Hi Maria, all,
the problem has become critical now, as the update isn't any longer
bound to an SL/CentOS upgrade to 6.7. There has been an update marked as
security fix, so all bdii nodes will get it - or already got it:
[nero-vm2] /root # rpm -q --changelog openldap-servers | head -n 2
* Thu Sep 17 2015 Matúš Honěk <[log in to unmask]> - 2.4.40-6
- CVE-2015-6908 openldap: ber_get_next denial of service vulnerability (#1263171)
As slapd won't get restarted automatically on update, "bad surprises"
are expected to show up on next reboot, yaim run or bdii restart ...
It just takes some seconds until the 2.4.40-based top-level bdii
reliably segfaults ... :-(
Cheers,
Andreas
Am Dienstag, den 29.09.2015, 09:42 +0000 schrieb Maria Alandes Pradillo:
> Dear Ryan,
>
> Have you finally updated to SL6.7? Please, let us know the details and whether it went fine.
>
> Regards,
> Maria
>
> > -----Original Message-----
> > From: LHC Computer Grid - Rollout [mailto:[log in to unmask]] On
> > Behalf Of Ryan Taylor
> > Sent: 25 September 2015 22:48
> > To: [log in to unmask]
> > Subject: Re: [LCG-ROLLOUT] TOP BDII issues with CentOS 6.7 (openldap-servers-
> > 2.4.40-5.el6.x86_64)
> >
> > Hi,
> >
> > Was any further information found, or should it be okay to update BDIIs to SL6.7
> > now?
> >
> > Thanks,
> > -rt
> >
> > Ryan Taylor
> > Grid & Cloud Computing Specialist
> > Data Centre Services, University Systems University of Victoria
> >
> > On 08/21/2015 06:28 AM, andrea wrote:
> > > Hi Dennis,
> > > this problem was also reported by our colleagues at CERN running a
> > > resource BDII in a ARC-CE after the upgrade to SLC 6.7 after that i
> > > tried to reproduce the issue in other resource BDIIs but i could not.
> > > I know that also Maria Allandes ( responsible for BDII) tried to
> > > reproduce it in both Site and Top BDIIs without finding the same
> > > problem
> > >
> > > For the moment i guess we can suggest not to upgrade the BDII nodes to 6.7.
> > >
> > > Maria is going to be back to work next week, so she will try to investigate
> > more.
> > > thanks!
> > > cheers
> > > Andrea
> > >
> > >
> > >
> > >
> > > Il 21/08/15 14:15, Dennis van Dok ha scritto:
> > >> Hi,
> > >>
> > >> we just upgraded to CentOS 6.7 on Tuesday, and besides a bad case of
> > >> CVMFS failures it turns out this also breaks our top level BDII.
> > >>
> > >> The upgraded component is
> > >>
> > >> openldap-servers-2.4.40-5.el6.x86_64
> > >>
> > >> and for yet unknown reasons the service repeatedly crashes.
> > >>
> > >> /var/log/kern:Aug 21 09:13:22 ha-kraal kernel: slapd[24759]: segfault
> > >> at 7f31feddba90 ip
> > >> 00007f31feddba90 sp 00007f31763a7028 error 15 /var/log/kern:Aug 21
> > >> 10:30:33 ha-kraal kernel: slapd[13964]: segfault at 7f78008008d0 ip
> > >> 00007f78008008d0 sp 00007f7730676028 error 15 /var/log/kern:Aug 21
> > >> 11:26:02 ha-kraal kernel: slapd[10760]: segfault at 7f57c69e6510 ip
> > >> 00007f57c69e6510 sp 00007f573e7b3028 error 15 /var/log/kern:Aug 21
> > >> 12:25:56 ha-kraal kernel: slapd[6799]: segfault at 7f39dd417a90 ip
> > >> 00007f39dd417a90 sp 00007f39561e6028 error 15 /var/log/kern:Aug 21
> > >> 13:03:02 ha-kraal kernel: slapd[6469]: segfault at 7efe7551c690 ip
> > >> 00007efe7551c690 sp 00007efdb5e79028 error 15
> > >>
> > >> For the moment we've downgraded our TL BDIIs to CentOS 6.6, and I'm
> > >> trying to collect a crash report on our test node (basically waiting
> > >> for the failure to occur again) so I can inform Red Hat.
> > >>
> > >> Has anybody else experienced this? Note that our resource and site
> > >> BDIIs run the same software but do not seem to be affected.
> > >>
> > >> Cheers,
> > >>
> > >> Dennis
> > >>
--
| Andreas Haupt | E-Mail: [log in to unmask]
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216
|