784696 – Don't set nsds5replicaupdateschedule in replication agreements

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 784696 - Don't set nsds5replicaupdateschedule in replication agreements

Summary: Don't set nsds5replicaupdateschedule in replication agreements

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-25 20:14 UTC by Rob Crittenden
Modified:	2015-05-19 13:36 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ipa-2.2.0-1.el6
Doc Type:	Bug Fix
Doc Text:	No documentation needed.
Clone Of:
Environment:
Last Closed:	2012-06-20 13:31:42 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0819	0	normal	SHIPPED_LIVE	ipa bug fix and enhancement update	2012-06-19 20:34:17 UTC

Description Rob Crittenden 2012-01-25 20:14:05 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/1482

IPA creates replication agreements with an update schedule of 0000-2359 0123456. The 389-ds team says it is better to leave it unset if we want it to run all the time.

Comment 1 Rob Crittenden 2012-01-25 20:17:24 UTC

Fixed upstream.

master: ed061ce91011ce6ebf99c46f6424f0ee14d42def

ipa-2-2: 099cb7dc054f6d5941e8243a0c528ac0ace63557 

To test:

Install IPA
Install a replica
Verify that entries added on both sides appear as expected

on replica run: ipa-replica-manage force-sync --from=<master>

Verify that entries added on both sides appear as expected

I went so far as to re-initialize and force-sync again and double-checked. Everything was fine for me.

Comment 4 Martin Kosek 2012-04-20 12:19:37 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.

Comment 5 Scott Poore 2012-05-05 00:37:39 UTC

Would this work for a test here?

ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=config"|grep 'nsDS5ReplicaUpdateSchedule: 0000-2359 0123456'

I can see this on a 2.1.3-9 install but, testing from a 2.2.0-12 install I don't. 

For the test in Comment #1, what entries?  I ran some user-add/user-find's on 2.1.3-9 and saw them on both sides without missing any so I moved to looking at the Schedule parameter.  Is that enough to confirm this is fixed though?   Or is there a way to see he actual potential issue on an older version (like 2.1.3-9)?

Thanks

Comment 6 Rob Crittenden 2012-05-07 13:01:49 UTC

Yes, that query is fine. You might want to use a base of cn=mapping tree,cn=config instead but it should work fine nonetheless.

The entries is what you did. Add users/groups/whatever just to show that replication works without defining an explicit schedule.

Comment 7 Scott Poore 2012-05-07 17:49:24 UTC

Verified.

Version :: ipa-server-2.2.0-12.el6.x86_64

Automated Test Results ::

These were manually run.  This is being added to ipa-replica-install test automation.

[root@spoore-dvm2 shm]# replicaBugCheck_bz784696 

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bugCheck_bz784696: Dont set nsds5replicaupdateschedule in replication agreements
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [12:23:40] ::  Quick checks confirming replication.  Add on Master, Check on Replica
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test1 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:21:21 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test1 --first=First --last=Last

------------------
Added user "test1"
------------------
  User login: test1
  First name: First
  Last name: Last
  Full name: First Last
  Display name: First Last
  Initials: FL
  Home directory: /home/test1
  GECOS field: First Last
  Login shell: /bin/sh
  Kerberos principal: test1
  UID: 3007
  GID: 3007
  Password: False
  Kerberos keys available: False
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  User login: test1
  First name: First
  Last name: Last
  Home directory: /home/test1
  Login shell: /bin/sh
  UID: 3007
  GID: 3007
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
:: [   PASS   ] :: Running 'ipa user-show test1'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test2 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:23:40 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test2 --first=First --last=Last

------------------
Added user "test2"
------------------
  User login: test2
  First name: First
  Last name: Last
  Full name: First Last
  Display name: First Last
  Initials: FL
  Home directory: /home/test2
  GECOS field: First Last
  Login shell: /bin/sh
  Kerberos principal: test2
  UID: 3008
  GID: 3008
  Password: False
  Kerberos keys available: False
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  User login: test2
  First name: First
  Last name: Last
  Home directory: /home/test2
  Login shell: /bin/sh
  UID: 3008
  GID: 3008
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
:: [   PASS   ] :: Running 'ipa user-show test2'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test1.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:24:20 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test1.testrelm.com --force

-------------------------------
Added host "test1.testrelm.com"
-------------------------------
  Host name: test1.testrelm.com
  Principal name: host/test1.testrelm.com
  Password: False
  Keytab: False
  Managed by: test1.testrelm.com
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  Host name: test1.testrelm.com
  Principal name: host/test1.testrelm.com
  Password: False
  Keytab: False
  Managed by: test1.testrelm.com
:: [   PASS   ] :: Running 'ipa host-show test1.testrelm.com'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test2.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:25:00 2012 from spoore-dvm2.testrelm.com
ipa host-add test2.testrelm.com --force
[root@spoore-dvm1 ~]# ipa host-add test2.testrelm.com --force

-------------------------------
Added host "test2.testrelm.com"
-------------------------------
  Host name: test2.testrelm.com
  Principal name: host/test2.testrelm.com
  Password: False
  Keytab: False
  Managed by: test2.testrelm.com
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  Host name: test2.testrelm.com
  Principal name: host/test2.testrelm.com
  Password: False
  Keytab: False
  Managed by: test2.testrelm.com
:: [   PASS   ] :: Running 'ipa host-show test2.testrelm.com'
:: [12:26:23] ::  Running replica force-sync
ipa: INFO: Setting agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config schedule to 2358-2359 0 to force synch
ipa: INFO: Deleting schedule 2358-2359 0 from agreement cn=meTospoore-dvm2.testrelm.com,cn=replica,cn=dc\3Dtestrelm\2Cdc\3Dcom,cn=mapping tree,cn=config
:: [   PASS   ] :: Running 'ipa-replica-manage force-sync --from=spoore-dvm1.testrelm.com'
:: [12:26:30] ::  Quick checks confirming replication after force-sync.  Add on Master, Check on Replica
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test3 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:25:47 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test3 --first=First --last=Last

------------------
Added user "test3"
------------------
  User login: test3
  First name: First
  Last name: Last
  Full name: First Last
  Display name: First Last
  Initials: FL
  Home directory: /home/test3
  GECOS field: First Last
  Login shell: /bin/sh
  Kerberos principal: test3
  UID: 3009
  GID: 3009
  Password: False
  Kerberos keys available: False
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  User login: test3
  First name: First
  Last name: Last
  Home directory: /home/test3
  Login shell: /bin/sh
  UID: 3009
  GID: 3009
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
:: [   PASS   ] :: Running 'ipa user-show test3'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa user-add test4 --first=First --last=Last"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:26:32 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa user-add test4 --first=First --last=Last

------------------
Added user "test4"
------------------
  User login: test4
  First name: First
  Last name: Last
  Full name: First Last
  Display name: First Last
  Initials: FL
  Home directory: /home/test4
  GECOS field: First Last
  Login shell: /bin/sh
  Kerberos principal: test4
  UID: 3010
  GID: 3010
  Password: False
  Kerberos keys available: False
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  User login: test4
  First name: First
  Last name: Last
  Home directory: /home/test4
  Login shell: /bin/sh
  UID: 3010
  GID: 3010
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
:: [   PASS   ] :: Running 'ipa user-show test4'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test3.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:27:11 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test3.testrelm.com --force

-------------------------------
Added host "test3.testrelm.com"
-------------------------------
  Host name: test3.testrelm.com
  Principal name: host/test3.testrelm.com
  Password: False
  Keytab: False
  Managed by: test3.testrelm.com
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  Host name: test3.testrelm.com
  Principal name: host/test3.testrelm.com
  Password: False
  Keytab: False
  Managed by: test3.testrelm.com
:: [   PASS   ] :: Running 'ipa host-show test3.testrelm.com'
:: [   PASS   ] :: Running '/usr/bin/expect /tmp/remote_exec.exp >> /tmp/remote_exec.out 2>&1'
set timeout 30
set send_slow {1 .1}
spawn ssh -l root 192.168.122.101
match_max 100000
sleep 3
expect "*: "
send "ipa host-add test4.testrelm.com --force"
send "\r"
sleep 3
expect "*# "
send ""
send "\r"
expect eof 
:: [   PASS   ] :: Running 'cat /tmp/remote_exec.exp'
spawn ssh -l root 192.168.122.101
Last login: Mon May  7 12:27:52 2012 from spoore-dvm2.testrelm.com
[root@spoore-dvm1 ~]# ipa host-add test4.testrelm.com --force

-------------------------------
Added host "test4.testrelm.com"
-------------------------------
  Host name: test4.testrelm.com
  Principal name: host/test4.testrelm.com
  Password: False
  Keytab: False
  Managed by: test4.testrelm.com
[root@spoore-dvm1 ~]# 
[root@spoore-dvm1 ~]# :: [   PASS   ] :: Running 'cat /tmp/remote_exec.out'
  Host name: test4.testrelm.com
  Principal name: host/test4.testrelm.com
  Password: False
  Keytab: False
  Managed by: test4.testrelm.com
:: [   PASS   ] :: Running 'ipa host-show test4.testrelm.com'
:: [12:29:12] ::  Cleanup test entries
--------------------
Deleted user "test1"
--------------------
:: [   PASS   ] :: Running 'ipa user-del test1'
--------------------
Deleted user "test2"
--------------------
:: [   PASS   ] :: Running 'ipa user-del test2'
--------------------
Deleted user "test3"
--------------------
:: [   PASS   ] :: Running 'ipa user-del test3'
--------------------
Deleted user "test4"
--------------------
:: [   PASS   ] :: Running 'ipa user-del test4'
---------------------------------
Deleted host "test1.testrelm.com"
---------------------------------
:: [   PASS   ] :: Running 'ipa host-del test1.testrelm.com'
---------------------------------
Deleted host "test2.testrelm.com"
---------------------------------
:: [   PASS   ] :: Running 'ipa host-del test2.testrelm.com'
---------------------------------
Deleted host "test3.testrelm.com"
---------------------------------
:: [   PASS   ] :: Running 'ipa host-del test3.testrelm.com'
---------------------------------
Deleted host "test4.testrelm.com"
---------------------------------
:: [   PASS   ] :: Running 'ipa host-del test4.testrelm.com'
:: [   PASS   ] :: BZ 784696 not found
:: [   PASS   ] :: Replication Schedule not set.  This is expected config for continuous replication


Manual Test Results :: 

[root@spoore-dvm2 shm]# ldapsearch -x -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=mapping tree,cn=config"|grep 'nsDS5Replica'
nsDS5ReplicaType: 3
nsDS5ReplicaRoot: dc=testrelm,dc=com
nsDS5ReplicaId: 3
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindDN: krbprincipalname=ldap/spoore-dvm1.testrelm.com
nsDS5ReplicaName: 66b0c000-985f11e1-91feddfe-5b02b64b
nsDS5ReplicaTransportInfo: LDAP
nsDS5ReplicaRoot: dc=testrelm,dc=com
nsDS5ReplicaHost: spoore-dvm1.testrelm.com
nsDS5ReplicaPort: 389
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof entryusn krbl
nsDS5ReplicaBindMethod: SASL/GSSAPI
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts

Comment 9 errata-xmlrpc 2012-06-20 13:31:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.