[Freeipa-users] Adding indexes for the automounter - odd results

Sigbjorn Lie sigbjorn at nixtra.com
Mon Sep 10 21:01:52 UTC 2012 

On 09/10/2012 10:36 PM, Rich Megginson wrote:
> On 09/10/2012 01:59 PM, Sigbjorn Lie wrote:
>> Hi,
>>
>> I added indexes for automountKey, and automountmapname yesterday in 
>> my test environment to see if that would speed the automounters up a 
>> bit, and now the automounters does not always work. They manage to 
>> look up the map, but not the keys in the map.
>>
>> Restarting the automounter sometimes work for some maps, but then the 
>> other maps stop working.
>>
>> Below is an example from the messages file when doing doing "ls /prog."
>>
>> Sep 10 19:55:22 mordor automount[3041]: lookup_mount: lookup(ldap): 
>> looking up nagios
>> Sep 10 19:55:22 mordor automount[3041]: find_dc_server: trying server 
>> uri ldap://ipa01.ix.test.com:389
>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): 
>> auth_required: 2, sasl_mech GSSAPI
>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: Attempting 
>> sasl bind with mechanism GSSAPI
>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with 
>> context (nil), id 16385.
>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with 
>> context (nil), id 16385.
>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: sasl bind 
>> with mechanism GSSAPI succeeded
>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): 
>> autofs_sasl_bind returned 0
>> Sep 10 19:55:22 mordor automount[3041]: connected to uri 
>> ldap://ipa01.ix.test.com:389
>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): 
>> searching for 
>> "(&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))" 
>> under 
>> "automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): 
>> getting first entry for automountKey="nagios"
>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): got 
>> answer, but no entry for 
>> (&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))
>> Sep 10 19:55:22 mordor automount[3041]: dev_ioctl_send_fail: token = 798
>> Sep 10 19:55:22 mordor automount[3041]: failed to mount /prog/nagios
>> Sep 10 19:55:22 mordor automount[3041]: handle_packet: type = 3
>> Sep 10 19:55:22 mordor automount[3041]: 
>> handle_packet_missing_indirect: token 799, name os, request pid 3233
>>
>>
>>
>> All folders return like this:
>>
>> ls: cannot access /prog/nagios: No such file or directory
>>
>>
>>
>> The 389-ds access log looks like this:
>>
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 BIND dn="" method=sasl 
>> version=3 mech=GSSAPI
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 RESULT err=14 tag=97 
>> nentries=0 etime=0, SASL bind in progress
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 BIND dn="" method=sasl 
>> version=3 mech=GSSAPI
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 RESULT err=0 tag=97 
>> nentries=0 etime=0 
>> dn="fqdn=mordor.ix.test.com,cn=computers,cn=accounts,dc=ix,dc=test,dc=com"
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 SRCH 
>> base="automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com" 
>> scope=2 
>> filter="(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))" 
>> attrs="automountKey automountInformation"
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 RESULT err=0 tag=101 
>> nentries=0 etime=0
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 UNBIND
>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 fd=86 closed - U1
>>
>>
>> Running the query manually return:
>>
>> ~$ ldapsearch -YGSSAPI -b 
>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com 
>> '(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))' 
>>
>> SASL/GSSAPI authentication started
>> SASL username: user at IX.TEST.COM
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>> #
>> # LDAPv3
>> # base 
>> <automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com> with 
>> scope subtree
>> # filter: 
>> (&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 4
>> result: 0 Success
>>
>> # numResponses: 1
>>
>>
>>
>> Running this search without any filter returns:
>> $ ldapsearch -YGSSAPI -b 
>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>
>> <lot of stuff cut away>
>>
>> # utils -vers\3D3\2Csec\3Dsys filer01:/volumes/p00/prog/utils, 
>> auto_prog,
>>   svg1, automount, ix.test.com
>> dn: description=utils -vers\3D3\2Csec\3Dsys 
>> filer01:/volumes/p00/prog/util
>>  s,automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>> description: utils -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>> automountInformation: -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>> automountKey: utils
>> objectClass: automount
>> objectClass: top
>>
>> <lot of stuff cut away>
>>
>> The two indexes I created are these:
>>
>> # automountkey, index, userRoot, ldbm database, plugins, config
>> dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm 
>> database,cn=plugins,cn=config
>> cn: automountkey
>> objectClass: top
>> objectClass: nsIndex
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>> # automountmapname, index, userRoot, ldbm database, plugins, config
>> dn: cn=automountmapname,cn=index,cn=userRoot,cn=ldbm 
>> database,cn=plugins,cn=co
>>  nfig
>> cn: automountmapname
>> objectClass: top
>> objectClass: nsIndex
>> nsSystemIndex: false
>> nsIndexType: eq
>>
>> And then I ran at these commands:
>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
>> Manager" -w - -n userroot -t automountmapname:eq -v
>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
>> Manager" -w - -n userroot -t automountkey:eq -v
>>
>> What is going on?
> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
> dbscan -f 
> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountmapname.db*
> dbscan -f /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountkey.db*

I just ran these commands before you sent your email:
# /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
Manager" -w - -n userroot -t automountmapname -v
# /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
Manager" -w - -n userroot -t automountkey -v

But only on one IPA server. This might explain why the automounter was 
working every now and then as I am using the SRV records for the 
automounter to discover the LDAP server hostname.

The commands you sent show everything as being OK now.
ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
-rw-------  1 dirsrv dirsrv   16384 Sep 10 21:57 automountkey.db4
-rw-------  1 dirsrv dirsrv   16384 Sep  9 22:07 automountmapname.db4

The dbscan commands lists all the automount maps and keys as:
<cut>
=auto.direct
=auto.master
<cut>

and:
<cut>
=utils
<cut>

Did an error occur when I initially created the indexes? Was it 
incorrect to specify ":eq" ?


Regards,
Siggi

More information about the Freeipa-users mailing list