[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] libpam-ldap and HVM domain erros



Hi Danila,

On Fri, Jun 21, 2019 at 01:20:47PM +0300, Danila Reznichuk wrote:
> Hi all,
> Yesterday after server reboot i've experienced some strage error while
> trying to recreate my HVM domains:
> 
> libxl: error: libxl_dm.c:2339:device_model_spawn_outcome: Domain
> 4:(null): spawn failed (rc=-3)
> libxl: error: libxl_create.c:1501:domcreate_devmodel_started: Domain
> 4:device model did not start: -3
> libxl: error: libxl_domain.c:1003:libxl__destroy_domid: Domain 4:Non-
> existant domain
> libxl: error: libxl_domain.c:962:domain_destroy_callback: Domain
> 4:Unable to destroy guest
> libxl: error: libxl_domain.c:889:domain_destroy_cb: Domain
> 4:Destruction of domain failed
> 
> debug from xl create was not showing any interesting, and much later I
> found some errors in systemd journal:
> 
> xl[3163]: nss_ldap: could not connect to any LDAP server as (null) -
> Can't contact LDAP server
> xl[3163]: nss_ldap: failed to bind to LDAP server ldap://auth-
> 01.domain.com: Can't contact LDAP server
> xl[3163]: nss_ldap: could not connect to any LDAP server as (null) -
> Can't contact LDAP server
> xl[3163]: nss_ldap: failed to bind to LDAP server ldap://auth-
> 02.domain.com: Can't contact LDAP server
> xl[3163]: nss_ldap: could not search LDAP server - Server is
> unavailable
> 
> so i disabled ldap as user provider in nsswitch.conf
> and voila, HVM domains are up and running.
> 
> Something about setup:
> I'm using Xen 4.9 from Ubuntu repos on Ubuntu 18.04
> three days ago I setup ldap authentication on server 
> Not like it must be LDAP auth on xen server, but it will be
> appriciated.
> 
> So why XEN can fail to create domain because of broken nsswitch?
> What could I do, to keep ldap auth, and be able to manage HVM domains,
> when it fails?
> 
> Thank you,
> Regards,
> Danila Reznichuk.

Are you using options to run the qemu process as a de-privileged user?  
I encountered some issues previously when having pam/nsswitch with 
ldap/winbind as the a return code from the getpwnam_r call was not (in 
my opinion) correctly checked: 
https://lists.xenproject.org/archives/html/xen-devel/2018-08/msg00160.html

Regards,
James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.