[Freeipa-users] Purge old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 file

Tue Dec 22 12:55:06 UTC 2015

Hi,

On 12/22/2015 11:43 AM, David Goudet wrote:
> Hi,
>
> I have multimaster replication environment. On each replica, folder /var/lib/dirsrv/slapd-xxxx/cldb/ has big size (3~GB) and old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 have three month year old:
>
> sudo dbscan -f /var/lib/dirsrv/slapd-xxxx/cldb/ef155b03-dda611e2-a156db20-90xxx06_51c9aed900xxxxxx000.db4 | less
> dbid: 56239e5e000000040000
>          replgen: 1445174777 Sun Oct 18 15:26:17 2015
>          csn: 56239e5e000000040000
>          uniqueid: e55d5e01-26f211e4-9b60db20-90c3b706
>          dn: xxxx
>          operation: modify
>                  krbLastSuccessfulAuth: 20151018132617Z
>                  modifiersname: cn=Directory Manager
>                  modifytimestamp: 20151018132617Z
>                  entryusn: 68030946
>
> My questions are:
>
> a) How to purge old entries in file /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4? (what is the procedure)
> b) What is the right configuration to limit increase of this file?
setting changelog maxage should be sufficient to trim changes, but the 
age is not the only condition deciding if a recored in the changelog can 
be deleted.
- for each replicaID the last record will never be deleted, independent 
of its age, so if you have replicas in your topology which are not (or 
not frequently) updated directly there will be old changes in the changelog
- if the replica where the trimming is run and if it has replication 
agreements to other replicas, changes which were not yet replicated to 
the other replica will not be purged. So, if you have some stale 
agreements to other replicas this could prevent trimming as well.

Also trimming removes changelog records and frees space internally ro th 
edb4 file  to be reused, but it will not shrink the file size
>
>
>
> This topic has been already talk on https://www.redhat.com/archives/freeipa-users/2013-February/msg00433.html or https://www.redhat.com/archives/freeipa-users/2015-April/msg00573.html but no response work for me.
> Response here seems to be not applicable https://bugzilla.redhat.com/show_bug.cgi?id=1181341 (Centos 7, Fixed In Version: 389-ds-base-1.3.4.0-1.el7)
>
> I used some attributes from the docuementation: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnchangelog5-nsslapd_changelogdir. Old entries are not purged and file increase even after restart service (service dirvsrv start and service dirvsrv stop).
>
> (This test environment values)
> dn: cn=changelog5,cn=config
> objectClass: top
> objectClass: extensibleobject
> cn: changelog5
> ...
> nsslapd-changelogmaxentries: 100
> nsslapd-changelogmaxage: 4m
>
> dn: cn=replica,cn=xxxxx,cn=mapping tree,cn=config
> cn: replica
> nsDS5Flags: 1
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleobject
> nsDS5ReplicaType: 3
> nsDS5ReplicaRoot: dc=xxxxx
> nsds5ReplicaLegacyConsumer: off
> nsDS5ReplicaId: 6
> nsDS5ReplicaBindDN: cn=replication manager,cn=config
> nsDS5ReplicaBindDN: krbprincipalname=ldap/xxxxxx
>   .LYRA,cn=services,cn=accounts,dc=xxxxx
> nsState:: xxxxx
> nsDS5ReplicaName: d9663d08-a80f11e5-aa48d241-0b88f012
> nsds5ReplicaTombstonePurgeInterval: 200
> nsds5ReplicaPurgeDelay: 200
> nsds5ReplicaChangeCount: 3091
> nsds5replicareapactive: 0
>
> Hereafter some informations about my environment:
> CentOS release 6.5 (Final)
> 389-ds-base-libs-1.2.11.15-65.el6_7.x86_64
> 389-ds-base-1.2.11.15-65.el6_7.x86_64
> ipa-client-3.0.0-47.el6.centos.1.x86_64
> ipa-server-3.0.0-47.el6.centos.1.x86_64
>
> Thanks for your help!
>
> David
>