X509, problem with database replication (Duplicate entries)

torstenbunde · April 19, 2024, 8:23am

Hello @all,

I’ve got a question about the x509 module and a master-master replication we are using in our new environment.

Server operating system: Ubuntu 22.04.4 LTS
PHP version: 8.2.18
MariaDB version: 10.6.16
IcingaDB version: 1.1.1
Icinga Web 2 version: 2.12.1
Icinga 2 version: 2.14.2-1
x509 module version: 1.3.2

We use a master-master setup with virtual IP, which is controlled via HAProxy.

Both databases have corresponding entries regarding auto-increment for replication:

Server A:
[...]
auto-increment-increment = 1
auto increment offset = 2
[...]

Server B:
[...]
auto-increment-increment = 2
auto increment offset = 2
[...]

For all other modules, etc. it works perfectly. Only the x509 module reports errors like the following:

Error 'Duplicate entry '2004' for key 'PRIMARY'' on query. Default database: 'x509'. Query: 'INSERT INTO x509_certificate_chain (target_id,length,ctime) VALUES('29','3',UNIX_TIMESTAMP() * 1000)'

Does anyone here have an idea where there could be an error?

The x509 module is - like all other modules used - activated on both master servers.

rivad · April 19, 2024, 9:08am

IMHO, currently no module officially support running there corresponding service on both masters at the same time!

moreamazingnick · April 19, 2024, 10:15am

if you write in the same database I would recommend to run the systemd service icinga-x509 just once and let a pacemaker take care for a switch.

torstenbunde · April 19, 2024, 10:35am

Thank you in advance for the information! Looks like something to do for the upcoming weekend