HIGH AVAILABLITY Oracle Internet Directory in a high availability environment when using two separate nodes. When a RAC database is used, the oid processes will still be running on two different nodes even though there is only one OID database. The load balancer configurations and managing the LDAP processes are the same regardless of which HA environment is being used. Goal This document describes one way to accomplish high availability for in OID instance when using virtual hostnames and a load balancer when a RAC installation is not available. Solution High Availability Scenario This example was done on two HPUX 11.11 systems running Application Server 9.0.4.0 and a software load balancer (http://balance.sourceforge.net). Additionally, the SunOne/Iplanet DIP connector was used to populate the OID with existing users. This DIP configuration was done using DIP Tester. This procedure will be using the hostnames, "echpux1", "echpux2", and virtual hostname "ldaphost". You will need to substitute your hostnames in the examples given.
Step 1. You must install a complete Oracle Applications Server that includes an infrastructure...metadata repository, oracle internet directory. If you are installing this as part of this note, you should select all components EXCEPT the HA option, it will be used on the next step.
Step 2. Install a replica node. Follow the steps EXACTLY as outlined in Note 273349.1 Quick Start Guide - Setting Up OID Replication in 10g (9.0.4) Note 300436.1 Setting Up Replication in 10.1.2 You should become familiar with the terms used in the note...eg.. MDS, RMS as they will be referred to in this procedure. Step 3. Verify (on both nodes) that you can startup the oidmon, oidldapd, and oidrepld in the normal manner. eg...using the default host names. 3.1 On the MDS: opmnctl stopall opmnctl startall Note: From the replication note, once you have started the replication process manually the first time, the opmnctl can now stop and start all the processes
�(Including the replication process) 3.2 On the RMS: oidmon connect=asdb start oidctl connect=asdb server=oidldapd instance=1 start oidctl connect=asdb server=oidrepld instance=1 flags="-h echpux1 -p 389" start
Step 4. When following the replication note in Step 2, the RMS was configured to use the default ldap port 389. In setting up a HA environment the rule is that both of these nodes MUST use the same port. Therefore, if your MDS node used a different port, then you must create a new configset on the RMS to match the ports on the MDS. Use Note 240702.1 How to Create A New OIDLDAPD Configset Step 5. If you were required to create a new configset due to port mismatch, verify that the new configset will start on the RMS by running the following procedure: 5.1 Stop the running oid servers on the RMS oidctl connect=asdb server=oidrepld instance=1 stop oidctl connect=asdb server=oidldapd instance=1 stop 5.2 Run ldapcheck and / or ps -ef to verify that the processes have stopped 5.3 Start the processes using the new configset oidctl connect=asdb server=oidldapd instance=1 configset=1 start oidctl connect=asdb server=oidrepld instance=1 flags="-h echpux1 -p 3060" start 5.4 Verify that the new configset is running ldapbind -h echpux1 -p 3060 5.5 Check the $ORACLE_HOME/ldap/log/oidrepld00.log and make sure the replication server comes up. Remember, the oidrepld is a client process, therefore you must use the flags parameters to tell it how to connect to the oidldapd process.
Step 6. Configure load balancer. In this example the Open Source "balance" program running on a Linux Red Hat machine was used. This product is NOT SUPPORTED BY ORACLE but can be downloaded from http://balance.sourceforge.net
�9.1 install balance on a supported Linux machine ( in this example, the Linux machine was installed using "ldaphost" as the hostname) 9.2 start balance in foreground, in debug mode, as follows to test your configuration: /usr/sbin/balance -fd 3060 echpux1.us.oracle.com::1 echpux2.us.oracle.com::1 See the "balance" documentation for different style configurations and additional ports Step 7. On the MDS, start the odisrv process; oidctl host=ldaphost conn=asdb serv=odisrv inst=1 conf=1 flags="host=echpux1 port=3060" start Note, the odisrv process is not yet configured for the 3rd party ldap server, but you need to ensure the odisrv can come up and contact the ldapserver.
Step 8. On the RMS, start the oid processes - DO NOT START the ODISRV process. oidmon conn=asdbrms start oidctl conn=asdbrms serv=oidldapd inst=1 flags="host=echpux2 port=3060" start oidctl conn=asdbrms serv=oidrepld inst=1 conf=1 flags="-h echpux2 -p 3060" start
Step 9. Test the OID ldapserver from another node and watch the "balance" debug output. ldapbind -h ldaphost -p 3060 You should see the following output: connect from 141.144.114.59 <---your hostname where you performed the ldapbind trying group 0 channel 1 ... connect to channel 1 successful Step 10. (Optional) Configure the DIP Synchronization profile. Follow the Note 306102.1 Using DIP Tester To Setup DIP Synchronization Replication does not replicate the Profiles; therefore you must configure the DIP profile on both the MDS and the RMS. However, you NEVER only run but a single odisrv.
Step 11. On HPUX 9.0.2 when the replica was built it failed to add an aci. See Bug 4613481) you must fix this in order for the odisrv to start. Create a file called fix_aci.ldif as follows:
�dn: cn=odisrv,cn=subregistrysubentry changetype: modify add: orclaci orclaci: access to attr=(*) by group="cn=odisgroup,cn=odi,cn=oracle internet d irectory" (read,search,write,compare) by group="cn=dipadmingrp,cn=odi,cn=ora cle internet directory" (read,search,write,compare) by * (none) orclaci: access to entry by group="cn=odisgroup,cn=odi,cn=oracle internet dire ctory" (browse,add,delete) by group="cn=dipadmingrp,cn=odi,cn=oracle interne t directory" (browse,add,delete) by * (none)
Step 12. Use ldapmodify to correct the problem by adding the ACI.. ldapmodify -h jdsmith-pc3 -p 3060 -D cn=orcladmin -w welcome1 -f ./fix_aci.ldif
Step 13. Check for local and LBR access of locally running oid proceses At this point an $ORACLE_HOME/ldap/bin/ldapcheck should return: Checking Oracle Internet Directory Processes ...ALL Process oidmon is Alive as PID 6851 Process oidldapd is Alive as PID 6904 Process oidldapd is Alive as PID 6885 Process oidrepld is Alive as PID 6953 Process odisrv is Alive as PID 6920 (MDS ONLY) Summary Since the local hosts themselves are using their respective hostnames you will NOT see any traffic to the load balancer ("balance"), nor will you see the replication and odisrv processes traffic to OID. The odisrv should ONLY be run on the primary node. Therefore, if you MDS goes down, crashes, and is completely offline you will have to start the odisrv process on the RMS node. Note: Before bringing up the odisrv on the RMS be sure to Get and Set the Last Applied Change numbers in the profle.
�