In a replicated LDAP environment that uses 389 Directory Server or Red Hat Directory Server, replication masters maintain a record of changes that are to be pushed out to replication slaves. This changelog can principally grow indefinitely, and it is therefore advised to allow it to only contain the changes for a limited period of time.
This article outlines how to achieve this.
It is important to establish a window of time within which you are assured you can recover from replication errors. This is the window of time between the original failure, and the successful completion to full recovery. Ergo, setting the maximum age for changes to 3 days may (read: will ultimately) require your system administrators to repair replication first thing Monday morning, very sudden, as a Friday afternoon failure would impose a deadline of Monday afternoon — unless of course you have 7 days a week of operation support.
To configure a time window of 7 days, use the following command-line:
$ ldapmodify -x -D 'cn=Directory Manager' -W
dn: cn=changelog5,cn=config
objectclass: top
objectclass: extensibleobject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-${INSTANCE}/changelogdb
nsslapd-changelogmaxage: 7dHow to Shrink an Existing (Large) Changelog Database
In case you end up in situation where changelog file already grew too large and you need to get your disk space back, follow this procedure;
Check the oldest record in your changelog. I use this command just to understand what is going on behind the scenes.
# cd /var/lib/dirsrv/slapd-${INSTANCE}/changelogdb
# dbscan -f <the large db4 file> | headYou should see when the first record in changelog was created. If the oldest record is younger than one month, skip the following step.
Step 1: Specify a purge interval. Please ensure to find the correct DN for the replica to modify;
$ ldapmodify -x -D 'cn=Directory Manager' -W dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dorg,cn=mapping tree,cn=config changetype: modify add: nsds5ReplicaTombstonePurgeInterval nsds5ReplicaTombstonePurgeInterval: 300
Step 2: Check the size of changelog file. Did it change? Repeat step 1 and see what is the oldest record now. If it shows that the oldest record is far more recent, when go to next step. This setting will set the interval how often should dirsrv remove old records from changelog db file, but that will not make file smaller.
Step 3: Specify compact db interval.
$ ldapmodify -x -D 'cn=Directory Manager' -W dn: cn=changelog5,cn=config changetype: modify add: nsslapd-changelogcompactdb-interval nsslapd-changelogcompactdb-interval: 300
That should specify how often housekeeping operations should be done on changelog file.
Check the size of changelog. That is the interval of compacting the file.
Step 4: Specify more reasonable intervals for nsds5ReplicaTombstonePurgeInterval and nsslapd-changelogcompactdb-interval. In steps 2 and 3 we specified short purge and compact intervals because we didn’t want to wait a day or month to see the results. Now, after we have gotten the disk space back, we can set the default values back.
By default nsDS5ReplicaTombstonePurgeInterval should be set to 86400 (1 day). That’s reasonable and if you executed step 2, then you just need to delete nsds5ReplicaTombstonePurgeInterval attribute with the following command:
$ ldapmodify -x -D 'cn=Directory Manager' -W dn: cn=replica,cn=dc\3Dgenua\2Cdc\3Dde,cn=mapping tree,cn=config changetype: modify delete: nsds5ReplicaTombstonePurgeInterval
nsslapd-changelogcompactdb-interval default value is 2592000 seconds (30 days). That is also sounds good as you may have set nsslapd-changelogmaxage to 7 days. To revert to the defaults, delete nsslapd-changelogcompactdb-intervalby running:
$ ldapmodify -x -D 'cn=Directory Manager' -W dn: cn=changelog5,cn=config changetype: modify delete: nsslapd-changelogcompactdb-interval