configuring itds 6.3 in an linux os clustering environment

8/11/2019 Configuring ITDS 6.3 in an Linux OS Clustering Environment

1/15

Configuring IBM Tivoli Directory

Server 6.3 in a Linux OS clusteringEnvironment for ig! "vaila#ility$%ritten using &EL 6.' an( TDS 6.3)

Document version *.+

,eelam Solen-i

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age 1


2/15

CO,TE,TS

Revision History.................................................................................................... 3

1. Introduction....................................................................................................... 4

2. Tivoli Directory Server Configurations for High Availaility!!!!!............. "

3. Tivoli Directory #ro$y Server !!!!!!!!!!!!!!!!!.............. %

4. Introducing to Tivoli Directory #ro$y Server in an e$isting Tivoli Security

Infor&ation and 'vent (anager environ&ent !!!!!!!!!!!!!!.. )

". Ste*s to set u* the re*lication for ac+,ends !!!!!!!!!!!!...!1-

). Resources !!!!!!!!!!!!!!!!!!!!!!!!!!!!..1



3/15

&EISIO, ISTO&/

Date ersion &evise( By Comments

2/-%/2-13 1.- 0eela&Solen+i



4/15

1. IntroductionI( Tivoli Directory Server TDS softare *rovides a reliale *latfor& for yourenter*rise security initiatives. This enter*rise identity &anage&ent softare fro&Tivoli uses 5ighteight Directory Access #rotocol 5DA# to *rovide a trusted

identity data infrastructure for authentication.Tivoli Directory Server *rovides identity &anage&ent for co&*anies that ant tode*loy a roust and scalale identity infrastructure. It also &aintains highavailaility ith &aster/suordinate and *eer,to,*eer re*lication ca*ailities andscheduled online or offline ac+u* and re&ote restore.

This article de&onstrates the configuration of I( Tivoli Directory Server in a5inu$ 6S clustering environ&ent for High availaility. This docu&entde&onstrates the ay to configure the *ri&ary TDS server7 the ste*s to configurethe standy TDS server7 and the scri*ts needed y 5inu$ 6S cluster.

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age -


5/15

2. Tivoli Directory Server Confgurations orHigh Availability

'.* 0ro(uct levels use(

RH'5 8.2Tivoli Directory Server 8.3RH'5 6S cluster

In these configurations e have the folloing si&*le 6S clustering configured9

0rimary TDS ,o(eHostna&e9 tdsserverAI# Address9 12.18).21.3:::::::::::::::::::::::::::::::::::::::::::::

Stan(#y TDS ,o(eHostna&e9 tdsserverI# Address9 12.18).23.3):::::::::::::::::::::::::::::::::::::::::::::Shared resources eteen the to servers9&esource 1rou2 lda* resource grou* na&ed9 lda*;rgShared Storage9 /ho&e/lda*d2Cluster I# Address9 12.18).23.4-

This configuration assu&es that our 5inu$ Ad&inistrators have already

configured 6S clustering for failover eteen the tdsserverA and tdsserver

servers. They have configured a shared dis+ to failover eteen the to syste&s

using /ho&e/lda*d2 and configured the cluster I# address for I# failover. In

addition they have installed each syste& ith su**orted 6S/#roduct/Cluster

softare levels.

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age .


6/15

2.2 Ste2s to configure 0rimary TDS server

1.Install D2 lda*d2> ith the ho&e directory as shared storage /ho&e/lda*d2.

=or installing D2


7/15

-. =ollo the sa&e *rocedure to install D2 .% on tdserver 7 ut dont createD2 instance at this ti&e.

,ote /ou nee( to create similar users an( grou2s $4it! same 5IDs an(

15IDs) on secon(ary TDS server i.e t(sserverB

Creation of 5sers 7

useradd ,& ,g idslda* ,d /ho&e/lda*d2 ,s /in/+sh ,* *ass-rd lda*d2useradd ,& ,g idslda* ,d /ho&e/idslda* ,s /in/+sh ,* *ass-rd idslda*useradd ,& ,g dasad&1 ,d /ho&e/dasusr1 ,s /in/+sh ,* *ass-rd dasusr1useradd ,& ,g d2fad&1 ,d /ho&e/d2fenc1 ,s /in/+sh ,* *ass-rd d2fenc1

Creation of 1rou2s 7

rootEid&d$l43tenoi FG grou*add d2fad&1

rootEid&d$l43tenoi FG grou*add d2iad&1rootEid&d$l43tenoi FG grou*add dasad&1rootEid&d$l43tenoi FG grou*add idslda*

". Chec+ the elo files on oth the TDS servers tdsserverA and tdsserverare si&ilar.

i 8etc8grou2idslda*9$9"--9root7lda*d2dasad&19$91-19lda*d2

d2iad&19$91-29rootd2fad&19$91-39

i 8etc82ass4(dasusr19$9"--91-199/ho&e/dasusr19/in/+shlda*d29$9"-191-299/ho&e/lda*d29/in/+shd2fenc19$9"-291-399/ho&e/d2fenc19/in/+shidslda*9$9"-39"--99/ho&e/idslda*9/in/+sh

8. Install Tivoli Directory Server on *ri&ary server using 5inu$ utilities7 follo the

elo lin+ .htt*9//*ic.dhe.i&.co&/infocenter/tivihel*/v2r1/inde$.?s*@to*ic:

2=co&.i&.I(DS.doc2=install%).ht&*ath3D)311-1

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age
http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.IBMDS.doc%2Finstall78.htm&path%3D8_3_11_0_1http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.IBMDS.doc%2Finstall78.htm&path%3D8_3_11_0_1http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.IBMDS.doc%2Finstall78.htm&path%3D8_3_11_0_1http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.IBMDS.doc%2Finstall78.htm&path%3D8_3_11_0_1


8/15

%. efore running instance creation utility e have to &a+e sure all lda* related

lin+s are u*dated to use the ITDS 8.3 version. To do this run

c(8o2t8IBM8l(a286.38#in8

./idslin+ ,i ,g ,l 84 ,s fullsrv

). Creating our ITDS instance.0ote9 In this case e assu&e that the shared storage /ho&e/lda*d2 is&ounted and active on *ri&ary server tdsserverA and that e are naturallyrunning on the #ri&ary 0ode as the root user.#er&issions on ho&e directory9,

Run this co&&and to create the TDS instance9 i(sicrt 7I l(a2(#' 7e *'3:;6+*' 7t l(a2(#' 7l 8!ome8l(a2(#'

http://www-01.ibm.com/support/%3C/a%3Ehttp://www-01.ibm.com/support/%3C/a%3Ehttp://www-01.ibm.com/support/%3C/a%3E


9/15

. Configuring the ITDS 8.3 instance dataase

y creating the instance e no have a location and user in hich to configurethe d2 dataase hich ill store our ITDS 8.3 data. To configure the dataaserun the folloing co&&and9

9 i(scfg(# 7I l(a2(#' 7a l(a2(#' 74 2ass4+r( 7t t(s(# 7l 8!ome8l(a2(#'

1-. Jetting the *ri&ary TDS instance readyAt this stage e need to *re*are the instance for *roduction7 *lease set theAd&in D0 and #assord9,

9 i(s(n24 7I l(a2(#' 7u cn?root 72 2ass4+r(

0e$t set the *roduction suffi$. In this e$a&*le o:i& suffi$ is used for the to* ofthe tree.9 i(scfgsuf 7I l(a2(#' 7s o?i#m

http://www-01.ibm.com/support/%3C/a%3Ehttp://www-01.ibm.com/support/%3C/a%3E


10/15

11. Testing functionality of TDS *ri&ary server on tdserverAi(ssla2( 7I l(a2(#' $TDS start comman()

12.


11/15

'.3 Ste2s to get DB' 4or-ing correctly on t(sserverB

1. 6*en the /etc/services file on tdsserverA and chec+ for *ort infor&ation ofD2 instance.

cat 8etc8services gre2 l(a2

d2c;lda*d2 "---1/tc*d2c;lda*d2i "---2/tc*D2;lda*d2 8----/tc*D2;lda*d2;1 8---1/tc*D2;lda*d2;2 8---2/tc*

D2;lda*d2;'0D 8---3/tc*lda*d2svcids 3%88/tc*lda*d2svcidsi 3--/tc*

2. Co*y the aove entries fro& tdsserverA /etc/services file and *aste it ontdsserver /etc/services file and save it .D2 relies on a file called (#'no(es.cfgto tell it hich syste& hostna&e thedataase is located on. If e loo+ at this file directly after failover on tdsservere see that it is *ointing to tdsserverA.

9 cat 8!ome8l(a2(#'8slli#8(#'no(es.cfg

At this ti&e hoever7 e are running on tdsserver so this file ill need to eu*dated to reflect that change. Le ill eventually scri*t this into the cluster scri*t7ut for no I a& ?ust going to &anually u*date the d2nodes.cfg ased on thevalue returned fro& the co&&and.

3. Try Starting D2 server instance on tdsserver7 your dataase instanceshould start successfully.

4. Install TDS *ac+ages on tdsserver as e$*lained in Ste* 8 and create theTDS instance as defined in ste*) 7 ut dont configure the dataase since D2 isconfigured on shared storage.

http://www-01.ibm.com/support/%3C/a%3Ehttp://www-01.ibm.com/support/%3C/a%3E


12/15

". In addition e need to get the ad&in dae&on line for the TDS instance

fro& /etc/initta file fro& tdsserverA.

9 cat 8etc8initta#and co*y the line9ids-9234"9once9/o*t/i&/lda*/


13/15

3. OS Clustering Scri2t for TDS4)'in)'ash )etc)init+d)i'msapd IBM Tivoi init script ch5config( 3-. 0 20 description( IBM Tivoi init script

Source function i'rary++ )etc)init+d)functions

start67 8 echo 9n :Starting i'msapd( : daemon 99chec5 i'msapd )opt)i'm)dap);/+3)s'in)sapd i'mdiradm ?@ return ??@ rm 9f )var)oc5)su'sys)i'msapd return ?


14/15

case :?1: in start7 start status7

status stop7 stop restart7 stop start 7 echo :Dsage( i'msapd 8startEstopEstatusEreoadErestartFEpro'eG:

e#it 1 esace#it ?@

Chec+ and validate the TDS failover y shutting don one server fro& the clusterand then vice versa.

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age 1-


15/15

:. &esources

Tivoli Directory Server #roduct site

Tivoli Directory Server Infor&ation Center. Configuring ITDS 8.1 in HAC(# environ&ent

RH'5 8 Cluster Ad&inistration

Copyright IBM Corporation, 2013 and IBM Security SystemsConfiguring IBM Tivoi !irectory Server in a "inu# $S custering %nvironment for &igh avaia'iityhttp())*3+i'm+com)support)Techdocs age 1.
http://www-01.ibm.com/software/tivoli/products/directory-server/http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/welcome.htmhttp://www-01.ibm.com/support/docview.wss?uid=swg21405230http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Cluster_Administration/index.htmlhttp://www-01.ibm.com/software/tivoli/products/directory-server/http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/welcome.htmhttp://www-01.ibm.com/support/docview.wss?uid=swg21405230http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Cluster_Administration/index.html

configuring itds 6.3 in an linux os clustering environment

Documents