19.3 Synchronizing Master and Clone Metadata

The process for syncing metadata across an MDC involves first syncing Access Manager UDM metadata and then creating a replication agreement.

See Understanding the Replication Agreement.

The following topics describe how to synchronize master and clone metadata:

19.3.1 Synchronizing the UDM Metadata

You must synchronize the UDM Metadata before you can create the replication agreement.

To sync Access Manager UDM metadata stored in the Master to all Clones:

  1. Execute the exportAccessStore WLST command on the Master Data Center to create a ZIP file containing the UDM metadata.
    exportAccessStore(toFile="/master/location/dc1metadata.zip", 
       namePath="/")
    
  2. Copy dc1metadata.zip to the Clone DC location.
  3. Execute the importAccessStore WLST command on the Clone Data Center to import the UDM metadata.
    importAccessStore(fromFile="/clone/location/dc1metadata.zip", 
       namePath="/")
    
  4. Repeat on all Clone DCs.

19.3.2 Creating a Replication Agreement

Creating a Replication Agreement is a one time operation which will enable the Clone data center(s) to pull changes from the Master data center.

The replication agreement can be created using any REST client. In this procedure, we use the standard Curl utility.

After you execute this command, the following results occur:

  • Insert an entry in the Master's Replication Agreement store containing details regarding the Clone that wants to pull changes.

  • Insert an entry in the Clone's Replication Agreement store containing details regarding the Master from which it will pull changes. Replication configuration values like the poll interval will also be set.

To create a replication agreement:

  1. Ensure the Master and Clone DC REST endpoints are up and running.
  2. Execute the following command on the Master DC.

    This command will use the repluser specified for replication queries from the Master to the Clone. repluser is expected to be available in the default identity stores for all involved DCs.

    curl -u <repluser> -H 'Content-Type: application/json' -X POST
     'https://supplier.example.com:7002/oam/services/rest/
      _replication/setup' -d '{"name":"DC12DC2", 
     "source":"DC1","target":"DC2","documentType":"ENTITY"}'
    

    The following is an example of output for the command.

    {"enabled":"true","identifier":"201409231329353668","ok":"true",
      "pollInterval":"900","startingSequenceNumber":"110","state"  :"READY"}
    

    Be sure to note the values of the replication identifier, pollInterval and startingSequence Number. The identifier is a reference specific to this Replication Agreement and is used for replication related queries. The pollInterval is a value (in seconds) after which the Clone will poll for changes against the Master. (Typically policy and configuration are not changed often so this number can be as high as the default value of 900 seconds.) The startingSequenceNumber is the value before which all records will be unavailable. In the example, all records before the value of 110 are unavailable. It is implicit that bootstrapping happened before creating the Replication Agreement thus the Clone can start pulling changes from sequence number 110. The Clone also has an entry created in its local replication table which keeps track of the last sequence number. The starting sequence process is illustrated in Figure 19-2.

    Figure 19-2 Starting Sequence Illustrated

    Description of Figure 19-2 follows
    Description of "Figure 19-2 Starting Sequence Illustrated"

    The create replication agreement command will return details of an already existing replication agreement if applicable. In this case, the value of ok will be false.

    {"enabled":"true","identifier":"201409231329353668","ok":"false",
      "pollInterval":"900","startingSequenceNumber":"110",
      "state":"READY"}
    

    Note:

    If a specific user needs to be used for replication, the user's credentials can be provided in the command in the format "BASIC base64(user:password)".For example, "BASIC base64(weblogic:welcome1)" is specified as "BASIC d2VibG9naWM6d2VsY29tZTE=" in the following command.

    curl -u <repluser> -H 'Content-Type: application/json' -X POST 
      'https://supplier.example.com:7002/oam/services/rest/
      _replication/setup' -d 
      '{"source":"DC1","target":"DC2","documentType":"ENTITY","config":
      {"entry":{"key":"authorization","value":"BASIC 
      d2VibG9naWM6d2VsY29tZTE="}}}''
    

    Basic Authorization is supported for replication REST API.

  3. Restart the Master and Clone AdminServers.
    Once the replication agreement is created and the AdminServers restarted, the Clone will start polling for changes. The default poll interval is ‘900' seconds or 15 minutes. The poll interval can be changed by executing an edit replication agreement command. For example, the following command will change the polling interval to 60 seconds. Restart the Clone AdminServer after running the command..
    curl -u <repluser> -H 'Content-Type: application/json' -X PUT 
      'https://supplier.example.com:7002/oam/services/rest/
      _replication/201409231
      329353668' -d '{"pollInterval":"60","replicaType":"CONSUMER"}''
    
    To query the details of a Clone's replication agreement (including the polling interval), use the following command.
    curl -u <repluser>
      'https://supplier.example.com:7002/oam/services/rest/_replication/201409231
      329353668?type=consumer'
    
    The output would be similar to the following.
    {"enabled":"true","identifier":"201409231329353668","ok":"true",
      "pollInterval":"60","startingSequenceNumber":"110","state":"READY"}
    
    To query the details of a Master's replication agreement (including the polling interval), use the following command.
    curl -u <repluser>
      'https://supplier.example.com:7001/oam/services/rest/_replication/201409231
      329353668'
    
    The output would be similar to the following. (The poll Interval of the Master's replication agreement does not affect the actual replication.)
    {"enabled":"true","identifier":"201409231329353668","ok":"true",
      "pollInterval":"3600","startingSequenceNumber":"110","state":"ACTIVE"}
    
    In R2PS3, the following command can also be used on the Master or the Clone to get details of any replication agreements. In cases where the replication agreement identifier is unknown, this command can be used to list all the replication agreement identifiers for input in the previous commands.
    curl -k -u weblogic
    'https://oamadmin.example.com:7002/oam/services/rest/_replication/agreements'
     
    Sample output 1:
    {"featureEnabled":"true","identifiers":"201411211137273612","ok":"true"}
     
    Sample output 2:
    {"featureEnabled":"true","identifiers":["201411211137273612","201411211137273900"],"ok":"true"}
    
    To remove a replication agreement, first disable it on the Clone side, then disable it on the Master side and then delete it on both sides. The following commands illustrate this process.
    curl -u <repluser> -H 'Content-Type: application/json' -X PUT
      'https://supplier.example.com:7002/oam/services/rest/_replication/201409231
      329353668' -d '{"enabled":"false","replicaType":"CONSUMER"}''
    
    curl -u <repluser> -H 'Content-Type: application/json' -X PUT
      'https://supplier.example.com:7002/oam/services/rest/_replication/201409231
      329353668' -d '{"enabled":"false","replicaType":"SUPPLIER"}''
    
    curl -u weblogic:welcome1 -H 'Content-Type: application/json' -X DELETE
      'https://supplier.example.com:7001/oam/services/rest/_replication/201409231
      329353668'
    

19.3.3 Modifying a Replication Agreement

Using the Replication Agreement identifier, changes can be made to the Replication Agreement configuration. Replication Agreement properties (enabled status, poll interval and the like) can be updated by executing a REST request at the Master's endpoint. Either the Master or Clone Replication Agreement will be updated as specified by the value of the replicaType parameter. The clone will poll for changes, apply them and wait the duration specified as the pollInterval.

In this example, the value of poll Interval will be changed to 60 seconds.

Service responds back with JSON object that is the status of replication agreement before making the change. You need to fetch replication agreement status again to see updated configuration.

  1. Query the existing replication agreements using the following command and obtain the replication Identifier, replId that needs to be used in the following steps.
    curl -k -u weblogic:password 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/agreements'
    

    Note:

    If there are multiple replication agreements, select the identifier for which replication agreement needs to be modified by querying the corresponding Clone data center.
  2. Execute the following command to get the current status of the Replication Agreement in Clone machine:
    curl -k -u weblogic:password 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/201409040157218184?type=consumer'  
    

    The JSON response would be:

    {“enabled":"true","identifier":"201409040157218184","ok":"true","pollInterval":"900","startingSequenceNumber":"101","state":"READY"}
    
  3. Execute the following command to modify the value of pollInterval in Clone machine:
    curl -k -u weblogic:password 'Content-Type: application/json' -X PUT 
    'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/201409040157218184' -d '{“pollInterval":"60","replicaType":"CONSUMER"}'
    

    The JSON response would be:

    {“enabled":"true","identifier":"201409040157218184","ok":"true","pollInterval":"60","startingSequenceNumber":"101","state":"READY"}
    
  4. Restart the AdminServer on Clone machine.
  5. Execute the following command to get the current status of the Replication Agreement.

    This will validate that the change has been made. Note the value of pollInterval in the JSON Response is different from the value returned in the first step of this procedure.

    curl -k -u weblogic:password 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/201409040157218184?type=consumer'
    

    The JSON response would be:

    {“enabled":"true","identifier":"201409040157218184?,"ok":"true","pollInterval":"60","startingSequenceNumber":"101","state":"READY"}
    

    Table 19-2 Modifying Replication Agreement Properties

    Property Modification Command

    BatchSize

    Number of change records (journals) returned by the master as a result of a getChanges query by clone. Ideally the default batch size of 32 is sufficient as all changes are pulled in multiple batches as part of fetching. However if the setup needs a large batch size, execute the following command:

    curl -k -u weblogic:password -H 'Content-Type: application/json' -X PUT 
     'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/<replid>' 
     -d '{"batchSize":"100","replicaType":"SUPPLIER"}'
    

    User Context

    In rare instances, the user context for replication poll may need to be modified.

    curl -k -u weblogic:password -H 'Content-Type: application/json' -X PUT 
     'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/_replication/201409231329353668' 
     -d '{"replicaType":"CONSUMER",
    "config":{"entry":{"key":"authorization","value":" 
     BASIC cG9sbHVzZXI6c2VjcmV0"}}}'
    

    'cG9sbHVzZXI6c2VjcmV0' is a base 64 encoded value for polluser credentials. Any user credentials can be used here instead of the repluser which is used to execute the command.