[OPENDJ-249] dsreplication disable --disableAll error removing contents of
"cn=admin data" Created: 29/Jul/11 Updated: 26/Jun/13 Resolved: 15/Mar/12
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Resolved
OpenDJ
replication
2.4.0
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Environment:
Bug
gary.williams
Fixed
None
Not Specified
Attachments:
Issue Links:
QA Assignee:
2.6.0
Priority:
Assignee:
Votes:
Major
Matthew Swift
0
Not Specified
Not Specified
linux 32 bit Java 1.6.0_26
opends-replication-1899648229310201681.log
Duplicate
is duplicated
by
OPENDJ196
dsreplication disable -a fails with
R...
Resolved
gary.williams
Description
Doing dsreplication disable --disableAll is throwing a javax.naming.CommunicationException
when removing contents of "cn=admin data".
[1] Enable replication:
dsreplication enable -n -X --host1 localhost --port1 2444 --bindDN1 cn=Directory Manager -bindPassword1 secret12 --replicationPort1 2989 --host2 localhost --port2 1444 --BindDN2
cn=Directory Manager --bindPassword2 secret12 --replicationPort2 1989 --baseDN
dc=europe,dc=com --adminUID admin --adminPassword admin
Establishing connections ..... Done.
Checking registration information ..... Done.
Updating remote references on server localhost:2444 ..... Done.
Configuring Replication port on server localhost:1444 ..... Done.
Updating replication configuration for baseDN dc=europe,dc=com on server localhost:2444 .....
Done.
Updating replication configuration for baseDN dc=europe,dc=com on server localhost:1444 .....
Done.
Updating registration configuration on server localhost:2444 ..... Done.
Updating registration configuration on server localhost:1444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:2444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:1444 ..... Done.
Initializing registration information on server localhost:1444 with the contents of server
localhost:2444 ..... Done.
Initializing schema on server localhost:1444 with the contents of server localhost:2444 .....
Done.
Replication has been successfully enabled. Note that for replication to work you must initialize
the contents of the base DN's that are being replicated (use dsreplication initialize to do so).
See /tmp/opends-replication-603748233450726491.log for a detailed log of this
operation.
[2] Init replication
dsreplication initialize -n -X -h localhost -p 1444 -O localhost --portDestination 2444 -b
dc=europe,dc=com -I admin -w admin
Initializing base DN dc=europe,dc=com with the contents from localhost:1444:
29 entries processed (100 % complete).
Base DN initialized successfully.
See /tmp/opends-replication-7173846912925534621.log for a detailed log of this
operation.
[3] Disable replication
dsreplication disable -n -X -h localhost -p 1444 -I admin -w admin --disableAll
Establishing connections ..... Done.
You have decided to disable the replication server (replication changelog).
After disabling the replication server only one replication server will be
configured for the following suffixes:
dc=europe,dc=com
To avoid a single point of failure at least two replication servers must be
configured.
Disabling replication on base DN cn=admin data of server localhost:1444 ..... Done.
Disabling replication on base DN dc=europe,dc=com of server localhost:1444 ..... Done.
Disabling replication on base DN cn=schema of server localhost:1444 ..... Done.
Removing references on base DN cn=admin data of server localhost:2444 ..... Done.
Removing references on base DN cn=schema of server localhost:2444 ..... Done.
Removing references on base DN dc=europe,dc=com of server localhost:2444 ..... Done.
Disabling replication port 1989 of server localhost:1444 ..... Done.
Removing registration information .....
Error updating registration information. Details: Registration information
error. Error type: 'ERROR_UNEXPECTED'. Details:
javax.naming.CommunicationException: connection closed [Root exception is
java.io.IOException: connection closed]; remaining name 'cn=Servers,cn=admin
data'
See /tmp/opends-replication-1899648229310201681.log for a detailed log of this
operation.
Attached /tmp/opends-replication-1899648229310201681.log
Comments
Comment by Matthew Swift [ 17/Oct/11 ]
The failure is triggered when dsreplication attempts to clear cn=admin data and, in doing so,
deletes the global admin user which the tool is currently authenticated as. OpenDJ disconnects
authenticated users which have been deleted. I think that dsreplication is being too aggressive by
removing the admin user and, for that matter, any other entries in the backend not directly
related to replication.
Since it is not possible to disable replication properly using a non "global" user (e.g.
cn=directory manager does not work since this is a local account) I am going to raise the
priority of this issue.
Comment by Matthew Swift [ 20/Oct/11 ]
The method org.opends.admin.ads.ADSContext.removeAdminData(), which is called when
disabling replication, removes the admin user and the instance keys. This seems overkill to me.
Not only is the admin user the current user performing the operation, but the instance keys are
not replication specific. In particular, the local instance key is used for encrypting symmetric
keys. Other instance keys may have been used for signing logs etc, so may be required in order
to verify signatures.
Comment by Matthew Swift [ 16/Jan/12 ]
Targeting fix for 2.5.0.
Comment by Matthew Swift [ 15/Mar/12 ]
Don't remove instance keys when disabling replication. Instance keys are intended for other
purposes as well as replication, for example log signing, etc, and may be required after an
instance has been removed from a topology. It is the responsibility of administrators to
manually remove unused instance keys on a case by case basis.
Generated at Tue Feb 09 19:46:50 GMT 2016 using JIRA 6.3.9#6339sha1:46fa26140bf81c66e10e6f784903d4bfb1a521ae.