Multi-Write DISP Replication for vAPP
search cancel

Multi-Write DISP Replication for vAPP

book

Article ID: 138002

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Multiwrite-DISP replication is a replication scheme that uses multiwrite replication for real-time updates and DISP for recovery.

It is the recommended method for replication.

 

 

Environment

Release : 14.x

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Example: Setting up Multiwrite-DISP Replication between DSAs using the CA Identity Suite vApp

 

Last update October 2, 2019

 

This example explains how to enable multiwrite replication with DISP recovery (MW-DISP) between two DSAs.

In this example, there are two DSAs set up on two servers:

server1: idm-userstore-router-caim-srv-01

server2: idm-userstore-router-caim-srv-02

 

Follow these steps:

Step 1: Logged on as config user Stop the DSAs.

server1: stop_dxserver

server2: stop_dxserver

Step 2: Enable multiwrite on server1.

In order to carry out actions with the DSA on the vApp please use the DSA user (su dsa).


UNIX Path:
 /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-01.dxc.

   set dsa idm-userstore-router-caim-srv-01 =

    {

    prefix = <o com><ou CA>

      dsa-name = <o com><ou CA><cn idm-userstore-router-caim-srv-01">

      dsa-password = "password"

      address = tcp " caim-srv-01" port 19289

      disp-psap = DISP

      snmp-port = 19289

      console-port = 19290

      auth-levels = anonymous, clear-password, ssl-auth

      dsa-flags = multi-write

      trust-flags = trust-conveyed-originator,trust-dsa-triggered-operations

    };

Step 3: Enable multiwrite on server1.

UNIX Path: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc.

If this file does not exist, copy from server2.

Example: 

UNIX: copy server2: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc to server1: /opt/CA/Directory/dxserver/config/knowledge

set dsa idm-userstore-router-caim-srv-02 =

    {

    prefix = <o com><ou CA>

      dsa-name = <o com><ou CA><cn idm-userstore-router-caim-srv-02">

      dsa-password = "password"

      address = tcp " caim-srv-01" port 19289

      disp-psap = DISP

      snmp-port = 19289

      console-port = 19290

      auth-levels = anonymous, clear-password, ssl-auth

      dsa-flags = multi-write

      trust-flags = trust-conveyed-originator,trust-dsa-triggered-operations

    };

The prefix must be the same for idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02 for replication to work.

Step 4: Create a knowledge group file.

UNIX: server1: /opt/CA/Directory/dxserver/config/knowledge/dsas.dxg

Add the following lines:

   source "idm-userstore-router-caim-srv-01.dxc";

   source "idm-userstore-router-caim-srv-02.dxc";

Note: If a knowledge group file exists for idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02, update this file to ensure that both idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02 are sourced.

Step 5: Update server1: /opt/CA/Directory/dxserver/config/servers/idm-userstore-router-caim-srv-01.dxi to source knowledge group and also enable MW-DISP.

Locate the following line:

  clear dsas;

  source "../knowledge/idm-userstore-router-caim-srv-01.dxc";

Replace this line with the following lines:

  clear dsas;

  source "../knowledge/dsas.dxg";

To enable MW-DISP, locate the following line:

  # multiwrite DISP recovery

  set multi-write-disp-recovery = false;

Replace this line with the following lines:

  # multiwrite DISP recovery

   set multi-write-disp-recovery = true;

Step 6: Check for syntax errors.

server1: dxsyntax idm-userstore-router-caim-srv-01

Copy the following files to server2:

For UNIX

    Copy server1: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-01.dxc server2: /opt/CA/Directory/dxserver/config/knowledge

    Copy server1: /opt/CA/Directory/dxserver/config/knowledge/idm-userstore-router-caim-srv-02.dxc server2: /opt/CA/Directory/dxserver/config/knowledge

    Copy server1: /opt/CA/Directory/dxserver/config/knowledge/dsas.dxg server2: /opt/CA/Directory/dxserver/config/knowledge

For Windows

    Copy server1: %DXHOME%\config\knowledge\idm-userstore-router-caim-srv-01.dxc server2: %DXHOME%\config\knowledge

    Copy server1: %DXHOME%\config\knowledge\idm-userstore-router-caim-srv-02.dxc server2: %DXHOME%\config\knowledge

    Copy server1: %DXHOME%\config\knowledge\dsas.dxg server2: %DXHOME%\config\knowledge

Update the knowledge on one server and then copy to the other. This step keeps the servers consistent.

Step 6: Update server2: /opt/CA/Directory/dxserver/config/servers/idm-userstore-router-caim-srv-02.dxi (UNIX) to source the newly copied knowledge group and also enable MW-DISP.

Locate the following line:

   clear dsas;

   source "../knowledge/idm-userstore-router-caim-srv-01.dxc";

Replace this line with the following lines:

   clear dsas;

   source "../knowledge/dsas.dxg";

To enable MW-DISP, locate the following line:

  # multiwrite DISP recovery

  set multi-write-disp-recovery = false;

Replace this line with the following lines:

   # multiwrite DISP recovery

   set multi-write-disp-recovery = true;

Step 7: Checkpoint the DSAs.

If the DSAs contain synchronized data (for example, loads from the same LDIF), checkpoint the DSAs when enabling MW-DISP.

server1: dxdisp idm-userstore-router-caim-srv-02

server2: dxdisp idm-userstore-router-caim-srv-01

This step prevents the existing data from being superfluously replicated.

Step 8: Start the DSAs.

server1: dxserver start idm-userstore-router-caim-srv-01

server2: dxserver start idm-userstore-router-caim-srv-02

Step 9: Check the replication state.

Check that the DSAs have contacted each other and the replication state is OK.

server1: telnet localhost 19290

server1: get dsp;

server1: logout;

   ...

   ...

    multi-write-group-credit = 0

    multi-write-outstanding-ops = 10

    idm-userstore-router-caim-srv-02: OK, total 0, waiting remote 0, confirmed local 0

 

server2: telnet localhost 19290

server2: get dsp;

server2: logout;

   ...

   ...

    multi-write-group-credit = 0

    multi-write-outstanding-ops = 10

    idm-userstore-router-caim-srv-01: OK, total 0, waiting remote 0, confirmed local 0

For the output of get dsp; command, the replicating queue status must be OK. Any other status such as DISP-FAILED indicates either a replication problem or a connectivity problem between the two DSAs. The warn-log and alarm-log are good places to start when diagnosing these replication problems.

Another sanity test is to connect to idm-userstore-router-caim-srv-01 through an LDAP browser (like JXplorer) and modify. Connect to idm-userstore-router-caim-srv-02 and ensure that the update is replicated. A similar test for MW-DISP can be performed by stopping idm-userstore-router-caim-srv-02 before updating idm-userstore-router-caim-srv-01. When idm-userstore-router-caim-srv-02 is started, it recovers updates from idm-userstore-router-caim-srv-01 and the updates must be reflected.

Other Considerations

  • We recommend running one or more router DSAs with the replicas to allow for automatic failover and failback.
  • /opt/CA/Directory/dxserver/config/knowledge must be identical between machines. Doing so ensures that all DSAs function in a consistent manner.
  • We recommend setting one of the replicas as a preferred master. Add the following line to the router.dxi file:

set write-precedence = idm-userstore-router-caim-srv-01, idm-userstore-router-caim-srv-02;

This step prevents update conflicts (same entry getting updated simultaneously on idm-userstore-router-caim-srv-01 and idm-userstore-router-caim-srv-02).

 

Additional Information

The details of this knowledge base are only examples, other configuration settings may be required to meet individual requirements.