Re: MMR: excessive clock skew

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry for not replying to the original thread, but I just joined this  
list.

On Tue, 13 May 2008, Rich Megginson wrote:

 > Has anyone seen these errors with 1.1?  We fixed a few 64-bit  
issues in 1.1.

I am running two 32-bit FDS 1.1 (fedora-ds-1.1.0-3.fc6) servers, on  
RHEL 5.1, in an MMR configuration.  These servers, which are  
configured behind a load balancer, act as the University's central  
authentication service.  We have are using the password policy plugin  
and have the "passwordisglobalpolicy" setting enabled, so there is a  
substantial amount of write activity due to replication of password- 
policy-related attributes (e.g., passwordRetryCount,  
retryCountResetTime, etc).  Time on both systems is synchronized via  
NTP; clocks are in sync.

We have the same situation as Reinhard Nappert reported on 5/13/2008:  
MMR will work fine for a while (usually a few weeks; the longest  
period we've gone is a month, the shortest time a few hours).   
Eventually replication will fail with the following sequence of  
messages in the errors log:

[24/May/2008:05:18:54 -0700] - csngen_adjust_time: adjustment limit  
exceeded; value - 86401, limit - 86400
[24/May/2008:05:18:54 -0700] NSMMReplicationPlugin - conn=1800  
op=60262 replica="<suffix>": Unable to acquire replica: error:  
excessive clock skew
[24/May/2008:05:20:05 -0700] - csngen_adjust_time: adjustment limit  
exceeded; value - 86401, limit - 86400
[24/May/2008:05:20:05 -0700] NSMMReplicationPlugin -  
agmt="cn=kif2zapp" (zapp:389): Incremental protocol: fatal er
ror - too much time skew between replicas!
[24/May/2008:05:20:05 -0700] NSMMReplicationPlugin -  
agmt="cn=kif2zapp" (zapp:389): Incremental update failed and
requires administrator action

The "csngen_adjust_time" error message always reports the same value  
when this occurs (86401).

We have also employed the workaround described by Chris St. Pierre in https://bugzilla.redhat.com/show_bug.cgi?id=233642 
#c3.  This resolves the problem for a short while, but it always  
reappears.  BTW, I was in contact with Chris recently about his  
experiences with MMR and he said that, in addition to moving to FDS  
1.1, he moved a lot of "frequently updated" data out of FDS and into  
MySQL, and that his problem disappeared afterward; obviously this  
isn't a solution for us as we are utilizing FDS as an authentication  
engine.

We are desperately trying to find a solution to this issue that will  
allow us to continue using MMR...we could resort to a traditional  
passive/active + shared storage HA design, but we want to keep that as  
a last resort.  If there is any additional information I should  
provide, please let me know.

--
Gary Windham
Senior Enterprise Systems Architect
The University of Arizona, UITS
+1 520 626 5981




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux