Previous Topic: DR Site in Standby StateNext Topic: Derby Database Synchronization

Disaster Recovery GuideConfiguration of Disaster RecoveryPrimary Site in Live State

Primary Site in Live State

Follow these steps:

  1. Log in to the CSP console system at the primary site.
  2. Navigate to the following location: 
    /opt/CA/saas/repo/application/
  3. Run the following command: 
    ./DR_mode mode=live
  4. Repeat these steps on the following systems:

High Availability Configuration

  1. Log in to the CA Directory 1 system at the primary site.
  2. Go to this location: 
    /opt/CA/IdentityManager/ProvisioningDirectory/highavailability
  3. Run following script ./highavailability
    1. Select yes for DR Express setup.
    2. Select yes for Primary site.
    3. Enter the Primary directory hostnames with comma separation. For example: 
      P_DIR1hostname,P_DIR2hostname,….P_DIRnHostname
    4. Enter DR directory hostnames with comma separation. For example: 
      DR_DIR1hostname,DR_DIR2hostname,… DR_DIRnHostname
  4. Repeat steps 1 to 3 on all other CA Directory systems at the primary site.
  5. Log in to the directory 1 system at the DR site.
  6. Go to /opt/CA/IdentityManager/ProvisioningDirectory/highavailability/
  7. Run following script ./highavailability
    1. Select yes for DR Express setup.
    2. Select no for Primary site.
    3. Enter DR directory hostnames with comma separation. For example: 
      DR_DIR1hostname,DR_DIR2hostname,… DR_DIRnHostname
    4. Enter the Primary directory hostnames with comma separation. For example: 
      P_DIR1hostname,P_DIR2hostname,….P_DIRnHostname
  8. Repeat steps 5 to 7 on all other CA Directory systems at the DR site.

Configuration in the CSP console

Use this procedure to modify the container where you are adding disaster recovery servers.

On hosting container pages, the IMPS Tenant Service Host and Disaster Recovery Tenant Service Host fields allow multiple entries. These are for entering the CA IAM Connector Server server hosts if the CA IAM Connector Server and provisioning server are on different systems. Setting site IDs for the DR site requires that the Provisioning Directory replication already exists. The topic High Availability Configuration addresses this prerequisite.

Follow these steps:

  1. Using a web browser, log in to the primary site CSP console.
  2. Update the Disaster Recover Directory Server Hostname list by adding the CA Directory system name.
  3. Add the DR instances of the Identity Management server, Provisioning Server, Policy Server, CA IAM Connector Server to the Disaster Recovery Router Server hostnames.
  4. Add the DR Provisioning Server hostname to the Disaster Recovery Provisioning Server Hostnames.
  5. Add the DR CA IAM Connector Server hostname to the Disaster Recovery Tenant Service Host.
  6. Click submit.

    A status column shows which steps are being executed on the server. You can click search again to update the status with the latest step being executed. The status column is updated with error messages. Errors relate to connection problems or disk space on Provisioning Directory systems.

The CSP console log file typically has more information on errors. The log file can be found at this location:

/opt/CA/siteminder/adminui/server/default/log/server.log

Report Server Replication

Support for Business Object Reporting requires synchronization between the input and output directory between the Primary and Disaster Recovery site. You use rsync and a cron job for this synchronization.

Follow these steps:

  1. Open the TCP port 873.
  2. On all Business Objects Report Servers on both sites, create a public key.

    This key is used with the remote server so that the cron job is not prompted for a password entry. Run the following command:

    # ssh-keygen -t rsa

    Press enter three times to create a default pub key.

  3. Copy the generated public key from the primary site to the DR site using the following command, replacing [username] and [remote_host] with the proper values: 
    # ssh-copy-id -i ~/.ssh/id_rsa.pub [username]@[remote_host]

    Enter a password when prompted.

    Repeat step 3 by copying the DR site public key to the primary site.

  4. Create a file called mirrorfrsinputunder /etc/init.d/ and add the following content: 
    #!/bin/bash

#set -x #echo on

##
## Shell Daemon For: Mirroring frsinput directory
##
##
PIDFILE="/var/run/mirrorfrsinput.pid"
LOGFILE="/var/log/mirrorfrsinput.log"

mirror ()
{
         pgrep -f "$0 $1" > $PIDFILE

         while inotifywait -r -q -e close_write -e delete -e modify -e close_nowrite -e access -e attrib -e create -e move -e moved_from -e moved_to -e close --format "%f" /opt/CA/SharedComponents/CommonReporting3/bobje/data/frsinput/; do

         rsync -aWuq --no-motd --inplace --del --ignore-errors --force /opt/CA/SharedComponents/CommonReporting3/bobje/data/frsinput/ <BO User>@<Other Site BO Server or NFS Share machine>:/opt/CA/SharedComponents/CommonReporting3/bobje/data/frsinput/

        ret=$?

        done
}

start ()
{
        /usr/bin/nohup `mirror` > $LOGFILE &

        ret=$?
}

case "$1" in
        stop)
                /bin/kill $(cat $PIDFILE)
                ;;
        start)
                start
                ;;
        *)
                echo "$0 [ start | stop ]"
                exit 0
                ;;
esac

exit $?
  5. Update the permission for the above script to be executable as follows: 
    chmod 775 mirrorfrsinput
  6. Repeat steps 4 and 5 on all Business Objects Report Servers or NFS share systems on both sites.
  7. Create a file called mirrorfrsoutput under /etc/init.d/ and add the following content: 
    #!/bin/bash

#set -x #echo on

##
## Shell Daemon For: Mirroring frsinput directory
## (poorly coded, quick and dirty, example)
##
PIDFILE="/var/run/mirrorfrsoutput.pid"
LOGFILE="/var/log/mirrorfrsoutput.log"

mirror ()
{
         pgrep -f "$0 $1" > $PIDFILE

         while inotifywait -r -q -e close_write -e delete -e modify -e close_nowrite -e access -e attrib -e create -e move -e moved_from -e moved_to -e close --format "%f" /opt/CA/SharedComponents/CommonReporting3/bobje/data/frsoutput/; do

                  rsync -aWuq --no-motd --inplace --del --ignore-errors --force /opt/CA/SharedComponents/CommonReporting3/bobje/data/frsoutput/ <BO User>@<Other Site BO Server or NFS Share machine>:/opt/CA/SharedComponents/CommonReporting3/bobje/data/frsoutput/

        ret=$?

        done
}

start ()
{
        /usr/bin/nohup `mirror` >> $LOGFILE 2>&1 &

        ret=$?
}

case "$1" in
        stop)
                /bin/kill $(cat $PIDFILE)
                ;;
        start)
                start
                ;;
        *)
                echo "$0 [ start | stop ]"
                exit 0
                ;;
esac

exit $?
  8. Update the permissions for the preceding script to be executable as follows: 
    chmod 775 mirrorfrsoutput
  9. Repeat steps 7 and 8 on all Business Object Report Server or NFS share systems at both sites.
  10. Start the synchronization from the primary site to the DR site Business Object Report Server. Execute the following commands on any Business Object Report Server or common NFS share system. 
    /etc/init.d/mirrorfrsinput start
/etc/init.d/mirrorfrsoutput start

    Note: The scripts should only be started in one of the Business Object Report Servers at the active site. Ensure that these scripts are stopped on all other Business Object Report Servers at all sites.

  11. Create a monitor process to monitor the above two processes.

    In case of failover, the same set of commands need to be run from DR site to synchronize it back to the primary site.

  12. To stop the processes run the following commands. 
    /etc/init.d/mirrorfrsinput stop
/etc/init.d/mirrorfrsoutput stop

    Note: Stopping these processes will stop auto synchronization.