Issue #7488: Set nsds5ReplicaReleaseTimeout on all replicas and databases - freeipa

freeipa

#7488 Set nsds5ReplicaReleaseTimeout on all replicas and databases

Closed: fixed 7 years ago Opened 7 years ago by cheimes.

German wrote on https://bugzilla.redhat.com/show_bug.cgi?id=1565633

in ipa environments, we need the least delay in replication, particularly when we install a replica. We have seen that in environments of only 4 replicas, the monopolization of consumers is already taking place and sometimes preventing the replica to be installed.

Particularly we can see failures in custodia component that adds keys in one node and checks the keys have been updated in the other node. This is failing by timeout.

We can workaround this issue by setting "nsds5ReplicaReleaseTimeout: 60" at replica level in all the replicas.

The setting is explained at http://directory.fedoraproject.org/docs/389ds/design/repl-conv-design.html . 389-DS recommends 60 seconds as a good and sane default value.

The settings must be applied on each 389-DS instance for each database:

cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config
cn=replica,cn=dc\3Dipa...,cn=mapping tree,cn=config (actual name depends on environment)

The settings must be added/updated as part of a regular installation or update:

ipa-server-install
ipa-server-upgrade
ipa-replica-install
ipa-ca-install
ipa-kra-install (?)

Metadata Update from @cheimes:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1565633

7 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5)

7 years ago

Metadata Update from @cheimes:
- Issue assigned to cheimes

7 years ago

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1800

7 years ago

cheimes commented 7 years ago

master:

afc0d4b Add nsds5ReplicaReleaseTimeout to replica config

cheimes commented 7 years ago

master:

7c8fd56 Fix upgrade (update_replica_config) in single master mode

cheimes commented 7 years ago

ipa-4-5:

8a0d4fe Add nsds5ReplicaReleaseTimeout to replica config
cec7233 Fix upgrade (update_replica_config) in single master mode

cheimes commented 7 years ago

ipa-4-6:

0f7acc3 Add nsds5ReplicaReleaseTimeout to replica config
34078ca Fix upgrade (update_replica_config) in single master mode

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

cheimes commented 7 years ago

master:

84ae625 check nsds5ReplicaReleaseTimeout option was set

cheimes commented 7 years ago

master:

811b0fd Tune DS replication settings

cheimes commented 7 years ago

ipa-4-6:

6ba653c Tune DS replication settings

cheimes commented 7 years ago

ipa-4-5:

ec60901 replicainstall: DS SSL replica install pick right certmonger host
5ef8333 Fix race condition in get_locations_records()
a9cc862 Tune DS replication settings
79fe981 Auto-retry failed certmonger requests
f3dd0cb Wait for client certificates

Metadata

Assignee

cheimes

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

FreeIPA 4.5.5

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/1800

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1565633

freeipa

Source Code

#7488 Set nsds5ReplicaReleaseTimeout on all replicas and databases Closed: fixed 7 years ago Opened 7 years ago by cheimes.

Metadata

#7488 Set nsds5ReplicaReleaseTimeout on all replicas and databases

Closed: fixed 7 years ago Opened 7 years ago by cheimes.