[Freeipa-users] Adding indexes for the automounter - odd results

Rich Megginson rmeggins at redhat.com
Mon Sep 10 21:27:44 UTC 2012 

On 09/10/2012 03:01 PM, Sigbjorn Lie wrote:
> On 09/10/2012 10:36 PM, Rich Megginson wrote:
>> On 09/10/2012 01:59 PM, Sigbjorn Lie wrote:
>>> Hi,
>>>
>>> I added indexes for automountKey, and automountmapname yesterday in 
>>> my test environment to see if that would speed the automounters up a 
>>> bit, and now the automounters does not always work. They manage to 
>>> look up the map, but not the keys in the map.
>>>
>>> Restarting the automounter sometimes work for some maps, but then 
>>> the other maps stop working.
>>>
>>> Below is an example from the messages file when doing doing "ls /prog."
>>>
>>> Sep 10 19:55:22 mordor automount[3041]: lookup_mount: lookup(ldap): 
>>> looking up nagios
>>> Sep 10 19:55:22 mordor automount[3041]: find_dc_server: trying 
>>> server uri ldap://ipa01.ix.test.com:389
>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): 
>>> auth_required: 2, sasl_mech GSSAPI
>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: Attempting 
>>> sasl bind with mechanism GSSAPI
>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with 
>>> context (nil), id 16385.
>>> Sep 10 19:55:22 mordor automount[3041]: getuser_func: called with 
>>> context (nil), id 16385.
>>> Sep 10 19:55:22 mordor automount[3041]: sasl_bind_mech: sasl bind 
>>> with mechanism GSSAPI succeeded
>>> Sep 10 19:55:22 mordor automount[3041]: do_bind: lookup(ldap): 
>>> autofs_sasl_bind returned 0
>>> Sep 10 19:55:22 mordor automount[3041]: connected to uri 
>>> ldap://ipa01.ix.test.com:389
>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): 
>>> searching for 
>>> "(&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))" 
>>> under 
>>> "automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com"
>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): 
>>> getting first entry for automountKey="nagios"
>>> Sep 10 19:55:22 mordor automount[3041]: lookup_one: lookup(ldap): 
>>> got answer, but no entry for 
>>> (&(objectclass=automount)(|(automountKey=nagios)(automountKey=/)(automountKey=\2A)))
>>> Sep 10 19:55:22 mordor automount[3041]: dev_ioctl_send_fail: token = 
>>> 798
>>> Sep 10 19:55:22 mordor automount[3041]: failed to mount /prog/nagios
>>> Sep 10 19:55:22 mordor automount[3041]: handle_packet: type = 3
>>> Sep 10 19:55:22 mordor automount[3041]: 
>>> handle_packet_missing_indirect: token 799, name os, request pid 3233
>>>
>>>
>>>
>>> All folders return like this:
>>>
>>> ls: cannot access /prog/nagios: No such file or directory
>>>
>>>
>>>
>>> The 389-ds access log looks like this:
>>>
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 BIND dn="" method=sasl 
>>> version=3 mech=GSSAPI
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=1 RESULT err=14 tag=97 
>>> nentries=0 etime=0, SASL bind in progress
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 BIND dn="" method=sasl 
>>> version=3 mech=GSSAPI
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=2 RESULT err=0 tag=97 
>>> nentries=0 etime=0 
>>> dn="fqdn=mordor.ix.test.com,cn=computers,cn=accounts,dc=ix,dc=test,dc=com"
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 SRCH 
>>> base="automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com" 
>>> scope=2 
>>> filter="(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))" 
>>> attrs="automountKey automountInformation"
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=3 RESULT err=0 tag=101 
>>> nentries=0 etime=0
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 UNBIND
>>> [10/Sep/2012:19:59:47 +0200] conn=1821 op=4 fd=86 closed - U1
>>>
>>>
>>> Running the query manually return:
>>>
>>> ~$ ldapsearch -YGSSAPI -b 
>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com 
>>> '(&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))' 
>>>
>>> SASL/GSSAPI authentication started
>>> SASL username: user at IX.TEST.COM
>>> SASL SSF: 56
>>> SASL data security layer installed.
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base 
>>> <automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com> 
>>> with scope subtree
>>> # filter: 
>>> (&(objectClass=automount)(|(automountKey=utils)(automountKey=/)(automountKey=\2a)))
>>> # requesting: ALL
>>> #
>>>
>>> # search result
>>> search: 4
>>> result: 0 Success
>>>
>>> # numResponses: 1
>>>
>>>
>>>
>>> Running this search without any filter returns:
>>> $ ldapsearch -YGSSAPI -b 
>>> automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>>
>>> <lot of stuff cut away>
>>>
>>> # utils -vers\3D3\2Csec\3Dsys filer01:/volumes/p00/prog/utils, 
>>> auto_prog,
>>>   svg1, automount, ix.test.com
>>> dn: description=utils -vers\3D3\2Csec\3Dsys 
>>> filer01:/volumes/p00/prog/util
>>>  s,automountmapname=auto_prog,cn=svg1,cn=automount,dc=ix,dc=test,dc=com
>>> description: utils -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>> automountInformation: -vers=3,sec=sys filer01:/volumes/p00/prog/utils
>>> automountKey: utils
>>> objectClass: automount
>>> objectClass: top
>>>
>>> <lot of stuff cut away>
>>>
>>> The two indexes I created are these:
>>>
>>> # automountkey, index, userRoot, ldbm database, plugins, config
>>> dn: cn=automountkey,cn=index,cn=userRoot,cn=ldbm 
>>> database,cn=plugins,cn=config
>>> cn: automountkey
>>> objectClass: top
>>> objectClass: nsIndex
>>> nsSystemIndex: false
>>> nsIndexType: eq
>>>
>>> # automountmapname, index, userRoot, ldbm database, plugins, config
>>> dn: cn=automountmapname,cn=index,cn=userRoot,cn=ldbm 
>>> database,cn=plugins,cn=co
>>>  nfig
>>> cn: automountmapname
>>> objectClass: top
>>> objectClass: nsIndex
>>> nsSystemIndex: false
>>> nsIndexType: eq
>>>
>>> And then I ran at these commands:
>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
>>> Manager" -w - -n userroot -t automountmapname:eq -v
>>> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
>>> Manager" -w - -n userroot -t automountkey:eq -v
>>>
>>> What is going on?
>> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
>> dbscan -f 
>> /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountmapname.db*
>> dbscan -f /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot/automountkey.db*
>
> I just ran these commands before you sent your email:
> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
> Manager" -w - -n userroot -t automountmapname -v
> # /var/lib/dirsrv/scripts-IX-TEST-COM/db2index.pl -D "cn=Directory 
> Manager" -w - -n userroot -t automountkey -v
>
> But only on one IPA server. This might explain why the automounter was 
> working every now and then as I am using the SRV records for the 
> automounter to discover the LDAP server hostname.
>
> The commands you sent show everything as being OK now.
> ls -al /var/lib/dirsrv/slapd-IX-TEST-COM/db/userRoot
> -rw-------  1 dirsrv dirsrv   16384 Sep 10 21:57 automountkey.db4
> -rw-------  1 dirsrv dirsrv   16384 Sep  9 22:07 automountmapname.db4
>
> The dbscan commands lists all the automount maps and keys as:
> <cut>
> =auto.direct
> =auto.master
> <cut>
>
> and:
> <cut>
> =utils
> <cut>
>
> Did an error occur when I initially created the indexes? Was it 
> incorrect to specify ":eq" ?
Looks like there is a bug in db2index_add_indexed_attr - it should split 
the comma delimited list of index types after the ":" into separate 
values of the nsIndexType attribute.

If you don't specify the ":type,type" then it uses the defaults that you 
have configured.
>
>
> Regards,
> Siggi
>
>
>
>
>

More information about the Freeipa-users mailing list