Bug 726785
| Summary: | If replication fails while setting up a clone it will wait forever | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Ade Lee <alee> | ||||
| Component: | pki-core | Assignee: | Ade Lee <alee> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.2 | CC: | benl, dpal, kchamart, mharmsen, rcritten, rmeggins | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 683990 | Environment: | |||||
| Last Closed: | 2011-12-06 16:29:21 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 683990 | ||||||
| Bug Blocks: | 530474, 688225 | ||||||
| Attachments: |
|
||||||
|
Description
Ade Lee
2011-07-29 19:35:47 UTC
The attributes that can be used for this are described here: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/Core_Server_Configuration_Reference.html#Replication_Attributes_under_cnReplicationAgreementName_cnreplica_cnsuffixName_cnmapping_tree_cnconfig The main ones are nsDS5ReplicaLastInitStatus and nsDS5ReplicaLastUpdateStatus. The format is this N <SPACE> String... Where N is an integer - if 0, this means success, otherwise, usually an LDAP error code. <SPACE> is a single space character. String... is a character string with more information about the status. Created attachment 516756 [details]
patch to fix
6.1: [vakwetu@goofy-vm6 base]$ svn ci -m "Resolves #726785 - If replication fails while setting up a clone it will wait forever" Sending base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java Transmitting file data . Committed revision 2106. tip: [vakwetu@dhcp231-121 base]$ svn ci -m "Resolves #726785 - If replication fails while setting up a clone it will wait forever" Sending base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java Transmitting file data . Committed revision 2107. 8.2: [vakwetu@goofy-vm4 base]$ svn ci -m "Resolves #726785 - If replication fails while setting up a clone it will wait forever" Sending base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java Transmitting file data . Committed revision 2108. VERIFIED. Version Info: ============ [root@ratchet ~]# rpm -qa ipa-server ipa-server-2.1.3-9.el6.x86_64 [root@ratchet ~]# [root@jetfire ~]# rpm -qa ipa-server ipa-server-2.1.3-9.el6.x86_64 [root@jetfire ~]# ============ [root@ratchet ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.2 Beta (Santiago) [root@ratchet ~]# [root@jetfire ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.2 Beta (Santiago) [root@jetfire ~]# ============ Procedure: ---------- 1] Setup Master IPA server # ipa-server-install --setup-dns -N ; configure w/ DNS forwarder(same as local IP) 2] Prepare replica info. on Master: ======== [root@jetfire ~]# ipa-replica-prepare jetfire.testrelm --ip-address 10.65.201.69 ======== 3] Copy the replica prepare file over to replica machine ======== [root@jetfire ~]# scp /var/lib/ipa/replica-info-ratchet.testrelm.gpg root.201.69:/var/lib/ipa/ ======== 4] Run the replica install command on the replica server(w/ forwarder as Master IP) ======== [root@ratchet ~]# ipa-replica-install --setup-dns /var/lib/ipa/replica-info-ratchet.testrelm.gpg --forwarder 10.65.201.71 ======== 5] Now, let's mangle replicationdb(change it 'abcd' instead of orignial one) ======== [root@jetfire ~]# cat /var/lib/pki-ca/conf/password.conf internal=408873824911 internaldb=Secret123 replicationdb=abcd [root@jetfire ~]# ======== 6] Restart IPA Master server ======== [root@jetfire ~]# ipactl restart ======== 7] Now, let's create a clone of CA on replica. This should *FAIL* (as we mangled w/ Master replicationdb password) [root@ratchet ~]# ipa-ca-install /var/lib/ipa/replica-info-ratchet.testrelm.gpg Directory Manager (existing master) password: Run connection check to master Check connection from replica to remote master 'jetfire.testrelm': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK PKI-CA: Directory Service port (7389): OK Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master admin@TESTRELM password: Execute check on remote master Check connection from master to remote replica 'ratchet.testrelm': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): OK Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): OK HTTP Server: port 80 (80): OK HTTP Server: port 443(https) (443): OK PKI-CA: Directory Service port (7389): OK Connection from master to replica is OK. Connection check OK Configuring directory server for the CA: Estimated time 30 minutes 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server done configuring pkids. Configuring certificate server: Estimated time 33 minutes 30 seconds [1/11]: creating certificate server user [2/11]: creating pki-ca instance [3/11]: configuring certificate server instance root : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ratchet.testrelm' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-K0677k' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'fZynlmE3VHTQ82q0q2iE' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM' '-ldap_host' 'ratchet.testrelm' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM' '-ca_server_cert_subject_name' 'CN=ratchet.testrelm,O=TESTRELM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM' '-external' 'false' '-clone' 'true' '-clone_p12_file' 'ca.p12' '-clone_p12_password' XXXXXXXX '-sd_hostname' 'jetfire.testrelm' '-sd_admin_port' '443' '-sd_admin_name' 'admin' '-sd_admin_password' XXXXXXXX '-clone_start_tls' 'true' '-clone_uri' 'https://jetfire.testrelm:443'' returned non-zero exit status 255 creation of replica failed: Configuration of CA failed Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. [root@ratchet ~]# RESULT: Replication fails as expected and doesn't loop forever. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1655.html |