Hi, After more investigation i found a solution to fix my problem. Hereafter some details.
I think i had two linked problems: Problem 1: In /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 there was some old entry about ~five months old, it was probably some Tombstone entry. (Replication state between two dirvsrv master/master was good and stable). Problem 2: purge attribute "nsslapd-changelogmaxage" had default value 30 day but the volume of data stored in db4 database was greater than ~4 Go which is space available on /var/lib/ partition. So partition was filled with entry which are prior to 30 days. Problem 1 was solved by removing db4 database (be carreful of impacts, dirsrv replication should work and db well synchronised before do this): service dirsrv stop && mv /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4-old && service dirsrv start Problem 2 was solved by decreasing purge attribute "nsslapd-changelogmaxage" from 30d to 10d (i don't need more data and want to increase partition space). To know: purge seems to be run every five minutes, so freeing entry is not instantaneous, it occurs after ~6 minutes. I agree, you are right: > Also trimming removes changelog records and frees space internally ro the db4 > file to be reused, but it will not shrink the file size I think it is not mandatory but i set default value of following purge parameters: nsDS5ReplicaPurgeDelay: 604800 nsDS5ReplicaTombstonePurgeInterval: 86400 I follwed the good documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html-single/Configuration_Command_and_File_Reference/index.html Thanks for your help! David ----- Original Message ----- From: "Ludwig Krispenz" <lkris...@redhat.com> To: "freeipa-users" <freeipa-users@redhat.com> Sent: Tuesday, December 22, 2015 1:55:06 PM Subject: Re: [Freeipa-users] Purge old entries in /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 file Hi, On 12/22/2015 11:43 AM, David Goudet wrote: > Hi, > > I have multimaster replication environment. On each replica, folder > /var/lib/dirsrv/slapd-xxxx/cldb/ has big size (3~GB) and old entries in > /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 have three month year old: > > sudo dbscan -f > /var/lib/dirsrv/slapd-xxxx/cldb/ef155b03-dda611e2-a156db20-90xxx06_51c9aed900xxxxxx000.db4 > | less > dbid: 56239e5e000000040000 > replgen: 1445174777 Sun Oct 18 15:26:17 2015 > csn: 56239e5e000000040000 > uniqueid: e55d5e01-26f211e4-9b60db20-90c3b706 > dn: xxxx > operation: modify > krbLastSuccessfulAuth: 20151018132617Z > modifiersname: cn=Directory Manager > modifytimestamp: 20151018132617Z > entryusn: 68030946 > > My questions are: > > a) How to purge old entries in file /var/lib/dirsrv/slapd-xxx/cldb/xxx.db4? > (what is the procedure) > b) What is the right configuration to limit increase of this file? setting changelog maxage should be sufficient to trim changes, but the age is not the only condition deciding if a recored in the changelog can be deleted. - for each replicaID the last record will never be deleted, independent of its age, so if you have replicas in your topology which are not (or not frequently) updated directly there will be old changes in the changelog - if the replica where the trimming is run and if it has replication agreements to other replicas, changes which were not yet replicated to the other replica will not be purged. So, if you have some stale agreements to other replicas this could prevent trimming as well. Also trimming removes changelog records and frees space internally ro th edb4 file to be reused, but it will not shrink the file size > > > > This topic has been already talk on > https://www.redhat.com/archives/freeipa-users/2013-February/msg00433.html or > https://www.redhat.com/archives/freeipa-users/2015-April/msg00573.html but no > response work for me. > Response here seems to be not applicable > https://bugzilla.redhat.com/show_bug.cgi?id=1181341 (Centos 7, Fixed In > Version: 389-ds-base-1.3.4.0-1.el7) > > I used some attributes from the docuementation: > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnchangelog5-nsslapd_changelogdir. > Old entries are not purged and file increase even after restart service > (service dirvsrv start and service dirvsrv stop). > > (This test environment values) > dn: cn=changelog5,cn=config > objectClass: top > objectClass: extensibleobject > cn: changelog5 > ... > nsslapd-changelogmaxentries: 100 > nsslapd-changelogmaxage: 4m > > dn: cn=replica,cn=xxxxx,cn=mapping tree,cn=config > cn: replica > nsDS5Flags: 1 > objectClass: top > objectClass: nsds5replica > objectClass: extensibleobject > nsDS5ReplicaType: 3 > nsDS5ReplicaRoot: dc=xxxxx > nsds5ReplicaLegacyConsumer: off > nsDS5ReplicaId: 6 > nsDS5ReplicaBindDN: cn=replication manager,cn=config > nsDS5ReplicaBindDN: krbprincipalname=ldap/xxxxxx > .LYRA,cn=services,cn=accounts,dc=xxxxx > nsState:: xxxxx > nsDS5ReplicaName: d9663d08-a80f11e5-aa48d241-0b88f012 > nsds5ReplicaTombstonePurgeInterval: 200 > nsds5ReplicaPurgeDelay: 200 > nsds5ReplicaChangeCount: 3091 > nsds5replicareapactive: 0 > > Hereafter some informations about my environment: > CentOS release 6.5 (Final) > 389-ds-base-libs-1.2.11.15-65.el6_7.x86_64 > 389-ds-base-1.2.11.15-65.el6_7.x86_64 > ipa-client-3.0.0-47.el6.centos.1.x86_64 > ipa-server-3.0.0-47.el6.centos.1.x86_64 > > Thanks for your help! > > David > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
