Promoting Replicas to Providers (Single Provider)
Created by Greg Noe, last modified on Jul 16, 2015
This procedure is intended for single-provider environments using standard syncrepl. The procedure for multi-provider environments is available here: [[[DRAFT] Procedure for Promoting Replicas to Providers (Multi-Provider)|3277165]]
- Please consult the [[[DRAFT] Replication Best Practices|2719748]] guide for information on configuring replication for high availability.
- It is important to configure and test this promotion procedure as a part of your disaster recovery plan.
Background
When working in a replicated environment, it is sometimes necessary to promote a replication consumer to a replication provider due to a provider server going offline due to failure, maintenance or decommissioning.
Back up all provider and consumer configurations prior to implementing any changes (See: [[Configuration Backup|Configuration-Backup_3277052]])
In this procedure, we’ll use one provider and two consumers with the following base configurations:
Example Base
Configurations…
The provider/consumer example configurations in this document are based on the following:
cn=config Provider Consumers cn=config ————– olcServerID: 1 cn=module{0},cn=config ———————– olcModuleLoad: syncprov olcDatabase={1}mdb,cn=config ————————————- olcDatabase: {1}mdb olcDbDirectory: /var/symas/openldap-data/example olcDbIndex: default eq olcDbIndex: cn,objectClass,entryCSN,entryUUID eq olcDbMaxSize: 1073741824 olcRootDN: cn=admin,dc=example,dc=com olcRootPW: secret olcSuffix: dc=example,dc=com olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config ————————————————— olcSpCheckpoint: 1000 60 olcSpSessionlog: 100
cn=config
----------------
olcServerID: 2|3
olcDatabase={1}mdb,cn=config
-------------------------------------------------
olcDatabase: {1}mdb
olcDbDirectory: /var/symas/openldap-data/example
olcDbIndex: default eq
olcDbIndex: cn,objectClass,entryCSN,entryUUID eq
olcDbMaxSize: 1073741824
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: secret
olcSuffix: dc=example,dc=com
olcSyncrepl: rid=001 provider=ldap://server1/
binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=secret
searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10
retry="5 5 300 5" timeout=1
slapd.conf Provider Consumers # Global Definitions serverID 1 moduleload syncprov.la
# Database Definition
database mdb
directory "/var/symas/openldap-data/example"
suffix "dc=example,dc=com"
maxsize 1073741824
rootdn "cn=admin,dc=example,dc=com"
rootpw secret
index default eq
index cn objectClass,entryCSN,entryUUID
# Syncprov Definition
overlay syncprov
syncprov-checkpoint 1000 60
syncprov-sessionlog 100
# Global Definitions
serverID 2|3
# Database Definition
database mdb
directory "/var/symas/openldap-data/example"
suffix "dc=example,dc=com"
maxsize 1073741824
rootdn "cn=admin,dc=example,dc=com"
rootpw secret
index default eq
index cn objectClass,entryCSN,entryUUID
# Syncrepl Definition
syncrepl rid=001 provider=ldap://server1/
binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=secret
searchbase="dc=example,dc=com"
type=refreshAndPersist interval=00:00:00:10
retry="5 5 300 5" timeout=1
Procedure for Promotion
Back up all provider and consumer configurations prior to implementing any changes (See: [[Configuration Backup|Configuration-Backup_3277052]])
Back up the data on your provider and consumer databases (See: [[Backup & Restore|3277177]] articles)
If your consumers connect to your providers using SSL/TLS, ensure the correct certificates are in place to allow connections to the consumer being promoted. (See: [[SSL Certificate Maintenance|3277192]])
Promoting the consumer:
First remove all consumer related syncrepl settings:
Syncrepl Removal - cn=config Expand source
# File: rmSR.ldif # Command Line Example: # ldapmodify -x -D "cn=admin,cn=config" -W -H ldap://server/ -f rmSR.ldif # ----------------------------------------------------------------------- dn: olcDatabase={1}mdb,cn=config changetype: modify delete: olcSyncrepl -
Syncrepl Removal - slapd.conf Expand source
# Remove/comment out the following: syncrepl rid=001 provider=ldap://server1/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
Next, add/enable the syncprov overlay and match the configuration to the original provider:
Add Syncprov - cn=config Expand source
# File: addSP.ldif # Command Line Example: # ldapmodify -x -D "cn=admin,cn=config" -W -H ldap://server/ -f addSP.ldif # ------------------------------------------------------------------------ dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov.la - dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpCheckpoint: 1000 60 olcSpSessionlog: 100
Add Syncprov - slapd.conf Expand source
# Global Config moduleload syncprov.la # Syncprov Definition database mdb ... overlay syncprov syncprov-checkpoint 1000 60 syncprov-sessionlog 100 # Restart slapd daemon to activate changes
On all other consumers, update the provider URI in the syncrepl setting to point to the new provider:
Update Provider URI - cn=config Expand source
# File: updURI.ldif # Command Line Example: # ldapmodify -x -D "cn=admin,cn=config" -W -H ldap://server/ -f updURI.ldif # ------------------------------------------------------------------------- dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcSyncrepl olcSyncrepl: rid=001 provider=ldap://server2/ binddn="cn=admin, dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=exampl e,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeo ut=1 -
Update Provider URI - slapd.conf Expand source
# Syncrepl Definition syncrepl rid=001 provider=ldap://server2/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 # Restart slapd daemon to activate changes
Once the consumer configurations are updated (and slapd is restarted if the server uses slapd.conf), the promotion will be complete.
Converting the original provider to a consumer
If the original provider is being converted to a consumer, follow these steps:
Remove the syncprov overlay and related settings
Syncprov Overlay Removal - cn=config Expand source
# Back up the cn=config database using the slapcat utility: slapcat -n0 -l server1_backup_orig.ldif # Make a copy of the cn=config database backup ldif: cp server1_config_orig.ldif new_config.ldif # Open the backup ldif (new_config.ldif) and delete the # syncprov overlay section: dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config # If the syncprov overlay is not being used for any other # database on the server, remove the following from the # 'dn: cn=module{0},cn=config' section: olcModuleLoad: {N}syncprov.la # Stop the slapd daemon # Delete the contents of the slapd dynamic # configuration directory: rm -rf /opt/symas/etc/openldap/slapd.d/* # Import the modified new_config.ldif: slapadd -n0 -F /opt/symas/etc/openldap/slapd.d -l new_config.ldif # Start the slapd daemon
Syncprov Overlay Removal - slapd.conf Expand source
# Remove/comment out all instances of the following: moduleload syncprov.la overlay syncprov syncprov-checkpoint 1000 60 syncprov-sessionlog 100 syncprov-nopresent [TRUE|FALSE] syncprov-reloadhint [TRUE|FALSE]
Next, add the syncrepl configuration
Add Syncrepl - cn=config Expand source
# File: addSR.ldif # Command Line Example: # ldapmodify -x -D "cn=admin,cn=config" -W -H ldap://myserver/ -f addSR.ldif # -------------------------------------------------------------------------- dn: olcDatabase={1}mdb,cn=config changetype: add objectClass: olcSyncrepl olcSyncrepl: rid=001 provider=ldap://server2/ binddn="cn=admin, dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=exampl e,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeo ut=1 -
Add Syncrepl - slapd.conf Expand source
# Syncrepl Definition syncrepl rid=001 provider=ldap://server2/ binddn="cn=admin,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 # Start the slapd daemon
The conversion is now complete
Related articles
Page:
Page:
Page:
Page:
Page: