it's active, but it seems not to do anything:
● ipa-ccache-sweep.timer - Remove Expired Kerberos Credential Caches
Loaded: loaded (/usr/lib/systemd/system/ipa-ccache-sweep.timer; enabled;
vendor preset: disabled)
Active: active (elapsed) since Thu 2022-08-11 11:22:44 EDT; 3 days ago
Until: Thu 2022-08-11 11:22:44 EDT; 3 days ago
Trigger: n/a
Triggers: ● ipa-ccache-sweep.service
--------
[Unit]
Description=Remove Expired Kerberos Credential Caches
[Timer]
OnUnitActiveSec=12h
[Install]
WantedBy=timers.target
---------
I believe the intent is that it should run every 12 hours. It doesn't seem to
be doing so. From a web discussion:
OnUnitActiveSec does indeed refer to the time since the service referred to by
the timer has run. But if you only use OnUnitActiveSec and no other trigger
then issue the command to start or enable foo.timer, foo.service will never
run. Why would it, no trigger would ever be activated in the first place:
something needs to trigger the first run of foo.service in order to for you to
ever have 3 seconds pass since it was last run.
So in other words, OnUnitActiveSec can be used to define the interval between
repetitions, but another trigger (like OnActiveSec or OnBootSec) would be
needed to trigger the first run of foo.service to get the ball rolling.
________________________________
From: Jochen Kellner <[email protected]>
Sent: Sunday, August 14, 2022 12:39 PM
To: Charles Hedrick via FreeIPA-users <[email protected]>
Cc: Charles Hedrick <[email protected]>
Subject: Re: [Freeipa-users] /run/ipa/ccaches filling
Charles Hedrick via FreeIPA-users <[email protected]>
writes:
> RHEL 9.0. /run/ipa/ccaches is filling with credential caches. Many are too
> old to be valid.
>
> I assume it's safe to have a cron job delete any more than a day old?
> (that's our maxmum lifetime.) I can't see the lifetime directly,
> because they are encrypted.
On my system I have a (disabled( systemd-timer named
ipa-ccache-sweep.timer. My guess would be that it get's enabled on new
installs, but somehow missed on updates. See the release notes of 4.9.9:
https://www.freeipa.org/page/Releases/4.9.9
Jochen
--
This space is intentionally left blank.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
