hello,
FYI, I just stumbled on an old topic from 2011:
--------------------------------- 8< ---------------------------------
Re: cn=config replication to consumer / slave servers
________________________________
To: Christopher Strider Cook ccook@pandora.com
Subject: Re: cn=config replication to consumer / slave servers
From: Howard Chu hyc@symas.com
Date: Tue, 19 Apr 2011 17:27:58 -0700
Cc: Quanah Gibson-Mount quanah@zimbra.com, openldap-technical@openldap.org
________________________________
Christopher Strider Cook wrote:
So, the pointer to test059 was exactly what this issue needed and
following it has lead me to an very good working setup with one puzzling
final step.
The problem I now face is that the initial cn=config entries used to do
the first sync do not get overwritten by the data from the master. So
the install password doesn't get replaced nor do the updated retry
timeouts for olcSyncRepl, because, I'm assuming, the 'stub' entries have
newer timestamps than those on the master.
How can this be overcome from the perspective of the slave server.
Updating the entries on the master triggers the update as you would
expect. Is there a way to put the stub entries onto the slave with a
timestamp in the past so that they get overwritten during the first
sync? Or is there another way to trigger them to be updated?
Use slapd -c. Read the slapd(8) manpage.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--------------------------------- 8< ---------------------------------
you always answer "use slapd -c" to this type of question, but you
_never_ mention that newer entries are never overwritten by older
entries. so _in this context_ this answer is useless
building the consumer before the provider is not an option, also _in
this context_
so the only option left is to update the master with an empty modify
ldif to force update of the timestamps
I personnaly use
--------------------------------- 8< ---------------------------------
dn: cn=config
changetype: modify
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
dn: olcDatabase={0}config,cn=config
changetype: modify
--------------------------------- 8< ---------------------------------
besides, if you do this update with a user from a different database,
e.g cn=admin,dc=my,dc=tld the seed replication fails because
modifiersName contains a non existing DN (at the time of the
replication). I consider this a bug also.
anyway, thanks for your dedicated time and effort. OpenLDAP is really
a great software. I have a lot to learn yet. so please bear with me
:-)
best regards,
2014-04-20 11:33 GMT+04:00 Jephte Clain jephte.clain@univ-reunion.fr:
hello,
thanks for your answer.
see my response below
2014-04-20 7:13 GMT+04:00 Howard Chu hyc@symas.com:
Jephte.Clain@univ-reunion.fr wrote:
Full_Name: Jephte CLAIN
Version: 2.4.39
OS: Debian 6 64bits
URL: http://jclain.fr/openldap-its/
Submission from: (NULL) (93.176.62.129)
I have scripts to test several replication scenarii, that setup the LDAP
environment then allow me to play with parameters as I see fit.
I believe that there is a bug with the "seed replication" that allow one
to
build an exact clone of a master with minimal configuration on the slave
side.
There is no bug. The syncrepl consumer is working as designed. If you want
the consumer's entries to be automatically overwritten, create the consumer
first so that its seed entries have older timestamps than the provider.
ok, it works as designed. I just didn't know what the design was :-)
quoting man slapd:
Use only the rid part to force a full reload.
I guess I didn't notice that the word "full" have a different meaning
here than usual
about creating the consumer first. you are kidding, right? in
production, the provider exists long before the consumer is set up.
the tests I do are based on the production state.
anyway, my automated scripts "touch" the provider after setting up the
slave, so this is not a problem.
It's just that I would prefer not to have wasted time wondering why
the slave was not being updated even though I asked for a "full"
reload
Thanks for your answer. It's now clearer in my mind.
I Cc the openldap-technical list, this can help others.
note: the tests below require 2 VMs, or running the two slapd instances in
chroots, because a clone replica requires the data files to be in the same
path...
That's far overkill. All you need to do is configure your test scripts to
use relative pathnames. test049 (and others) in the test suite already
operates this way.
ok thanks for pointing this out
It has been a while since I read the tests scripts. I should have paid
more attention...
Closing this ITS.
I attach two scripts to replicate the problem. they require root (they
uses
chroots)
this is with openldap 2.4.39 on debian squeeze. some paths may have to be
fixed
in the scripts below
use jclain-20140419-0start.sh to:
- create a ldap server to be served on ldap://localhost:3890
- start the master in chroot
(the logs are in /jclain-slapd-test/master.data/slapd.log)
- create a seed ldap replica to be served on ldap://localhost:3891 with
ldap://localhost:3890 as the provider
- start it in chroot with option -c rid=0
(the logs are in /jclain-slapd-test/slave.data/slapd.log)
use jclain-20140419-1stop.sh to:
- stop the servers
- umount the chroots
If I understand the manual correctly, after 0start.sh, the replica should
be
identical to the master thanks to -c rid=0
BUT, the log on the replica says:
534d5481 dn_callback : new entry is older than ours cn=config ours
20140415154713.807278Z#000000#000#000000, new
20140415154704.888204Z#000000#000#000000
and indeed, the seed entries are NOT overwritten
I have to "touch" them on the master to force the replication.
I have uploaded the scripts to http://jclain.fr/openldap-its/
thanks in advance
--
Jephté Clain
Direction des Systèmes d'Information
et des Usages Numériques - 2IG
Tél. 0262 93 86 31
Fax. 0262 93 81 06
jephte.clain@univ-reunion.fr