During parallel ipa-replica-install, each replica will connect to the master and send their updates. There is a good chance that a replica agreement (replica->master) will find the master being BUSY (acquired by an other replica).
This is normal and replica will backoff for sometime. It can lead to ipa-replica-install timeout.
It could be helpfull to reduce nsds5ReplicaReleaseTimeout=10 during that intensive period of parallel install
ipa-replica-install times out
Should not
Possible tuning are dn: cn=replica,cn=<suffix>,cn=mapping tree,cn=config nsds5ReplicaReleaseTimeout=10 nsds5ReplicaBackoffMax: 3
One of the main contributor to failure of parallel install is https://pagure.io/389-ds-base/issue/49818
After a second look a safest tuning is
dn: cn=replica,cn=<suffix>,cn=mapping tree,cn=config nsds5ReplicaReleaseTimeout: 20 nsds5ReplicaBackoffMax: 3
Also a way to mitigate https://pagure.io/389-ds-base/issue/49818 is
dn: cn=replica,cn=<suffix>,cn=mapping tree,cn=config nsDS5ReplicaBindDnGroupCheckInterval: 2
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1599569
Issue linked to Bugzilla: Bug 1599569
The issue has been address in Pagure issue #7617 and PR https://github.com/freeipa/freeipa/pull/2111 . The fix has landed in master, 4.6, and 4.5 branch.
Metadata Update from @cheimes: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2111 - Issue assigned to cheimes - Issue close_status updated to: fixed - Issue set to the milestone: FreeIPA 4.5.5
Login to comment on this ticket.