We have a home brewn Single Sign-On implementation in our office which uses account information stored in OpenLDAP, exports home directories (NFS mounts) for clients using Automount. Our desktops run either Ubuntu Dapper or Debian Etch.
During the initial days when we deployed and provisioned the system, I faced a problem in which the desktops wouldn't boot.
udevd[1005]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
udevd[1005]: nss_ldap: could not search LDAP server - Can't contact LDAP server
udevd[1005]: lookup_group: error resolving group 'nvram': Illegal seek
I originally thought since udevd starts up before networking in rc2.d, it isn't able to seek the LDAP server and hence is causing some problem. So, I changed the priority of networking from S40 to S02 and that appeared to solve the problem. But there were those udevd messages that still persisted.
Cut, six months later when Ubuntu Feisty Fawn was released and we installed the same. We still used to get the same problem. But no amount of changing the priorities helped this time. This made me take a hard look at the logs and it was then that I observed the last line in each set of logs.
udevd[1005]: lookup_group: error resolving group 'nvram': Illegal seek
Now, udev is set to create the device nvram at boot time and change group ownership of the device to nvram.
But we've setup the NSS service to lookup LDAP (in /etc/nsswitch.conf) for passwd, group and shadow. So, everytime udev wanted the group called nvram, a search for the group nvram was done in the local /etc/groups file and not finding it there, an LDAP seek was done (wow, PAM!!!) and either it couldn't contact the LDAP server (because network isn't brought up yet) or when contacted (as in our Dapper case) it couldn't find the group called nvram in LDAP.
Hence the solution would be to give udev what it seeks; The group "nvram"!
# addgroup --system nvram
Once that is done. A reboot confirmed this indeed was the solution!!! The moral of the story is that people creating udevd rules should take into account non-existant users/groups. And create them if not found. Also, a framework for the whole SSO solution is missing in the open source world, which is why Micro$oft is able to shove it's products to corporates. Let me know if any effort exists which does try to address the situation.
Showing posts with label debian. Show all posts
Showing posts with label debian. Show all posts
Wednesday, July 18, 2007
Sunday, June 24, 2007
Sampada (ಸಂಪದ) Love Day!
"Giving love to projects" is a concept innovated by the GNOME Project. The idea is simple. You identify an open source project which you're likely to give more attention to and work on it. You love your work, the work automatically gets done.
Today, I'd a similar opportunity to give love to. The project called Sampada (ಸಂಪದ) is a community portal run by a very dynamic and brilliant friend of mine. The portal is hosted on a server at a US Data Center and used to run Debian GNU/Linux Sarge. It had a very good uptime and it was being managed well. Quite a few services are hosted on the server including the website - PHP, Apache, the database - MySQL, Email for the domain (Postfix/Courier/Amavis/Spamassassin/ClamAV) and a management interface - SysCP, Mailing lists using GNU/Mailman. All these were working steadily without any major hitches from some time, but we felt we needed to upgrade the whole system to the newly released Etch distribution.
Typically this kind of entire system upgrade entails a huge amount of planning, dry runs, down time loss estimations. In addition to lots of caffeine to release the tension caused by all the nail biting edges the experience puts one through.
In this case, we decided that we need to upgrade the server and we'd devote some time this Sunday and that's that. No more planning than saying "we'll get the thing done!". Cocky! IMO. But we were only dealing with the world's most stable and most advanced (In many ways) platform and we'd enough experience to be so lethargic about not making those painstaking plans.
We started a bit late, but we started (unlike other days).
# apt-get update && aptitude dist-upgrade -y
The first thing, we did was to ensure a backup of the most important parts of the disk was taken and stored offsite. Took us about 2 hours. Then the initial run itself went pretty smooth and we've had most of the system replaced by newer versions. But there were a couple of packages, which had some issues. Turned out that the customisation that were done on the configurations of those packages - Amavisd-New, Proftpd weren't compatible with the newer versions.
But that was soon solved by slight brute force. What we did was to specifically seek the version we wanted to install on the system. This happened in the case of PHP 5, Apache2. Soon, it was done. And when we tested, voila it worked straight.
1 hour straight. Some questions asked. All tougher questions parried, prayed to god and hoped for the best. But the whole upgrade process was so Debianish!! Always reliable! Always works!!
Overall, we now have a spiffy and snazzy new operating system and an ecosystem of programs serving out very interesting, intellectual and colloquial thoughts to anybody who simply seeks from any corner of the world. Don't miss out!!
ಹೊಸ ಚಿಗುರು, ಹಳೆ ಬೇರು
ಕೂಡಿರಲು ಮರ ಸೊಗಸು
ಮಧ್ಯೆ ಚಿಗುರು ಗಿಡವಾಗಿ
ಗಿಡವು ಮರವಾಗುತಿರಲು,
ಆ ಗಿಡ ಮರಗಳಿಗೆ
ನೀರುಣಿಸಿ ಬೆಳೆಯುವುದಾ
ನೋಡುವುದಿನ್ನೆಂಥಾ ಕನಸು - ಮಂಕುತಿಮ್ಮ
Today, I'd a similar opportunity to give love to. The project called Sampada (ಸಂಪದ) is a community portal run by a very dynamic and brilliant friend of mine. The portal is hosted on a server at a US Data Center and used to run Debian GNU/Linux Sarge. It had a very good uptime and it was being managed well. Quite a few services are hosted on the server including the website - PHP, Apache, the database - MySQL, Email for the domain (Postfix/Courier/Amavis/Spamassassin/ClamAV) and a management interface - SysCP, Mailing lists using GNU/Mailman. All these were working steadily without any major hitches from some time, but we felt we needed to upgrade the whole system to the newly released Etch distribution.
Typically this kind of entire system upgrade entails a huge amount of planning, dry runs, down time loss estimations. In addition to lots of caffeine to release the tension caused by all the nail biting edges the experience puts one through.
In this case, we decided that we need to upgrade the server and we'd devote some time this Sunday and that's that. No more planning than saying "we'll get the thing done!". Cocky! IMO. But we were only dealing with the world's most stable and most advanced (In many ways) platform and we'd enough experience to be so lethargic about not making those painstaking plans.
We started a bit late, but we started (unlike other days).
# apt-get update && aptitude dist-upgrade -y
The first thing, we did was to ensure a backup of the most important parts of the disk was taken and stored offsite. Took us about 2 hours. Then the initial run itself went pretty smooth and we've had most of the system replaced by newer versions. But there were a couple of packages, which had some issues. Turned out that the customisation that were done on the configurations of those packages - Amavisd-New, Proftpd weren't compatible with the newer versions.
But that was soon solved by slight brute force. What we did was to specifically seek the version we wanted to install on the system. This happened in the case of PHP 5, Apache2. Soon, it was done. And when we tested, voila it worked straight.
1 hour straight. Some questions asked. All tougher questions parried, prayed to god and hoped for the best. But the whole upgrade process was so Debianish!! Always reliable! Always works!!
Overall, we now have a spiffy and snazzy new operating system and an ecosystem of programs serving out very interesting, intellectual and colloquial thoughts to anybody who simply seeks from any corner of the world. Don't miss out!!
ಹೊಸ ಚಿಗುರು, ಹಳೆ ಬೇರು
ಕೂಡಿರಲು ಮರ ಸೊಗಸು
ಮಧ್ಯೆ ಚಿಗುರು ಗಿಡವಾಗಿ
ಗಿಡವು ಮರವಾಗುತಿರಲು,
ಆ ಗಿಡ ಮರಗಳಿಗೆ
ನೀರುಣಿಸಿ ಬೆಳೆಯುವುದಾ
ನೋಡುವುದಿನ್ನೆಂಥಾ ಕನಸು - ಮಂಕುತಿಮ್ಮ
Subscribe to:
Posts (Atom)