On 09/10/2012 05:27 PM, Rich Megginson wrote:
> On 09/10/2012 03:01 PM, Sigbjorn Lie wrote:
>> On 09/10/2012 10:36 PM, Rich Megginson wrote:
>>> On 09/10/2012 01:59 PM, Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> I added indexes for automountKey, and automountmapname yesterday in
>>>> my test environment to see if that would speed the automounters up
>>>> a bit, and now the automounters does not always work. They manage
>>>> to look up the map, but not the keys in the map.
>>>>
>>>> Restarting the automounter sometimes work for some maps, but then
>>>> the other maps stop working.
>>>>
>>>> Below is an example from the messages file when doing doing "ls
>>>> /prog."
>>>>
>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_mount: lookup(ldap):
>>>> looking up nagios
>>>> Sep 10 19:55:22 mordor automount[3041]: find_dc_server: trying
>>>> server uri ldap://ipa01.ix.test.com:389
>>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap):
>>>> auth_required: 2, sasl_mech GSSAPI
>>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: Attempting
>>>> sasl bind with mechanism GSSAPI
>>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with
>>>> context (nil), id 16385.
>>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with
>>>> context (nil), id 16385.
>>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: sasl bind
>>>> with mechanism GSSAPI succeeded
>>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap):
>>>> autofs_sasl_bind returned 0
>>>> Sep 10 19:55:22 mordor automount[3041]: connected to uri
>>>> ldap://ipa01.ix.test.com:389
>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>> searching for
>>>> "(&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))"
>>>> under
>>>> "automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>> getting first entry for automountKey="nagios"
>>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap):
>>>> got answer, but no entry for
>>>> (&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))
>>>> Sep 10 19:55:22 mordor automount[3041]: dev_ioctl_send_fail: token
>>>> = 798
>>>> Sep 10 19:55:22 mordor automount[3041]: failed to mount /prog/nagios
>>>> Sep 10 19:55:22 mordor automount[3041]: handle_packet: type = 3
>>>> Sep 10 19:55:22 mordor automount[3041]:
>>>> handle_packet_missing_indirect: token 799, name os, request pid 3233
>>>>
>>>>
>>>>
>>>> All folders return like this:
>>>>
>>>> ls: cannot access /prog/nagios: No such file or directory
>>>>
>>>>
>>>>
>>>> The 389-ds access log looks like this:
>>>>
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 BIND dn="" method=sasl
>>>> version=3 mech=GSSAPI
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 RESULT err=14 tag=97
>>>> nentries=0 etime=0, SASL bind in progress
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 BIND dn="" method=sasl
>>>> version=3 mech=GSSAPI
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 RESULT err=0 tag=97
>>>> nentries=0 etime=0
>>>> dn="fqdn=mordor.ix.test.com,cn=computers,cn=accounts,dc=ix,dc=test,dc=com"
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 SRCH
>>>> base="automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>>>> scope=2
>>>> filter="(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))"
>>>> attrs="automountKey automountInformation"
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 RESULT err=0 tag=101
>>>> nentries=0 etime=0
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 UNBIND
>>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 fd=86 closed - U1
>>>>
>>>>
>>>> Running the query manually return:
>>>>
>>>> ~$ ldapsearch -YGSSAPI -b
>>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com 
>>>> '(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))'
>>>>
>>>> SASL/GSSAPI authentication started
>>>> SASL username: u...@ix.test.com
>>>> SASL SSF: 56
>>>> SASL data security layer installed.
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base
>>>> <automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com>
>>>> with scope subtree
>>>> # filter:
>>>> (&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # search result
>>>> search: 4
>>>> result: 0 Success
>>>>
>>>> # numResponses: 1
>>>>
>>>>
>>>>
>>>> Running this search without any filter returns:
>>>> $ ldapsearch -YGSSAPI -b
>>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>>>
>>>> <lot of stuff cut away>
>>>>
>>>> # utils -vers\3D3\2Csec\3Dsys filer01:/volumes/p00/prog/utils,
>>>> auto_prog,
>>>>   svg1, automount, ix.test.com
>>>> dn: description=utils -vers\3D3\2Csec\3Dsys
>>>> filer01:/volumes/p00/prog/util
>>>>  s,automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>>>
>>>> description: utils -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>>> automountInformation: -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>>> automountKey: utils
>>>> objectClass: automount
>>>> objectClass: top
>>>>
>>>> <lot of stuff cut away>
>>>>
>>>> The two indexes I created are these:
>>>>
>>>> # automountkey, index, userRoot, ldbm database, plugins, config
>>>> dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm
>>>> database,cn=plugins,cn=config
>>>> cn: automountkey
>>>> objectClass: top
>>>> objectClass: nsIndex
>>>> nsSystemIndex: false
>>>> nsIndexType: eq
>>>>
>>>> # automountmapname, index, userRoot, ldbm database, plugins, config
>>>> dn: cn=automountmapname,cn=index,cn=userRoot,cn=ldbm
>>>> database,cn=plugins,cn=co
>>>>  nfig
>>>> cn: automountmapname
>>>> objectClass: top
>>>> objectClass: nsIndex
>>>> nsSystemIndex: false
>>>> nsIndexType: eq
>>>>
>>>> And then I ran at these commands:
>>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>>> Manager" -w - -n userroot -t automountmapname:eq -v
>>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>>>> Manager" -w - -n userroot -t automountkey:eq -v
>>>>
>>>> What is going on?
>>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
>>> dbscan -f
>>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountmapname.db*
>>> dbscan -f
>>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountkey.db*
>>
>> I just ran these commands before you sent your email:
>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>> Manager" -w - -n userroot -t automountmapname -v
>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory
>> Manager" -w - -n userroot -t automountkey -v
>>
>> But only on one IPA server. This might explain why the automounter
>> was working every now and then as I am using the SRV records for the
>> automounter to discover the LDAP server hostname.
>>
>> The commands you sent show everything as being OK now.
>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
>> -rw-------  1 dirsrv dirsrv   16384 Sep 10 21:57 automountkey.db4
>> -rw-------  1 dirsrv dirsrv   16384 Sep  9 22:07 automountmapname.db4
>>
>> The dbscan commands lists all the automount maps and keys as:
>> <cut>
>> =auto.direct
>> =auto.master
>> <cut>
>>
>> and:
>> <cut>
>> =utils
>> <cut>
>>
>> Did an error occur when I initially created the indexes? Was it
>> incorrect to specify ":eq" ?
> Looks like there is a bug in db2index_add_indexed_attr - it should
> split the comma delimited list of index types after the ":" into
> separate values of the nsIndexType attribute.
>
> If you don't specify the ":type,type" then it uses the defaults that
> you have configured.

Rich should we rise a DS ticket here?
>>
>>
>> Regards,
>> Siggi
>>
>>
>>
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to