Bug 784696
Summary: | Don't set nsds5replicaupdateschedule in replication agreements | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Rob Crittenden <rcritten> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | jgalipea, mkosek, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
No documentation needed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 13:31:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rob Crittenden
2012-01-25 20:14:05 UTC
Fixed upstream. master: ed061ce91011ce6ebf99c46f6424f0ee14d42def ipa-2-2: 099cb7dc054f6d5941e8243a0c528ac0ace63557 To test: Install IPA Install a replica Verify that entries added on both sides appear as expected on replica run: ipa-replica-manage force-sync --from=<master> Verify that entries added on both sides appear as expected I went so far as to re-initialize and force-sync again and double-checked. Everything was fine for me. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed. Would this work for a test here? ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=config"|grep 'nsDS5ReplicaUpdateSchedule: 0000-2359 0123456' I can see this on a 2.1.3-9 install but, testing from a 2.2.0-12 install I don't. For the test in Comment #1, what entries? I ran some user-add/user-find's on 2.1.3-9 and saw them on both sides without missing any so I moved to looking at the Schedule parameter. Is that enough to confirm this is fixed though? Or is there a way to see he actual potential issue on an older version (like 2.1.3-9)? Thanks Yes, that query is fine. You might want to use a base of cn=mapping tree,cn=config instead but it should work fine nonetheless. The entries is what you did. Add users/groups/whatever just to show that replication works without defining an explicit schedule. Verified. Version :: ipa-server-2.2.0-12.el6.x86_64 Automated Test Results :: These were manually run. This is being added to ipa-replica-install test automation. [root@spoore-dvm2 shm]# replicaBugCheck_bz784696 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bugCheck_bz784696: Dont set nsds5replicaupdateschedule in replication agreements :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [12:23:40] :: Quick checks confirming replication. Add on Master, Check on Replica :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa user-add test1 --first=First --last=Last" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:21:21 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa user-add test1 --first=First --last=Last ------------------ Added user "test1" ------------------ User login: test1 First name: First Last name: Last Full name: First Last Display name: First Last Initials: FL Home directory: /home/test1 GECOS field: First Last Login shell: /bin/sh Kerberos principal: test1 UID: 3007 GID: 3007 Password: False Kerberos keys available: False [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' User login: test1 First name: First Last name: Last Home directory: /home/test1 Login shell: /bin/sh UID: 3007 GID: 3007 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False :: [ PASS ] :: Running 'ipa user-show test1' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa user-add test2 --first=First --last=Last" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:23:40 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa user-add test2 --first=First --last=Last ------------------ Added user "test2" ------------------ User login: test2 First name: First Last name: Last Full name: First Last Display name: First Last Initials: FL Home directory: /home/test2 GECOS field: First Last Login shell: /bin/sh Kerberos principal: test2 UID: 3008 GID: 3008 Password: False Kerberos keys available: False [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' User login: test2 First name: First Last name: Last Home directory: /home/test2 Login shell: /bin/sh UID: 3008 GID: 3008 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False :: [ PASS ] :: Running 'ipa user-show test2' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa host-add test1.testrelm.com --force" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:24:20 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa host-add test1.testrelm.com --force ------------------------------- Added host "test1.testrelm.com" ------------------------------- Host name: test1.testrelm.com Principal name: host/test1.testrelm.com Password: False Keytab: False Managed by: test1.testrelm.com [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' Host name: test1.testrelm.com Principal name: host/test1.testrelm.com Password: False Keytab: False Managed by: test1.testrelm.com :: [ PASS ] :: Running 'ipa host-show test1.testrelm.com' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa host-add test2.testrelm.com --force" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:25:00 2012 from spoore-dvm2.testrelm.com ipa host-add test2.testrelm.com --force [root@spoore-dvm1 ~]# ipa host-add test2.testrelm.com --force ------------------------------- Added host "test2.testrelm.com" ------------------------------- Host name: test2.testrelm.com Principal name: host/test2.testrelm.com Password: False Keytab: False Managed by: test2.testrelm.com [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' Host name: test2.testrelm.com Principal name: host/test2.testrelm.com Password: False Keytab: False Managed by: test2.testrelm.com :: [ PASS ] :: Running 'ipa host-show test2.testrelm.com' :: [12:26:23] :: Running replica force-sync ipa: INFO: Setting agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config :: [ PASS ] :: Running 'ipa-replica-manage force-sync --from=spoore-dvm1.testrelm.com' :: [12:26:30] :: Quick checks confirming replication after force-sync. Add on Master, Check on Replica :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa user-add test3 --first=First --last=Last" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:25:47 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa user-add test3 --first=First --last=Last ------------------ Added user "test3" ------------------ User login: test3 First name: First Last name: Last Full name: First Last Display name: First Last Initials: FL Home directory: /home/test3 GECOS field: First Last Login shell: /bin/sh Kerberos principal: test3 UID: 3009 GID: 3009 Password: False Kerberos keys available: False [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' User login: test3 First name: First Last name: Last Home directory: /home/test3 Login shell: /bin/sh UID: 3009 GID: 3009 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False :: [ PASS ] :: Running 'ipa user-show test3' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa user-add test4 --first=First --last=Last" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:26:32 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa user-add test4 --first=First --last=Last ------------------ Added user "test4" ------------------ User login: test4 First name: First Last name: Last Full name: First Last Display name: First Last Initials: FL Home directory: /home/test4 GECOS field: First Last Login shell: /bin/sh Kerberos principal: test4 UID: 3010 GID: 3010 Password: False Kerberos keys available: False [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' User login: test4 First name: First Last name: Last Home directory: /home/test4 Login shell: /bin/sh UID: 3010 GID: 3010 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False :: [ PASS ] :: Running 'ipa user-show test4' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa host-add test3.testrelm.com --force" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:27:11 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa host-add test3.testrelm.com --force ------------------------------- Added host "test3.testrelm.com" ------------------------------- Host name: test3.testrelm.com Principal name: host/test3.testrelm.com Password: False Keytab: False Managed by: test3.testrelm.com [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' Host name: test3.testrelm.com Principal name: host/test3.testrelm.com Password: False Keytab: False Managed by: test3.testrelm.com :: [ PASS ] :: Running 'ipa host-show test3.testrelm.com' :: [ PASS ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1' set timeout 30 set send_slow {1 .1} spawn ssh -l root 192.168.122.101 match_max 100000 sleep 3 expect "*: " send "ipa host-add test4.testrelm.com --force" send "\r" sleep 3 expect "*# " send "" send "\r" expect eof :: [ PASS ] :: Running 'cat /tmp/remote_exec.exp' spawn ssh -l root 192.168.122.101 Last login: Mon May 7 12:27:52 2012 from spoore-dvm2.testrelm.com [root@spoore-dvm1 ~]# ipa host-add test4.testrelm.com --force ------------------------------- Added host "test4.testrelm.com" ------------------------------- Host name: test4.testrelm.com Principal name: host/test4.testrelm.com Password: False Keytab: False Managed by: test4.testrelm.com [root@spoore-dvm1 ~]# [root@spoore-dvm1 ~]# :: [ PASS ] :: Running 'cat /tmp/remote_exec.out' Host name: test4.testrelm.com Principal name: host/test4.testrelm.com Password: False Keytab: False Managed by: test4.testrelm.com :: [ PASS ] :: Running 'ipa host-show test4.testrelm.com' :: [12:29:12] :: Cleanup test entries -------------------- Deleted user "test1" -------------------- :: [ PASS ] :: Running 'ipa user-del test1' -------------------- Deleted user "test2" -------------------- :: [ PASS ] :: Running 'ipa user-del test2' -------------------- Deleted user "test3" -------------------- :: [ PASS ] :: Running 'ipa user-del test3' -------------------- Deleted user "test4" -------------------- :: [ PASS ] :: Running 'ipa user-del test4' --------------------------------- Deleted host "test1.testrelm.com" --------------------------------- :: [ PASS ] :: Running 'ipa host-del test1.testrelm.com' --------------------------------- Deleted host "test2.testrelm.com" --------------------------------- :: [ PASS ] :: Running 'ipa host-del test2.testrelm.com' --------------------------------- Deleted host "test3.testrelm.com" --------------------------------- :: [ PASS ] :: Running 'ipa host-del test3.testrelm.com' --------------------------------- Deleted host "test4.testrelm.com" --------------------------------- :: [ PASS ] :: Running 'ipa host-del test4.testrelm.com' :: [ PASS ] :: BZ 784696 not found :: [ PASS ] :: Replication Schedule not set. This is expected config for continuous replication Manual Test Results :: [root@spoore-dvm2 shm]# ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=mapping tree,cn=config"|grep 'nsDS5Replica' nsDS5ReplicaType: 3 nsDS5ReplicaRoot: dc=testrelm,dc=com nsDS5ReplicaId: 3 nsDS5ReplicaBindDN: cn=replication manager,cn=config nsDS5ReplicaBindDN: krbprincipalname=ldap/spoore-dvm1.testrelm.com nsDS5ReplicaName: 66b0c000-985f11e1-91feddfe-5b02b64b nsDS5ReplicaTransportInfo: LDAP nsDS5ReplicaRoot: dc=testrelm,dc=com nsDS5ReplicaHost: spoore-dvm1.testrelm.com nsDS5ReplicaPort: 389 nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof entryusn krbl nsDS5ReplicaBindMethod: SASL/GSSAPI nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |