Issue #49292: Replica agreement using gssapi may have transient initial failure, RA status should show it may recover - 389-ds-base

389-ds-base

#49292 Replica agreement using gssapi may have transient initial failure, RA status should show it may recover

Closed: wontfix 4 months ago by spichugi. Opened 3 years ago by tbordaz.

Issue Description

A replica agreement binding with GSSAPI may get initial failure to bind while the KDC is getting up.

In such case replica agreement status is a generic "Problem connecting to replica"

It would be interesting in case of failure in the first attempts to bind (GSSAPI) to either log a less scary status or retry after a short delay.

Package Version and Platform

all

Steps to reproduce

1.install master-replica with a kdc that is slow to startup
2.
3.

Actual results

If KDC is not startup at the time of the first bind, we get ""Problem connecting to replica"

Expected results

Possibly get something like: ""Problem connecting to replica possibly a transient failure..."
Then if it fails more than 2 times then set ""Problem connecting to replica"

tbordaz commented 3 years ago

It is expected in 7.5 for better support

Metadata Update from @tbordaz:
- Custom field origin adjusted to IPA
- Custom field type adjusted to defect

3 years ago

firstyear commented 3 years ago

This is purely an IPA issue: The KDC depends on LDAP, and LDAP repl relies on the KDC. This chicken and egg issue can not be resolved I don't think, so we just have to cop the failure.

tbordaz commented 3 years ago

@firstyear Not sure it is chicken and egg. KDC slow startup exists independently of existence of replication agreements. I think the interest of the ticket is for administration. Would it help an administrator to know that "problem of connection" is a red flag and "Temporary problem of connection" an orange flag that can later turn to red. ?

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.3.7.0

3 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to None
- Issue set to the milestone: 1.4.2 (was: 1.3.7.0)

a year ago

Metadata Update from @vashirov:
- Issue set to the milestone: 1.4.4 (was: 1.4.2)

10 months ago

spichugi commented 4 months ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2351

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 months ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

1.4.4

reviewstatus

None

rhbz

None

origin

IPA

389-ds-base

Source Code

#49292 Replica agreement using gssapi may have transient initial failure, RA status should show it may recover Closed: wontfix 4 months ago by spichugi. Opened 3 years ago by tbordaz.

Issue Description

Package Version and Platform

Steps to reproduce

Actual results

Expected results

Metadata

#49292 Replica agreement using gssapi may have transient initial failure, RA status should show it may recover

Closed: wontfix 4 months ago by spichugi. Opened 3 years ago by tbordaz.