Bug 1565633 - nsds5ReplicaReleaseTimeout should be set by default.
Summary: nsds5ReplicaReleaseTimeout should be set by default.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Christian Heimes
QA Contact: Ganna Kaihorodova
URL:
Whiteboard:
Depends On:
Blocks: 1579189 1615893
TreeView+ depends on / blocked
 
Reported: 2018-04-10 12:59 UTC by German Parente
Modified: 2018-10-30 10:59 UTC (History)
11 users (show)

Fixed In Version: ipa-4.6.4-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1579189 1615893 (view as bug list)
Environment:
Last Closed: 2018-10-30 10:58:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3406141 None None None 2018-04-10 15:13:53 UTC
Red Hat Product Errata RHBA-2018:3187 None None None 2018-10-30 10:59:53 UTC

Description German Parente 2018-04-10 12:59:26 UTC
Description of problem:

in ipa environments, we need the least delay in replication, particularly when we install a replica. We have seen that in environments of only 4 replicas, the monopolization of consumers is already taking place and sometimes preventing the replica to be installed.

Particularly we can see failures in custodia component that adds keys in one node and checks the keys have been updated in the other node. This is failing by timeout.

We can workaround this issue by setting "nsds5ReplicaReleaseTimeout: 60" at replica level in all the replicas. 

We need this set by default. I could provide more details if needed.


Version-Release number of selected component (if applicable): RHEL7.4


How reproducible: at least two customers are having this issue while installing a replica.

Comment 2 German Parente 2018-04-10 13:00:09 UTC
The solution is to add this attribute at replica level.

More information here:

http://directory.fedoraproject.org/docs/389ds/design/repl-conv-design.html

Comment 3 Petr Vobornik 2018-04-10 15:44:35 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7488

Comment 4 Christian Heimes 2018-04-12 18:32:36 UTC
Fixed upstream
master:
https://pagure.io/freeipa/c/afc0d4b62d043cd568ce87400f60e8fa8273495f

The patch adds nsds5ReplicaReleaseTimeout on installation and server upgrade to replication settings on all databases.

Comment 10 Christian Heimes 2018-06-20 10:44:17 UTC
Ganna has created an integration test for the issue, https://pagure.io/freeipa/c/84ae625fe2c3786f7c5430f23a55c171ff54e110

Comment 13 Christian Heimes 2018-08-08 06:25:04 UTC
Ganna added a reproducer test to upstream in commit https://github.com/freeipa/freeipa/commit/84ae625fe2c3786f7c5430f23a55c171ff54e110#diff-f6f37f4dcea301557db7e120b956c7f2

Comment 16 Florence Blanc-Renaud 2018-08-14 13:25:17 UTC
Proposing for 7.5.z as 7.4.z hotfix is being requested by Nokia.

Comment 19 errata-xmlrpc 2018-10-30 10:58:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3187


Note You need to log in before you can comment on or make changes to this bug.