[Date Prev][Date Next]
Re: cn=config and cn=monitor questions
Ron Aitchison wrote:
> Thanks for the quick and helpful response - couple of follow ups - I've
> deleted a number of items that you have covered perfectly.
> Pierangelo Masarati wrote:
>> Ron Aitchison wrote:
>>> I'm using 2.4.7 on Freebsd (5.4 and 6.2) and have a couple of questions:
>> two couples, I'd say ;)
> Ok so I snuck a couple of extra ones in! Thanks for your patience.
>>> I had a couple of nasty signal 11 crashes trying to start cn=monitor
>>> using cn=config
>> I suggest you file an ITS <http://www.openldap.org/its/> for this, with
>> steps to reproduce consistently from a simple configuration.
> Will try and reproduce consistently and file its if I can - but I
> suspect it could have been me since it was tad ambitious as a starting
> point. Still one could argue that even my screw-ups should not cause a
> signal 11?
>> Question 1:
>> Is there anyway I can force or control an update to the cn=config LDIF
>> files in slapd.d
> This caused me some problems and seems to be a potential weakness of
> cn=config. If I am changing the run-time configuration and slapd ever
> crashes all the modifications will be lost unless I can force an on-disc
> update - by writing to some dummy attribute - or by some kind of
> periodic on-disc write update timer (a checkpoint)?
All writes are atomic (I mean: if a write operation succeeds, it will
write on disk). SO you'll only lose the change you were trying to
perform. (unless slapd's crash interferes with the os/fs write caching
or so, which I doubt.
>> To get cn=monitor running I finally dropped back into slapd.conf and
>> reconverted to slapd.d now I have three more questions about cn=monitor:
> I did not explain well - I deleted slapd.d, modified slapd.conf to add
> the database monitor service and then reconverted to use slapd.d - I
> wanted to see how the objects were initialised in cn=config because I
> thought I was doing something wrong in question 1 - I used the process
> as a diagnostic technique.
>>> Question 2:
>>> The log section in the 2.4 manual (18.4.5) has a slightly bizarre
>>> explanation suggesting that the log values are controlled via the
>>> description attribute.
>> Incorrect (you could file an ITS for the documentation as well)
> Will do
>>> Question 3:
>>> I have a olcLogLevel attribute of any (-1) visible through cn=config but
>>> was surprised this was not used to initialize the log settings of
>> cn=monitor presents whatever value of loglevel was set at startup time -
>> by startup I mean startup of the monitor database. Subsequently, if you
>> modify cn=config or cn=monitor, the managedInfo attribute should reflect
>> it. Your message seems to indicate there's a mishandling of
>> modifications. If you could clarify it a little bit further, it could
>> be investigated and fixed, if a fix is needed.
> Will do some more work and file an its if I think there is a problem
My point is that there might well be some problem there, since
back-monitor came before back-config (otherwise back-monitor would
probably have done well without update capabilities, at least in areas
now covered by back-config). Sometimes, those issues, if any, don't
show up immediately, but rather when users try to do something uncommon,
either on purpose or by chance. That's why I ask you to explain the
best you can what inconsistency you see and what operation triggered
that inconsistency (if there's any inconsistency at all, we'll judge
>> You can't fall back to slapd.conf __and__ preserve cn=config stuff.
>> Either you fall back to slapd.conf, you need to generate a new
>> cn=config, losing any modifications. Or, slapd.conf is ignored.
> Understand absolutely your point - see my previous note - but at this
> stage I was back using full cn=config slapd.d features when I added the
> managedInfo - stopped and started under slapd.d and still it lost the
> maangedInfo - will reproduce a couple of times and file an its if
> consistent. I'll also add a log extract to confirm the slapd.d
OK, that's intended. When back-config came in, we decided to let
back-monitor updated capabilities in place, with the understanding that
back-config was intended for __permanent__ configuration changes, while
back-monitor was intended for __temporary__ configuration changes. This
is exactly the case: you should use back-monitor to temporarily raise
the log level without changing the configuration. This will be lost if
you restart slapd. The (subtle) reason is that a modification via
back-config requires all other operations to be temporarily suspended,
and cannot start until all active operations are concluded. This could
cause some slowdown of the service, which is completely justified when,
say, adding a database or changing access policies, but not when raising
the log level :).
>>> Question 4:
>>> Where is/are the schema/objectclasses for cn=monitor stored! I tried to
>>> get them using cn=subschema,cn=monitor - nada.
>> cn=subschema, like all OpenLDAP's slapd schema.
> tried there also - no monitorXXX object classes at all. Found a README
> file in source under servers/slap/back-monitor which suggested some
> strange use of object classes so am going to poke around the source and
> see what I can find - any pointer would be appreciated.
Well, monitor schema is schema like any other. Since slapd puts all of
its schema in there, it should be there:
bash-3.00$ ldapsearch -x -H ldap://:9011 -b cn=subschema -s base
objectclasses attributetypes | grep -i monitor
attributeTypes: ( 184.108.40.206.4.1.4203.666.1.10 NAME 'monitorContext' DESC
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168.2.0.18 NAME
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitoredInfo' DESC
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'managedInfo' DESC
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME 'monitorCounter' DESC
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitorOpCompleted'
monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'monitorOpInitiated'
monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
ESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME
DESC 'monitor connection authorization DN' EQUALITY
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME
ess' DESC 'monitor connection local address' SUP monitoredInfo
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
ss' DESC 'monitor connection peer address' SUP monitoredInfo
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitorTimestamp'
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'monitorOverlay'
e of overlays defined for a given database' SUP monitoredInfo
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
' DESC 'monitor connection protocol' SUP monitoredInfo
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME
ved' DESC 'monitor number of operations received by the connection' SUP
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME
ting' DESC 'monitor number of operations in execution within the
SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
ng' DESC 'monitor number of pending operations within the connection'
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME
eted' DESC 'monitor number of operations completed within the
monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME
C 'number of times connection_get() was called so far' SUP
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
SC 'number of times connection_read() was called so far' SUP
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME
ESC 'number of times connection_write() was called so far' SUP
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME
SC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
' DESC 'monitor connection listener' SUP monitoredInfo
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME
in' DESC 'monitor connection peer domain' SUP monitoredInfo
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME
e' DESC 'monitor connection start time' SUP monitorTimestamp
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
Time' DESC 'monitor connection activity time' SUP monitorTimestamp
attributeTypes: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitorIsShadow'
attributeTypes: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'monitorUpdateRef'
pdate referral for shadow databases' SUP monitoredInfo SINGLE-VALUE
attributeTypes: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME
SC 'Number of items in Entry Cache' SUP monitorCounter
'Number of items in DN Cache' SUP monitorCounter NO-USER-MODIFICATION
'Number of items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION
SC 'Missing indexes resulting from candidate selection' SUP
rrorMode $ olcMonitoring ) )
objectClasses: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitor' DESC
tem monitoring' SUP top STRUCTURAL MUST cn MAY ( description $ seeAlso
ledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
objectClasses: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'monitorServer' DESC
monitoring root entry' SUP monitor STRUCTURAL )
objectClasses: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME 'monitorContainer'
itor container class' SUP monitor STRUCTURAL )
objectClasses: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitorCounterObject'
'monitor counter class' SUP monitor STRUCTURAL )
objectClasses: ( 188.8.131.52.4.1.4203.6184.108.40.206 NAME 'monitorOperation'
itor operation class' SUP monitor STRUCTURAL )
objectClasses: ( 220.127.116.11.4.1.4203.618.104.22.168 NAME 'monitorConnection'
nitor connection class' SUP monitor STRUCTURAL )
r managed entity class' SUP monitor STRUCTURAL )
objectClasses: ( 22.214.171.124.4.1.4203.6126.96.36.199 NAME 'monitoredObject' DESC
tor monitored entity class' SUP monitor STRUCTURAL )
objectClasses: ( 188.8.131.52.4.1.4203.6184.108.40.206.2.4.1 NAME
C 'Monitor backend configuration' SUP olcDatabaseConfig STRUCTURAL )
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172