On Аўт, 09 ліп 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
At the moment I have three FreeIPA systems (replicas), recently
installed with CentOS 9-Stream.
All three of these show this message at irregular intervals.
Jul 03 07:50:44 iparep5.example.com named[541]: zone example.com/IN:
zone_journal_compact: could not get zone size: not found
Jul 03 07:50:51 iparep5.example.com named[541]: zone
16.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 07:51:03 iparep5.example.com named[541]: zone
17.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 07:51:34 iparep5.example.com named[541]: zone
29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 07:52:12 iparep5.example.com named[541]: zone
30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 08:03:51 iparep5.example.com named[541]: zone example.com/IN:
zone_journal_compact: could not get zone size: not found
Jul 03 08:04:52 iparep5.example.com named[541]: zone
29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 08:06:30 iparep5.example.com named[541]: zone
30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 08:18:42 iparep5.example.com named[541]: zone example.com/IN:
zone_journal_compact: could not get zone size: not found
Jul 03 08:20:19 iparep5.example.com named[541]: zone
29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 08:26:23 iparep5.example.com named[541]: zone
30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
Jul 03 08:34:12 iparep5.example.com named[541]: zone example.com/IN:
zone_journal_compact: could not get zone size: not found
Jul 03 08:34:50 iparep5.example.com named[541]: zone
29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
After posting this on the bind-users mailing list I did a bit more
debugging. It turns out that the message is caused by the fact that
bind-dyndb-ldap does not implement the getsize method. Now why didn't
I see this message on my CentOS 8-Stream system? Well, it is because
the bind package went from 9.11.26 to 9.16.23. In that newer version a
new function zone_journal_compact was added which does the following:
zone.c:
journalsize= zone->journalsize;
if(journalsize== -1) {
journalsize= DNS_JOURNAL_SIZE_MAX;
dns_db_currentversion(db, &ver);
result= dns_db_getsize(db, ver, NULL, &dbsize);
dns_db_closeversion(db, &ver, false);
if(result!= ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_journal_compact: "
"could not get zone size: %s",
isc_result_totext(result));
} elseif(dbsize< DNS_JOURNAL_SIZE_MAX/ 2) {
journalsize= (int32_t)dbsize* 2;
}
}
and dns_db_getsize executes this:
isc_result_t
dns_db_getsize(dns_db_t*db, dns_dbversion_t*version, uint64_t*records,
uint64_t*bytes) {
REQUIRE(DNS_DB_VALID(db));
REQUIRE(dns_db_iszone(db));
if(db->methods->getsize!= NULL) {
return((db->methods->getsize)(db, version, records, bytes));
}
return(ISC_R_NOTFOUND);
}
However, the getsize method is not implemented. Thus you'll get the
above mentioned messages. I'm surprised that nobody reported this.
Everybody with FreeIPA + DNS + CentOS 9-Stream should be getting these
messages. The messages are colored in red in journalctl, as if this is
a serious problem. Is it? Or can I ignore this message? -- Kees
Thanks for the analysis. Judging by the code, it is supposed to tell how
many records are in the database and what is their total size in bytes.
This is used in zone maintenance, mostly for zone journal handling. The
latter has less need for bind-dyndb-ldap -backed zones because their
content is not stored locally (in DB files) and can be modified outside
of Bind anyway, so journal data is not valid for it.
Bind expects that some backends might have no getsize() method -- there
are few internal backends such as caches that have no getsize()
implementation. So it is not really a requirement.
The message in zone_journal_compact() would really best be a warning,
not an error.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue