[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Migrating to new production servers via syncrepl
- To: openldap-technical@openldap.org
- Subject: Migrating to new production servers via syncrepl
- From: "samuli.seppanen@gmail.com" <samuli.seppanen@gmail.com>
- Date: Wed, 02 Oct 2013 13:25:09 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=dIF1T+NkeDkBdjklMDJooVBq1hUM68NqXqCr1nyOYmM=; b=tb1Yw2sYZF+IXjoi8+L2kYkXtolAHmRAzeAgqeML3Pw8SgUDP3R70W7YLzMlNfMW4b NRXJ/MXENW6UnsB1OI6M6eO3GLLgseDB5am6hf4rlSrklFyMO+iakjemPMXvZA5jsWva PXu3Q0rOsrcwLSJ2dMTveYyTfnlmmR2cLc2Ldo3B3ZQaHo6AicCmHTaGi/6nr4PQQldd /HD81StLnwOopygbZGvD8GltcE9KgXEASJW+6oIgDV0rMHWBwkpKGufB6SMWqm4ORyWI 6+URiv9uO2xGsfLI7XfQZCHeVccGhhqAyykSf0aSkGaEL1/ZpV+aju4btXFRHtS9dCyc ceHA==
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
Hi,
I'm phasing out two OpenLDAP production servers[1] in a master-master
configuration. The production servers can't afford more than a few mins
of downtime, so migrating using slapcat/slapadd is out of the question.
So, what I'm ending up doing is migrating using syncrepl. Here's the
plan, with arrows pointing from the provider to the consumer:
old1 <-> old2 -> new1 -> new2
Once the replicas on "new1" and "new2" are complete, I plan to
1) Direct all LDAP reads to "new1"
2) Direct all LDAP writes to "new1" (=make it briefly the only active
LDAP server)
3) Change the replication config on "new1" so that it fetches changes
from "new2" instead of "old2"
4) Restart slapd on new1 (it uses slapd.conf) to activate the change
4) Start offloading LDAP reads/writes to "new2" (e.g. using a loadbalancer)
A couple of questions:
. Does this plan makes sense in general?
- Which caveats I should be aware of?
- How can I ensure the replicas are complete and in the same state[1]?
- Does switching the replication provider for "new1" from "old2" to
"new2" cause any side-effects?
Also, when is full reload of the replica[2] required/suggested? I've
managed to end up with incomplete replicas on "old2" a couple of times
even if I've wiped /var/lib/ldap and started replication from scratch.
Any suggestions or pointers are most welcome! Also let me know if you
need more info (configs, etc) and I'll provide it.
Best regards,
Samuli Seppänen
---
[1] I've used these command so far:
$ cd /var/lib/ldap
$ db_stat -d <database-file>
If the numbers (data items etc) match, can I be sure the replicas are
identical?
I've also checked the contextCSN on the using something like this:
$ ldapsearch -H ldap://old2:389 -D "cn=admin,dc=domain,dc=com" -x -W -v
-s base -b "dc=domain,dc=com"
$ ldapsearch -H ldap://new1:389 -D "cn=admin,dc=domain,dc=com" -x -W -v
-s base -b "dc=domain,dc=com"
$ ldapsearch -H ldap://new2:389 -D "cn=admin,dc=domain,dc=com" -x -W -v
-s base -b "dc=domain,dc=com"
The output seems to be identical for "old2" and "new1", but "new2"
differs, even though the database seems identical if checked with
db_stat. I assume this is normal given the replication chaining (see above).
[2] Starting slapd with the "-c rid=<rid>" switch should do this, correct?