it's active, but it seems not to do anything:
● ipa-ccache-sweep.timer - Remove Expired Kerberos Credential Caches
Loaded: loaded (/usr/lib/systemd/system/ipa-ccache-sweep.timer; enabled;
vendor preset: disabled)
Active: active (elapsed) since Thu 2022-08-11 11:22:44 EDT; 3 days ago
Until: Thu 2022-08-11 11:22:44 EDT; 3 days ago
Trigger: n/a
Triggers: ● ipa-ccache-sweep.service
--------
[Unit]
Description=Remove Expired Kerberos Credential Caches
[Timer]
OnUnitActiveSec=12h
[Install]
WantedBy=timers.target
---------
I believe the intent is that it should run every 12 hours. It doesn't seem to
be doing so. From a web discussion:
OnUnitActiveSec does indeed refer to the time since the service referred to by
the timer has run. But if you only use OnUnitActiveSec and no other trigger
then issue the command to start or enable foo.timer, foo.service will never
run. Why would it, no trigger would ever be activated in the first place:
something needs to trigger the first run of foo.service in order to for you to
ever have 3 seconds pass since it was last run.
So in other words, OnUnitActiveSec can be used to define the interval between
repetitions, but another trigger (like OnActiveSec or OnBootSec) would be
needed to trigger the first run of foo.service to get the ball rolling.
________________________________
From: Jochen Kellner <joc...@jochen.org>
Sent: Sunday, August 14, 2022 12:39 PM
To: Charles Hedrick via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Cc: Charles Hedrick <hedr...@rutgers.edu>
Subject: Re: [Freeipa-users] /run/ipa/ccaches filling
Charles Hedrick via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:
> RHEL 9.0. /run/ipa/ccaches is filling with credential caches. Many are too
> old to be valid.
>
> I assume it's safe to have a cron job delete any more than a day old?
> (that's our maxmum lifetime.) I can't see the lifetime directly,
> because they are encrypted.
On my system I have a (disabled( systemd-timer named
ipa-ccache-sweep.timer. My guess would be that it get's enabled on new
installs, but somehow missed on updates. See the release notes of 4.9.9:
https://www.freeipa.org/page/Releases/4.9.9
Jochen
--
This space is intentionally left blank.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
