[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=config replication to consumer / slave servers

To: Howard Chu <hyc@symas.com>
Subject: Re: cn=config replication to consumer / slave servers
From: Christopher Strider Cook <ccook@pandora.com>
Date: Fri, 15 Apr 2011 16:53:39 -0700
Cc: Quanah Gibson-Mount <quanah@zimbra.com>, openldap-technical@openldap.org
In-reply-to: <4DA8926F.8020804@symas.com>
References: <4DA79137.5030606@pandora.com> <B8499AD633BE7784DC23FACD@[192.168.1.2]> <4DA8926F.8020804@symas.com>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9


On 4/15/11 11:46 AM, Howard Chu wrote:

Quanah Gibson-Mount wrote:

--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
<ccook@pandora.com>  wrote:

Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl to the slave into cn=config... but that creates a
naming missmatch.

Is there an approved practice to achieve this, or some otherpointers on

avenues to explore?


Use slapo-rwm to rewrite the cn=config_slave database to be cn=config on
the replicas.

No, that never worked well. Use suffixmassage in the syncrepl configstatement. (Added in 2.4.24)

Yes that looks like the right path.. I've just recompiled to gain thissuperpower... But:

So I've got a 'stub' cn=config setup with enough (I think) to get itbooted and connecting to the master to syncrepl over the rest of the config.

olcDatabase\=\{0\}config.ldif  has I think a proper syncrepl line:
olcSyncrepl: {0}rid=001 provider=ldaps://hostxxx.com bindmethod=simp
 le binddn="cn=admin,cn=config_slave" credentials=pass searchbase="

cn=config_slave" suffixmassage="cn=config" schemachecking=ontype=refreshAndPersist retry="60 +"

Something is still not quite right. In the logs I see a few troublingmessages and the local cn=config doesn't update.

Apr 15 16:29:38 ramones slapd[1475]: conn=-1 op=0: config_add_internal:DN="cn=config" already exists

and

Apr 15 16:31:39 ramones slapd[1475]: send_ldap_result: err=67 matched=""text="Use modrdn to change the entry name"

is this because the cn entry for dn: cn=config_slave doesn't getrewritten from cn: config_slave to cn: config by the suffixmassage?


Thanks

Full logs from a replication attempt below.

Apr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=8active_threads=0 tvp=zeroApr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=9active_threads=0 tvp=zeroApr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=10active_threads=0 tvp=zero

Apr 15 16:29:38 ramones slapd[1475]: =>do_syncrepl rid=001
Apr 15 16:29:38 ramones slapd[1475]: =>do_syncrep2 rid=001
Apr 15 16:29:38 ramones slapd[1475]: daemon: added 12r listener=(nil)
Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on 1 descriptor
Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on:
Apr 15 16:29:38 ramones slapd[1475]:

Apr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=8active_threads=0 tvp=NULLApr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=9active_threads=0 tvp=NULLApr 15 16:29:38 ramones slapd[1475]: daemon: epoll: listen=10active_threads=0 tvp=NULL

Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on 1 descriptor
Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on:
Apr 15 16:29:38 ramones slapd[1475]:  12r
Apr 15 16:29:38 ramones slapd[1475]:
Apr 15 16:29:38 ramones slapd[1475]: daemon: read active on 12

Apr 15 16:29:38 ramones slapd[1475]: connection_get(12)
Apr 15 16:29:38 ramones slapd[1475]: connection_get(12): got connid=0
Apr 15 16:29:38 ramones slapd[1475]: =>do_syncrepl rid=001
Apr 15 16:29:38 ramones slapd[1475]: =>do_syncrep2 rid=001

Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]string='cn=config_slave'Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_rule_applyrule='(.*)cn=config_slave$' string='cn=config_slave' [1 pass(es)]Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]res={0,'cn=config'}

Apr 15 16:29:38 ramones slapd[1475]: >>> dnPrettyNormal: <cn=config>

Apr 15 16:29:38 ramones slapd[1475]: <<< dnPrettyNormal: <cn=config>,<cn=config>Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]string='cn=config_slave'Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_rule_applyrule='(.*)cn=config_slave$' string='cn=config_slave' [1 pass(es)]Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]res={0,'cn=config'}Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]string='cn=admin,cn=config'Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_rule_applyrule='(.*)cn=config_slave$' string='cn=admin,cn=config' [1 pass(es)]Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]res={0,'cn=admin,cn=config'}Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]string='cn=config_slave'Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_rule_applyrule='(.*)cn=config_slave$' string='cn=config_slave' [1 pass(es)]Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]res={0,'cn=config'}Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]string='cn=Subschema'Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_rule_applyrule='(.*)cn=config_slave$' string='cn=Subschema' [1 pass(es)]Apr 15 16:29:38 ramones slapd[1475]: ==> rewrite_context_apply [depth=1]res={0,'cn=Subschema'}

Apr 15 16:29:38 ramones slapd[1475]: >>> dnPretty: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnPretty: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnNormalize: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnNormalize: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnPretty: <cn=admin,cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnPretty: <cn=admin,cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnNormalize: <cn=admin,cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnNormalize: <cn=admin,cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnPretty: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnPretty: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnNormalize: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnNormalize: <cn=config>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnPretty: <cn=Subschema>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnPretty: <cn=Subschema>
Apr 15 16:29:38 ramones slapd[1475]: >>> dnNormalize: <cn=Subschema>
Apr 15 16:29:38 ramones slapd[1475]: <<< dnNormalize: <cn=subschema>

Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 insertedUUID 9531bb2c-d970-102f-98bd-9352bfe36c1eApr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=config" "entry" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=module{0},cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=schema,cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"olcBackend={0}hdb,cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"olcDatabase={-1}frontend,cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     EQUALITY

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"olcDatabase={0}config,cn=config" "entryUUID" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 5
Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: conn=-1 op=0 p=0

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: err=0 matched=""text=""

Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 be_search (0)
Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 cn=config

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: add access to"cn=config" "entry" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: add accessgranted by manage(=mwrscxd)Apr 15 16:29:38 ramones slapd[1475]: <= acl_access_allowed: granted todatabase rootApr 15 16:29:38 ramones slapd[1475]: oc_check_required entry(cn=config), objectClass "olcGlobal"

Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "objectClass"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "cn"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "olcArgsFile"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "olcPidFile"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "olcToolThreads"

Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type"olcTLSCACertificateFile"Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type"olcTLSCertificateFile"Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type"olcTLSCertificateKeyFile"Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type"olcTLSVerifyClient"Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type"structuralObjectClass"

Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "entryUUID"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "creatorsName"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "createTimestamp"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "olcLogLevel"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "entryCSN"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "modifiersName"
Apr 15 16:29:38 ramones slapd[1475]: oc_check_allowed type "modifyTimestamp"

Apr 15 16:29:38 ramones slapd[1475]: conn=-1 op=0: config_add_internal:DN="cn=config" already exists

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: conn=-1 op=0 p=0

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: err=68 matched=""text=""Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 be_addcn=config (68)Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=config" "entry" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: => test_filter
Apr 15 16:29:38 ramones slapd[1475]:     PRESENT

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search access to"cn=config" "objectClass" requested

Apr 15 16:29:38 ramones slapd[1475]: <= root access granted

Apr 15 16:29:38 ramones slapd[1475]: => access_allowed: search accessgranted by manage(=mwrscxd)

Apr 15 16:29:38 ramones slapd[1475]: <= test_filter 6
Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: conn=-1 op=0 p=0

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: err=0 matched=""text=""Apr 15 16:29:38 ramones slapd[1475]: <= acl_access_allowed: granted todatabase root

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: conn=-1 op=0 p=0

Apr 15 16:29:38 ramones slapd[1475]: send_ldap_result: err=67 matched=""text="Use modrdn to change the entry name"

Apr 15 16:29:38 ramones slapd[1475]: null_callback : error code 0x43

Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 be_modifycn=config (67)Apr 15 16:29:38 ramones slapd[1475]: syncrepl_entry: rid=001 be_modifyfailed (67)

Apr 15 16:29:38 ramones slapd[1475]: connection_get(12)
Apr 15 16:29:38 ramones slapd[1475]: connection_get(12): got connid=0
Apr 15 16:29:38 ramones slapd[1475]: daemon: removing 12
Apr 15 16:29:38 ramones slapd[1475]: do_syncrepl: rid=001 rc 67 retrying
Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on 1 descriptor
Apr 15 16:29:38 ramones slapd[1475]: daemon: activity on:
Apr 15 16:29:38 ramones slapd[1475]:

Follow-Ups:
- Re: cn=config replication to consumer / slave servers
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: cn=config replication to consumer / slave servers
  - From: Howard Chu <hyc@symas.com>

References:
- cn=config replication to consumer / slave servers
  - From: Christopher Strider Cook <ccook@pandora.com>
- Re: cn=config replication to consumer / slave servers
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: cn=config replication to consumer / slave servers
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Local home directory with ADS LDAP authentication
Next by Date: Re: cn=config replication to consumer / slave servers
Index(es):
- Chronological
- Thread