X

Dynamic provisioning of directory instances with DPS - Part 1

Guest Author

The goal here is to dynamically  add/remove a directory server instance from the mesh with no or limited impact on the client applications and w/o altering the HW load-balancers that are commonly deployed in front of the directories. In the rest of this post, we assume that client applications access the directory services via an access layer provided by the Sun/Oracle Directory Proxy Server (DPS).

The first method consists in changing the directory server operational state so that it is automatically considered as "unavailable" by DPS. Each DPS periodically checks directory servers availability by retrieving  its operational state with a configurable LDAP search. Would the operational entry "disappears" (i.e. no longer matches a search filter), the directory server would stop receiving traffic from the DPS(s).

Configuration

First, decide  which entry and attribute will hold the server operational state, e.g. attribute description in entry  cn=server state,cn=config

dn: cn=server state,cn=config

objectclass: top

objectclass: extensibleObject

description: SERVER_AVAILABLE

Then change the DPS configuration of each LDAP data sources so that this "state" entry is checked on a regular basis. By convention, the server is down if the poll returns no entry.

In this example, the property monitoring-entry-dn must be set to cn=server state,cn=config, the property monitoring-search-filter can be set to (description=SERVER_AVAILABLE). Depending on the state entry used, it may be necessary to use specific credentials to access it. In such case, the properties monitoring-bind-dn and monitoring-bind-pwd should be changed as well.



[@euler]# dpconf get-ldap-data-source-prop
euler:10389          


...

ldap-address                                          : 
euler.france.sun.com 

ldap-port                                               :  10389 

ldaps-port                                             :  ldaps 
monitoring-bind-dn                        :  cn=directory manager 
monitoring-bind-pwd                      : 
{3DES}qowEGwcvUhKdUKegsRrO73X46Gb2JKPT 

monitoring-bind-timeout              :  5s 
monitoring-entry-dn                       :  cn=server
state,cn=config

monitoring-interval                       :  30s 
monitoring-search-filter              : 
(description=SERVER_AVAILABLE)

Removing a directory server from the topology

The description of the state entry must first be modified e.g. the state can be set to SERVER_UNAVAILABLE.  DPS will take up to about 2 times the monitoring-interval to stop forwarding traffic to that server. It is then safe to shut down the directory server instance w/o impacting client applications.

(Re)adding a directory server to the topology

Set (back) the description value to "SERVER_AVAILABLE" in the directory state entry (and dynamically add a new data source object to the DPS configuration for a brand-new server).

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.