Multiwrite-DISP replication is a replication scheme that uses multiwrite replication for real-time updates and DISP for recovery.
It is the recommended method for replication.
Release : 14.x
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Example: Setting up Multiwrite-DISP Replication between DSAs using the CA Identity Suite vApp
Last update October 2, 2019
This example explains how to enable multiwrite replication with DISP recovery (MW-DISP) between two DSAs.
In this example, there are two DSAs set up on two servers:
server1: idm-userstore-router-caim-srv-01
server2: idm-userstore-router-caim-srv-02
Follow these steps:
Step 1: Logged on as config user Stop the DSAs.
server1: stop_dxserver
server2: stop_dxserver
Step 2: Enable multiwrite on server1.
In order to carry out actions with the DSA on the vApp please use the DSA user (su dsa).
UNIX Path: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-01.dxc.
set dsa idm-userstore-router-caim-srv-01 =
{
prefix = <o com><ou CA>
dsa-name = <o com><ou CA><cn idm-userstore-router-caim-srv-01">
dsa-password = "password"
address = tcp " caim-srv-01" port 19289
disp-psap = DISP
snmp-port = 19289
console-port = 19290
auth-levels = anonymous, clear-password, ssl-auth
dsa-flags = multi-write
trust-flags = trust-conveyed-originator,trust-dsa-triggered-operations
};
Step 3: Enable multiwrite on server1.
UNIX Path: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc.
If this file does not exist, copy from server2.
Example:
UNIX: copy server2: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc to server1: /opt/CA/Directory/dxserver/config/knowledge
set dsa idm-userstore-router-caim-srv-02 =
{
prefix = <o com><ou CA>
dsa-name = <o com><ou CA><cn idm-userstore-router-caim-srv-02">
dsa-password = "password"
address = tcp " caim-srv-01" port 19289
disp-psap = DISP
snmp-port = 19289
console-port = 19290
auth-levels = anonymous, clear-password, ssl-auth
dsa-flags = multi-write
trust-flags = trust-conveyed-originator,trust-dsa-triggered-operations
};
The prefix must be the same for idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02 for replication to work.
Step 4: Create a knowledge group file.
UNIX: server1: /opt/CA/Directory/dxserver/config/knowledge/dsas.dxg
Add the following lines:
source "idm-userstore-router-caim-srv-01.dxc";
source "idm-userstore-router-caim-srv-02.dxc";
Note: If a knowledge group file exists for idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02, update this file to ensure that both idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02 are sourced.
Step 5: Update server1: /opt/CA/Directory/dxserver/config/servers/idm-userstore-router-caim-srv-01.dxi to source knowledge group and also enable MW-DISP.
Locate the following line:
clear dsas;
source "../knowledge/idm-userstore-router-caim-srv-01.dxc";
Replace this line with the following lines:
clear dsas;
source "../knowledge/dsas.dxg";
To enable MW-DISP, locate the following line:
# multiwrite DISP recovery
set multi-write-disp-recovery = false;
Replace this line with the following lines:
# multiwrite DISP recovery
set multi-write-disp-recovery = true;
Step 6: Check for syntax errors.
server1: dxsyntax idm-userstore-router-caim-srv-01
Copy the following files to server2:
For UNIX
Copy server1: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-01.dxc server2: /opt/CA/Directory/dxserver/config/knowledge
Copy server1: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc server2: /opt/CA/Directory/dxserver/config/knowledge
Copy server1: /opt/CA/Directory/dxserver/config/knowledge/dsas.dxg server2: /opt/CA/Directory/dxserver/config/knowledge
For Windows
Copy server1: %DXHOME%\config\knowledge\idm-userstore-router-caim-srv-01.dxc server2: %DXHOME%\config\knowledge
Copy server1: %DXHOME%\config\knowledge\idm-userstore-router-caim-srv-02.dxc server2: %DXHOME%\config\knowledge
Copy server1: %DXHOME%\config\knowledge\dsas.dxg server2: %DXHOME%\config\knowledge
Update the knowledge on one server and then copy to the other. This step keeps the servers consistent.
Step 6: Update server2: /opt/CA/Directory/dxserver/config/servers/idm-userstore-router-caim-srv-02.dxi (UNIX) to source the newly copied knowledge group and also enable MW-DISP.
Locate the following line:
clear dsas;
source "../knowledge/idm-userstore-router-caim-srv-01.dxc";
Replace this line with the following lines:
clear dsas;
source "../knowledge/dsas.dxg";
To enable MW-DISP, locate the following line:
# multiwrite DISP recovery
set multi-write-disp-recovery = false;
Replace this line with the following lines:
# multiwrite DISP recovery
set multi-write-disp-recovery = true;
Step 7: Checkpoint the DSAs.
If the DSAs contain synchronized data (for example, loads from the same LDIF), checkpoint the DSAs when enabling MW-DISP.
server1: dxdisp idm-userstore-router-caim-srv-02
server2: dxdisp idm-userstore-router-caim-srv-01
This step prevents the existing data from being superfluously replicated.
Step 8: Start the DSAs.
server1: dxserver start idm-userstore-router-caim-srv-01
server2: dxserver start idm-userstore-router-caim-srv-02
Step 9: Check the replication state.
Check that the DSAs have contacted each other and the replication state is OK.
server1: telnet localhost 19290
server1: get dsp;
server1: logout;
...
...
multi-write-group-credit = 0
multi-write-outstanding-ops = 10
idm-userstore-router-caim-srv-02: OK, total 0, waiting remote 0, confirmed local 0
server2: telnet localhost 19290
server2: get dsp;
server2: logout;
...
...
multi-write-group-credit = 0
multi-write-outstanding-ops = 10
idm-userstore-router-caim-srv-01: OK, total 0, waiting remote 0, confirmed local 0
For the output of get dsp; command, the replicating queue status must be OK. Any other status such as DISP-FAILED indicates either a replication problem or a connectivity problem between the two DSAs. The warn-log and alarm-log are good places to start when diagnosing these replication problems.
Another sanity test is to connect to idm-userstore-router-caim-srv-01 through an LDAP browser (like JXplorer) and modify. Connect to idm-userstore-router-caim-srv-02 and ensure that the update is replicated. A similar test for MW-DISP can be performed by stopping idm-userstore-router-caim-srv-02 before updating idm-userstore-router-caim-srv-01. When idm-userstore-router-caim-srv-02 is started, it recovers updates from idm-userstore-router-caim-srv-01 and the updates must be reflected.
Other Considerations
set write-precedence = idm-userstore-router-caim-srv-01, idm-userstore-router-caim-srv-02;
This step prevents update conflicts (same entry getting updated simultaneously on idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02).