to this image and have proper configuration such as environment variables and volumes set     ****
****                                                                                                              ****
****       If you feel that you have encountered a bug, please submit an issue on the revision control system     ****
****       and provide full debug logs by setting the environment variable 'DEBUG_MODE=TRUE'                      ****
****                                                                                                              ****
**********************************************************************************************************************
**********************************************************************************************************************
[cont-init.d] 99-container: exited 1.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

Environment

  • Image version / tag: 1.4
  • Host OS: CentOS, Kubernetes with Containerd
@bmalynovytch bmalynovytch added the bug Something isn't working label Aug 19, 2021
@bmalynovytch
Copy link
Author

Sorry, here's the relevant log:

[DEBUG] /etc/cont-init.d/10-openldap ** [openldap] Bootstrap LDIF: Processing file /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ ldap_add_or_modify /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ local ldif_file=/assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ sed -i 's|<BASE_DN>|dc=sso|g' /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ sed -i 's|<BACKEND>|mdb|g' /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ grep -iq changetype /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ silent ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
+ '[' true = TRUE ']'
+ '[' true = true ']'
+ ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /assets/slapd/config/bootstrap/ldif/02-memberOf.ldif
612396f6 conn=1002 fd=12 ACCEPT from PATH=/var/run/openldap/run/ldapi (PATH=/var/run/openldap/run/ldapi)
/assets/functions/00-container: line 521:   740 Segmentation fault      (core dumped) "$@"
612396f6 conn=1002 fd=12 closed (connection lost)
[cont-init.d] 10-openldap: exited 139.
[cont-init.d] 99-container: executing... 
+ PROCESS_NAME=container
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ output_off
+ '[' true = TRUE ']'
+ '[' true = true ']'
+ set +x
**********************************************************************************************************************
**********************************************************************************************************************
****                                                                                                              ****
****       ERROR - Some initialization scripts haven't completed - All services are now halted                    ****
****             - The following scripts in '/etc/cont-init.d' did not pass their completion check                ****
****                                                                                                              ****
**********************************************************************************************************************
**********************************************************************************************************************

10-openldap

@bmalynovytch
Copy link
Author

Got it: openldap tools segfault when /etc/hosts contains a hostname for local container which is longer than 64 characters (which is often the case with Kubernetes name conventions).

@tiredofit
Copy link
Owner

Interesting - Nice sleuthing.
I'm not fully up to speed with Kubernetes, but setting the hostname will be a quick and dirty solution, although I don't know how that would affect operations in a cluster.

Alternatively, we could write a function that adds another entry to the hosts file that is <64 char and execute slapd with that truncated hostname. Again, there might be unintended cluster consequences..

@bmalynovytch
Copy link
Author

In fact, empty (minimal containing only localhost) should be fine, as the container will then ask Kubernetes DNS for any other entry.
I've prepared a fix that I'm testing locally but I'm struggling with another problem: FD data are missing on first start (can't connect with FD user/pass, as well as config user).
When I'm done with those, I'll suggest a PR.

@joergmschulz
Copy link

Did any fix come up here?

@bmalynovytch
Copy link
Author

This is so old and we nearly don't use this anymore.
I'd need to check some legacy env, as they are working, and check how they do.
Not sure I'll have enough time before a while.

@joergmschulz
Copy link

so then just close this one because the things Ij'm seeing might be unrelated to your observations some years ago / the root cause of what you've seen has probably been fixed long ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joergmschulz @bmalynovytch @tiredofit