Dynamic provisioning of directory instances with DPS - Part 1

The goal here is to dynamically  add/remove a directory server instance from the mesh with no or limited impact on the client applications and w/o altering the HW load-balancers that are commonly deployed in front of the directories. In the rest of this post, we assume that client applications access the directory services via an access layer provided by the Sun/Oracle Directory Proxy Server (DPS).

The first method consists in changing the directory server operational state so that it is automatically considered as "unavailable" by DPS. Each DPS periodically checks directory servers availability by retrieving  its operational state with a configurable LDAP search. Would the operational entry "disappears" (i.e. no longer matches a search filter), the directory server would stop receiving traffic from the DPS(s).

Configuration

First, decide  which entry and attribute will hold the server operational state, e.g. attribute description in entry  cn=server state,cn=config

dn: cn=server state,cn=config
objectclass: top
objectclass: extensibleObject
description: SERVER_AVAILABLE

Then change the DPS configuration of each LDAP data sources so that this "state" entry is checked on a regular basis. By convention, the server is down if the poll returns no entry.

In this example, the property monitoring-entry-dn must be set to cn=server state,cn=config, the property monitoring-search-filter can be set to (description=SERVER_AVAILABLE). Depending on the state entry used, it may be necessary to use specific credentials to access it. In such case, the properties monitoring-bind-dn and monitoring-bind-pwd should be changed as well.


[@euler]# dpconf get-ldap-data-source-prop euler:10389          
...
ldap-address                                          :  euler.france.sun.com 
ldap-port                                               :  10389 
ldaps-port                                             :  ldaps 
monitoring-bind-dn                        :  cn=directory manager 
monitoring-bind-pwd                      :  {3DES}qowEGwcvUhKdUKegsRrO73X46Gb2JKPT 
monitoring-bind-timeout              :  5s 
monitoring-entry-dn                       :  cn=server state,cn=config
monitoring-interval                       :  30s 
monitoring-search-filter              :  (description=SERVER_AVAILABLE)

Removing a directory server from the topology

The description of the state entry must first be modified e.g. the state can be set to SERVER_UNAVAILABLE.  DPS will take up to about 2 times the monitoring-interval to stop forwarding traffic to that server. It is then safe to shut down the directory server instance w/o impacting client applications.

(Re)adding a directory server to the topology

Set (back) the description value to "SERVER_AVAILABLE" in the directory state entry (and dynamically add a new data source object to the DPS configuration for a brand-new server).

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About


I am Sylvain Duloutre, I work as a Software Architect in the Oracle Directory Integration Team, the customer-facing part of Directory Services & Identity Management Product Development, working on Technical Field Enablement.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today