Bug 749275
Summary: | ipa-csreplica-manage list is incorrect when setting agreement between 2 replicas | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Namita Soman <nsoman> | ||||||||
Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 6.1 | CC: | jgalipea, kchamart, mkosek, ohamada | ||||||||
Target Milestone: | rc | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix | ||||||||
Doc Text: |
No documentation needed.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2012-06-20 13:15:51 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 788140 | ||||||||||
Bug Blocks: | 756082 | ||||||||||
Attachments: |
|
Description
Namita Soman
2011-10-26 15:44:21 UTC
Created attachment 530308 [details]
From replica2: ldapsearch -x -D 'cn=directory manager' -b 'cn=mapping tree,cn=config'
Created attachment 530309 [details]
from replica3
note that my replica hostnames are a bit off on numbers in relation to how they are referred above. In my env, they are ipa-master, ipa-replica, ipa-replica1, ipa-replica2 Upstream ticket: https://fedorahosted.org/freeipa/ticket/2031 I have been unable to reproduce this. I invested where we get the information on available masters further and rather than getting it from the replication agreements we get it from the cn=masters,cn=ipa,cn=etc,$SUFFIX. 389-ds replication should always keep this in sync. Did you break IPA replication between these servers at any time (using ipa-replica-manage)? I may have...was some time back, and don't remember for sure. I do recall using ipa-replica-manage to change my config while testing.....so it is possible. This may be connected to Bug 755094. Ondra Hamada is investigating it. So far he was only able reproduce the issue on RHEL 6.2. Ondrej Hamada found out that this issue is fixed by 389-ds-base-1.2.10.rc1 which was released for Fedora and epel6. I will link this BZ to Bug 788140 that Rich marked as the root cause of this bug. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed. VERIFIED. [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# rpm -q ipa-server ipa-server-2.2.0-15.el6.x86_64 [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# Test: ----- 1] Create Master (neptune) 1.1] Create replica files for Replica-1(mars) and Replica-2(silverbolt). And scp them to respective machines. 2] Do a replica install with '--setup-ca' on Replica-1 3] Do a replica install with '--setup-ca' on Replica-2 3.1] Generate a replica file on Replica-2 for Replica-3 4] On Replica-3, Do an replica install with '--setup-ca' Then run 'ipa-csreplica-manage list' on Master, Replica1, Replica-2, Replica-3 On Master --------- [root@neptune ~]# ipa-csreplica-manage list -p Secret123 mars.lab.eng.pnq.redhat.com: CA not configured neptune.lab.eng.pnq.redhat.com: master silverbolt.lab.eng.pnq.redhat.com: master uranus.lab.eng.pnq.redhat.com: master [root@neptune ~]# [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 neptune.lab.eng.pnq.redhat.com silverbolt.lab.eng.pnq.redhat.com [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 silverbolt.lab.eng.pnq.redhat.com neptune.lab.eng.pnq.redhat.com uranus.lab.eng.pnq.redhat.com [root@neptune slapd-LAB-ENG-PNQ-REDHAT-COM]# On Replica-1 (mars. This is replica of Master with --setup-ca) ------------ [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 mars.lab.eng.pnq.redhat.com: CA not configured neptune.lab.eng.pnq.redhat.com: master silverbolt.lab.eng.pnq.redhat.com: master uranus.lab.eng.pnq.redhat.com: master [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# (Expected) [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 mars.lab.eng.pnq.redhat.com Can't contact LDAP server [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 silverbolt.lab.eng.pnq.redhat.com neptune.lab.eng.pnq.redhat.com uranus.lab.eng.pnq.redhat.com [root@mars slapd-LAB-ENG-PNQ-REDHAT-COM]# On Replica-2 (silverbolt. This is replica of Master with --setup-ca) ------------ [root@silverbolt ~]# ipa-csreplica-manage list -p Secret123 mars.lab.eng.pnq.redhat.com: CA not configured neptune.lab.eng.pnq.redhat.com: master silverbolt.lab.eng.pnq.redhat.com: master uranus.lab.eng.pnq.redhat.com: master [root@silverbolt slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 silverbolt.lab.eng.pnq.redhat.com neptune.lab.eng.pnq.redhat.com uranus.lab.eng.pnq.redhat.com [root@silverbolt slapd-LAB-ENG-PNQ-REDHAT-COM]# [root@silverbolt slapd-LAB-ENG-PNQ-REDHAT-COM]# ipa-csreplica-manage list -p Secret123 uranus.lab.eng.pnq.redhat.com silverbolt.lab.eng.pnq.redhat.com [root@silverbolt slapd-LAB-ENG-PNQ-REDHAT-COM]# On Replica-3 (uranus. This is replica of uranus with --setup-ca) ------------ [root@uranus network-scripts]# ipa-csreplica-manage list -p Secret123 mars.lab.eng.pnq.redhat.com: CA not configured neptune.lab.eng.pnq.redhat.com: master silverbolt.lab.eng.pnq.redhat.com: master uranus.lab.eng.pnq.redhat.com: master [root@uranus network-scripts]# [root@uranus network-scripts]# ipa-csreplica-manage list -p Secret123 uranus.lab.eng.pnq.redhat.com silverbolt.lab.eng.pnq.redhat.com [root@uranus network-scripts]# [root@uranus network-scripts]# ipa-csreplica-manage list -p Secret123 silverbolt.lab.eng.pnq.redhat.com neptune.lab.eng.pnq.redhat.com uranus.lab.eng.pnq.redhat.com [root@uranus network-scripts]# Created attachment 586670 [details]
Test verification info, stdout for Master and Replica Installs.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |