On 02/01/2017 04:26 PM, deepak dimri wrote:
Yes, Martin - i do see requests hitting
replica.. /var/log/httpd/error_log shows:
[Wed Feb 01 15:16:47.469766 2017] [:error] [pid 2464] ipa: INFO:
ad...@xxx.xyz.com <mailto:ad...@xxx.xyz.com>: batch:
host_show(u'xxx.abx.xyz <http://xxx.abx.xyz>', rights=True, all=True):
SUCCESS
I used ansible playbook to build the replica server. ran
ipa-replica-prepare on the primary:
ipa-replica-prepare {{ replica_dns }} --password={{ipa_password}}
--no-wait-for-dns
copied the replica file over to replica server:
scp -oStrictHostKeyChecking=no -i ~/.ssh/{{ssh_keyname}}.pem
/var/lib/ipa/replica-info-{{ replica_dns }}.gpg root@{{
replica_dns }}:/var/lib/ipa/
ran the replica install on the replica server:
ipa-replica-install /var/lib/ipa/replica-info-{{ replica_dns }}.gpg
--password={{ipa_password}} --admin-password={{ipa_password}}
I have notices that if i directly use the replica (bypassing proxy) URL
then the objects shows after waiting for over a minute or so. When i use
proxy pass then it just times out after few seconds.
No clue why its behaving like this
Many Thanks,
Deepak
On Wed, Feb 1, 2017 at 6:45 PM, Martin Babinsky <mbabi...@redhat.com
<mailto:mbabi...@redhat.com>> wrote:
On 02/01/2017 11:17 AM, deepak dimri wrote:
Hello Martin, Thank you so much for your reply.
I checked /etc/ipa/default.conf 'xmlrpc_uri' on my secondary
server and
its pointing to its own hostname and not to primary server
hostname :(
any other clue, Martin?
I have tried without proxy and again to luck either its throwing
same
gateway_error
Regards,
Deepak
On Wed, Feb 1, 2017 at 3:03 PM, Martin Babinsky
<mbabi...@redhat.com <mailto:mbabi...@redhat.com>
<mailto:mbabi...@redhat.com <mailto:mbabi...@redhat.com>>> wrote:
On 02/01/2017 10:22 AM, deepak dimri wrote:
Hi All,
I have two IPA servers - primary and secondary running. the
secondary
ipa server is installed using ipa replica image of primary.
While doing
the testing i realised that when i manually shut down my
primary ipa
server making my secondary server to serve the UI. And
now when
i try to
access user or hosts details using my secondary server
then i am
getting
below error in the UI. I am able to login fine though; it is
just that
when i double click on host objects then i get the error.
An error has occurred (GATEWAY_TIMEOUT)
I am still trying to troubleshoot as why i am getting
timeout
error but
thought of asking the group here to see if some one can
share
some pointers
Many Thanks,
Deepak
Hi Deepak,
please check /etc/ipa/default.conf on the secondary server
and check
the value of 'xmlrpc_uri'. Maybe it points to the URL of primary
server and that's why you get timeouts when it is down.
Re-setting it to the secondary server itself should fix it.
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>
<https://www.redhat.com/mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>>
Go to http://freeipa.org for more info on the project
Adding freeipa-users back to loop.
That is strange, how did you stand up the replica?
You can also inspect /var/log/http/error_log on the replica to see
whether the commands from the WebUI reach the local HTTP server at all.
--
Martin^3 Babinsky
Deepak,
please keep replying to freeipa-users mailing list, otherwise other
members do not get updates on your problem.
As for the issues with replica, I did not notice before that you are
connecting to WebUI through a proxy, what kind of proxy is that and how
is it configured?
Nevertheless waiting for over a minute to display entries does not sound
right. I would investigate the root cause of this performance regression
by checking DS access and error logs on the replica
(/var/log/dirsrv/slapd-$YOUR_REALM/{access,errors}).
Does the master also take so long time to respond? What are the IPA
versions of master/replica?
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
