[Freeipa-users] Gateway_timeout Error

Martin Babinsky mbabinsk at redhat.com
Wed Feb 1 15:51:30 UTC 2017 

On 02/01/2017 04:26 PM, deepak dimri wrote:
> Yes, Martin - i do see requests hitting
> replica.. /var/log/httpd/error_log shows:
>
> [Wed Feb 01 15:16:47.469766 2017] [:error] [pid 2464] ipa: INFO:
> admin at XXX.XYZ.COM <mailto:admin at XXX.XYZ.COM>: batch:
> host_show(u'xxx.abx.xyz <http://xxx.abx.xyz>', rights=True, all=True):
> SUCCESS
>
> I used ansible playbook to build the replica server. ran
> ipa-replica-prepare on the primary:
> ipa-replica-prepare {{ replica_dns }} --password={{ipa_password}}
> --no-wait-for-dns
>
> copied the replica file over to replica server:
> scp -oStrictHostKeyChecking=no -i ~/.ssh/{{ssh_keyname}}.pem
> /var/lib/ipa/replica-info-{{ replica_dns }}.gpg root@{{
> replica_dns }}:/var/lib/ipa/
>
> ran the replica install on the replica server:
> ipa-replica-install /var/lib/ipa/replica-info-{{  replica_dns }}.gpg
> --password={{ipa_password}} --admin-password={{ipa_password}}
>
> I have notices that if i directly use the replica (bypassing proxy)  URL
> then the objects shows after waiting for over a minute or so. When i use
> proxy pass then it just times out after few seconds.
>
> No clue why its behaving like this
>
> Many Thanks,
> Deepak
>
> On Wed, Feb 1, 2017 at 6:45 PM, Martin Babinsky <mbabinsk at redhat.com
> <mailto:mbabinsk at redhat.com>> wrote:
>
>     On 02/01/2017 11:17 AM, deepak dimri wrote:
>
>         Hello Martin, Thank you so much for your reply.
>
>         I checked /etc/ipa/default.conf 'xmlrpc_uri' on my secondary
>         server and
>         its pointing to its own hostname and not to primary server
>         hostname :(
>
>         any other clue, Martin?
>
>         I have tried without proxy and again to luck either its throwing
>         same
>         gateway_error
>
>         Regards,
>         Deepak
>
>         On Wed, Feb 1, 2017 at 3:03 PM, Martin Babinsky
>         <mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>
>         <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>>> wrote:
>
>             On 02/01/2017 10:22 AM, deepak dimri wrote:
>
>                 Hi All,
>
>                 I have two IPA servers - primary and secondary running. the
>                 secondary
>                 ipa server is installed using ipa replica image of primary.
>                 While doing
>                 the testing i realised that when i manually shut down my
>         primary ipa
>                 server making my secondary server to serve the UI. And
>         now when
>                 i try to
>                 access user or hosts details using my secondary server
>         then i am
>                 getting
>                 below error in the UI. I am able to login fine though; it is
>                 just that
>                 when i double click on host objects then i get the error.
>
>
>                   An error has occurred (GATEWAY_TIMEOUT)
>
>
>                 I am still trying to troubleshoot as why i am getting
>         timeout
>                 error but
>                 thought of asking the group here to see if some one can
>         share
>                 some pointers
>
>                 Many Thanks,
>                 Deepak
>
>
>             Hi Deepak,
>
>             please check /etc/ipa/default.conf on the secondary server
>         and check
>             the value of 'xmlrpc_uri'. Maybe it points to the URL of primary
>             server and that's why you get timeouts when it is down.
>
>             Re-setting it to the secondary server itself should fix it.
>
>             --
>             Martin^3 Babinsky
>
>             --
>             Manage your subscription for the Freeipa-users mailing list:
>             https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>             <https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>             Go to http://freeipa.org for more info on the project
>
>
>
>     Adding freeipa-users back to loop.
>
>     That is strange, how did you stand up the replica?
>
>     You can also inspect /var/log/http/error_log on the replica to see
>     whether the commands from the WebUI reach the local HTTP server at all.
>
>     --
>     Martin^3 Babinsky
>
>

Deepak,

please keep replying to freeipa-users mailing list, otherwise other 
members do not get updates on your problem.

As for the issues with replica, I did not notice before that you are 
connecting to WebUI through a proxy, what kind of proxy is that and how 
is it configured?

Nevertheless waiting for over a minute to display entries does not sound 
right. I would investigate the root cause of this performance regression 
by checking DS access and error logs on the replica 
(/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}).

Does the master also take so long time to respond? What are the IPA 
versions of master/replica?

-- 
Martin^3 Babinsky

More information about the Freeipa-users mailing list