[krbdev.mit.edu #7676] RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch

Richard Basch via RT rt-comment at krbdev.mit.edu
Tue Jul 16 23:29:46 EDT 2013 

FYI - I don't know if the problem also exists in 1.11; the 1.11 code path
for kpropd changed significantly and I have not performed similar levels of
testing as I had with 1.10. Even with 1.10, I could not reproduce the
problem 100% reliably, but I did observe the problem multiple times in my QA
environment (only twice in production), and eventually I was able to
correlate the error condition with the log messages (with near 100%
correlation accuracy).

The closest I ever came to replicating this in a QA environment entailed
performing a database dump on the slave at the same time as the ulog was
reinitialized on the master in order to force a full resync (as you may
recall, I sent another patch to reinitialize the log if a password policy
change occurs, though in this case, I was generally reloading a baseline
copy of a database at a fixed time, but the net effect is the same). The net
result was the serial number was updated but when I examined the database,
not all the data elements were consistent between the master and the slave.
	
-----Original Message-----
From: krb5-bugs-bounces at MIT.EDU [mailto:krb5-bugs-bounces at MIT.EDU] On Behalf
Of Richard Basch via RT
Sent: Saturday, July 06, 2013 6:43 PM
To: 'AdminCc of krbdev.mit.edu Ticket #7677':
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch

Correction the entry can be retrieved from:

https://github.com/rbasch/krb5/commit/638b2e299157b1c2e637cb992bc07cf9f55985
94

(I fixed the log message in the commit.)

-----Original Message-----
From: Richard Basch [mailto:basch at alum.mit.edu] 
Sent: Saturday, July 06, 2013 6:26 PM
To: 'rt at krbdev.mit.edu'
Cc: 'richard.basch at gs.com'; 'Richard Basch'
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch 

I added the patch to github:

https://github.com/rbasch/krb5/commit/cc4bf70b59d34ff76a329cdddc7ee03f9f5b55
d7


-----Original Message-----
From: krb5 [mailto:rt at krbdev.mit.edu] 
Sent: Saturday, July 06, 2013 4:30 PM
To: basch at mit.edu
Subject: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch 


Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
	"1.10.5 & 1.10.6 kpropd patch", 
a summary of which appears below.

There is no need to reply to this message right now.  Your ticket has been
assigned an ID of [krbdev.mit.edu #7677].

Please include the string:

         [krbdev.mit.edu #7677]

in the subject line of all future correspondence about this issue. To do so,

you may reply to this message.

                        Thank you,
                        

-------------------------------------------------------------------------
The fix ported back from 1.11.2 to 1.10.5 to resolve the potential issue
where a failed full resync might result in a database still reporting it is
current is flawed.  Attached is a patch which ensures if a full resync fails
the resulting database is not considered "current".

I have seen this bad database condition if kpropd logs an error similar to
"kpropd: Full resync, invalid return."

Sorry... I don't have my krb5 1.10 tree in github... it's only 10 additional
lines of code + 3 other lines for readability (comments, whitespace).	

-----Original Message-----
From: Richard Basch [mailto:probe at mail.bright-prospects.com] 
Sent: Saturday, July 06, 2013 12:33 AM
To: basch at mit.edu; richard.basch at gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig	2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c	2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
             break;
         }
 
+	if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+	    /* Re-init ulog so we don't accidentally think we are current */
+	    if (log_ctx && log_ctx->iproprole) {
+		log_ctx->ulog->kdb_last_sno = 0;
+		log_ctx->ulog->kdb_last_time.seconds = 0;
+		log_ctx->ulog->kdb_last_time.useconds = 0;
+
+		log_ctx->ulog->kdb_first_sno = 0;
+		log_ctx->ulog->kdb_first_time.seconds = 0;
+		log_ctx->ulog->kdb_first_time.useconds = 0;
+	    }
+	}
+
         if (runonce == 1)
             goto done;
 



_______________________________________________
krb5-bugs mailing list
krb5-bugs at mit.edu
https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/krb5-bugs

More information about the krb5-bugs mailing list