#9358 update_dna_shared_config sometimes blocks installation for 2 minutes
Closed: fixed a year ago by frenaud. Opened a year ago by cheimes.

Issue

Sometimes the update_dna_shared_config plugin attempts to update the DNA (distributed number assignment) configuration and fails to update posix-ids and subordinate-ids 60 seconds each. This problem slows down installation of an IPA server or replica by 2 minutes and leaves a misconfigured DNA entry.

Steps to Reproduce

  1. run ipa-server-install
  2. watch ipaserver-install.log

Actual behavior

2023-03-14T15:21:12Z DEBUG Found DNA config cn=posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
2023-03-14T15:21:12Z DEBUG dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test
2023-03-14T15:21:12Z DEBUG Got only one entry. Retry again in 2 sec.
...
2023-03-14T15:22:13Z DEBUG Got only one entry. Retry again in 2 sec.
2023-03-14T15:22:15Z ERROR Could not get dnaHostname entries in 60 seconds
2023-03-14T15:22:15Z DEBUG Found DNA config cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
2023-03-14T15:22:15Z DEBUG dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test
2023-03-14T15:22:15Z DEBUG Got only one entry. Retry again in 2 sec.
...
2023-03-14T15:23:15Z DEBUG Got only one entry. Retry again in 2 sec.
2023-03-14T15:23:17Z ERROR Could not get dnaHostname entries in 60 seconds2023-03-14T15:21:12Z DEBUG Found DNA config cn=posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
2023-03-14T15:21:12Z DEBUG dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test
2023-03-14T15:21:12Z DEBUG Got only one entry. Retry again in 2 sec.
...
2023-03-14T15:22:13Z DEBUG Got only one entry. Retry again in 2 sec.
2023-03-14T15:22:15Z ERROR Could not get dnaHostname entries in 60 seconds
2023-03-14T15:22:15Z DEBUG Found DNA config cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
2023-03-14T15:22:15Z DEBUG dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test
2023-03-14T15:22:15Z DEBUG Got only one entry. Retry again in 2 sec.
...
2023-03-14T15:23:15Z DEBUG Got only one entry. Retry again in 2 sec.
2023-03-14T15:23:17Z ERROR Could not get dnaHostname entries in 60 seconds

Expected behavior

The plugin should finish immediately.

Version/Release/Distribution

ipa-server-4.10.0-8.el9_1.x86_64

Additional info:

See https://pagure.io/freeipa/issue/8831

The DNA plugin of 389-DS creates the entries under dnaSharedCfgDN. The entries are created a short while after start/restart of DS. Every server gets two entries. One of the entries seems to be created with a delay.

# ldapsearch -Y EXTERNAL -H ldapi://%2Frun%2Fslapd-IPA-TEST.socket -b cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test -s one -LLL createTimestamp
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: dnaHostname=server.ipahcc.test+dnaPortNum=0,cn=posix-ids,cn=dna,cn=ipa,cn=
 etc,dc=ipa,dc=test
createTimestamp: 20230314152123Z

dn: dnaHostname=server.ipahcc.test+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,c
 n=etc,dc=ipa,dc=test
createTimestamp: 20230314152649Z

dn: dnaHostname=replica1.ipahcc.test+dnaPortNum=0,cn=posix-ids,cn=dna,cn=ipa,c
 n=etc,dc=ipa,dc=test
createTimestamp: 20230314153353Z

dn: dnaHostname=replica1.ipahcc.test+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa
 ,cn=etc,dc=ipa,dc=test
createTimestamp: 20230314153539Z

master:

  • 903c8f9 Speed up installer by restarting DS after DNA plugin

ipa-4-10:

  • d63756e Speed up installer by restarting DS after DNA plugin

ipa-4-9:

  • 27e9181 Speed up installer by restarting DS after DNA plugin

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata