Hi all,
I have the following configuration, in OpenLDAP 2.3.32 (i know i have to upgrade to 2.3.38): Master -> Pivot -> Slave on 3 different servers. SyncRepl replicates in RefreshOnly mode, a sub-tree.
When i dump the TLS traffic during a replication of a add or delete operation, i have around 6000 TCP packets between Master and Pivot, and only 40 packets between Pivot and Slave. My sub-tree contains 5500 entries. So, i concluded that Pivot SyncRepl ask the entire sub-tree. Is it a known problem ? Does it come from the configuration ?
Another topic about syncrepl : When the Pivot is stopped longer than the interval setting, and restarted, i need to restart the Slave because it doesn't retry connection on the Pivot ? And also, it doesn't use the retry setting. slapd logs the following error: Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug] do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1)
Is it a known problem ?
Rgds, Bruno.
Another topic about syncrepl : When the Pivot is stopped longer than the interval setting, and restarted, i need to restart the Slave because it doesn't retry connection on the Pivot ? And also, it doesn't use the retry setting. slapd logs the following error: Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug] do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1)
Is that logged despite the fact that the provider is up? Or is your point that that's the last thing that's logged once the provider goes down?
What's your syncrepl config stanza look like on that ("oldap-sol10") consumer? (Clean out credentials before posting...)
--On Tuesday, October 16, 2007 1:07 PM -0400 Aaron Richton richton@nbcs.rutgers.edu wrote:
Another topic about syncrepl : When the Pivot is stopped longer than the interval setting, and restarted, i need to restart the Slave because it doesn't retry connection on the Pivot ? And also, it doesn't use the retry setting. slapd logs the following error: Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug] do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1)
Is that logged despite the fact that the provider is up? Or is your point that that's the last thing that's logged once the provider goes down?
What's your syncrepl config stanza look like on that ("oldap-sol10") consumer? (Clean out credentials before posting...)
You may want to examine delta-syncrepl, as well. Normal syncrepl completely replaces an entry on modification, whereas delta-syncrepl only modifies what changed in the entry.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
You may want to examine delta-syncrepl, as well. Normal syncrepl completely replaces an entry on modification, whereas delta-syncrepl only modifies what changed in the entry.
--Quanah
Why not trying delta-syncrepl. But it doesn't explain why , when i add 1 entry on the master, the replica receives 9000 TCP packets. When i do the same operation on a testbed platform, master send only the new entry and not the whole subtree.
Bruno.
--On Tuesday, October 23, 2007 11:15 AM +0200 Bruno Lezoray EMSM bruno.lezoray@wh-ces.gmessaging.net wrote:
Why not trying delta-syncrepl. But it doesn't explain why , when i add 1 entry on the master, the replica receives 9000 TCP packets. When i do the same operation on a testbed platform, master send only the new entry and not the whole subtree.
It would most likely depend then, on how you had loaded the replica, and whether or not its CSN was properly sync'd with the masters.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Aaron Richton wrote:
Another topic about syncrepl : When the Pivot is stopped longer than the interval setting, and restarted, i need to restart the Slave because it doesn't retry connection on the Pivot ? And also, it doesn't use the retry setting. slapd logs the following error: Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug] do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1)
Is that logged despite the fact that the provider is up?
This log appear of course when the provider is stopped.
Or is your point that that's the last thing that's logged once the provider goes down?
No.
What's your syncrepl config stanza look like on that ("oldap-sol10") consumer? (Clean out credentials before posting...)
My syncrepl master configuration: # # SyncREPL master replication parameters # overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
My syncrepl pivot configuration # # SyncREPL master replication parameters # overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# # SyncREPL slave replication parameters # syncrepl rid=3 provider=ldap://10.1.1.69:636 type=refreshOnly interval=00:00:01:00 searchbase="o=test" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=root DN, o=test" credentials=xxxxxxxxx
My syncrepl consumer configuration is : # # SyncREPL slave replication parameters # syncrepl rid=2 provider=ldap://10.1.1.82:636 type=refreshOnly interval=00:00:01:00 searchbase="o=test" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=root DN, o=test" credentials=xxxxxxx
To reproduce the problem, stop the pivot, add a entry on the master, wait more than the interval timer (1 minute in my case) and check the log (like my previous example). Then restart the pivot. Pivot will get the new entry from the master but the consumer will never get it.
Rgds, Bruno.
syncrepl rid=3 provider=ldap://10.1.1.69:636 type=refreshOnly interval=00:00:01:00 searchbase="o=test" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=root DN, o=test" credentials=xxxxxxxxx
[and]
syncrepl rid=2 provider=ldap://10.1.1.82:636 type=refreshOnly interval=00:00:01:00 searchbase="o=test" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=root DN, o=test" credentials=xxxxxxx
You wrote that "it doesn't use the retry setting" but you don't have one? I mean, really...
Maybe try adding
retry="120 +"
and see if you get retries to go? They're not expected to work if they're not configured. (Of course you'll read slapd.conf(5) man page to see what I'm having you do before adding something blindly?)
Aaron Richton wrote:
You wrote that "it doesn't use the retry setting" but you don't have one? I mean, really...
Maybe try adding
retry="120 +"and see if you get retries to go? They're not expected to work if they're not configured. (Of course you'll read slapd.conf(5) man page to see what I'm having you do before adding something blindly?)
Sorry, i didn't see it. It works now. Why is there no default retry value ? depending of the interval value ?
Thanks, Bruno.
Bruno Lezoray EMSM skrev, on 17-10-2007 09:41:
[...]
To reproduce the problem, stop the pivot, add a entry on the master, wait more than the interval timer (1 minute in my case) and check the log (like my previous example). Then restart the pivot. Pivot will get the new entry from the master but the consumer will never get it.
To my (undeniably simple) mind, you never told the "pivot" it was also a provider.
--Tonni
openldap-software@openldap.org
-
Aaron Richton -
Bruno Lezoray EMSM -
Quanah Gibson-Mount -
Tony Earnshaw