OpenVZ Forum


Home » General » Support » can't start slapd in a VE
can't start slapd in a VE [message #34435] Thu, 01 January 2009 22:31 Go to next message
23max is currently offline  23max
Messages: 4
Registered: December 2008
Junior Member
Hi,

i'm trying to install slapd package of Debian/Lenny in an OpenVZ VE. slapd dies with message

Fatal: no entropy gathering module detected
Aborted

stracing it gives
brk(0x80d000)                           = 0x80d000
brk(0x82e000)                           = 0x82e000
access("/dev/random", R_OK)             = -1 EPERM (Operation not permitted)
write(2, "Fatal: "..., 7Fatal: )               = 7
write(2, "no entropy gathering module detec"..., 37no entropy gathering module detected
) = 37
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(1238, 1238, SIGABRT)             = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++


but the /dev/[u]random devices exist and deliver random data when read. Permission is set to 0666. The HN runs Debian/testing amd64 with vzctl 3.0.23, Kernel is a git checkout from linux-2.6.27-openvz. I have other 10 VEs running with apache, databases and similar, without problems. Any idea what could be wrong here?

[Updated on: Thu, 01 January 2009 22:33]

Report message to a moderator

Re: can't start slapd in a VE [message #34716 is a reply to message #34435] Tue, 27 January 2009 18:18 Go to previous messageGo to next message
aTan is currently offline  aTan
Messages: 29
Registered: March 2008
Junior Member
I have the same error with svn update after upgrading to 2.6.27-aivazovsky from git a few days ago. Even after manually setting perms to 666 it doesn't work.

rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
brk(0x829000)                           = 0x829000
brk(0x84a000)                           = 0x84a000
access("/dev/random", R_OK)             = -1 EPERM (Operation not permitted)
write(2, "Fatal: "..., 7Fatal: )               = 7
write(2, "no entropy gathering module detec"..., 37no entropy gathering module detected
) = 37
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(725, 725, SIGABRT)               = 0
Re: can't start slapd in a VE [message #34717 is a reply to message #34435] Tue, 27 January 2009 18:28 Go to previous messageGo to next message
aTan is currently offline  aTan
Messages: 29
Registered: March 2008
Junior Member
in HN ok:
echo test >> /dev/random

ls -al /dev/random
crw-rw-rw- 1 root root 1, 8 2009-01-27 19:24 /dev/random

in VE not ok:
echo test >> /dev/random
/dev/random: Operation not permitted

ls -al /dev/random
crw-r--r-- 1 root root 1, 8 Jan 27 19:23 /dev/random
Re: can't start slapd in a VE [message #34753 is a reply to message #34435] Sat, 31 January 2009 11:34 Go to previous messageGo to next message
hoppaz is currently offline  hoppaz
Messages: 11
Registered: December 2007
Location: Pulheim - Germany
Junior Member

Is there an opened bugreport for that thing?

I've got the same problem related to TLS and exim4 with the new aivazovsky kernel.

Lars
Re: can't start slapd in a VE [message #34754 is a reply to message #34435] Sat, 31 January 2009 12:51 Go to previous messageGo to next message
koct9i is currently offline  koct9i
Messages: 51
Registered: February 2008
Member
by default VE have read-only access to /dev/[u]random (see security/device_cgroup.c:106 in source),
it is enough for all commonly used applications.
you can grant read-write access to specified device via vzctl --devices option.
Re: can't start slapd in a VE [message #34762 is a reply to message #34435] Sun, 01 February 2009 10:55 Go to previous messageGo to next message
hoppaz is currently offline  hoppaz
Messages: 11
Registered: December 2007
Location: Pulheim - Germany
Junior Member

The devices hint fixed the write problem...

DEVICES="c:1:9:rw c:1:8:rw "

ls -al /dev/*random
crw-rw-rw- 1 root root 1, 8 Feb 1 11:39 /dev/random
crw-rw-rw- 1 root root 1, 9 Feb 1 11:39 /dev/urandom

But if I try to:
strace certtool --generate-privkey --bits 512 >new-params

mprotect(0x7f1f33c2d000, 12288, PROT_READ) = 0
munmap(0x7f1f342c9000, 19430) = 0
brk(0) = 0x528000
brk(0x549000) = 0x549000
brk(0x56a000) = 0x56a000
access("/dev/random", R_OK) = -1 EPERM (Operation not permitted)
write(2, "Fatal: ", 7Fatal: ) = 7
write(2, "no entropy gathering module dete"..., 37no entropy gathering module detected
) = 37
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, Cool = 0
gettid() = 1671
tgkill(1671, 1671, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
Process 1671 detached

Is that a problem with capabilities?

Lars
Re: can't start slapd in a VE [message #34763 is a reply to message #34762] Sun, 01 February 2009 15:37 Go to previous messageGo to next message
23max is currently offline  23max
Messages: 4
Registered: December 2008
Junior Member
Hm. With git checkout of linux-2.6.27-ovz from last night I still have the same problem with slapd. I've set --devices as suggested.

open("/var/lib/ldap/DB_CONFIG", O_RDONLY) = 10
close(10)                               = 0
read(9, "ccess to *\n        by dn=\"cn=admi"..., 4096) = 635
read(9, ""..., 4096)                    = 0
read(9, ""..., 4096)                    = 0
close(9)                                = 0
munmap(0x7f40ed532000, 4096)            = 0
brk(0x80d000)                           = 0x80d000
brk(0x82e000)                           = 0x82e000
access("/dev/random", R_OK)             = -1 EPERM (Operation not permitted)
write(2, "Fatal: "..., 7Fatal: )               = 7
write(2, "no entropy gathering module detec"..., 37no entropy gathering module detected
) = 37
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(1391, 1391, SIGABRT)             = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
Re: can't start slapd in a VE [message #34822 is a reply to message #34763] Wed, 04 February 2009 16:39 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member

please check git commit:

http://git.openvz.org/?p=linux-2.6.27-openvz;a=commit;h=6786d710542ee60fa22d21e13902de81f56838eb

Bye,
Thorsten
Re: can't start slapd in a VE [message #34824 is a reply to message #34822] Wed, 04 February 2009 19:35 Go to previous message
23max is currently offline  23max
Messages: 4
Registered: December 2008
Junior Member
This fixes the -EPERM problem indeed. Now my slapd is working as expected. Thanks to all Smile
Previous Topic: Unable to create backup with vzdump
Next Topic: VE Missing /proc/net/ip_conntrack
Goto Forum:
  


Current Time: Fri Nov 08 01:03:34 GMT 2024

Total time taken to generate the page: 0.03299 seconds