Directory Server 6 HA with Sun Cluster

Directory Server availability is usually obtained with setting up several instances in a  Multi-Master Replication (MMR) topology, but we do also support deployments in a Sun Cluster environment. For the pros and cons of using MMR vs Cluster, you may want to read Neil's post on the subject.

Before You Start

This cookbook describes how to install Directory Server as a data service for Sun Cluster 3.1 (or higher) on Solaris 9 or 10 systems, for SPARC, x86, and x64 platforms. You install Directory Server from native packages by using the Java ES installer.

You must be familiar with Sun Cluster and Directory Server technology in order to find this cookbook useful.
A detailed How-to guide for setting up a 2 node cluster can be found here.

In following the instructions here, you create one resource group per Directory Server instance.

The example assumes that the machines are in the domain. 

To Prepare Sun Cluster

Start by preparing the cluster. Directory Service requires an IP address, and also disk space. Configure the disks in failover mode with affinity set to on.

Note: You execute cluster commands scrgadm and scswitch only on one node of the cluster.
  1. /etc/hosts and /etc/nsswitch.conf
    • Make sure the logical host name you intend to use is in /etc/hosts (in this example: sun-ldap).
    • Make sure you have "files" before "nis" or "dns" in /etc/nsswitch.conf:
      hosts:      cluster files nis [NOTFOUND=return]
  2. Disks
    • Make sure the shared disks that used for the Directory Server instance do not have the global option set. Use the "no logging" option, rather than the "yes global,logging" in /etc/vfstab:
      /dev/md/sc1/dsk/d50 /dev/md/sc1/rdsk/d50 /clusteredfs/sunds ufs 2 no logging
  3. umount the disks:
    • umount /clusterdisks/sunds
  4. Create the resource group, and the logical hostname:
    • scrgadm -a -g ds-ldap1
    • scrgadm -a -L -g ds-ldap1 -l sun-ldap
  5. Create and configure the disks (HAStoragePlus in failover mode)
    • scrgadm -a -t SUNW.HAStoragePlus
    • scrgadm -a -j disks -g ds-ldap1 -t SUNW.HAStoragePlus -x FilesystemMountPoints=/clusteredfs/sunds -x AffinityOn=TRUE
  6. Enable the resource group
    • scswitch -Z -g ds-ldap1

To Install Directory Server With the Java ES Installer

Install Directory Server packages on all nodes of the cluster in their default locations (using the default BASEDIR). Do not use the Java ES installer to create or to configure a Directory Server instance. Instead, use dsadm as described in the section "To Create a Directory Server Instance" of this cookbook.

  1. Install Directory Server on all nodes of the cluster:
    • Use JES installer
    • Install all Directory Server software, including the configuration tools.
    • Do not create an instance. Do not configure anything ("configure later" in the Java ES installer).
    • Install Cluster Agents. (This is a specific checkbox in the installer).

To Create a Directory Server Instance

Create the Directory Server instance on the failover file system. Once created, manage the instance using Sun Cluster commands. Perform this procedure on only one node of the cluster.

  1. Make sure the failover filesystem is mounted on the local node:
    • scswitch -z -g ds-ldap1 -h `uname -n`
  2. Create the Directory Server instance:
    • echo secret12 > /tmp/me/password.txt
    • chmod 700 /tmp/me/password.txt
    • dsadm create -w /tmp/me/password.txt -h /clusteredfs/sunds/myds
      • The logical hostname must be specified when creating the instance, otherwise the server will use the node name. This name is used for referrals, mostly by the replication feature.
      • If you install DS as a non-root user, you need to specify port numbers higher than 1024 and make sure you have write permissions in /global/sc1/sunds/:
        dsadm create -p 1389 -P 1636 -w /tmp/me/password.txt -h /clusteredfs/sunds/myds
  3. Make sure the Directory Server instance is properly working:
    • Start the Directory Server instance manually on the node1:
      dsadm start /clusteredfs/sunds/myds
    • Test with an LDAP client to connect to the Directory Server instance:
      ldapsearch -h -b "" -s base '(objectclass=\*)'
    • Stop the Directory Server instance:
      dsadm stop /clusteredfs/sunds/myds
    • Switch the Cluster to the other node:
      scswitch -z -g ds-ldap1 -h node2
    • Start the Directory Server instance manually on the other node:
      dsadm start /clusteredfs/sunds/myds
    • Test with an LDAP client:
      ldapsearch -h -b "" -s base '(objectclass=\*)'
    • Stop the Directory Server instance:
      dsadm stop /clusteredfs/sunds/myds
  4. Enable the newly created Directory Server instance as a Cluster resource:
    • (as root) scrgadm -a -t SUNW.ds6ldap
    • (as root) dsadm enable-service --type CLUSTER /clusteredfs/sunds/myds ds-ldap1
    • Note: The previous command names the resource with a predefined format which is later used to retrieve the DS instance. As a result, any attempt to change the resource name will cause the start and stop commands to fail. Also, dashes and spaces should be avoided in the installation path of the Directory Server instances. These limitations may be removed in future versions of DS 6 and its cluster agent.

  5. Work-around bug 6478568 - Missing dependency on disks in dsadm enable-service --type CLUSTER:
    • scrgadm -c -j ds--clusteredfs-sunds-myds -y Resource_dependencies=disks

To Manage a Directory Server Instance

At this point, only root can stop and start the Directory Server instance, either with the cluster commands (scswitch -e|-n|-z) on any node of the cluster, or with the dsadm command:
  • scswitch -e -j ds--clusteredfs-sunds-myds
  • dsadm start /clusteredfs/sunds/myds

Post a Comment:
Comments are closed for this entry.

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo


« August 2016