Configuring server groups
The PingDirectory server provides a mechanism for setting up administrative domains that synchronize configuration changes among servers in a server group.
About this task
After you have set up a server group, you can make an update on one server using dsconfig
, then apply the change to the other servers in the group using the --applyChangeTo server-group
option of the dsconfig
non-interactive command. If you want to apply the change to one server in the group, use the --applyChangeTo single-server
option. When using dsconfig
in interactive command-line mode, you are asked if you want to apply the change to a single server or to all servers in the server group.
You can create an administrative server group using the dsconfig
tool. The general process is to create a group, add servers to the group, and then set a global configuration property to use the server group. If you are configuring a replication topology, then you must configure the replicas to be in a server group, as outlined in Replication Configuration.
The following example procedure adds three PingDirectory server instances into the server group labeled "group-one".
Steps
-
Create a group called “group-one” using
dsconfig
.Example:
$ bin/dsconfig create-server-group --group-name group-one
-
Add any PingDirectory server to the server group.
If you have set up replication between a set of servers, these server entries are created by the
dsreplication
enable
command.Example:
$ bin/dsconfig set-server-group-prop \ --group-name group-one --add member:server1 $ bin/dsconfig set-server-group-prop \ --group-name group-one --add member:server2 $ bin/dsconfig set-server-group-prop \ --group-name group-one --add member:server3
-
Set a global configuration property for each of the servers that should share changes in this group.
Example:
$ bin/dsconfig set-global-configuration-prop \ --set configuration-server-group:group-one
-
Test the server group.
In this example, enable the log publisher for each PingDirectory server in the group "server-group" by using the
--applyChangeTo server-group
option.Example:
$ bin/dsconfig set-log-publisher-prop \ --publisher-name "File-Based Audit Logger" \ --set enabled:true \ --applyChangeTo server-group
-
View the property on the first PingDirectory server instance.
Example:
$ bin/dsconfig get-log-publisher-prop \ --publisher-name "File-Based Audit Logger" \ --property enabled
Result:
Property : Value(s) ---------:--------- enabled : true
-
Repeat step 5 on the second and third PingDirectory server instances.
-
Test the server group by disabling the log publisher on the first PingDirectory server instance by using the
--applyChangeTo single-server
.Example:
$ bin/dsconfig set-log-publisher-prop \ --publisher-name "File-Based Audit Logger" \ --set enabled:disabled \ --applyChangeTo single-server
-
View the property on the first PingDirectory server instance.
The first PingDirectory server instance should be disabled.
Example:
$ bin/dsconfig get-log-publisher-prop \ --publisher-name "File-Based Audit Logger" \ --property enabled
Result:
Property : Value(s) ---------:--------- enabled : false
-
View the property on the second PingDirectory server instance.
Repeat this step on the third PingDirectory server instance to verify that the property is still enabled on that server.
Example:
$ bin/dsconfig get-log-publisher-prop \ --publisher-name "File-Based Audit Logger" \ --property enabled
Result:
Property : Value(s) ---------:--------- enabled : true