#47379 DNA plugin failed to fetch replication agreement
Closed: wontfix None Opened 10 years ago by nkinder.

In an IPA environment, I'm seeing the DNA plugin fail to fetch a replication
agreement. The DNA plugin is trying a replica where there is no replication
agreement. This is causing ipa user-add to fail.

[root@ipaqa64vmd tmp.izaYf564ZD]# ipa user-add test --first=f --last=l
ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
Unable to proceed.

[root@ipaqa64vmd tmp.izaYf564ZD]# ldapsearch -xLLL -D "$ROOTDN" -w "$ROOTDNPWD"
-b "cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config"
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Posix IDs
dnaType: uidNumber
dnaType: gidNumber
dnaNextValue: 1101
dnaMaxValue: 1100
dnaMagicRegen: -1
dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip
aIDobject))
dnaScope: dc=testrelm,dc=com
dnaThreshold: 500
dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com

So, looking in the logs at the time of the failure:

[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to
fetch replication agreement for range
cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server
ipaqa64vmf.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve
replica bind credentials.
...
[29/May/2013:10:03:14 -0400] dna-plugin - dna_get_replica_bind_creds: Failed to
fetch replication agreement for range
cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=testrelm,dc=com, server
cloud-qe-15.testrelm.com, port 389
[29/May/2013:10:03:14 -0400] dna-plugin - dna_request_range: Unable to retrieve
replica bind credentials.
[29/May/2013:10:03:14 -0400] dna-plugin - dna_pre_op: no more values
available!!

After some help from Dev, it was pointed out that my IPA replica is running the
dna-plugin. The plugin fails to get the range from the master because it
doesn't actually have a replication agreement with that master.

Topology is:

R1 - M - R2 - R3 - R4

Failure is occurring on R3. dna-plugin on R3 is attempting to contact M but,
there is not replication agreement. M="master" and was the first IPA server
setup in the environment.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.0.6-1.fc18.x86_64

How reproducible:
very

Steps to Reproduce:
1. Setup IPA environment with similar topology.
2. On R3 or R4, ipa user-add

Actual results:
failure like above.

Expected results:
dna-plugin accurately looks up the range.


If DNA does not find a replication agreement for the first range it selected for a transfer operation, it should cycle through the rest of the available ranges in the shared config (in descending order of available range size). This should continue until we perform a successful range transfer or run out of servers who have available range values.

git merge ticket47379
Updating 9f73f01..3e2262e
Fast-forward
ldap/schema/10dna-plugin.ldif | 38 ++++++-
ldap/servers/plugins/dna/dna.c | 263 ++++++++++++++++++++++++++++++++++++----
2 files changed, 278 insertions(+), 23 deletions(-)

git push origin master
Counting objects: 17, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 3.99 KiB, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
9f73f01..3e2262e master -> master

commit 3e2262e
Author: Mark Reynolds mreynolds@redhat.com
Date: Fri Jun 14 11:05:46 2013 -0400

Pushed to 389-ds-base-1.3.1:
0df4c66..0b4d359 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 5010f50
commit 0b4d359

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.1.3

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/716

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata