9 Oracle Internet Directory in Oracle Real Application Clusters Environment

Oracle Real Application Clusters (Oracle RAC) is a computing environment that harnesses the processing power of multiple, interconnected computers. Along with a collection of hardware, called a cluster, it unites the processing power of each component to become a single, robust computing environment. A cluster comprises two or more computers, also called nodes.

This chapter discusses the ways you can run Oracle Internet Directory in an Oracle RAC system. It contains these topics:

• Section 9.1, "Terminology"

• Section 9.2, "Installing Oracle Internet Directory against an Oracle RAC Database"

• Section 9.3, "Oracle Internet Directory in an Oracle RAC Environment"

• Section 9.4, "Oracle Directory Server Connection Modes to Oracle RAC Database Instances"

• Section 9.5, "Oracle Directory Replication Between Oracle Internet Directory Oracle RAC Nodes"

• Section 9.6, "About Changing the ODS Password on an Oracle RAC System"

9.1 Terminology

• Node

  A computer where an instance resides. It can be part of a Massively Parallel Computing Infrastructure in which it shares disk storage with other nodes. In most cases, a node has its own copy of the operating system.

• Cluster

  A set of instances, each typically running on a different node, that coordinate with each other when accessing the shared database on the disk

• Cluster Manager

  An operating system-dependent component that discovers and tracks the membership state of nodes by providing a common view of cluster membership across the cluster

• Transparent Application Failover (TAF)

  A runtime failover for high-availability environments, such as Oracle RAC and Oracle Fail Safe, that refers to the failover and re-establishment of application-to-service connections. It allows client applications to automatically reconnect to the database if the connection fails, and optionally resume a SELECT statement that was in progress. This reconnect happens automatically from within the Oracle Call Interface (OCI).

  The client notices no connection loss as long as there is one instance left serving the application.

• Connect-time failover

  Failover method in which a client connect request is forwarded to another listener if the first listener is not responding. It is enabled by service registration, because the listener knows whether an instance is running before attempting a connection.

9.2 Installing Oracle Internet Directory against an Oracle RAC Database

For information on installing Oracle Internet Directory against an Oracle RAC database, see the chapter entitled "Installing in High Availability Environments: OracleAS Cluster (Identity Management)" in the Oracle Application Server Installation Guide.

9.3 Oracle Internet Directory in an Oracle RAC Environment

To achieve a very comprehensive high availability configuration, you can configure Oracle Internet Directory to run on an Oracle RAC environment. This involves running Oracle Internet Directory processes and the Oracle Internet Directory-designated database on all the Oracle RAC nodes.

Figure 9-1 shows a two-node cluster on which an Oracle RAC database is configured.

Figure 9-1 Oracle Internet Directory with Basic High Availability Configuration

As Figure 9-1 shows:

• Oracle directory server instance 1 is active on Oracle RAC Node 1 and Oracle directory server instance 2 is active on Oracle RAC Node 2. Note that multiple Oracle directory server instances can be started on each node.

• Oracle Directory Integration Platform instances are active on both nodes.

• The Oracle directory replication server instance is active on one node only. If the node fails, then the OID Monitor on the surviving node pulls the Oracle directory replication server instance from the failed node and starts it on the surviving node.

• The LDAP client applications can be configured to communicate with Oracle Internet Directory on different Oracle RAC nodes directly. Alternatively, the Oracle Internet Directory server instances can be front-ended by a LAN redirector to get a single system image of the Oracle RAC nodes.

• When one Oracle RAC node is unavailable because of failure or maintenance purposes, Oracle Internet Directory running on the other Oracle RAC node is available. The LDAP clients connected to Oracle Internet Directory on the failed Oracle RAC node must reconnect.

9.4 Oracle Directory Server Connection Modes to Oracle RAC Database Instances

This section discusses the various connection modes possible for Oracle directory server instances communicating with Oracle RAC database instances. These connection modes are transparent to the Oracle Internet Directory clients, and do not affect the way in which Oracle Internet Directory communicates with its clients.

This section contains these topics:

• Section 9.4.1, "Load_balance Parameter"

• Section 9.4.2, "Connect-Time Failover (CTF)"

• Section 9.4.3, "Transparent Application Failover (TAF)"

• Section 9.4.4, "Configuring the tnsnames.ora File for the Failover"

9.4.1 Load_balance Parameter

If the load_balance parameter in the tnsnames.ora file is set to ON, then Oracle Internet Directory connections to the Oracle Database are distributed to each Oracle Database node. During failover of any node, only connections to the failed node are redirected to the available Oracle Database nodes.

If the load_balance parameter is set to off, then all the Oracle Internet Directory connections to the Oracle Database are to one Oracle Database node only.

During failover, all the connections are redirected to the available Oracle Database nodes.

9.4.2 Connect-Time Failover (CTF)

At the time of connection to the Oracle Database by the Oracle directory servers, if the primary Oracle Database node is not available, then Oracle Internet Directory servers connect to the backup (that is, secondary) database.

9.4.3 Transparent Application Failover (TAF)

To configure TAF, in the tnsnames.ora file, add one of the following:

• type=select and method=preconnect

or

• type=select and method=basic

During any LDAP search operation, if the primary Oracle Database node fails, then the Oracle directory server transparently connects to the backup (that is, the secondary) Oracle Database node, and the current LDAP search operation continues.

9.4.4 Configuring the tnsnames.ora File for the Failover

This section shows configurations of the tnsnames.ora files on two nodes.

Node 1

db.us.acme.com= 
 (description=  
  (load_balance=off/on)  /* only connect time load balancing & connection load balancing */
  (failover=on)          /* only connect time failover */
  (address=  
       (protocol=tcp)  
       (host=db1)  
       (port=1521)) 
 (address=  
       (protocol=tcp)  
       (host=db2)  
       (port=1521)) 
  (connect_data= 
     (service_name=db.us.acme.com) 
     (failover_mode=
       (backup=db2.acme.com)
       (type=select) 
       (method=preconnect))))

db2.acme.com= 
 (description=  
  (address=  
       (protocol=tcp)  
       (host=db2)  
       (port=1521)) 
  (connect_data= 
     (service_name=db.us.acme.com) 
     (instance_name=db2)
     (failover_mode=
     (backup=db2.acme.com)
     (type=select)
     (method=preconnect))
     ))

Node 2

db.us.acme.com= 
 (description=  
  (load_balance=off/on)  /* only connect time load balancing & connection load balancing */
  (failover=on)          /* only connect time failover */
  (address=  
       (protocol=tcp)  
       (host=db2)  
       (port=1521)) 
 (address=  
       (protocol=tcp)  
       (host=db1)  
       (port=1521)) 
  (connect_data= 
     (service_name=db.us.acme.com) 
     (failover_mode=
       (backup=db1.acme.com)
       (type=select) 
       (method=preconnect))))

db1.acme.com= 
 (description=  
  (address=  
       (protocol=tcp)  
       (host=db1)  
       (port=1521)) 
  (connect_data= 
     (service_name=db.us.acme.com) 
     (instance_name=db2)
     (failover_mode=
     (backup=db2.acme.com)
     (type=select)
     (method=preconnect))))

9.5 Oracle Directory Replication Between Oracle Internet Directory Oracle RAC Nodes

Directory replication can be configured between two or more Oracle Internet Directory Oracle RAC nodes.

• Each node in the directory replication group (DRG) is an Oracle Internet Directory Oracle RAC node.

• Directory replication brings in geographic availability, and the Oracle Internet Directory Oracle RAC nodes in the DRG ensure local availability, manageability, and scalability.

In the event that the Oracle directory replication server fails, or if the node running it fails, the OID Monitor starts the replication server on another node in the Oracle RAC. For details on how OID Monitor monitors the Oracle Internet Directory processes, see Section 3.7.2, "OID Monitor Details".

9.6 About Changing the ODS Password on an Oracle RAC System

If you change the ODS password on one Oracle RAC node by using the OID Database Password Utility (oidpasswd), then you must update the wallet ORACLE_HOME/ldap/admin/oidpwdlldap1 on the other Oracle RAC nodes. Do this either by copying the changed wallet to all the nodes, or by invoking the OID Database Password Utility on all other nodes to update the wallet file only. This applies to the replication password changes also. Here the Replication Environment Management Tool is used instead of the OID Database Password Utility.

If you run the oidpasswd command on one node only, and do not update the wallet on all the Oracle RAC nodes, the OC4J_SECURITY instance will not be able to start on the other nodes. You will see this error in the oidctl.log file:

[gsdsiConnect] ORA-1017, ORA-01017: invalid username/password; logon denied.

The fix is to copy the oidpwdlldap1 file to the other Oracle RAC nodes.