Oracle® Fusion Middleware Administrator's Guide for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28972-01 |
|
|
PDF · Mobi · ePub |
Monitoring detects failure of Directory Proxy Server and of data sources.
For a description of the monitoring framework for Directory Proxy Server, and for a detailed layout of the cn=monitor
entry, see Monitoring Directory Proxy Server in the Reference for Oracle Directory Server Enterprise Edition. This chapter covers the following topics:
Configuring Administrative Alerts for Directory Proxy Server
Retrieving Monitored Data About Directory Proxy Server by Using the JVM
To retrieve monitored data about Directory Proxy Server, use the cn=monitor
entry. This entry is managed by Directory Proxy Server in a local, in-memory database. You can retrieve attributes under cn=monitor
by performing an LDAP search on the cn=monitor
entry. You must bind as the Proxy Manager to search this entry.
For the best Directory Proxy Server monitoring results, search for the cn=monitor
entry using the base scope. Together with the search baseDN
, the base scope examines only the level specified by the baseDN
(and none of its child entries). You specify a base scope by using the -s base
option. For example:
$ ldapsearch -h HOSTNAME -p LDAP_PORT -D"cn=proxy manager" -w PROX_MANAGER_PASSWORD -s base -b "cn=monitor" "(objectclass=*)" version: 1 dn: cn=monitor objectClass: top objectClass: extensibleObject cn: monitor
For information about using the JVM to retrieve monitored data, see Retrieving Monitored Data About Directory Proxy Server by Using the JVM.
For a description of how Directory Proxy Server monitors the health of data sources, see Monitoring Data Sources in the Reference for Oracle Directory Server Enterprise Edition. This section describes how to configure the monitoring of data sources.
Note:
In addition to LDAP data source, you can also monitor the health of JDBC data source using monitoring-inactivity-timeout
, monitoring-interval
, and monitoring-mode
properties.
The proactive monitoring is implemented for LDAP data source as well as for JDBC data source. The implementation for both the data sources is not the same as the nature of the data sources is different.
In this type of monitoring, Directory Proxy Server listens for errors on the traffic between Directory Proxy Server and the data sources. This type of monitoring is called reactive monitoring because Directory Proxy Server reacts if an error is detected, but does not actively test data sources.
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Set the monitoring mode for the data source to reactive
.
$ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:reactive
Configure an alert to be sent when an error is detected or when a data source goes offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.
Directory Proxy Server creates a dedicated connection to a data source if there have been no requests to or responses from the data source for a specified interval.
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Set the monitoring mode for the data source to proactive
.
$ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:proactive
Configure the monitoring search request that is performed by Directory Proxy Server.
$ dpconf set-ldap-data-source-prop -h host -p port datasource \ monitoring-bind-timeout:timeout monitoring-entry-dn:dn \ monitoring-search-filter:filter monitoring-entry-timeout:timeout
The following properties are used in the search request:
monitoring-bind-timeout
The length of time that Directory Proxy Server waits to establish a connection to the data source. By default, the value of this property is 5 seconds.
monitoring-entry-dn
The DN of the target entry in the search request. By default, this property is the root DSE entry (""
).
monitoring-search-filter
The search filter.
monitoring-entry-timeout
The length of time that Directory Proxy Server waits for the search response. By default, the value of this property is 5 seconds.
Configure the proactive monitoring to bind as a specific user.
$ dpconf set-ldap-data-source-prop ldap-data-source \ monitoring-bind-dn:uid=user-id monitoring-bind-pwd-file:password-file
Replace the user-id
with a valid dn such as uid=bjensen,dc=example,dc=com
and password-file
with a path to the file containing password.
By default, the bind is performed as anonymous, that is, both the monitoring-bind-dn
and monitoring-bind-pwd
attributes are set to none
.
Set the polling interval.
$ dpconf set-ldap-data-source-prop -h host -p port datasource \ down-monitoring-interval:interval
If a connection is down, Directory Proxy Server polls the connection at this interval to detect its recovery. If the interval is not specified, the value of monitoring-interval
is used.
Configure the availability monitor to specify the number of times it will poll the connection when it is first detected as down.
$ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-retry-count:count
Configure an alert to be sent when a data source is detected as offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.
In this type of monitoring, Directory Proxy Server performs a search on each connection to each data source at a regular interval. In this way, Directory Proxy Server detects closed connections and prevents connections from being dropped because of inactivity.
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Set the monitoring mode for the data source to proactive
.
$ dpconf set-ldap-data-source-prop -h host -p port datasource monitoring-mode:proactive
Set the time interval after which Directory Proxy Server sends a request to a data source to prevent connections from being dropped.
$ dpconf set-ldap-data-source-prop -h host -p port datasource \ monitoring-inactivity-timeout:time
By default, the inactivity timeout is 120 seconds.
Configure the proactive monitoring to bind as a specific user.
$ dpconf set-ldap-data-source-prop ldap-data-source monitoring-bind-dn:uid=user-id monitoring-bind-pwd-file:password-file
Replace the user-id
with a valid dn such as uid=bjensen,dc=example,dc=com
and password-file
with a path to the file containing password.
By default, the bind is performed as anonymous, that is, both the monitoring-bind-dn
and monitoring-bind-pwd
attributes are set to none
.
Configure an alert to be sent when a data source is detected as offline or online, as described in Configuring Administrative Alerts for Directory Proxy Server.
For information about how to configure administrative alerts, see the following procedures.
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
View the enabled alerts.
% dpconf get-server-prop -h host -p port enabled-admin-alerts
Enable one or more administrative alerts.
% dpconf set-server-prop -h host -p port enabled-admin-alerts:alert1 \ [enabled-admin-alerts:alert2 ...]
For example, to enable all available alerts, run this command:
% dpconf set-server-prop -h host -p port \ enabled-admin-alerts:error-configuration-reload-failure-with-impact \ enabled-admin-alerts:error-resource-limit-exceeded \ enabled-admin-alerts:error-server-shutdown-abrupt \ enabled-admin-alerts:info-configuration-reload \ enabled-admin-alerts:info-data-source-available \ enabled-admin-alerts:info-server-shutdown-clean \ enabled-admin-alerts:info-server-startup \ enabled-admin-alerts:warning-configuration-reload-failure-no-impact \ enabled-admin-alerts:warning-data-source-unavailable \ enabled-admin-alerts:warning-data-sources-inconsistent \ enabled-admin-alerts:warning-listener-unavailable \ enabled-admin-alerts:warning-resource-limit-exceeded
To disable all email alerts, run this command:
% dpconf set-server-prop -h host -p port email-alerts-enabled:false
To add an alert to an existing list of enabled alerts, run this command:
% dpconf set-server-prop -h host -p port enabled-admin-alerts+:alert-name
To remove an alert from an existing list of enabled alerts, run this command:
% dpconf set-server-prop -h host -p port enabled-admin-alerts-:alert-name
By default, all alerts are enabled. For example, once all the email alerts are enabled (email-alerts-enabled:true
), run the following command to receive all the email alerts:
% dpconf set-server-prop -h host -p port enabled-admin-alerts:all
See Also
For more information, see enabled-admin-alerts.
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Select the alerts that will be sent to the syslog
daemon, as described in To Enable Administrative Alerts.
Enable alerts to be sent to the syslog
daemon.
$ dpconf set-server-prop -h host -p port syslog-alerts-enabled:true
All alerts are sent to the syslog
with the facility of USER
.
Set the host name of the syslog
daemon to which alerts are to be sent.
$ dpconf set-server-prop -h host -p port syslog_hostname:hostname
(Solaris 11 platform only) Set the following property:
$ svccfg -s svc:/system/system-log setprop config/log_from_remote=true
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Select the alerts that will be sent to the syslog
, as described in To Enable Administrative Alerts.
Configure the address and characteristics of the email.
$ dpconf set-server-prop -h host -p port email-alerts-smtp-host:host-name \ email-alerts-smtp-port:port-number \ email-alerts-message-from-address:sender-email-address \ email-alerts-message-to-address:receiver-email-address \ [email-alerts-message-to-address:receiver-email-address ...] \ email-alerts-message-subject:email-subject
Enable alerts to be sent to email.
$ dpconf set-server-prop -h host -p port email-alerts-enabled:true
Set a flag to include the alert code in the email
$ dpconf set-server-prop -h host -p port \ email-alerts-message-subject-includes-alert-code:true
You can use the web interface Directory Service Control Center (DSCC) to perform this task.
Select the alerts that will be sent to the syslog
, as described in To Enable Administrative Alerts.
Enable alerts to run a script.
$ dpconf set-server-prop -h host -p port scriptable-alerts-enabled:true
Set the name of the script that will be run.
$ dpconf set-server-prop -h host -p port scriptable-alerts-command:script-name
Directory Proxy Server runs inside a Java Virtual Machine (JVM) and depends on the memory of the JVM machine. To ensure that Directory Proxy Server is running correctly, you must monitor the memory consumption of the JVM machine.
For information about how to tune parameters for the JVM machine, see Hardware Sizing For Directory Proxy Server in the Deployment Planning Guide for Oracle Directory Server Enterprise Edition.
By default, the heap size of the JVM machine is 1 Gb. Directory Proxy Server should never be swapped-out from main memory. Directory Proxy Server should be configured to use no more than the actual available memory (considering it coexists with other applications and the OS).
The 1Gb size is generic and might not be suitable for all cases. Should you need to modify the heap size, using a ratio of 2/3 of the total heap for the New Generation (-XX:NewSize and -XX:MaxNewSize arguments) produces the best results. Instances created with previous versions of Directory Proxy Server assigned only 250Mb of memory to the heap, and the default Garbage Collector was used. After an upgrade, these values are not modified on existing instances. The following command can be used to set the new tuning on old instances.
$ dpadm set-flags instance-path jvm-args="-Xms1G -Xmx1G -XX:NewSize=683M
-XX:MaxNewSize=683M -XX:+UseParNewGC -XX:+UseConcMarkSweepGC"
When Directory Proxy Server is running, you can monitor the heap size of the JVM machine to ensure that it is not running out of memory. To do this, use the standard tools delivered with the Java Development Kit (JDK): $JAVA_HOME/bin/jps
and $JAVA_HOME/bin/jstat
.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
View the heap size of JVM.
$ dpadm get-flags instance-path jvm-args
jvm-args: -Xms1G -Xmx1G -XX:NewSize=683M -XX:MaxNewSize=683M -XX:+UseParNewGC
-XX:+UseConcMarkSweepGC
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
View the PID of your instance of Directory Proxy Server.
$ jps
View the memory used by the JVM machine.
$ jstat -gcutil PID
If the zero column is near to 100%, the JVM machine does not have enough memory.
FGC is the number of full garbage collection (GC) events. Garbage collection is expansive.
GCT (garbage collection time) is the amount of time spent by the GC.