Bug 970225 - DNA plugin failed to fetch replication agreement
DNA plugin failed to fetch replication agreement
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: 389-ds-base (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Rich Megginson
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 971111
  Show dependency treegraph
 
Reported: 2013-06-03 14:44 EDT by Scott Poore
Modified: 2013-11-14 17:13 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 971111 (view as bug list)
Environment:
Last Closed: 2013-11-05 11:19:57 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Poore 2013-06-03 14:44:05 EDT
Description of problem:

In an IPA environment, I'm seeing the DNA plugin fail to fetch a replication agreement.  The DNA plugin is trying a replica where there is no replication agreement.  This is causing ipa user-add to fail.

[root@ipaqa64vmd tmp.izaYf564ZD]# ipa user-add test --first=f --last=l
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.

[root@ipaqa64vmd tmp.izaYf564ZD]# ldapsearch -xLLL -D "$ROOTDN" -w "$ROOTDNPWD" -b "cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config"
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Posix IDs
dnaType: uidNumber
dnaType: gidNumber
dnaNextValue: 1101
dnaMaxValue: 1100
dnaMagicRegen: -1
dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip
 aIDobject))
dnaScope: dc=testrelm,dc=com
dnaThreshold: 500
dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com

So, looking in the logs at the time of the failure:

[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to fetch replication agreement for range cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server ipaqa64vmf.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve replica bind credentials.
...
[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to fetch replication agreement for range cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server cloud-qe-15.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve replica bind credentials.
[29/May/2013:10:03:14 -0400] dna-plugin - dna_pre_op: no more values available!!

After some help from Dev, it was pointed out that my IPA replica is running the dna-plugin.  The plugin fails to get the range from the master because it doesn't actually have a replication agreement with that master.

Topology is:

R1 - M - R2 - R3 - R4

Failure is occurring on R3.  dna-plugin on R3 is attempting to contact M but, there is not replication agreement.  M="master" and was the first IPA server setup in the environment.  


Version-Release number of selected component (if applicable):
389-ds-base-1.3.0.6-1.fc18.x86_64

How reproducible:
very

Steps to Reproduce:
1.  Setup IPA environment with similar topology.  
2.  On R3 or R4, ipa user-add

Actual results:
failure like above.

Expected results:
dna-plugin accurately looks up the range.  

Additional info:
Comment 1 Nathan Kinder 2013-06-03 15:01:54 EDT
Upstream ticket:
https://fedorahosted.org/389/ticket/47379
Comment 2 Rich Megginson 2013-09-27 17:43:21 EDT
This is fixed in F19 (389-ds-base-1.3.1.x).  Is a fix required in F18 (389-ds-base-1.3.0.x)?
Comment 3 Nathan Kinder 2013-11-05 11:19:57 EST
This is fixed in F19, and we have no plans to fix it in F18.  Closing this as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.