OpenDS 2.0 has just been released and there are several new and exciting features in it.
To me, the biggest innovation in this release is "Assured Replication", an extension to the loose consistency multi-master replication feature that brings tighter consistency of data between replica. "Assured Replication" is not to be taken for a full synchronous and transactional replication mechanism. A change is not transactionally applied to a set of or all replicas of a topology. With "Assured Replication", the response to an LDAP modification is delayed until the change has been received or applied by other servers, in a best effort mode. It provides a greater assurance that a change is not lost even if the server receiving it crashes.
Assured Replication can function in 2 modes :
- Safe Data Mode: an update must be propagated to a defined number of Replication Servers before returning a response to the client. So if the server or the replication server is stopped, the data is still available to all other replicas.
- Safe Read Mode: an update must be propagated to all directory servers in the domain before the client is returned a response for the update.
Of course, for both modes, it's possible to configure a timeout interval to prevent LDAP clients to be waiting indefinitely if some servers are not available.
Configuring Assured Replication is pretty straightforward but cannot be done when setting up replication itself. So the first step is to configure Multi-Master Replication for a domain with dsreplication.
$ bin/dsreplication enable --host1 localhost --port1 5444 --bindDN1 'cn=directory manager' --bindPassword1 secret12 --replicationPort1 8989 --host2 localhost --port2 6444 --bindDN2 'cn=directory manager' --bindPassword2 secret12 --replicationPort2 8990 --adminUID admin --adminPassword secret12 --baseDN "dc=example,dc=com" -X -n
Establishing connections ..... Done.
Checking Registration information ..... Done.
Configuring Replication port on server localhost:5444 ..... Done.
Configuring Replication port on server localhost:6444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server localhost:5444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server localhost:6444 ..... Done.
Updating Registration configuration on server localhost:5444 ..... Done.
Updating Registration configuration on server localhost:6444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:5444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:6444 ..... Done.
Initializing Registration information on server localhost:6444 with the contents of server localhost:5444 ..... Done.
Initializing schema on server localhost:6444 with the contents of server localhost:5444 ..... Done.
Replication has been successfully enabled. Note that for replication to work you must initialize the contents of the base DN's that are being replicated (use dsreplication initialize to do so).
$ bin/dsreplication initialize --baseDN "dc=example,dc=com" --adminUID admin --adminPassword secret12 --hostSource localhost --portSource 5444 --hostDestination localhost --portDestination 6444 -X -n
Initializing base DN dc=example,dc=com with the contents from localhost:5444:
23 entries processed (100 % complete).
Base DN initialized successfully.
for a detailed log of this operation.
$ bin/dsreplication status -h localhost -p 5444 --adminUID admin --adminPassword secret12 -X
dc=example,dc=com - Replication Enabled
Server : Entries : M.C. (1) : A.O.M.C. (2) : Port (3) : Security (4)
localhost:5444 : 23 : 0 : N/A : 8989 : Disabled
localhost:6444 : 23 : 0 : N/A : 8990 : Disabled
Now that replication is setup, we can enable the Assured Replication mode, using the dsconfig utility. For this, on each of the OpenDS direcotry servers, we first need to retrieve the full name of the replication domain.
$ bin/dsconfig -D cn=directory\\ manager -w secret12 -n -s list-replication-domains --provider-name "Multimaster Synchronization"
cn=admin data (domain 29167)
cn=schema (domain 9674)
dc=example,dc=com (domain 14741)
$ bin/dsconfig -D cn=directory\\ manager -w secret12 -n set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com (domain 14741)" --advanced --set assured-type:safe-data --set assured-sd-level:2
Note that the Replication Domain has a different value on each server, so you have to repeat these 2 commands on each instance.
Setting the assured level for Safe Data to 2 means that the server will make sure the data has been received by at least 2 replication services before returning to the LDAP client the response to the update request.
From a client point of view, there should be no difference, except that the server might take a little longer to return the response to an update request. In our measures, we found that the response time increased by 25% for Safe Data Level 2, which seems a lot, but honestly, when the response time is in the order of 2ms, it's hard to notice !
You can find more information about Assured Replication on OpenDS 2.0 documentation wiki, both in the overview of OpenDS Replication Architecture and the Replication Administration Guide, and more specifically Assured Replication Administration Guide
Technorati Tags: directory-server, java, ldap, opends, opensource, replication