How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I tune Background Database Verification in DS (All versions)?

Last updated Jan 12, 2023

The purpose of this article is to provide information on tuning Background Database Verification in DS. The JE database periodically performs automatic database verification, which can impact service availability.


Overview

The JE embedded database used in DS backends includes a feature that verifies the entire database at midnight every night to check for some common types of database corruption. The extra disk I/O can result in problems for performance-critical deployments. All the servers in a single timezone will run the verification at exactly the same time, which can also cause more widespread issues.

Note

Recovering from any database corruption would typically involve reinitializing the replica directory server or restoring it from a backup taken before the corruption occurred. See Backup and Restore (DS 7 and later) or FAQ: Backup and restore in DS 6.x for further information.

DS provides advanced properties for configuring the JE verifier (db-run-log-verifier and db-log-verifier-schedule), which allow you to:

See Advanced Properties for further information.

Configuring the JE verifier schedule

By default, the JE verifier runs automatically at midnight local time. It is best practice to alter the verification schedule on each server to avoid all servers simultaneously using extra disk I/O and potentially impacting the entire service.

The verifier schedule is a cron-style field and can be set using the dsconfig command. The following example sets the verifier for the exampleBackend backend to run at 1am (local time):

  • DS 7.1 and later: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
  • DS 7: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  • DS 6.x: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:true --set 'db-log-verifier-schedule:0 1 * * *' --hostname ds.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll --no-prompt

You must restart the DS server to apply these changes.

Disabling the JE verifier

The JE verifier can be completely disabled, which means that some types of database corruption will not be reported.

You can use the dsconfig command to disable verification on a single backend. For example, to disable it on the exampleBackend backend:

  • DS 7.1 and later: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
  • DS 7: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  • DS 6.x: $ ./dsconfig set-backend-prop --backend-name exampleBackend --set db-run-log-verifier:false --hostname ds.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll --no-prompt

You must restart the DS server to apply these changes.

See Also

Installing and Administering DS

Performance tuning and monitoring ForgeRock products

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.