Bug 1439340

Summary: ipa_repl_version hard coded data version and "Incompatible IPA versions, pausing replication. "
Product: Red Hat Enterprise Linux 8 Reporter: Marc Sauton <msauton>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED WONTFIX QA Contact: ipa-qe <ipa-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.0CC: gparente, pasik, pcech, pvoborni, rcritten, sumenon, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-20 12:49:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marc Sauton 2017-04-05 18:18:51 UTC 
Description of problem:

IPA LDAP server replication plug-in
cn=IPA Version Replication,cn=plugins,cn=config
/usr/lib64/dirsrv/plugins/libipa_repl_version.so

https://pagure.io/freeipa/issue/6847

we have seen those errors a few times in several cases on RHEL-7.3 in the LDAP server errors log file without any other event when replication verbose log is disabled:

[28/Mar/2017:22:42:30 764332032 -0700] repl_version_plugin_recv_acquire_cb - [file ipa_repl_version.c, line 119]: Incompatible IPA versions, pausing replication. This server: 20100614120000" remote server: "(null)".

per
./daemons/ipa-slapi-plugins/ipa-version/ipa_repl_version.c
it seem like a replica would go in incremental backoff mode, after a replication session failure, so it would not be a fatal replication session error.

    This is called on a replica when it receives a start replication
    extended operation from a master.
    *
    The data sent by the master (version) is compared with our own
    hardcoded version to determine if replication can proceed or not.
    *
    The replication plug-in will take care of freeing data_guid and data.
    *
    Returning non-0 will abort the replication session. This
    results in the master going into incremental backoff mode.
    /
    static int
    repl_version_plugin_recv_acquire_cb(const char repl_subtree, int is_total,
    const char data_guid, const struct berval data)
    {

the root cause seem to be with a hardcoded data version value in the plug-in
./daemons/ipa-version.h
define DATA_VERSION 20100614120000

Although this does not seem to be a fatal error in all the replication sessions, it is seen as a fatal error in the IPA replication plug-in:
./daemons/ipa-slapi-plugins/ipa-version/ipa_repl_version.c

    if (!(strcmp(data_version, data->bv_val) == 0)) {
        LOG_FATAL("Incompatible IPA versions, pausing replication. "
                  "This server: \"%s\" remote server: \"%s\".\n",
                  data_version, data->bv_val);
        return 1;

Although this may be ignored, I am not sure what may be the effect of not having a full init and only incremental updates, we need at least one full init a first time.
We should probably fix this so there are no suspicious important LDAP replication error messages with an outdated timestamp in years and a null value of a remote server.
LDAP replication is critical, and this would help clear false positives when trying to troubleshoot replication issues.


Version-Release number of selected component (if applicable):

389-ds-base-1.3.5.10-15.el7_3.x86_64
ipa-server-4.4.0-14.el7_3.4.x86_64
redhat-release-server-7.3-7.el7.x86_64


How reproducible:
N/A

Steps to Reproduce:
1. N/A
2.
3.

Actual results:


Expected results:


Additional info:
Comment 5 Petr Vobornik 2017-04-06 17:31:41 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6847
Comment 10 Florence Blanc-Renaud 2020-02-14 15:10:25 UTC 
*** Bug 1623761 has been marked as a duplicate of this bug. ***
Comment 13 Petr Čech 2021-05-20 12:49:43 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. The request was cloned to the upstream tracker a long time ago (see link to the upstream ticket above), but it was unfortunately not given priority either in the upstream project, nor in Red Hat Enterprise Linux.

Given that this request is not planned for a close release, it is highly unlikely it will be fixed in this major version of Red Hat Enterprise Linux. We are therefore closing the request as WONTFIX.

To request that Red Hat reconsiders the decision, please reopen the Bugzilla with the help of Red Hat Customer Service and provide additional business and/or technical details about it's importance to you. Please note that you can still track this request or even offer help in the referred upstream Pagure ticket to expedite the solution.

Petr Čech
FreeIPA Product Owner