Sometimes the update_dna_shared_config plugin attempts to update the DNA (distributed number assignment) configuration and fails to update posix-ids and subordinate-ids 60 seconds each. This problem slows down installation of an IPA server or replica by 2 minutes and leaves a misconfigured DNA entry.
update_dna_shared_config
posix-ids
subordinate-ids
2023-03-14T15:21:12Z DEBUG Found DNA config cn=posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2023-03-14T15:21:12Z DEBUG dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test 2023-03-14T15:21:12Z DEBUG Got only one entry. Retry again in 2 sec. ... 2023-03-14T15:22:13Z DEBUG Got only one entry. Retry again in 2 sec. 2023-03-14T15:22:15Z ERROR Could not get dnaHostname entries in 60 seconds 2023-03-14T15:22:15Z DEBUG Found DNA config cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2023-03-14T15:22:15Z DEBUG dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test 2023-03-14T15:22:15Z DEBUG Got only one entry. Retry again in 2 sec. ... 2023-03-14T15:23:15Z DEBUG Got only one entry. Retry again in 2 sec. 2023-03-14T15:23:17Z ERROR Could not get dnaHostname entries in 60 seconds2023-03-14T15:21:12Z DEBUG Found DNA config cn=posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2023-03-14T15:21:12Z DEBUG dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test 2023-03-14T15:21:12Z DEBUG Got only one entry. Retry again in 2 sec. ... 2023-03-14T15:22:13Z DEBUG Got only one entry. Retry again in 2 sec. 2023-03-14T15:22:15Z ERROR Could not get dnaHostname entries in 60 seconds 2023-03-14T15:22:15Z DEBUG Found DNA config cn=Subordinate IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config 2023-03-14T15:22:15Z DEBUG dnaSharedCfgDN: cn=subordinate-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test 2023-03-14T15:22:15Z DEBUG Got only one entry. Retry again in 2 sec. ... 2023-03-14T15:23:15Z DEBUG Got only one entry. Retry again in 2 sec. 2023-03-14T15:23:17Z ERROR Could not get dnaHostname entries in 60 seconds
The plugin should finish immediately.
ipa-server-4.10.0-8.el9_1.x86_64
See https://pagure.io/freeipa/issue/8831
The DNA plugin of 389-DS creates the entries under dnaSharedCfgDN. The entries are created a short while after start/restart of DS. Every server gets two entries. One of the entries seems to be created with a delay.
# ldapsearch -Y EXTERNAL -H ldapi://%2Frun%2Fslapd-IPA-TEST.socket -b cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=ipa,dc=test -s one -LLL createTimestamp SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: dnaHostname=server.ipahcc.test+dnaPortNum=0,cn=posix-ids,cn=dna,cn=ipa,cn= etc,dc=ipa,dc=test createTimestamp: 20230314152123Z dn: dnaHostname=server.ipahcc.test+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,c n=etc,dc=ipa,dc=test createTimestamp: 20230314152649Z dn: dnaHostname=replica1.ipahcc.test+dnaPortNum=0,cn=posix-ids,cn=dna,cn=ipa,c n=etc,dc=ipa,dc=test createTimestamp: 20230314153353Z dn: dnaHostname=replica1.ipahcc.test+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa ,cn=etc,dc=ipa,dc=test createTimestamp: 20230314153539Z
master:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.