Re: Point-in-time Recovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry in advance if you see this reply twice. Already reply but cannot open it so I repost.

Thank you Vincent for your prompt response.

Agree with you about the design and the architecture of the application but cannot do anything about that. I was contacted two weeks ago for support.

About your questions :

1-Users register through the portal (a Self Service be  like). During registration, an entry is created in the Oracle Database with all id and business info and an account is created in the directory server (only cn, sn and password are valued for the account).

2-The directory severs are not really used in a load balanced configuration (no load balancer, no DNS round robin either). the application is configured with one server and if there is a issue with that server, configuration is changed to point to the other replica.

3-Changelog of the two servers will be different (even we are in a multi-master configuration, this is more like a master-slave because only one server is used...) and to avoid loosing the changelog or the backup, I was thinking why not store it to a remote location (here a share disk...). the only changelog I can use to achieve if possible this "point-in-time restore" is the changelog of the failed server that is only guaranted to be safe in a remote location and not in local.

I have already took a look on the Redo Changelog (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Using_the_Retro_Changelog_Plug_in.html) but cannot figure out how to use this as a solution to this issue.

Regards,

2014-09-30 11:03 GMT+02:00 Vincent Gerris <vgerris@xxxxxxxxx>:
Replication of accounts is always a challenge :).
What I have seen being used is the Retro changelog mechanism.
A script will poll for changes and keep track of what has been processed and synced to the other side.
Where are the accounts originally created?
I get the idea the source is your Oracle Database?
I really hope you do not create accounts in both, that would make it very complex and it should not be done from an architectural point of view.

Some remarks about your list:
 - a multi master setup does use it's own storage, replication is done on an LDAP level. Hence I do not understand the shared storage
Depending on which of the 2 masters is less likely to fail, you could choose that one, or let the script talk to the cluster IP address if you use that.
I would like to learn more about which part is master and how accounts are created to be able to say if this is a good solution.
You could also use a bus construction if your are planning to do more syncing in the future, like :




On Tue, Sep 30, 2014 at 10:36 AM, MND EXA <mndexa@xxxxxxxxx> wrote:
Hi Experts,

We are using 389 DS as authentication source for a web portal. Their is about 45 millions entries. The user data is distributed accros the Directory Server (just cn, sn and password are valued) and an Oracle Database (All identification and business related data). The challenge here is to keep consistent accros those two systems (a user having an entry in the database should have one in the Directory Server). This especially requires being able to perform a point-in-time restore of the Directory Server (No problem with the Oracle Database, we able to do that).

Our environment is made of two Directory Servers in a multi-master replication.
I came up with waht I think can be a solution but something is telling me their should be a better way to do that. So here am to ask for advices from yours experts :

Here what I think be a solution but not confident about that:
-The backup files and changelog db are store in a share storage monted on the Directory Server
-Every week, take a (full) backup of the server (using db2bak)
-Whenever their is a issues:
      -Disable replication
      -Make a point-in-time recovery of my database
      -Create a script that dump the changelog db to an ldif file (using dbscan)
      -Parse the ldif to obtain a compliant ldif file
      -Truncate the ldif file to juste keep the changes to be restored
      -Restore the two Directory Server using their corresponding (full) backups (the weekly ones)
      -Active replication
      -Replay the ldif computed from the changelog db using ldapmodify

This seems daunting, cumbersome... So any advices ?

Thank you in advance for your responses.

Kind Regards,


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux