Description of problem: By default, the trimming of the replication changelog is disabled. It's not rare to see customers with hundreds of GB for the replication changelog. Trimming such large changelogs can be: * time-consuming ( if the trimming is done by small chunks ) * CPU-intensive ( if the settings are too aggressive ). Version-Release number of selected component (if applicable): $ cat /etc/redhat-release Red Hat Enterprise Linux release 8.5 (Ootpa) $ $ rpm -qa | grep 389-ds-base-1 389-ds-base-1.4.3.27-2.module+el8dsrv+12690+c6df6d1b.x86_64 $ How reproducible: Always. Steps to Reproduce: 1. Enable replication 2. Make replication updates 3. Check the replication changelog size Actual results: Continuous growth of the replication changelog. Expected results: Limited growth by trimming the oldest changes. Additional info: RHEL IdM sets the nsslapd-changelogmaxage to 2 days for its embedded LDAP server: $ grep -i ^nsslapd-changelogmax /etc/dirsrv/slapd-<DOMAIN>/dse.ldif nsslapd-changelogmaxage: 2d $
Upstream ticket: https://github.com/389ds/389-ds-base/issues/4866
Verified with: Red Hat Enterprise Linux release 8.7 (Ootpa) 389-ds-base-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33 Acceptance test output: [root@localhost upstream]# py.test -v ds/dirsrvtests/tests/suites/replication/acceptance_test.py::test_default_cl_trimming_enabled re-exec with libfaketime dependencies ============================================================================ test session starts ============================================================================ platform linux -- Python 3.6.8, pytest-7.0.1, pluggy-1.0.0 -- /usr/bin/python3.6 cachedir: .pytest_cache metadata: {'Python': '3.6.8', 'Platform': 'Linux-4.18.0-425.3.1.el8.x86_64-x86_64-with-redhat-8.7-Ootpa', 'Packages': {'pytest': '7.0.1', 'py': '1.11.0', 'pluggy': '1.0.0'}, 'Plugins': {'metadata': '1.11.0', 'html': '3.1.1', 'libfaketime': '0.1.2', 'flaky': '3.7.0'}} 389-ds-base: 1.4.3.31-6.module+el8dsrv+16980+c4b9cd33 nss: 3.79.0-10.el8_6 nspr: 4.34.0-3.el8_6 openldap: 2.4.46-18.el8 cyrus-sasl: 2.1.27-6.el8_5 FIPS: disabled rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests, configfile: pytest.ini plugins: metadata-1.11.0, html-3.1.1, libfaketime-0.1.2, flaky-3.7.0 collected 1 item ds/dirsrvtests/tests/suites/replication/acceptance_test.py::test_default_cl_trimming_enabled PASSED [100%]
As per comment #c6, marking as VERIFIED.
Updated DocText .Replication changelog trimming is now enabled by default in the Directory Server Previously, replication `changelog` trimming was disabled by default in the Directory Server. Consequently, the `changelog` file became increasingly large and trimming large files can be time consuming and result in high CPU usage, if an overly aggressive trimming setting is applied. With this update, the Directory Server, by default, trims the `changelog` entries that are older than seven days, preventing excessive growth of the `changelog` file.
More short version of the RN text is added: .Replication changelog trimming is now enabled by default in Directory Server Previously, Directory Server was not configured to automatically trim the replication `changelog` file by default. Consequently, the `changelog` file could become very large. With this update, Directory Server is configured by default to trim changelog entries that are older than seven days, preventing excessive growth of the `changelog` file.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (redhat-ds:11 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7929