David Copperfield wrote:
Hi all,

Sorry, this is a false IPA alarm. I've duplicated the same steps in the
initial email and this time it works as expected.

It is not a bug inside IPA; but most probably a issue on time
drift/management of VMware Linux guests. After installation of VMware's
patching tar ball to deal with time issues, the IPA installation works
without a glitch.

This is definitely a lesson on IPA installation: date/time control is
the mandatory task.

Yes, time is very important for both replication and Kerberos.

Glad to hear you are back in business. Thanks for following up.

regards

rob


Thanks.

--David





------------------------------------------------------------------------
*From:* David Copperfield <cao2...@yahoo.com>
*To:* David Copperfield <cao2...@yahoo.com>; Rich Megginson
<rmegg...@redhat.com>; "d...@redhat.com" <d...@redhat.com>; Rob
Crittenden <rcrit...@redhat.com>; "freeipa-users@redhat.com"
<freeipa-users@redhat.com>
*Sent:* Saturday, May 19, 2012 5:29 PM
*Subject:* Re: [Freeipa-users] Bug or feature? IPA replicas at the
beginning can not see other replicas installed later

Hi all,

I tried another way below to install replicas one by one, and this time
it works as expected -- all replicas, installed at the beginning and
later, all see everyone.

1, install Master A, restart IPA service.

2, prepare replication file and install Replica B, restart IPA service
on B, then A.

3, prepare replication file and install Replica C, restart IPA services
on C, then B, then A.

4, prepare replication file and install Replica D, restart IPA services
on D, then C, then B, then A.

Now all IPA servers can see all.

The major differences from the steps included in the former emails:

1, create replication info files at different times. this time the
file(s) are created after at every step, against all at the same time
before the first replica is installed.

2, restart IPA services after each replica installation. the intention
is trying to sync replication information at IPA services startup.

3, Misc. before installation of IPA master and all replicas, I synced
time difference to inside one second across. and then reboot all servers
A, B, C and D. Double check that the time difference is still inside one
second.

Not sure this is related to the IPA's replication info file preparation
timing, or the IPA services restarts, or other preparation work, But it
will do no harm if some other can duplicate the steps and see whether we
end up the same results.

BTW, any one knows how the replication servers info is propagated from
one replica to another replica via IPA master hub? How long it takes, etc.

Thanks.

--David
------------------------------------------------------------------------
*From:* David Copperfield <cao2...@yahoo.com>
*To:* Rich Megginson <rmegg...@redhat.com>; "d...@redhat.com"
<d...@redhat.com>; Rob Crittenden <rcrit...@redhat.com>
*Cc:* "freeipa-users@redhat.com" <freeipa-users@redhat.com>
*Sent:* Saturday, May 19, 2012 3:26 PM
*Subject:* [Freeipa-users] Bug or feature? IPA replicas at the beginning
can not see other replicas installed later

Hi Rich, Rob and all,

I'm trying to test the IPA replica restoration solutions, with a daily
IPA replica backup, following your steps in another email. But I got
interrupted by another problem popped up. The problem is here: (all IPA
masters are replicas are 2.1.3 on redhat 6.2).

The same setup is tested: A is the master, B, C, D are replicas. A works
as a HUB, and B,C,D are replicated with A directly and only.

A
/ | \
B C D

The setup procedure is as the following:

1, Install A and restart IPA services (ipactl restart)
2, create replicas information files for B, C, D.
3, install replica B.
4, install replica C.
5, Install replica D.

At here run 'ipa-replica-manage list' on A, B, C, D separately and we
found the following odd results:

1, on Master A:
see all A, B, C, D

2, on replica B: (the first installed replica)
see only A, B

3, on replica C: (the second installed replica)
see only A, B, C

4, on the replica D: (the last installed replica)
see all A, B, C, D
wait for 10 minutes and check again still no change; restart IPA
services on A, B, C, D still see no changes; reboot all A, B, C, D still
see no changes. Though the 'ipa-csreplica-mange list' command shows ALL
A,B,C,D servers on all A,B,C,D servers.

And so the command 'ipa-manage-list D' on replicas C reports that 'D is
not in the public server list.'

The setup and testing environment takes no more than one hour to duplicate.

Thanks.

--Gelen






_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to