Bug 1623112
Summary: | ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Florence Blanc-Renaud <frenaud> | |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.5 | CC: | ndehadra, pvoborni, rcritten, tscherf | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.6.4-7.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1623669 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:00:22 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1623669 |
Description
Florence Blanc-Renaud
2018-08-28 13:43:19 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7617 Fixed upstream master: 811b0fd Tune DS replication settings 02f4a7a DS replication settings: fix regression with <3.3 master ipa-4-6: 6ba653c Tune DS replication settings 2563f6f DS replication settings: fix regression with <3.3 master ipa-4-5: ec60901 replicainstall: DS SSL replica install pick right certmonger host 5ef8333 Fix race condition in get_locations_records() a9cc862 Tune DS replication settings 79fe981 Auto-retry failed certmonger requests f3dd0cb Wait for client certificates f4ee36a DS replication settings: fix regression with <3.3 master ipa-4-7: 30443d1 DS replication settings: fix regression with <3.3 master 389-ds-base-1.3.8.4-13.el7.x86_64 ipa-server-4.6.4-8.el7.x86_64 Verified the bug on the basis of following observations: 1. Verified that when ipa Master and replica is installed, then "Unable to acquire replica: permission denied. The bind dn "" does not have permission to supply replication updates to the replica. Will retry later." message is not received on replica server. Console: [root@vm-idm-039 ~]# rpm -q ipa-server ipa-server-4.6.4-8.el7.x86_64 [root@vm-idm-039 ~]# rpm -q 389-ds-base 389-ds-base-1.3.8.4-13.el7.x86_64 [root@vm-idm-039 ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@vm-idm-039 ~]# tail -1 /var/log/ipareplica-install.log 2018-09-05T11:37:27Z INFO The ipa-replica-install command was successful [root@vm-idm-039 ~]# grep -rn "Unable to acquire replica: permission denied" /var/log/ipareplica-install.log [root@vm-idm-039 ~]# grep -rn "Unable to acquire replica: permission denied" /var/log/ [root@vm-idm-039 ~]# Thus on the basis of above observations, marking the status of bug to 'VERIFIED'. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3187 |