[Freeipa-users] Adding indexes for the automounter - odd results
Rich Megginson
rmeggins at redhat.com
Mon Sep 10 22:21:46 UTC 2012
On 09/10/2012 04:16 PM, Dmitri Pal wrote:
> On 09/10/2012 05:27 PM, Rich Megginson wrote:
>> On 09/10/2012 03:01 PM, Sigbjorn Lie wrote:
>>> On 09/10/2012 10:36 PM, Rich Megginson wrote:
>>>> On 09/10/2012 01:59 PM, Sigbjorn Lie wrote:
>>>>> Hi,
>>>>>
>>>>> I added indexes for automountKey, and automountmapname yesterday in
>>>>> my test environment to see if that would speed the automounters up
>>>>> a bit, and now the automounters does not always work. They manage
>>>>> to look up the map, but not the keys in the map.
>>>>>
>>>>> Restarting the automounter sometimes work for some maps, but then
>>>>> the other maps stop working.
>>>>>
>>>>> Below is an example from the messages file when doing doing "ls
>>>>> /prog."
>>>>>
>>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_mount: lookup(ldap):
>>>>> looking up nagios
>>>>> Sep 10 19:55:22 mordor automount[3041]: find_dc_server: trying
>>>>> server uri ldap://ipa01.ix.test.com:389
>>>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap):
>>>>> auth_required: 2, sasl_mech GSSAPI
>>>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: Attempting
>>>>> sasl bind with mechanism GSSAPI
>>>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with
>>>>> context (nil), id 16385.
>>>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with
>>>>> context (nil), id 16385.
>>>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: sasl bind
>>>>> with mechanism GSSAPI succeeded
>>>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap):
>>>>> autofs_sasl_bind returned 0
>>>>> Sep 10 19:55:22 mordor automount[3041]: connected to uri
>>>>> ldap://ipa01.ix.test.com:389
>>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>>> searching for
>>>>> "(&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))"
>>>>> under
>>>>> "automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>>> getting first entry for automountKey="nagios"
>>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>>> got answer, but no entry for
>>>>> (&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))
>>>>> Sep 10 19:55:22 mordor automount[3041]: dev_ioctl_send_fail: token
>>>>> = 798
>>>>> Sep 10 19:55:22 mordor automount[3041]: failed to mount /prog/nagios
>>>>> Sep 10 19:55:22 mordor automount[3041]: handle_packet: type = 3
>>>>> Sep 10 19:55:22 mordor automount[3041]:
>>>>> handle_packet_missing_indirect: token 799, name os, request pid 3233
>>>>>
>>>>>
>>>>>
>>>>> All folders return like this:
>>>>>
>>>>> ls: cannot access /prog/nagios: No such file or directory
>>>>>
>>>>>
>>>>>
>>>>> The 389-ds access log looks like this:
>>>>>
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 BIND dn="" method=sasl
>>>>> version=3 mech=GSSAPI
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 RESULT err=14 tag=97
>>>>> nentries=0 etime=0, SASL bind in progress
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 BIND dn="" method=sasl
>>>>> version=3 mech=GSSAPI
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 RESULT err=0 tag=97
>>>>> nentries=0 etime=0
>>>>> dn="fqdn=mordor.ix.test.com,cn=computers,cn=accounts,dc=ix,dc=test,dc=com"
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 SRCH
>>>>> base="automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>>>>> scope=2
>>>>> filter="(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))"
>>>>> attrs="automountKey automountInformation"
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 RESULT err=0 tag=101
>>>>> nentries=0 etime=0
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 UNBIND
>>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 fd=86 closed - U1
>>>>>
>>>>>
>>>>> Running the query manually return:
>>>>>
>>>>> ~$ ldapsearch -YGSSAPI -b
>>>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com '(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))'
>>>>>
>>>>> SASL/GSSAPI authentication started
>>>>> SASL username: user at IX.TEST.COM
>>>>> SASL SSF: 56
>>>>> SASL data security layer installed.
>>>>> # extended LDIF
>>>>> #
>>>>> # LDAPv3
>>>>> # base
>>>>> <automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com>
>>>>> with scope subtree
>>>>> # filter:
>>>>> (&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))
>>>>> # requesting: ALL
>>>>> #
>>>>>
>>>>> # search result
>>>>> search: 4
>>>>> result: 0 Success
>>>>>
>>>>> # numResponses: 1
>>>>>
>>>>>
>>>>>
>>>>> Running this search without any filter returns:
>>>>> $ ldapsearch -YGSSAPI -b
>>>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>>>>
>>>>> <lot of stuff cut away>
>>>>>
>>>>> # utils -vers\3D3\2Csec\3Dsys filer01:/volumes/p00/prog/utils,
>>>>> auto_prog,
>>>>> svg1, automount, ix.test.com
>>>>> dn: description=utils -vers\3D3\2Csec\3Dsys
>>>>> filer01:/volumes/p00/prog/util
>>>>> s,automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>>>>
>>>>> description: utils -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>>>> automountInformation: -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>>>> automountKey: utils
>>>>> objectClass: automount
>>>>> objectClass: top
>>>>>
>>>>> <lot of stuff cut away>
>>>>>
>>>>> The two indexes I created are these:
>>>>>
>>>>> # automountkey, index, userRoot, ldbm database, plugins, config
>>>>> dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm
>>>>> database,cn=plugins,cn=config
>>>>> cn: automountkey
>>>>> objectClass: top
>>>>> objectClass: nsIndex
>>>>> nsSystemIndex: false
>>>>> nsIndexType: eq
>>>>>
>>>>> # automountmapname, index, userRoot, ldbm database, plugins, config
>>>>> dn: cn=automountmapname,cn=index,cn=userRoot,cn=ldbm
>>>>> database,cn=plugins,cn=co
>>>>> nfig
>>>>> cn: automountmapname
>>>>> objectClass: top
>>>>> objectClass: nsIndex
>>>>> nsSystemIndex: false
>>>>> nsIndexType: eq
>>>>>
>>>>> And then I ran at these commands:
>>>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>>>> Manager" -w - -n userroot -t automountmapname:eq -v
>>>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>>>> Manager" -w - -n userroot -t automountkey:eq -v
>>>>>
>>>>> What is going on?
>>>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
>>>> dbscan -f
>>>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountmapname.db*
>>>> dbscan -f
>>>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountkey.db*
>>> I just ran these commands before you sent your email:
>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>> Manager" -w - -n userroot -t automountmapname -v
>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>> Manager" -w - -n userroot -t automountkey -v
>>>
>>> But only on one IPA server. This might explain why the automounter
>>> was working every now and then as I am using the SRV records for the
>>> automounter to discover the LDAP server hostname.
>>>
>>> The commands you sent show everything as being OK now.
>>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
>>> -rw------- 1 dirsrv dirsrv 16384 Sep 10 21:57 automountkey.db4
>>> -rw------- 1 dirsrv dirsrv 16384 Sep 9 22:07 automountmapname.db4
>>>
>>> The dbscan commands lists all the automount maps and keys as:
>>> <cut>
>>> =auto.direct
>>> =auto.master
>>> <cut>
>>>
>>> and:
>>> <cut>
>>> =utils
>>> <cut>
>>>
>>> Did an error occur when I initially created the indexes? Was it
>>> incorrect to specify ":eq" ?
>> Looks like there is a bug in db2index_add_indexed_attr - it should
>> split the comma delimited list of index types after the ":" into
>> separate values of the nsIndexType attribute.
>>
>> If you don't specify the ":type,type" then it uses the defaults that
>> you have configured.
> Rich should we rise a DS ticket here?
Yes. https://fedorahosted.org/389/ticket/453
>>>
>>> Regards,
>>> Siggi
>>>
>>>
>>>
>>>
>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list