sorry for not replying to all! I have apache reverse proxy front ending the ipa servers. As i mentioned if i try hitting ipa replica WebUI directly then i do get the objects loaded on the browser after waiting for over a minute or so. replica server (/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}) shows hits coming through fine but for some reasons web browser ends up with the gateway error.
both the ipa masters are running VERSION: 4.4.0, API_VERSION: 2.213 Kind Regards, Deepak On Wed, Feb 1, 2017 at 9:21 PM, Martin Babinsky <mbabi...@redhat.com> wrote: > On 02/01/2017 04:26 PM, deepak dimri wrote: > >> Yes, Martin - i do see requests hitting >> replica.. /var/log/httpd/error_log shows: >> >> [Wed Feb 01 15:16:47.469766 2017] [:error] [pid 2464] ipa: INFO: >> ad...@xxx.xyz.com <mailto:ad...@xxx.xyz.com>: batch: >> host_show(u'xxx.abx.xyz <http://xxx.abx.xyz>', rights=True, all=True): >> SUCCESS >> >> I used ansible playbook to build the replica server. ran >> ipa-replica-prepare on the primary: >> ipa-replica-prepare {{ replica_dns }} --password={{ipa_password}} >> --no-wait-for-dns >> >> copied the replica file over to replica server: >> scp -oStrictHostKeyChecking=no -i ~/.ssh/{{ssh_keyname}}.pem >> /var/lib/ipa/replica-info-{{ replica_dns }}.gpg root@{{ >> replica_dns }}:/var/lib/ipa/ >> >> ran the replica install on the replica server: >> ipa-replica-install /var/lib/ipa/replica-info-{{ replica_dns }}.gpg >> --password={{ipa_password}} --admin-password={{ipa_password}} >> >> I have notices that if i directly use the replica (bypassing proxy) URL >> then the objects shows after waiting for over a minute or so. When i use >> proxy pass then it just times out after few seconds. >> >> No clue why its behaving like this >> >> Many Thanks, >> Deepak >> >> On Wed, Feb 1, 2017 at 6:45 PM, Martin Babinsky <mbabi...@redhat.com >> <mailto:mbabi...@redhat.com>> wrote: >> >> On 02/01/2017 11:17 AM, deepak dimri wrote: >> >> Hello Martin, Thank you so much for your reply. >> >> I checked /etc/ipa/default.conf 'xmlrpc_uri' on my secondary >> server and >> its pointing to its own hostname and not to primary server >> hostname :( >> >> any other clue, Martin? >> >> I have tried without proxy and again to luck either its throwing >> same >> gateway_error >> >> Regards, >> Deepak >> >> On Wed, Feb 1, 2017 at 3:03 PM, Martin Babinsky >> <mbabi...@redhat.com <mailto:mbabi...@redhat.com> >> <mailto:mbabi...@redhat.com <mailto:mbabi...@redhat.com>>> wrote: >> >> On 02/01/2017 10:22 AM, deepak dimri wrote: >> >> Hi All, >> >> I have two IPA servers - primary and secondary running. >> the >> secondary >> ipa server is installed using ipa replica image of >> primary. >> While doing >> the testing i realised that when i manually shut down my >> primary ipa >> server making my secondary server to serve the UI. And >> now when >> i try to >> access user or hosts details using my secondary server >> then i am >> getting >> below error in the UI. I am able to login fine though; it >> is >> just that >> when i double click on host objects then i get the error. >> >> >> An error has occurred (GATEWAY_TIMEOUT) >> >> >> I am still trying to troubleshoot as why i am getting >> timeout >> error but >> thought of asking the group here to see if some one can >> share >> some pointers >> >> Many Thanks, >> Deepak >> >> >> Hi Deepak, >> >> please check /etc/ipa/default.conf on the secondary server >> and check >> the value of 'xmlrpc_uri'. Maybe it points to the URL of >> primary >> server and that's why you get timeouts when it is down. >> >> Re-setting it to the secondary server itself should fix it. >> >> -- >> Martin^3 Babinsky >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> <https://www.redhat.com/mailman/listinfo/freeipa-users> >> <https://www.redhat.com/mailman/listinfo/freeipa-users >> <https://www.redhat.com/mailman/listinfo/freeipa-users>> >> Go to http://freeipa.org for more info on the project >> >> >> >> Adding freeipa-users back to loop. >> >> That is strange, how did you stand up the replica? >> >> You can also inspect /var/log/http/error_log on the replica to see >> whether the commands from the WebUI reach the local HTTP server at >> all. >> >> -- >> Martin^3 Babinsky >> >> >> > Deepak, > > please keep replying to freeipa-users mailing list, otherwise other > members do not get updates on your problem. > > As for the issues with replica, I did not notice before that you are > connecting to WebUI through a proxy, what kind of proxy is that and how is > it configured? > > Nevertheless waiting for over a minute to display entries does not sound > right. I would investigate the root cause of this performance regression by > checking DS access and error logs on the replica > (/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}). > > Does the master also take so long time to respond? What are the IPA > versions of master/replica? > > -- > Martin^3 Babinsky >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project