| Summary: | Don't set nsds5replicaupdateschedule in replication agreements | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | jgalipea, mkosek, spoore |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
No documentation needed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:31:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Rob Crittenden
2012-01-25 20:14:05 UTC
Fixed upstream. master: ed061ce91011ce6ebf99c46f6424f0ee14d42def ipa-2-2: 099cb7dc054f6d5941e8243a0c528ac0ace63557 To test: Install IPA Install a replica Verify that entries added on both sides appear as expected on replica run: ipa-replica-manage force-sync --from=<master> Verify that entries added on both sides appear as expected I went so far as to re-initialize and force-sync again and double-checked. Everything was fine for me.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
Would this work for a test here? ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=config"|grep 'nsDS5ReplicaUpdateSchedule: 0000-2359 0123456' I can see this on a 2.1.3-9 install but, testing from a 2.2.0-12 install I don't. For the test in Comment #1, what entries? I ran some user-add/user-find's on 2.1.3-9 and saw them on both sides without missing any so I moved to looking at the Schedule parameter. Is that enough to confirm this is fixed though? Or is there a way to see he actual potential issue on an older version (like 2.1.3-9)? Thanks Yes, that query is fine. You might want to use a base of cn=mapping tree,cn=config instead but it should work fine nonetheless. The entries is what you did. Add users/groups/whatever just to show that replication works without defining an explicit schedule. Verified.
Version :: ipa-server-2.2.0-12.el6.x86_64
Automated Test Results ::
These were manually run. This is being added to ipa-replica-install test automation.
[root@spoore-dvm2 shm]# replicaBugCheck_bz784696
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [ LOG ] :: bugCheck_bz784696: Dont set nsds5replicaupdateschedule in replication agreements
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [12:23:40] :: Quick checks confirming replication. Add on Master, Check on Replica
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test1 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:21:21 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test1 --first=First --last=Last
------------------
Added user "test1"
------------------
User login: test1
First name: First
Last name: Last
Full name: First Last
Display name: First Last
Initials: FL
Home directory: /home/test1
GECOS field: First Last
Login shell: /bin/sh
Kerberos principal: test1
UID: 3007
GID: 3007
Password: False
Kerberos keys available: False
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
User login: test1
First name: First
Last name: Last
Home directory: /home/test1
Login shell: /bin/sh
UID: 3007
GID: 3007
Account disabled: False
Password: False
Member of groups: ipausers
Kerberos keys available: False
:: [ PASS ] :: Running 'ipa user-show test1'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test2 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:23:40 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test2 --first=First --last=Last
------------------
Added user "test2"
------------------
User login: test2
First name: First
Last name: Last
Full name: First Last
Display name: First Last
Initials: FL
Home directory: /home/test2
GECOS field: First Last
Login shell: /bin/sh
Kerberos principal: test2
UID: 3008
GID: 3008
Password: False
Kerberos keys available: False
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
User login: test2
First name: First
Last name: Last
Home directory: /home/test2
Login shell: /bin/sh
UID: 3008
GID: 3008
Account disabled: False
Password: False
Member of groups: ipausers
Kerberos keys available: False
:: [ PASS ] :: Running 'ipa user-show test2'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test1.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:24:20 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test1.testrelm.com --force
-------------------------------
Added host "test1.testrelm.com"
-------------------------------
Host name: test1.testrelm.com
Principal name: host/test1.testrelm.com
Password: False
Keytab: False
Managed by: test1.testrelm.com
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
Host name: test1.testrelm.com
Principal name: host/test1.testrelm.com
Password: False
Keytab: False
Managed by: test1.testrelm.com
:: [ PASS ] :: Running 'ipa host-show test1.testrelm.com'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test2.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:25:00 2012 from spoore-dvm2.testrelm.com
ipa host-add test2.testrelm.com --force
[root@spoore-dvm1 ~]# ipa host-add test2.testrelm.com --force
-------------------------------
Added host "test2.testrelm.com"
-------------------------------
Host name: test2.testrelm.com
Principal name: host/test2.testrelm.com
Password: False
Keytab: False
Managed by: test2.testrelm.com
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
Host name: test2.testrelm.com
Principal name: host/test2.testrelm.com
Password: False
Keytab: False
Managed by: test2.testrelm.com
:: [ PASS ] :: Running 'ipa host-show test2.testrelm.com'
:: [12:26:23] :: Running replica force-sync
ipa: INFO: Setting agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config
:: [ PASS ] :: Running 'ipa-replica-manage force-sync --from=spoore-dvm1.testrelm.com'
:: [12:26:30] :: Quick checks confirming replication after force-sync. Add on Master, Check on Replica
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test3 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:25:47 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test3 --first=First --last=Last
------------------
Added user "test3"
------------------
User login: test3
First name: First
Last name: Last
Full name: First Last
Display name: First Last
Initials: FL
Home directory: /home/test3
GECOS field: First Last
Login shell: /bin/sh
Kerberos principal: test3
UID: 3009
GID: 3009
Password: False
Kerberos keys available: False
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
User login: test3
First name: First
Last name: Last
Home directory: /home/test3
Login shell: /bin/sh
UID: 3009
GID: 3009
Account disabled: False
Password: False
Member of groups: ipausers
Kerberos keys available: False
:: [ PASS ] :: Running 'ipa user-show test3'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test4 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:26:32 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test4 --first=First --last=Last
------------------
Added user "test4"
------------------
User login: test4
First name: First
Last name: Last
Full name: First Last
Display name: First Last
Initials: FL
Home directory: /home/test4
GECOS field: First Last
Login shell: /bin/sh
Kerberos principal: test4
UID: 3010
GID: 3010
Password: False
Kerberos keys available: False
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
User login: test4
First name: First
Last name: Last
Home directory: /home/test4
Login shell: /bin/sh
UID: 3010
GID: 3010
Account disabled: False
Password: False
Member of groups: ipausers
Kerberos keys available: False
:: [ PASS ] :: Running 'ipa user-show test4'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test3.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:27:11 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test3.testrelm.com --force
-------------------------------
Added host "test3.testrelm.com"
-------------------------------
Host name: test3.testrelm.com
Principal name: host/test3.testrelm.com
Password: False
Keytab: False
Managed by: test3.testrelm.com
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
Host name: test3.testrelm.com
Principal name: host/test3.testrelm.com
Password: False
Keytab: False
Managed by: test3.testrelm.com
:: [ PASS ] :: Running 'ipa host-show test3.testrelm.com'
:: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test4.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof
:: [ PASS ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May 7 12:27:52 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test4.testrelm.com --force
-------------------------------
Added host "test4.testrelm.com"
-------------------------------
Host name: test4.testrelm.com
Principal name: host/test4.testrelm.com
Password: False
Keytab: False
Managed by: test4.testrelm.com
[root@spoore-dvm1 ~]#
[root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out'
Host name: test4.testrelm.com
Principal name: host/test4.testrelm.com
Password: False
Keytab: False
Managed by: test4.testrelm.com
:: [ PASS ] :: Running 'ipa host-show test4.testrelm.com'
:: [12:29:12] :: Cleanup test entries
--------------------
Deleted user "test1"
--------------------
:: [ PASS ] :: Running 'ipa user-del test1'
--------------------
Deleted user "test2"
--------------------
:: [ PASS ] :: Running 'ipa user-del test2'
--------------------
Deleted user "test3"
--------------------
:: [ PASS ] :: Running 'ipa user-del test3'
--------------------
Deleted user "test4"
--------------------
:: [ PASS ] :: Running 'ipa user-del test4'
---------------------------------
Deleted host "test1.testrelm.com"
---------------------------------
:: [ PASS ] :: Running 'ipa host-del test1.testrelm.com'
---------------------------------
Deleted host "test2.testrelm.com"
---------------------------------
:: [ PASS ] :: Running 'ipa host-del test2.testrelm.com'
---------------------------------
Deleted host "test3.testrelm.com"
---------------------------------
:: [ PASS ] :: Running 'ipa host-del test3.testrelm.com'
---------------------------------
Deleted host "test4.testrelm.com"
---------------------------------
:: [ PASS ] :: Running 'ipa host-del test4.testrelm.com'
:: [ PASS ] :: BZ 784696 not found
:: [ PASS ] :: Replication Schedule not set. This is expected config for continuous replication
Manual Test Results ::
[root@spoore-dvm2 shm]# ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=mapping tree,cn=config"|grep 'nsDS5Replica'
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=testrelm,dc=com
nsDS5ReplicaId: 3
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/spoore-dvm1.testrelm.com
nsDS5ReplicaName: 66b0c000-985f11e1-91feddfe-5b02b64b
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicaRoot: dc=testrelm,dc=com
nsDS5ReplicaHost: spoore-dvm1.testrelm.com
nsDS5ReplicaPort: 389
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof entryusn krbl
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |