How do I tune Background Database Verification in DS (All versions)?
The purpose of this article is to provide information on tuning Background Database Verification in DS. The JE database periodically performs automatic database verification, which can impact service availability.
Overview
The JE embedded database used in DS backends includes a feature that verifies the entire database at midnight every night to check for some common types of database corruption. The extra disk I/O can result in problems for performance-critical deployments. All the servers in a single timezone will run the verification at exactly the same time, which can also cause more widespread issues.
Note
Recovering from any database corruption would typically involve reinitializing the replica directory server or restoring it from a backup taken before the corruption occurred. See Backup and Restore (DS 7 and later) or FAQ: Backup and restore in DS 6.x for further information.
DS provides advanced properties for configuring the JE verifier (db-run-log-verifier and db-log-verifier-schedule), which allow you to:
See Advanced Properties for further information.
Configuring the JE verifier schedule
By default, the JE verifier runs automatically at midnight local time. It is best practice to alter the verification schedule on each server to avoid all servers simultaneously using extra disk I/O and potentially impacting the entire service.
The verifier schedule is a cron-style field and can be set using the dsconfig command. The following example sets the verifier for the exampleBackend backend to run at 1am (local time):
- DS 7.1 and later: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
- DS 7: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
- DS 6.x: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll --no-prompt
You must restart the DS server to apply these changes.
Disabling the JE verifier
The JE verifier can be completely disabled, which means that some types of database corruption will not be reported.
You can use the dsconfig command to disable verification on a single backend. For example, to disable it on the exampleBackend backend:
- DS 7.1 and later: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
- DS 7: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
- DS 6.x: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll --no-prompt
You must restart the DS server to apply these changes.
See Also
Installing and Administering DS
Performance tuning and monitoring ForgeRock products
Related Training
N/A
Related Issue Tracker IDs
N/A