OUD cluster — CLI, multimaster replication

GUI конфигуратора OUD на AIX7.1 отказывались запускаться с невразумительной ошибкой(притом окно деинсталляции работало прекрасно), разбираться не было времени, поэтому продолжаем в CLI.

What would you like to use as the initial root user DN for the Directory
Server? [cn=Directory Manager]: cn=orcladmin
Please provide the password to use for the initial root user: 
Please re-enter the password for confirmation: 

On which port would you like the Directory Server to accept connections from
LDAP clients? [1389]: 

On which port would you like the Administration Connector to accept
connections? [4444]: 

Do you want to create base DNs in the server? (yes / no) [yes]: 

Provide the base DN for the directory data: [dc=example,dc=com]: dc=budget,dc=go
v,dc=ru
Options for populating the database:

    1)  Only create the base entry
    2)  Leave the database empty
    3)  Import data from an LDIF file
    4)  Load automatically-generated sample data

Enter choice [1]: 

Do you want to enable SSL? (yes / no) [no]: yes
On which port would you like the Directory Server to accept connections from
LDAPS clients? [1636]: 

Do you want to enable Start TLS? (yes / no) [no]: 
Certificate server options:

    1)  Generate self-signed certificate (recommended for testing purposes
        only)
    2)  Use an existing certificate located on a Java Key Store (JKS)
    3)  Use an existing certificate located on a JCEKS key store
    4)  Use an existing certificate located on a PKCS#12 key store
    5)  Use an existing certificate on a PKCS#11 token

Enter choice [1]: 
Provide the fully-qualified host name or IP address that will be used to
generate the self-signed certificate [example-com-ooud1.budget.gov.ru]: 

Do you want to prepare the server for EUS? (yes / no) [no]: 


Do you want to prepare the server for Oracle Net Services? (yes / no) [no]: 

How do you want the OUD server to be tuned?

    1)  Use the default Java Virtual Machine settings
    2)  Use specific Java Virtual Machine arguments

Enter choice [2]: 1

How do you want the import-ldif tool to be tuned?

    1)  Use the default Java Virtual Machine settings
    2)  Use specific Java Virtual Machine arguments

Enter choice [2]: 1

Do you want to start the server when the configuration is completed? (yes /
no) [yes]: 


Setup Summary
=============
LDAP Listener Port:                 1389
Administration Connector Port:      4444
LDAP Secure Access:                 Enable SSL on LDAP Port 1636
                                    Create a new Self-Signed Certificate
Root User DN:                       cn=orcladmin
Directory Data:                     Create New Base DN dc=example,dc=com
Base DN Data: Only Create Base Entry (dc=example,dc=com)
Server Runtime Settings:            Use the default Java Virtual Machine
settings
Import Runtime Settings:            Use the default Java Virtual Machine
settings

Start Server when the configuration is completed


What would you like to do?

    1)  Set up the server with the parameters above
    2)  Provide the setup parameters again
    3)  Print equivalent non-interactive command-line
    4)  Cancel and exit

Enter choice [1]: 1


See /oracle/admin/OUDDomain/mserver/oud_inst1/OUD/logs/oud-setup for a detailed 
log of this operation.

Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Creating Base Entry dc=example,dc=com ..... Done.
Starting Directory Server ......... Done.

To see basic server configuration status and configuration you can launch /oracl
e/admin/OUDDomain/mserver/oud_inst1/OUD/bin/status

На второй ноде проделываем те же действия.
Далее настраиваем репликацию. Создаем файл /tmp/oud.pwd , содержащий пароль административного пользователя (который для нас будет изменен с admin на oudadmin), идем по пути $ORACLE_HOME/bin и запускаем по аналогии:

./dsreplication enable --host1 example-com-ooud1  --port1 4444 --bindDN1 "cn=orcladmin" --bindPasswordFile1 /tmp/oud.pwd --host2 example-com-ooud2 --port2 4444 --bindDN2 "cn=orcladmin" --bindPasswordFile2 /tmp/oud.pwd --replicationPort2  8989 --adminUID oudadmin --adminPasswordFile /tmp/oud.pwd --baseDN "dc=example,dc=com" -X -n  

Будет вывод наподобие:

Establishing connections ..... Done.

Updating registration information ..... Done.
Updating replication configuration for baseDN dc=example,dc=com ........ Done.
Updating replication configuration for the registration data (ADS) ..... Done.
Updating replication configuration for the schema ...... Done.

Initializing registration information on server example-com-ooud2:4444 with the contents of server example-com-ooud1:4444 ..... Done.

Initializing schema on server example-com-ooud2:4444 with the schema of server example-com-ooud1:4444 ..... Done.

Replication has been successfully enabled.  Note that for replication to work you must initialize the contents of the base DN's that are being replicated (use dsreplication initialize to do so).

See /tmp/oud-replication-6476168514189637349.log for a detailed log of this operation.

Можно глянуть статус:

./dsreplication status --adminUID oudadmin --adminPasswordFile /tmp/oud.pwd -X --hostname example-com-ooud1 --port 4444
Establishing connections ..... Done.

dc=example,dc=com - Replication Enabled
============================================

Server           : Entries : M.C. [1] : A.O.M.C. [2] : Port [3] : Status [4]
-----------------:---------:----------:--------------:----------:-----------
example-com-ooud1:4444 : 1       : 0        : N/A          : 8989     : Normal
example-com-ooud2:4444 : 1       : 0        : N/A          : 8989     : Normal

[1] The number of changes that are still missing on this element (and that have been applied to at least one other server).
[2] Age of oldest missing change: the age (in seconds) of the oldest change that has not yet arrived on this element.
[3] The replication port used to communicate between the servers whose contents are being replicated.

При необходимости — проинициализировать репликацию на всех нодах:

./dsreplication initialize-all --hostname example-com-ooud1 --port 4444 --baseDN "dc=example,dc=com" --adminUID oudadmin --adminPasswordFile /tmp/oud.pwd
>>>> Specify server administration connection parameters for the source server

How do you want to trust the server certificate?

    1)  Automatically trust
    2)  Use a truststore
    3)  Manually validate

Enter choice [3]: 1

Establishing connections ..... Done.

Initializing the contents of a base DN removes all the existing contents of
that base DN.  Do you want to remove the contents of the selected base DN's on
the replicated servers and replace them with the contents of server
example-com-ooud1:4444? (yes / no) [yes]: 

Initializing base DN dc=example,dc=com with the contents from example-com-ooud1:4444:
0 entries processed (0 % complete).
1 entries processed (100 % complete).
Base DN initialized successfully.

Executing post-external initialization on base DN dc=example,dc=com ..... Done.

See /tmp/oud-replication-9112178024659965550.log for a detailed log of this operation.

oracle@example-com-ooud1:bin$ /oracle/admin/OUDDomain/mserver/oud_inst1/OUD/bin/status 

В итоге получим кластер OUD с мульти-мастер репликацией

About

View all posts by

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

Этот сайт использует Akismet для борьбы со спамом. Узнайте как обрабатываются ваши данные комментариев.