[Freeipa-users] strange replica install error (another one)
Rich Megginson
rmeggins at redhat.com
Thu Dec 4 14:39:20 UTC 2014
On 12/04/2014 01:45 AM, Petr Spacek wrote:
> On 4.12.2014 05:02, Janelle wrote:
>> Thanks -- still a bit strange that it did not show up on some servers - vary
>> random and intermittent.
>>
>> BTW - a bit of information others might find useful. If you try to use the
>> "LDAP" portion of IPA for authentication - rather than fulling installing the
>> IPA client and using Kerberos - the servers running ds-389 do not do well in
>> handling the load. In other words - a few hundred hosts trying to authenticate
>> via LDAP only will send CPU through the roof and crashes the slapd process
>> often.
That should not happen.
For crashes, we would need to look at some stack traces:
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
For situations when the CPU is through the roof, that is very similar to
debugging hangs:
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs
>> Since IPA is supposed to handle all options, I guess I am disappointed.
>>
>> regards
>> ~J
>>
>>
>> On 12/3/14 2:56 PM, Dmitri Pal wrote:
>>> On 12/03/2014 04:40 PM, Janelle wrote:
>>>> Here is a bit of baffling one on 4.0.5:
>>>>
>>>> Replica install p11-kit???
>>> This is a part of the DNSSEC set of packages.
>>>
>>>> Connection from master to replica is OK.
>>>>
>>>> Connection check OK
>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>>> Configuring NTP daemon (ntpd)
>>>> [1/4]: stopping ntpd
>>>> [2/4]: writing configuration
>>>> ...
>>>>
>>>> Your system may be partly configured.
>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>>
>>>> LDAP error: UNWILLING_TO_PERFORM
>>>> database is read-only
>>>>
>>>>
>>>> Thoughts?
> We need more information about your problem.
>
> As always, please start with information requested on
> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
>
> /var/log/ipa*.log from affected replica will be invaluable (along with exact
> package version numbers [including p11-kit] and repo configuration).
>
More information about the Freeipa-users
mailing list