On 09/10/2012 05:27 PM, Rich Megginson wrote: > On 09/10/2012 03:01 PM, Sigbjorn Lie wrote: >> On 09/10/2012 10:36 PM, Rich Megginson wrote: >>> On 09/10/2012 01:59 PM, Sigbjorn Lie wrote: >>>> Hi, >>>> >>>> I added indexes for automountKey, and automountmapname yesterday in >>>> my test environment to see if that would speed the automounters up >>>> a bit, and now the automounters does not always work. They manage >>>> to look up the map, but not the keys in the map. >>>> >>>> Restarting the automounter sometimes work for some maps, but then >>>> the other maps stop working. >>>> >>>> Below is an example from the messages file when doing doing "ls >>>> /prog." >>>> >>>> Sep 10 19:55:22 mordor automount[3041]: lookup_mount: lookup(ldap): >>>> looking up nagios >>>> Sep 10 19:55:22 mordor automount[3041]: find_dc_server: trying >>>> server uri ldap://ipa01.ix.test.com:389 >>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): >>>> auth_required: 2, sasl_mech GSSAPI >>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: Attempting >>>> sasl bind with mechanism GSSAPI >>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with >>>> context (nil), id 16385. >>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with >>>> context (nil), id 16385. >>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: sasl bind >>>> with mechanism GSSAPI succeeded >>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): >>>> autofs_sasl_bind returned 0 >>>> Sep 10 19:55:22 mordor automount[3041]: connected to uri >>>> ldap://ipa01.ix.test.com:389 >>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): >>>> searching for >>>> "(&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))" >>>> under >>>> "automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com" >>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): >>>> getting first entry for automountKey="nagios" >>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): >>>> got answer, but no entry for >>>> (&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A))) >>>> Sep 10 19:55:22 mordor automount[3041]: dev_ioctl_send_fail: token >>>> = 798 >>>> Sep 10 19:55:22 mordor automount[3041]: failed to mount /prog/nagios >>>> Sep 10 19:55:22 mordor automount[3041]: handle_packet: type = 3 >>>> Sep 10 19:55:22 mordor automount[3041]: >>>> handle_packet_missing_indirect: token 799, name os, request pid 3233 >>>> >>>> >>>> >>>> All folders return like this: >>>> >>>> ls: cannot access /prog/nagios: No such file or directory >>>> >>>> >>>> >>>> The 389-ds access log looks like this: >>>> >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 BIND dn="" method=sasl >>>> version=3 mech=GSSAPI >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 RESULT err=14 tag=97 >>>> nentries=0 etime=0, SASL bind in progress >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 BIND dn="" method=sasl >>>> version=3 mech=GSSAPI >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 RESULT err=0 tag=97 >>>> nentries=0 etime=0 >>>> dn="fqdn=mordor.ix.test.com,cn=computers,cn=accounts,dc=ix,dc=test,dc=com" >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 SRCH >>>> base="automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com" >>>> scope=2 >>>> filter="(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))" >>>> attrs="automountKey automountInformation" >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 RESULT err=0 tag=101 >>>> nentries=0 etime=0 >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 UNBIND >>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 fd=86 closed - U1 >>>> >>>> >>>> Running the query manually return: >>>> >>>> ~$ ldapsearch -YGSSAPI -b >>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com >>>> '(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))' >>>> >>>> SASL/GSSAPI authentication started >>>> SASL username: [email protected] >>>> SASL SSF: 56 >>>> SASL data security layer installed. >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base >>>> <automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com> >>>> with scope subtree >>>> # filter: >>>> (&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a))) >>>> # requesting: ALL >>>> # >>>> >>>> # search result >>>> search: 4 >>>> result: 0 Success >>>> >>>> # numResponses: 1 >>>> >>>> >>>> >>>> Running this search without any filter returns: >>>> $ ldapsearch -YGSSAPI -b >>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com >>>> >>>> <lot of stuff cut away> >>>> >>>> # utils -vers\3D3\2Csec\3Dsys filer01:/volumes/p00/prog/utils, >>>> auto_prog, >>>> svg1, automount, ix.test.com >>>> dn: description=utils -vers\3D3\2Csec\3Dsys >>>> filer01:/volumes/p00/prog/util >>>> s,automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com >>>> >>>> description: utils -vers=3,sec=sys filer01:/volumes/p00/prog/utils >>>> automountInformation: -vers=3,sec=sys filer01:/volumes/p00/prog/utils >>>> automountKey: utils >>>> objectClass: automount >>>> objectClass: top >>>> >>>> <lot of stuff cut away> >>>> >>>> The two indexes I created are these: >>>> >>>> # automountkey, index, userRoot, ldbm database, plugins, config >>>> dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm >>>> database,cn=plugins,cn=config >>>> cn: automountkey >>>> objectClass: top >>>> objectClass: nsIndex >>>> nsSystemIndex: false >>>> nsIndexType: eq >>>> >>>> # automountmapname, index, userRoot, ldbm database, plugins, config >>>> dn: cn=automountmapname,cn=index,cn=userRoot,cn=ldbm >>>> database,cn=plugins,cn=co >>>> nfig >>>> cn: automountmapname >>>> objectClass: top >>>> objectClass: nsIndex >>>> nsSystemIndex: false >>>> nsIndexType: eq >>>> >>>> And then I ran at these commands: >>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory >>>> Manager" -w - -n userroot -t automountmapname:eq -v >>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory >>>> Manager" -w - -n userroot -t automountkey:eq -v >>>> >>>> What is going on? >>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot >>> dbscan -f >>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountmapname.db* >>> dbscan -f >>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountkey.db* >> >> I just ran these commands before you sent your email: >> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory >> Manager" -w - -n userroot -t automountmapname -v >> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory >> Manager" -w - -n userroot -t automountkey -v >> >> But only on one IPA server. This might explain why the automounter >> was working every now and then as I am using the SRV records for the >> automounter to discover the LDAP server hostname. >> >> The commands you sent show everything as being OK now. >> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot >> -rw------- 1 dirsrv dirsrv 16384 Sep 10 21:57 automountkey.db4 >> -rw------- 1 dirsrv dirsrv 16384 Sep 9 22:07 automountmapname.db4 >> >> The dbscan commands lists all the automount maps and keys as: >> <cut> >> =auto.direct >> =auto.master >> <cut> >> >> and: >> <cut> >> =utils >> <cut> >> >> Did an error occur when I initially created the indexes? Was it >> incorrect to specify ":eq" ? > Looks like there is a bug in db2index_add_indexed_attr - it should > split the comma delimited list of index types after the ":" into > separate values of the nsIndexType attribute. > > If you don't specify the ":type,type" then it uses the defaults that > you have configured.
Rich should we rise a DS ticket here? >> >> >> Regards, >> Siggi >> >> >> >> >> > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
