This section provides steps for configuring eDirectory and Identity Manager for failover in a high availability cluster using shared storage. The information in this section is generalized for shared storage high availability clusters on any Linux or UNIX platform; the information is not specific to a particular cluster manager.
The basic concept to understand is that state data for eDirectory and Identity Manager must be located on the shared storage so that it is available to the cluster node that is currently running the services. In practice, this means the eDirectory datastore, typically located in /var/nds/dib, must be relocated to the cluster shared storage. The Identity Manager state data is also located in /var/nds/dib. Each eDirectory instance on the cluster nodes must be configured to use the datastore on the shared storage. Other eDirectory configuration data must also reside on shared storage.
In addition to the eDirectory datastore, it is also necessary to share NICI (Novell International Cryptographic Infrastructure) data so that server-specific keys are replicated among the cluster nodes. Rather than move the NICI data to shared storage, it is generally better to copy the NICI data to local storage on each cluster node. This is preferable so that client NICI functionality is available on a cluster node even when the cluster node is in a secondary state and is not hosting the shared storage.
Sharing eDirectory and NICI data is discussed in the following sections, and is based on these assumptions:
Identity Manager data is not discussed separately from eDirectory data because the Identity Manager data of interest is located with the eDirectory data
A two-node cluster is by far the most common configuration used for high-availability. However, the concepts in this section can easily be extended to an n-node cluster.
In this section:
NOTE: NICI is installed as part of the eDirectory install process.
Install eDirectory on the primary cluster node.
Configure eDirectory on the primary cluster node. Either create a new tree on the primary cluster node or install the server into an existing tree. For the eDirectory server name, use something other than the name of the UNIX server. Use a name that is common to the cluster, rather than specific to one of the cluster nodes.
Install the same version of eDirectory on the secondary cluster node. Do not configure eDirectory on the secondary cluster node.
The secondary node does not have a separate tree.
Install Identity Manager 2.0.1 (DR1) or later on the primary cluster node using the "DirXML Server" option.
The installation process installs the DirXML files and configures the eDirectory tree for use with Identity Manager.
Install the same version of Identity Manager on the secondary cluster node using the secondary cluster switch, by entering
dirxml_platform.bin -DCLUSTER_INSTALL="true"
During the install, choose the "DirXML Server" option.
Using the secondary cluster switch installs the DirXML files but does not attempt to perform any additional eDirectory configuration. No configuration is necessary, because the secondary node does not have a separate tree.
NICI provides cryptographic services used by eDirectory, Identity Manager, and Novell client applications. When used with eDirectory, NICI provides server-specific keys. These server-specific keys must be the same on all cluster nodes where eDirectory runs as a cluster service.
There are two possible ways of sharing the NICI data:
The disadvantage of this method is that applications that depend on NICI will fail on a cluster node when the cluster node is not hosting the shared storage.
To copy the NICI data:
Rename /var/novell/nici on the secondary cluster node to something else (such as /var/novell/nici.sav).
Copy the /var/novell/nici directory from the primary cluster node to the secondary cluster node.
This can be done using scp or by creating a tar file of the /var/novell/nici directory on the primary node, transferring it to the secondary node, and untarring the directory on the secondary node.
By default, eDirectory stores its datastore in /var/nds/dib. Other items of configuration and state are also stored in /var/nds and its subdirectories. The default configuration directory for eDirectory is /etc. The following steps are necessary to configure eDirectory and Identity Manager for use with the shared storage in a high availability cluster. These steps assume that the shared storage is mounted at /shared.
Copy the /var/nds directory subtree to /shared/var/nds.
Rename the /var/nds directory (for example, to /var/nds.sav).
This is not required, but creating a backup at this stage gives you the ability to start over, if necessary, without reinstalling eDirectory.
Create a symbolic link from /var/nds to /shared/var/nds (for example, ln -s /shared/var/nds /var/nds).
Create the following symbolic links:
Make a backup copy of /etc/nds.conf.
Move /etc/nds.conf to /shared/var/nds.
Edit /shared/var/nds/nds.conf and place the following entries into the file (overwriting any current entries with the same names):
For the following entries, replace eth0:0 with the interface name of the cluster-shared ethernet interface. Also replace lo with the interface name of the localhost ethernet interface.
Create a symbolic link from /etc/nds.conf to /shared/var/nds/nds.conf.
Start ndsd and verify that ndsd runs with the shared storage.
Stop ndsd.
Place ndsd in the cluster manager's list of resources to be hosted.
Remove ndsd from the list of daemons to be started by the init process at boot time.
Rename the /var/nds directory (e.g., to /var/nds.sav). This is not strictly necessary, but backups provide a way of starting over at a point beyond the installation of eDirectory.
Create a symbolic link from /var/nds to /shared/var/nds
Make a backup copy of /etc/nds.conf.
Remove /etc/nds.conf.
Create a symbolic link from /etc/nds.conf to /shared/var/nds/nds.conf.
Place ndsd in the cluster manager's list of resources to be hosted.
Remove ndsd from the list of daemons to be started by the init process at boot time.
After the steps for the primary and secondary nodes are completed, start the cluster services. eDirectory and Identity Manager will start on the primary node.
Most DirXML drivers can run in a clustered configuration. However, the following items need to be considered:
An example of this is the LDAP driver when used without a change log, or the JDBC driver when used in triggerless mode.