| Exit Print View | |
Sun OpenDS Standard Edition 2.2 Command-Line Usage Guide |
|
|
|
The dsreplication command configures replication between directory servers so that the data of the servers is synchronized.
This command is not supported for the proxy.
dsreplication [subcommands] [options]
The dsreplication command can be used to configure replication between directory servers so that the data of the servers is synchronized. First enable replication by using the enable subcommand and then initialize the contents of one directory server with the contents of another server by using the initialize subcommand.
The dsreplication command contacts the server over SSL using the administration connector (see Managing Administration Traffic to the Server in Sun OpenDS Standard Edition 2.2 Administration Guide).
Like the dsconfig command, dsreplication can be run in interactive mode, which walks you through the replication setup process. To run dsreplication in interactive mode, type the command name with no parameters, as shown in the following example:
$ dsreplication What do you want to do? 1) Enable Replication 2) Disable Replication 3) Initialize Replication on one Server 4) Initialize All Servers 5) Pre External Initialization 6) Post External Initialization 7) Display Replication Status c) cancel Enter choice: 1 ...
To display the equivalent non-interactive command, use the --displayCommand or --commandFilePath option.
The following subcommands are used with the dsreplication command.
Disable replication on the specified directory server for the specified base DN. This subcommand removes references to the specified server in the configuration of the servers with which this server is replicating data. Suboptions are as follows:
-D, --bindDN bindDN. The DN used to bind to the server on which replication will be disabled. This option must be used if no global administrator has been defined on the server or if you do not want to remove references in the other replicated servers. The password provided for the global administrator is used when this option is specified.
-a, --disableAll. Disable the replication configuration on the specified server. The contents of the server are no longer replicated and the replication server (change log and replication port) is disabled, if it is configured.
--disableReplicationServer. Disable the replication server. The replication port and change log are disabled on the specified server.
-h, --hostname host. Directory server host name or IP address.
-p, --port port. Directory server administration port number.
Update the configuration of the directory servers to replicate data under the specified base DN. If one of the specified servers is already replicating the data under the base DN to other servers, executing this subcommand updates the configuration of all the servers. It is therefore sufficient to execute the subcommand once for each server that is added to the replication topology. Suboptions are as follows:
--bindDN2 bindDN. The DN used to bind to the second server whose contents will be replicated. If no bind DN is specified, the global administrator is used to bind.
--bindPassword1 bindPassword. The password used to bind to the first server whose contents will be replicated. If no bind DN was specified for the first server, the password of the global administrator is used to bind.
--bindPassword2 password. The password used to bind to the second server whose contents will be replicated. If no bind DN was specified for the second server, the password of the global administrator is used to bind.
--bindPasswordFile1 filename. The file containing the password used to bind to the first server whose contents will be replicated. If no bind DN was specified for the first server, the password of the global administrator is used to bind.
-D, --bindDN1 bindDN. The DN used to bind to the first server whose contents will be replicated. If no bind DN is specified, the global administrator is used to bind.
-F, --bindPasswordFile2 filename. The file containing the password used to bind to the second server whose contents will be replicated. If no bind DN was specified for the second server, the password of the global administrator is used to bind.
-h, --host1 host. Host name or IP address of the first server whose contents will be replicated.
--noReplicationServer1. Do not configure a replication port or change log on the first server. The first server will contain replicated data but will not contain a change log of modifications made to the replicated data. Note that each replicated topology must contain at least two servers with a change log to avoid a single point of failure.
--noReplicationServer2. Do not configure a replication port or change log on the second server. The second server will contain replicated data but will not contain a change log of modifications made to the replicated data. Note that each replicated topology must contain at least two servers with a change log to avoid a single point of failure.
--noSchemaReplication. Do not replicate the schema between the servers. Note that schema replication is enabled by default. Use this option if you do not want the schema to be synchronized between servers.
--onlyReplicationServer1. Configure only a change log and replication port on the first server. The first server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers.
--onlyReplicationServer2. Configure only a change log and replication port on the second server. The second server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers.
-O, --host2 host. Hostname or IP address of the second server whose contents will be replicated.
-p, --port1 port. Directory server administration port number of the first server whose contents will be replicated.
--port2 port. Directory server administration port number of the second server whose contents will be replicated.
-r, --replicationPort1 port. The port that will be used by the replication mechanism in the first directory server to communicate with other servers. Only specify this option if replication was not previously configured on the first directory server.
-R, --replicationPort2 port. The port that will be used by the replication mechanism in the second directory server to communicate with other servers. Only specify this option if replication was not previously configured in the second server.
-S, --skipPortCheck. Skip the check to determine whether the specified replication ports are usable. If this argument is not specified, the server checks that the port is available only if you are configuring the local host.
--secureReplication1. Specifies whether communication through the replication port of the first server is encrypted. This option is only taken into account the first time replication is configured on the first server.
--secureReplication2. Specifies whether communication through the replication port of the second server is encrypted. This option is only taken into account the first time replication is configured on the second server.
--useSecondServerAsSchemaSource. Use the second server to initialize the schema of the first server. If neither this option nor the --noSchemaReplication option is specified, the schema of the first server is used to initialize the schema of the second server.
Initialize the contents of the data under the specified base DN on the destination directory server with the contents on the source server. This operation is required after enabling replication. Suboptions are as follows:
-h, --hostSource host. Directory server host name or IP address of the source server whose contents will be used to initialize the destination server.
-O, --hostDestination host. Directory server hostname or IP address of the destination server whose contents will be initialized.
-p, --portSource port. Directory server administration port number of the source server whose contents will be used to initialize the destination server.
--portDestination port. Directory server administration port number of the destination server whose contents will be initialized.
Initialize the data under the specified base DN, on all the directory servers in the topology, with the data on the specified server. This operation is required after enabling replication for replication to work. Alternatively, you can use the initialize subcommand on each individual server in the topology. Suboptions are as follows:
-h, --hostname host. Directory server host name or IP address of the source server.
-p, --port port. Directory server administration port number of the source server.
Enable replication to work after the entire topology has been reinitialized by using import-ldif or binary copy. This subcommand must be called after you initialize the contents of all directory servers in a topology by using import-ldif or binary copy. If you do not run this subcommand, replication will no longer work after the initialization. Suboptions are as follows:
-h, --hostname host. Directory server host name or IP address.
-p, --port port. Directory server administration port number.
Prepare a replication topology for initialization by using import-ldif or binary copy. This subcommand must be called before you initialize the contents of all directory servers in a topology by using import-ldif or binary copy. If you do not run this subcommand, replication will no longer work after the initialization. After running this subcommand, initialize the contents of all the servers in the topology, then run the subcommand post-external-initialization. Suboptions are as follows:
-h, --hostname host. Directory server host name or IP address.
-l, --local-only. Use this option when the contents of only the specified directory server will be initialized with an external method.
-p, --port port. Directory server administration port number.
List the replication configuration for the specified base DNs of all directory servers defined in the registration information. If no base DNs are specified, the information for all base DNs is displayed. Suboptions are as follows:
-h, --hostname host. Directory server host name or IP address.
-p, --port port. Directory server administration port number.
-s, --script-friendly. Display the status in a format that can be parsed by a script.
The dsreplication command accepts an option in either its short form (for example, -H) or its long form equivalent (for example, --help).
Specify the base DN of the data to be replicated or initialized, or for which replication should be disabled. Multiple base DNs can be specified by using this option multiple times.
Use the global administrator password in the specified file when authenticating to the directory server. This option must not be used in conjunction with --adminPassword.
Use the global administrator password when authenticating to the directory server.
Use this option to access advanced settings when running this command in interactive mode.
Specify the User ID of the global administrator to bind to the server. If no global administrator was defined previously for any of the servers, this option creates a global administrator by using the data provided.
Use the client keystore certificate in the specified path.
Use the specified certificate for authentication.
Use the specified options for SASL authentication.
SASL is not supported for Sun OpenDS Standard Edition proxy.
Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.
Use the password needed to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password in order to access its contents (which most trust stores do not require). This option must not be used in conjunction with --trustStorePasswordFile.
Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used. This option must not be used in conjunction with --keyStorePassword.
Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password in order to access its contents (most trust stores do not require this). This option must not be used in conjunction with --trustStorePassword.
Use the password needed to access the certificates in the client keystore. This option is only required if --keyStorePath is used. This option must not be used in conjunction with --keyStorePasswordFile.
Trust any certificate that the server might present during SSL or StartTLS negotiation. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate.
Specify the full path to the file in which the equivalent non-interactive commands are written when the command is run in interactive mode.
Display the equivalent non-interactive command in the standard output when the command is run in interactive mode.
Run in non-interactive mode. If some data in the command is missing, the user will not be prompted and the command will fail.
Indicate that the command will not use a properties file to get the default command-line options.
Specify the path to the properties file that contains the default command-line options.
Run in quiet mode. No output will be generated unless a significant error occurs during the process.
Display command-line usage information for the command and exit without making any attempt to stop or restart the server.
Display the version information for the server and exit rather than attempting to run this command.
The following examples assume that two directory servers are installed: host1 and host2. Both servers are configured with the default administration port (4444). The base DN dc=example,dc=com is populated with data on host1. The base DN exists on host2, but is empty. The examples configure replication between the two servers and initialize host2 with data.
Note - The easiest way to use dsreplication is in interactive mode, in which case you are prompted for all of the relevant arguments. However, to illustrate which arguments are configured, these examples do not use the interactive mode.
Enter the command on any UNIX, Linux, or Windows system that has at least the Java SE 5 (at least Sun version 1.5.0_08, preferably the latest version of Java SE 6) runtime environment installed on its target system.
The following command enables replication for the base DN dc=example,dc=com on host1 and host2. The command runs in non-interactive mode (-n) and specifies that all server certificates should be accepted (-X).
$ dsreplication enable \ --host1 host1 --port1 4444 --bindDN1 "cn=Directory Manager" \ --bindPassword1 password --replicationPort1 8989 \ --host2 host2 --port2 4444 --bindDN2 "cn=Directory Manager" \ --bindPassword2 password --replicationPort2 8990 \ --adminUID admin --adminPassword password --baseDN "dc=example,dc=com" -X -n
To initialize one replica from another, use the initialize subcommand. The following command initializes the base DN dc=example,dc=com on host2 with the data contained on host1. The command runs in non-interactive mode (-n) and specifies that all server certificates should be accepted (-X).
$ dsreplication initialize --baseDN "dc=example,dc=com" \ --adminUID admin --adminPassword password \ --hostSource host1 --portSource 4444 \ --hostDestination host2 --portDestination 4444 -X -n
To initialize an entire topology, use the initialize-all subcommand. This subcommand takes the details of the source directory server as options and initializes all other replicas for which replication has been enabled.
The following command obtains the replication status of the directory servers in the topology.
$ dsreplication status --hostname host1 --port 4444 \
--adminUID admin --adminPassword password -X -n
dc=example,dc=com - Replication Enabled
=======================================
Server : Entries : M.C. (1) : A.O.M.C. (2) : Port (3) : Security (4)
---------------:---------:----------:--------------:----------:-------------
localhost:4444 : 102 : 0 : N/A : 8989 : Disabled
localhost:5444 : 102 : 0 : N/A : 8990 : Disabled
[1] The number of changes that are still missing on this server (and that have been
applied to at least one of the other servers).
[2] Age of oldest missing change: the date on which the oldest change that has not
arrived on this server was generated.
[3] The port used to communicate between the servers whose contents are being
replicated.
[4] Whether the replication communication through the replication port is encrypted
or not.The following command disables replication for the base DN dc=example,dc=com on host2. Disabling replication on one directory server removes all references to that server from the other directory servers in the replication topology.
$ dsreplication disable --baseDN "dc=example,dc=com" \ --hostname host2 --port 4444 --adminUID admin --adminPassword password -X -n Establishing connections ..... Done. Disabling replication on base DN cn=admin data of server host2:4444 ..... Done. Disabling replication on base DN dc=example,dc=com of server host2:4444 ..... Done. Disabling replication on base DN cn=schema of server host2:4444 ..... Done. Removing references on base DN cn=admin data of server host1:4444 ..... Done. Removing references on base DN dc=example,dc=com of server host1:4444 ..... Done. Removing references on base DN cn=schema of server host1:4444 ..... Done. Disabling replication port 8990 of server host2:4444 ..... Done.
Successful.
Unable to initialize arguments.
Cannot parse arguments because the provided arguments are not valid or there was an error checking the user data.
The user canceled the operation in non-prompt mode.
Unexpected error.
The specified base DNs cannot be used to enable replication.
The specified base DNs cannot be used to disable replication.
The specified base DNs cannot be used to initialize the contents of the replicas.
Error connecting with the credentials provided.
Could not find the replication ID of the domain to be used to initialize the replica.
The maximum number of attempts to start the initialization has been exceeded. A systematic “peer not found error” was received.
Error enabling replication on base DN.
Error initializing base DN.
Error reading configuration.
Error updating ADS.
Error reading ADS.
Error reading Topology Cache.
Error configuring the replication server.
Unsupported ADS scenario.
Error disabling replication on base DN.
Error removing replication port reference on base DN.
Error initializing Administration Framework.
Error seeding trust store.
The directory server supports the use of a properties file that passes in any default option values used with the dsreplication command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.
The following options can be stored in a properties file:
adminUID
baseDN
certNickname
keyStorePassword
keyStorePasswordFile
keyStorePath
saslOption
SASL is not supported for Sun OpenDS Standard Edition proxy.
trustAll
trustStorePassword
trustStorePasswordFile
trustStorePath
Entries in the properties file have the following format:
toolname.propertyname=propertyvalue
For example:
dsreplication.baseDN=dc=example,dc=com
UNIX and Linux: install-dir/bin/dsreplication
Windows: install-dir\bat\dsreplication.bat
|
|