[389-users] Re: How to analyze large Multi Master Replication (test)-network?

2021-02-28 Thread Ivanov Andrey (M.) 
Hi,

Use the RHDS 11 documentation instead of 10, it's more up-to-date 
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11).

Concerning the rpelication, you can check the whole chapter 
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#Managing_Replication

What you are trying to do (checking the consistency of LDAP replicas) is 
probably completely or partially implemented by thefollowing two utilities :
* "ds-replcheck" that compares two replicas: 
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#comparing_two_directory_server_databases
* and "dsconf replication monitor" comparing just the time skew and the 
coherence of RUVs 
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#monitoring-the-replication-topology)


In our production environment we check the state of replication from time to 
time by ds-replcheck to be sure the replicas contain identical data.


As for the order of configuration, you can create replication agreements in any 
order, then initialize them. The best practice is to initialize all the servers 
in MMR topology from the same initial server. Something like this for 3 servers 
MMR with ldap1 as central hub:

# Activate replicas and changelogs, create replication managers
/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication create-manager --name 
'cn=repman,cn=config' --passwd 'repman_secret_password'
/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication enable --suffix='dc=example,dc=com' 
--role='master' --replica-id=1 --bind-dn='cn=repman,cn=config'

/usr/sbin/dsconf ldaps://ldap2.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication create-manager --name 
'cn=repman,cn=config' --passwd 'repman_secret_password'
/usr/sbin/dsconf ldaps://ldap2.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication enable --suffix='dc=example,dc=com' 
--role='master' --replica-id=2 --bind-dn='cn=repman,cn=config'

/usr/sbin/dsconf ldaps://ldap3.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication create-manager --name 
'cn=repman,cn=config' --passwd 'repman_secret_password'
/usr/sbin/dsconf ldaps://ldap3.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' replication enable --suffix='dc=example,dc=com' 
--role='master' --replica-id=3 --bind-dn='cn=repman,cn=config'


# Create all MMR replication agreements
/usr/sbin/dsconf ldaps://ldap2.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt create --suffix='dc=example,dc=com' 
--host='ldap1.example.com' --port=636 --conn-protocol=LDAPS 
--bind-dn='cn=repman,cn=config' --bind-passwd='repman_secret_password' 
--bind-method=SIMPLE 'Replication from ldap2.example.com to ldap1.example.com'
/usr/sbin/dsconf ldaps://ldap3.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt create --suffix='dc=example,dc=com' 
--host='ldap1.example.com' --port=636 --conn-protocol=LDAPS 
--bind-dn='cn=repman,cn=config' --bind-passwd='repman_secret_password' 
--bind-method=SIMPLE 'Replication from ldap3.example.com to ldap1.example.com'
/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt create --suffix='dc=example,dc=com' 
--host='ldap2.example.com' --port=636 --conn-protocol=LDAPS 
--bind-dn='cn=repman,cn=config' --bind-passwd='repman_secret_password' 
--bind-method=SIMPLE 'Replication from ldap1.example.com to ldap2.example.com'
/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt create --suffix='dc=example,dc=com' 
--host='ldap3.example.com' --port=636 --conn-protocol=LDAPS 
--bind-dn='cn=repman,cn=config' --bind-passwd='repman_secret_password' 
--bind-method=SIMPLE 'Replication from ldap1.example.com to ldap3.example.com'

# Start initialization of replica ldap2 from ldap1
/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt init --suffix='dc=example,dc=com' 
'Replication from ldap1.example.com to ldap2.example.com'
# and wait for its end showing progression every 5 seconds
INITSTATE=`/usr/sbin/dsconf ldaps://ldap1.example.com:636 -D 'cn=Directory 
Manager' -w 'dir_man_secret_password' repl-agmt init-status 
--suffix='dc=example,dc=com' 'Replication from ldap1.example.com to 
ldap2.example.com'`; while [[ $INITSTATE == 'Agreement initialization in 
progress.' ]]; do sleep 5; echo -n '.';INITSTATE=`/usr/sbin/dsconf 
ldaps://ldap1.example.com:636 -D 'cn=Directory Manager' -w 
'dir_man_secret_password' repl-agmt init-status 
--suffix='dc=id,dc=polytechnique,dc=edu' 'Replication from ldap1.example.com

[389-users] Re: How to analyze large Multi Master Replication (test)-network?

2021-02-27 Thread Gordon Messmer 

On 2/26/21 5:22 AM, Eugen Lamers wrote:

Documentation read so far:



It sounds like you're building a new replication monitor, so I'd think 
that a good place to start would be with a review of the existing one:


https://directory.fedoraproject.org/docs/389ds/howto/howto-monitor-replication.html

https://directory.fedoraproject.org/docs/389ds/design/replication-monitor-design.html

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure