DS Replication Setup

From Dogtag
Jump to: navigation, search

Configuration Replication Agreements

A clone will have the following entries in the CS.cfg:

internaldb.replication.master=masterAgreement1-replica.example.com-pki-tomcat
internaldb.replication.consumer=cloneAgreement1-replica.example.com-pki-tomcat

Creating Replication Managers

To create replication manager on master:

$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: ou=csusers,cn=config
objectClass: top
objectClass: organizationalUnit
ou: csusers

dn: cn=Replication Manager masterAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
objectClass: top
objectClass: person
cn: Replication Manager masterAgreement1-replica.example.com-pki-tomcat
sn: manager
userPassword: <password>
EOF

To create replication manager on replica:

$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: ou=csusers,cn=config
objectClass: top
objectClass: organizationalUnit
ou: csusers

dn: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
objectClass: top
objectClass: person
cn: Replication Manager cloneAgreement1-replica.example.com-pki-tomcat
sn: manager
userPassword: <password>
EOF

Getting Instance Directory

$ ldapsearch -x -D "cn=Directory Manager" -w Secret.123 -b "cn=config,cn=ldbm database,cn=plugins,cn=config" "(nsslapd-directory=*)"

Creating Change Log

To create change log on master:

$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-pki-tomcat/changelogs

To create change log on replica:

$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=changelog5,cn=config
objectClass: top
objectClass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-pki-tomcat/changelogs

Enabling Replication

To enable replication on master:

$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectclass: top
objectclass: nsDS5Replica
objectclass: extensibleobject
cn: replica
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaType: 3
nsDS5ReplicaBindDN: cn=Replication Manager masterAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaId: <replica ID>
nsds5flags: 1

To enable replication on replica:

$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectclass: top
objectclass: nsDS5Replica
objectclass: extensibleobject
cn: replica
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaType: 3
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaId: <replica ID>
nsds5flags: 1

Configuring Replica ID

dbs.beginReplicaNumber=<replica ID>

Creating Replication Agreements

To create replication agreement on master:

$ ldapadd -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: masterAgreement1-replica.example.com-pki-tomcat
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaHost: replica.example.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaBindMethod: Simple
nsds5replicacredentials: <password>
nsDS5ReplicaTransportInfo: <SSL|TLS>
description: masterAgreement1-replica.example.com-pki-tomcat

To create replication agreement on replica:

$ ldapadd -h replica.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=cloneAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: cloneAgreement1-replica.example.com-pki-tomcat
nsDS5ReplicaRoot: dc=ca,dc=pki,dc=example,dc=com
nsDS5ReplicaHost: master.example.com
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=Replication Manager cloneAgreement1-replica.example.com-pki-tomcat,ou=csusers,cn=config
nsDS5ReplicaBindMethod: Simple
nsds5replicacredentials: <password>
nsDS5ReplicaTransportInfo: <SSL|TLS>
description: cloneAgreement1-replica.example.com-pki-tomcat

Initializing Consumer

$ ldapmodify -h master.example.com -x -D "cn=Directory Manager" -w Secret.123
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn=\"dc=ca,dc=pki,dc=example,dc=com\",cn=mapping tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start

Checking Replication Status

$ ldapsearch -h master.example.com -b "cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn="dc=ca,dc=pki,dc=example,dc=com",cn=mapping tree,cn=config" -s base "(objectclass=*)" nsds5beginreplicarefresh
dn: cn=masterAgreement1-replica.example.com-pki-tomcat,cn=replica,cn="dc=ca,dc=pki,dc=example,dc=com",cn=mapping tree,cn=config
nsds5beginreplicarefresh:
nsds5replicalastinitstatus:

References