Tuesday, November 2, 2021

[389-users] Re: Cleaning up a disabled replica

Hi Iain,
On 389-ds we don't have the CLI tools I mentioned before.

So to remove the changelog from the supplier server you can run:

    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
    dn: cn=changelog5,cn=config
    changetype: delete

Directory Server automatically removes the content in the changelog directory after you remove the cn=changelog5,cn=config entry.
When you'll need to enable the replication again, you can create the cn=changelog5,cn=config entry.

And as mentioned by Mark, is it 'cn=changelog5,cn=config' you mean? As we also have 'retro changelog plugin':

"I just want to confirm that you are not seeing issues with the "retro changelog plugin".  This is the "cn=changelog" backend.  That can be disabled regardless of the replication state of the backend."

See his email in the main thread.


On Tue, Nov 2, 2021 at 11:56 AM Morgan, Iain (ARC-TN)[InuTeq, LLC] <iain.morgan@nasa.gov> wrote:

Thanks for the response. We are using the Redhat-provided RPM's of 389-ds on RHEL 7.9.


On 11/1/21, 18:16, "Simon Pichugin" <spichugi@redhat.com> wrote:

    Hi Iain,what 389 DS version do you have?

    You can safely remove the changelog on the test servers where replication is disabled. As it no longer holds a true record of all modifications while replication is disabled.
    So a changelog can be effectively deleted by deleting the log file.

    If your 389 DS version 1.4.0-1.4.3, you can use the next commands:
    First, please, verify whether replication is disabled for all suffixes:

        # dsconf -D "cn=Directory Manager" ldap://supplier.example.com <https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupplier.example.com%2F&data=04%7C01%7Ciain.morgan%40nasa.gov%7C853cbf0b35594bd6077108d99d9b5ec9%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637714125649414542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uqSzopbllTiNC%2BXQiX4gdqFe7WQcx8g%2FFk%2FinwB6cA8%3D&reserved=0> replication list

    Should display "There are no replicated suffixes".

    And with this command you can delete the changelog:

        # dsconf -D "cn=Directory Manager" ldap://supplier.example.com <https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupplier.example.com%2F&data=04%7C01%7Ciain.morgan%40nasa.gov%7C853cbf0b35594bd6077108d99d9b5ec9%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637714125649414542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uqSzopbllTiNC%2BXQiX4gdqFe7WQcx8g%2FFk%2FinwB6cA8%3D&reserved=0> replication delete-changelog

    On 1.4.4+ versions, you shouldn't have nsslapd-changelogdir so it should be okay there.

    So please, tell us the 389 DS version, so we can confirm if it's a correct solution.


    On Mon, Nov 1, 2021 at 3:57 PM Morgan, Iain (ARC-TN)[InuTeq, LLC] <iain.morgan@nasa.gov> wrote:


    I've got a bit of an unusual situation. I have two test servers that were configured as a multi-master replication pair. One of the servers needed to be used for some separate testing, which required disabling the replication. In the meantime, the second server has been heavily used for regression tests.

    Despite the replication agreements having been disabled for months now, the changelog on the second server continues to grow. It has reached the point where the size has become troublesome, but I am having trouble alleviating the situation.

    I initially tried compacting the changelog, but that made no difference. I later noticed using dbscan -f" that entries aren't being timed out from the changelog. Essentially, it looks like entries are being added to the changelog as we do our periodic regression tests; but since no replication session started, the changelog does not get cleaned up.

    I tried enabling the replication agreement while the first server was down, in the hopes that the cleanup would be triggered. But, that did not work. Is there a way to force the cleanup? Alternatively, since we don't care about the changes, can the changelog safely be deleted?

    Note, I'd prefer to not delete the replication agreement itself, but I would appreciate a way to either prevent entries from being added into the changelog for now or a way to ensure that the entries do not accumulate over time.


    Iain Morgan

389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment