[Freeipa-users] Fixed: time drift issue-- Re: Bug or feature? IPA replicas at the beginning can not see other replicas installed later

Rob Crittenden rcritten at redhat.com
Wed May 30 15:58:04 UTC 2012 

David Copperfield wrote:
> Hi all,
>
> Sorry, this is a false IPA alarm. I've duplicated the same steps in the
> initial email and this time it works as expected.
>
> It is not a bug inside IPA; but most probably a issue on time
> drift/management of VMware Linux guests. After installation of VMware's
> patching tar ball to deal with time issues, the IPA installation works
> without a glitch.
>
> This is definitely a lesson on IPA installation: date/time control is
> the mandatory task.

Yes, time is very important for both replication and Kerberos.

Glad to hear you are back in business. Thanks for following up.

regards

rob

>
> Thanks.
>
> --David
>
>
>
>
>
> ------------------------------------------------------------------------
> *From:* David Copperfield <cao2dan at yahoo.com>
> *To:* David Copperfield <cao2dan at yahoo.com>; Rich Megginson
> <rmeggins at redhat.com>; "dpal at redhat.com" <dpal at redhat.com>; Rob
> Crittenden <rcritten at redhat.com>; "freeipa-users at redhat.com"
> <freeipa-users at redhat.com>
> *Sent:* Saturday, May 19, 2012 5:29 PM
> *Subject:* Re: [Freeipa-users] Bug or feature? IPA replicas at the
> beginning can not see other replicas installed later
>
> Hi all,
>
> I tried another way below to install replicas one by one, and this time
> it works as expected -- all replicas, installed at the beginning and
> later, all see everyone.
>
> 1, install Master A, restart IPA service.
>
> 2, prepare replication file and install Replica B, restart IPA service
> on B, then A.
>
> 3, prepare replication file and install Replica C, restart IPA services
> on C, then B, then A.
>
> 4, prepare replication file and install Replica D, restart IPA services
> on D, then C, then B, then A.
>
> Now all IPA servers can see all.
>
> The major differences from the steps included in the former emails:
>
> 1, create replication info files at different times. this time the
> file(s) are created after at every step, against all at the same time
> before the first replica is installed.
>
> 2, restart IPA services after each replica installation. the intention
> is trying to sync replication information at IPA services startup.
>
> 3, Misc. before installation of IPA master and all replicas, I synced
> time difference to inside one second across. and then reboot all servers
> A, B, C and D. Double check that the time difference is still inside one
> second.
>
> Not sure this is related to the IPA's replication info file preparation
> timing, or the IPA services restarts, or other preparation work, But it
> will do no harm if some other can duplicate the steps and see whether we
> end up the same results.
>
> BTW, any one knows how the replication servers info is propagated from
> one replica to another replica via IPA master hub? How long it takes, etc.
>
> Thanks.
>
> --David
> ------------------------------------------------------------------------
> *From:* David Copperfield <cao2dan at yahoo.com>
> *To:* Rich Megginson <rmeggins at redhat.com>; "dpal at redhat.com"
> <dpal at redhat.com>; Rob Crittenden <rcritten at redhat.com>
> *Cc:* "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Sent:* Saturday, May 19, 2012 3:26 PM
> *Subject:* [Freeipa-users] Bug or feature? IPA replicas at the beginning
> can not see other replicas installed later
>
> Hi Rich, Rob and all,
>
> I'm trying to test the IPA replica restoration solutions, with a daily
> IPA replica backup, following your steps in another email. But I got
> interrupted by another problem popped up. The problem is here: (all IPA
> masters are replicas are 2.1.3 on redhat 6.2).
>
> The same setup is tested: A is the master, B, C, D are replicas. A works
> as a HUB, and B,C,D are replicated with A directly and only.
>
> A
> / | \
> B C D
>
> The setup procedure is as the following:
>
> 1, Install A and restart IPA services (ipactl restart)
> 2, create replicas information files for B, C, D.
> 3, install replica B.
> 4, install replica C.
> 5, Install replica D.
>
> At here run 'ipa-replica-manage list' on A, B, C, D separately and we
> found the following odd results:
>
> 1, on Master A:
> see all A, B, C, D
>
> 2, on replica B: (the first installed replica)
> see only A, B
>
> 3, on replica C: (the second installed replica)
> see only A, B, C
>
> 4, on the replica D: (the last installed replica)
> see all A, B, C, D
> wait for 10 minutes and check again still no change; restart IPA
> services on A, B, C, D still see no changes; reboot all A, B, C, D still
> see no changes. Though the 'ipa-csreplica-mange list' command shows ALL
> A,B,C,D servers on all A,B,C,D servers.
>
> And so the command 'ipa-manage-list D' on replicas C reports that 'D is
> not in the public server list.'
>
> The setup and testing environment takes no more than one hour to duplicate.
>
> Thanks.
>
> --Gelen
>
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>

More information about the Freeipa-users mailing list