[Freeipa-users] Server error with multiple clients joining domain simultaneously

[Izzo, Anthony]

I'm seeing what feels like a concurrency error.  I'm in a cloud environment and launching a group of instances which are all trying to join a domain at about the same time via ipa-client-install.  Some of these operations succeed, and others fail.

The error message on those that fail is that they failed to join the domain, and the HTTP response was 500 instead of 200.

The Apache error_log file on the server, shows a python stack trace (which unfortunately I can't reproduce in its entirety here), which culminates in the complaint that a file (/var/run/httpd/ipa/clientcaches/<adminuser>@<domain>) was not found.  What it seems like is that multiple attempts to join the domain from different hosts are stepping on one another.

I'm wondering if I am trying to do something that is not supported, or if I have something misconfigured.  I'm tempted to catch the error and retry after a random interval (the output of the failing command indicates that it is rolling back to the initial state) - that would be the easiest thing.  But if this is pointing to an underlying error on my part I'd rather fix it if possible.

Additional info in case it helps - I'm running RHEL7/FreeIPA4.2 on the servers (two in a replication agreement).  I'm running RHEL6/FreeIPA3.0 on the clients (most recent attempt I tried to launch 7 instances, three of which failed).  Thanks.

Tony


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160128/0f5153ee/attachment.htm>