[Freeipa-users] Gateway_timeout Error
deepak dimri
deepak.dimri2016 at gmail.com
Thu Feb 2 04:42:16 UTC 2017
Hey Martin,
Is gateway error has anything to do with --no-wait-for-dns flag that i used
when i created the replica image? i have another test IPA setup working
fine in the same env and the only difference i see that in that env i did
not use --no-wait-for-dns for replicas
Thanks,
Deepak
On Wed, Feb 1, 2017 at 10:52 PM, deepak dimri <deepak.dimri2016 at gmail.com>
wrote:
> sorry for not replying to all!
>
> I have apache reverse proxy front ending the ipa servers. As i mentioned
> if i try hitting ipa replica WebUI directly then i do get the objects
> loaded on the browser after waiting for over a minute or so. replica server
> (/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}) shows hits coming
> through fine but for some reasons web browser ends up with the gateway
> error.
>
> both the ipa masters are running VERSION: 4.4.0, API_VERSION: 2.213
>
> Kind Regards,
> Deepak
>
>
> On Wed, Feb 1, 2017 at 9:21 PM, Martin Babinsky <mbabinsk at redhat.com>
> wrote:
>
>> On 02/01/2017 04:26 PM, deepak dimri wrote:
>>
>>> Yes, Martin - i do see requests hitting
>>> replica.. /var/log/httpd/error_log shows:
>>>
>>> [Wed Feb 01 15:16:47.469766 2017] [:error] [pid 2464] ipa: INFO:
>>> admin at XXX.XYZ.COM <mailto:admin at XXX.XYZ.COM>: batch:
>>> host_show(u'xxx.abx.xyz <http://xxx.abx.xyz>', rights=True, all=True):
>>> SUCCESS
>>>
>>> I used ansible playbook to build the replica server. ran
>>> ipa-replica-prepare on the primary:
>>> ipa-replica-prepare {{ replica_dns }} --password={{ipa_password}}
>>> --no-wait-for-dns
>>>
>>> copied the replica file over to replica server:
>>> scp -oStrictHostKeyChecking=no -i ~/.ssh/{{ssh_keyname}}.pem
>>> /var/lib/ipa/replica-info-{{ replica_dns }}.gpg root@{{
>>> replica_dns }}:/var/lib/ipa/
>>>
>>> ran the replica install on the replica server:
>>> ipa-replica-install /var/lib/ipa/replica-info-{{ replica_dns }}.gpg
>>> --password={{ipa_password}} --admin-password={{ipa_password}}
>>>
>>> I have notices that if i directly use the replica (bypassing proxy) URL
>>> then the objects shows after waiting for over a minute or so. When i use
>>> proxy pass then it just times out after few seconds.
>>>
>>> No clue why its behaving like this
>>>
>>> Many Thanks,
>>> Deepak
>>>
>>> On Wed, Feb 1, 2017 at 6:45 PM, Martin Babinsky <mbabinsk at redhat.com
>>> <mailto:mbabinsk at redhat.com>> wrote:
>>>
>>> On 02/01/2017 11:17 AM, deepak dimri wrote:
>>>
>>> Hello Martin, Thank you so much for your reply.
>>>
>>> I checked /etc/ipa/default.conf 'xmlrpc_uri' on my secondary
>>> server and
>>> its pointing to its own hostname and not to primary server
>>> hostname :(
>>>
>>> any other clue, Martin?
>>>
>>> I have tried without proxy and again to luck either its throwing
>>> same
>>> gateway_error
>>>
>>> Regards,
>>> Deepak
>>>
>>> On Wed, Feb 1, 2017 at 3:03 PM, Martin Babinsky
>>> <mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>
>>> <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>>>
>>> wrote:
>>>
>>> On 02/01/2017 10:22 AM, deepak dimri wrote:
>>>
>>> Hi All,
>>>
>>> I have two IPA servers - primary and secondary running.
>>> the
>>> secondary
>>> ipa server is installed using ipa replica image of
>>> primary.
>>> While doing
>>> the testing i realised that when i manually shut down my
>>> primary ipa
>>> server making my secondary server to serve the UI. And
>>> now when
>>> i try to
>>> access user or hosts details using my secondary server
>>> then i am
>>> getting
>>> below error in the UI. I am able to login fine though;
>>> it is
>>> just that
>>> when i double click on host objects then i get the error.
>>>
>>>
>>> An error has occurred (GATEWAY_TIMEOUT)
>>>
>>>
>>> I am still trying to troubleshoot as why i am getting
>>> timeout
>>> error but
>>> thought of asking the group here to see if some one can
>>> share
>>> some pointers
>>>
>>> Many Thanks,
>>> Deepak
>>>
>>>
>>> Hi Deepak,
>>>
>>> please check /etc/ipa/default.conf on the secondary server
>>> and check
>>> the value of 'xmlrpc_uri'. Maybe it points to the URL of
>>> primary
>>> server and that's why you get timeouts when it is down.
>>>
>>> Re-setting it to the secondary server itself should fix it.
>>>
>>> --
>>> Martin^3 Babinsky
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>> <https://www.redhat.com/mailman/listinfo/freeipa-users
>>> <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>>
>>> Adding freeipa-users back to loop.
>>>
>>> That is strange, how did you stand up the replica?
>>>
>>> You can also inspect /var/log/http/error_log on the replica to see
>>> whether the commands from the WebUI reach the local HTTP server at
>>> all.
>>>
>>> --
>>> Martin^3 Babinsky
>>>
>>>
>>>
>> Deepak,
>>
>> please keep replying to freeipa-users mailing list, otherwise other
>> members do not get updates on your problem.
>>
>> As for the issues with replica, I did not notice before that you are
>> connecting to WebUI through a proxy, what kind of proxy is that and how is
>> it configured?
>>
>> Nevertheless waiting for over a minute to display entries does not sound
>> right. I would investigate the root cause of this performance regression by
>> checking DS access and error logs on the replica
>> (/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}).
>>
>> Does the master also take so long time to respond? What are the IPA
>> versions of master/replica?
>>
>> --
>> Martin^3 Babinsky
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170202/99a7c85f/attachment.htm>
More information about the Freeipa-users
mailing list