Batery UPS yang terpasang tidak dapat mengaktifkan komputer lebih dari 30 menit dan dengan matinya listrik lebih dari 30 menyebabkan server harus mati secara tidak baik (unclean shut down).
LDAP di server Centos sudah otomatis akan hidup servicenya ketika server hidup, akan tetapi apabila ada fiel yang corrupt maka akan mengalami kegagalan sebagai berikut :
1. LDAP server tidak dapat start
2. LDAP server dapat start tetapi sangat lambat ketika diakses
3. LDAP server dapat start tetapi tidak dapat diakses
Solusi :
Secara manual
Langkah yang harus dilakukan sebenarnya cukup sederhana, yaitu melakukan recovery database ldap, yaitu dengan perintah :slapd_db_recover -v -h /var/lib/ldapSolusi ini menjadi tidak efektif apabila terjadinya masalah adalah tengah malam dan tidak dapat dilakukan remote akses terhadap LDAP server.
Solusi Otomatis
Untuk start dan stop service ldap secara otomatis dapat ditangani menggunakan aplikasi monitUntuk seting monitor LDAP di monit saya uabh menjadi
check process ldap with pidfile /var/run/openldap/slapd.pidUntuk file “/etc/inid.d/ldap” secara default tidak support perintah recover, untuk itu perlu ditambahkan fungsi recover sebagai berikut :
start program = “/etc/init.d/ldap start” with timeout 60 seconds
stop program = “/etc/init.d/ldap stop”
if failed port 389 use type tcp
then restart
if 3 restarts within 5 cycles then exec “/etc/init.d/ldap recover”
group server
#!/bin/bashCatatan : perubahan ada di dalam script yang tercetak tebal
#
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd).
#
# chkconfig: - 27 73
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/openldap/slapd.pid
# Source function library.
. /etc/init.d/functions
# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 1
fi
# Source an auxiliary options file if we have one, and pick up OPTIONS,
# SLAPD_OPTIONS, SLURPD_OPTIONS, SLAPD_LDAPS, SLAPD_LDAPI, and maybe
# KRB5_KTNAME and SLURPD_KRB5CCNAME.
if [ -r /etc/sysconfig/ldap ] ; then
. /etc/sysconfig/ldap
fi
slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
slapd_db_recover=/usr/sbin/slapd_db_recover
slaptest=/usr/sbin/slaptest
[ -x ${slapd} ] || exit 1
[ -x ${slurpd} ] || exit 1
RETVAL=0
#
# Pass commands given in $2 and later to “test” run as user given in $1.
#
function testasuser() {
local user= cmd=
user=”$1″
shift
cmd=”$@”
if test x”$user” != x ; then
if test x”$cmd” != x ; then
/sbin/runuser -f -m -s /bin/sh -c “test $cmd” — “$user”
else
false
fi
else
false
fi
}
#
# Check for read-access errors for the user given in $1 for a service named $2.
# If $3 is specified, the command is run if “klist” can’t be found.
#
function checkkeytab() {
local user= service= klist= default=
user=”$1″
service=”$2″
default=”${3:-false}”
if test -x /usr/kerberos/bin/klist ; then
klist=/usr/kerberos/bin/klist
elif test -x /usr/bin/klist ; then
klist=/usr/bin/klist
fi
KRB5_KTNAME=”${KRB5_KTNAME:-/etc/krb5.keytab}”
export KRB5_KTNAME
if test -s “$KRB5_KTNAME” ; then
if test x”$klist” != x ; then
if LANG=C $klist -k “$KRB5_KTNAME” | tail -n 4 | awk ‘{print $2}’ | grep -q ^”$service”/ ; then
if ! testasuser “$user” -r ${KRB5_KTNAME:-/etc/krb5.keytab} ; then
true
else
false
fi
else
false
fi
else
$default
fi
else
false
fi
}
function configtest() {
local user= ldapuid= dbdir= file=
# Check for simple-but-common errors.
user=ldap
prog=`basename ${slapd}`
ldapuid=`id -u $user`
# Unaccessible database files.
slaptestflags=
for dbdir in `LANG=C egrep ‘^directory[[:space:]]+[[:print:]]+$’ /etc/openldap/slapd.conf | sed s,^directory,,` ; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name “*.dbb” -or -name “*.gdbm” -or -name “*.bdb” -or -name “__db.*” \)` ; do
echo -n $”$file is not owned by \”$user\”" ; warning ; echo
done
if ! test -s ${dbdir}/id2entry.dbb ; then
if ! test -s ${dbdir}/id2entry.gdbm ; then
if ! test -s ${dbdir}/id2entry.bdb ; then
slaptestflags=-u
fi
fi
fi
done
# Unaccessible keytab with an “ldap” key.
if checkkeytab $user ldap ; then
file=${KRB5_KTNAME:-/etc/krb5.keytab}
echo -n $”$file is not readable by \”$user\”" ; warning ; echo
fi
# Unaccessible TLS configuration files.
tlsconfigs=`LANG=C egrep ‘^(TLS_CACERT|TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]’ /etc/openldap/slapd.conf /etc/openldap/ldap.conf | awk ‘{print $2}’`
for file in $tlsconfigs ; do
if ! testasuser $user -r $file ; then
echo -n $”$file is not readable by \”$user\”" ; warning ; echo
fi
done
# Check the configuration file.
if ! action $”Checking configuration files for $prog: ” /sbin/runuser -m -s “$slaptest” — “$user” $slaptestflags; then
if /sbin/runuser -m -s “$slaptest” — “$user” “-u” > /dev/null 2> /dev/null ; then
dirs=`LANG=C egrep ‘^directory[[:space:]]+[[:print:]]+$’ /etc/openldap/slapd.conf | awk ‘{print $2}’`
for directory in $dirs ; do
if test -r $directory/__db.001 ; then
echo -n $”stale lock files may be present in $directory” ; warning ; echo
fi
done
fi
exit 1
fi
}
function start() {
configtest
# Define a couple of local variables which we’ll need. Maybe.
user=ldap
prog=`basename ${slapd}`
if test x$SLAPD_LDAP = xyes ; then
harg=”ldap:///”
fi
if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
harg=”$harg ldaps:///”
fi
if test x$SLAPD_LDAPI = xyes ; then
harg=”$harg ldapi:///”
fi
# Start daemons.
echo -n $”Starting $prog: ”
ulimit $ULIMIT_SETTINGS > /dev/null 2>&1
daemon –check=$prog ${slapd} -h \”$harg\” -u ${user} $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
if grep -q “^replogfile” /etc/openldap/slapd.conf; then
prog=`basename ${slurpd}`
echo -n $”Starting $prog: ”
if [ -n "$SLURPD_KRB5CCNAME" ]; then
export KRB5CCNAME=”$SLURPD_KRB5CCNAME”;
fi
daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
function stop() {
# Stop daemons.
prog=`basename ${slapd}`
echo -n $”Stopping $prog: ”
killproc -d $STOP_DELAY ${slapd}
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
if grep -q “^replogfile” /etc/openldap/slapd.conf; then
prog=`basename ${slurpd}`
echo -n $”Stopping $prog: ”
killproc ${slurpd}
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
function recover(){
#recover LDAP database
echo -n $”Db Recover: ”
prog=`${slapd_db_recover} -v -h /var/lib/ldap`
echo $prog
return 0
}
# See how we were called.
case “$1″ in
configtest)
configtest
;;
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
status)
status ${slapd}
RETVAL=$?
if grep -q “^replogfile” /etc/openldap/slapd.conf ; then
status ${slurpd}
RET=$?
if [ $RET -ne 0 ] ; then
RETVAL=$RET;
fi
fi
;;
restart)
stop
start
;;
recover)
stop
recover
start
;;
condrestart)
if [ -f /var/lock/subsys/ldap ] ; then
stop
start
RETVAL=$?
fi
;;
*)
echo $”Usage: $0 {start|stop|restart|status|condrestart}”
RETVAL=1
esac
exit $RETVAL
0 comments:
Post a Comment