[Freeipa-users] ipa_check_consistency alerts and ERR - slapd_poll - Timed out

Wed, 15 Sep 2021 14:57:01 -0700 

Hi List,

I use ipa_check_consistency
<https://github.com/peterpakos/checkipaconsistency/tree/v1.3.0> as one of
my Nagios monitors. It runs every 5 minutes on each ipa server. For
example:

[root@ipa0 ~]# /usr/local/sbin/ipa_check_consistency -d example.com -H ipa0

Directory Manager password:

FreeIPA servers:    ipa0    STATE

=================================

Active Users        1422    OK

Stage Users         0       OK

Preserved Users     10      OK

User Groups         75      OK

Hosts               848     CRITICAL

Host Groups         39      OK

HBAC Rules          593     OK

SUDO Rules          8       OK

DNS Zones           16      OK

Certificates        244     OK

LDAP Conflicts      NO      OK

Ghost Replicas      NO      OK

Anonymous BIND      YES     OK

Replication Status  ipa2 0  OK

                    ipa1 0

                    ipa3 0

                    ipa5 0

=================================

[root@ipa0 ~]#

All ipa servers report OK for all components but there is one ipa server
which alerts CRITICAL everyday multiple times. The inconsistency alers are
in different components, for example, "Hosts", "Active Users", and so on,
however, it never alerts for "Replication Status" and "LDAP Conflicts".
This is also the only ipa server within the domain which I see "Timed out"
like the following in its /var/log/dirsrv/slapd-EXAMPLE-COM/errors log:

[14/Sep/2021:06:55:40.694662470 -0700] - ERR - slapd_poll - (429) - Timed
out

[14/Sep/2021:16:08:45.441598637 -0700] - ERR - slapd_poll - (1211) - Timed
out

[14/Sep/2021:16:08:55.452150573 -0700] - ERR - slapd_poll - (1211) - Timed
out

[14/Sep/2021:16:09:05.460069764 -0700] - ERR - slapd_poll - (1211) - Timed
out

However, the timestamps of the above may not match when
ipa_check_consistency alerts.

This ipa server's OS is Centos 7-8.2003.0 and IPA version is 4.6.8, API:
2.237.

[root@ipa0 ~]# rpm -qa 389\*

389-ds-base-snmp-1.3.10.1-14.el7_8.x86_64

389-ds-base-libs-1.3.10.1-14.el7_8.x86_64

389-ds-base-1.3.10.1-14.el7_8.x86_64

[root@ipa0 ~]# rpm -qa slapi\*

slapi-nis-0.56.0-13.el7.x86_64

[root@ipa0 ~]#

This may not be the same issue or connected. However, I feel that something
in its configuration is not correct with this ipa server but do not know
what. Since I have other ipa servers which have the same OS, ipa version
and so on but do not exhibit this behavior. Does anyone have any ideas for
troubleshooting?

Thanks!

Kathy.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to