[Freeipa-users] strange replica install error (another one)
Rich Megginson
rmeggins at redhat.com
Thu Dec 4 14:41:02 UTC 2014
On 12/04/2014 08:39 AM, Rich Megginson wrote:
> On 12/04/2014 01:45 AM, Petr Spacek wrote:
>> On 4.12.2014 05:02, Janelle wrote:
>>> Thanks -- still a bit strange that it did not show up on some
>>> servers - vary
>>> random and intermittent.
>>>
>>> BTW - a bit of information others might find useful. If you try to
>>> use the
>>> "LDAP" portion of IPA for authentication - rather than fulling
>>> installing the
>>> IPA client and using Kerberos - the servers running ds-389 do not do
>>> well in
>>> handling the load. In other words - a few hundred hosts trying to
>>> authenticate
>>> via LDAP only will send CPU through the roof and crashes the slapd
>>> process
>>> often.
>
> That should not happen.
> For crashes, we would need to look at some stack traces:
> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
> For situations when the CPU is through the roof, that is very similar
> to debugging hangs:
> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-hangs
Sorry, forgot to mention that since this is IPA you'll also need to
install the ipa-debuginfo and slapi-nis-debuginfo packages.
>
>>> Since IPA is supposed to handle all options, I guess I am disappointed.
>>>
>>> regards
>>> ~J
>>>
>>>
>>> On 12/3/14 2:56 PM, Dmitri Pal wrote:
>>>> On 12/03/2014 04:40 PM, Janelle wrote:
>>>>> Here is a bit of baffling one on 4.0.5:
>>>>>
>>>>> Replica install p11-kit???
>>>> This is a part of the DNSSEC set of packages.
>>>>
>>>>> Connection from master to replica is OK.
>>>>>
>>>>> Connection check OK
>>>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported
>>>>> attribute
>>>>> Configuring NTP daemon (ntpd)
>>>>> [1/4]: stopping ntpd
>>>>> [2/4]: writing configuration
>>>>> ...
>>>>>
>>>>> Your system may be partly configured.
>>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>>>
>>>>> LDAP error: UNWILLING_TO_PERFORM
>>>>> database is read-only
>>>>>
>>>>>
>>>>> Thoughts?
>> We need more information about your problem.
>>
>> As always, please start with information requested on
>> http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
>>
>> /var/log/ipa*.log from affected replica will be invaluable (along
>> with exact
>> package version numbers [including p11-kit] and repo configuration).
>>
>
More information about the Freeipa-users
mailing list