How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I separate a DS+RS instance into standalone DS and RS servers in DS 7.x?

Last updated Jan 30, 2023

The purpose of this article is to provide information on migrating an existing DS+RS replication topology to standalone directory server (DS) and replication server (RS) instances in DS.


Overview

If you have an existing DS+RS instance and want to separate it out into standalone DS and RS instances, the recommended way is to:

  1. Keep the existing DS+RS instance as the DS instance (to prevent any loss of data or configuration).
  2. Set up a new RS instance so that it's in the same replication topology as the DS instance (the original DS+RS instance).

The following section provides detailed steps to achieve this.

Note

You should test this process in a pre-production environment first to ensure it works as expected for your topology before implementing this in production.

If you don't have an existing DS+RS instance and just want to set up new DS and RS servers, you should refer to the documentation: Install standalone servers.

Separating a DS+RS instance into standalone DS and RS servers

You can do this as follows:

  1. Delete the RS on the current DS+RS instance, for example:
    • DS 7.1 and later: $ ./dsconfig delete-replication-server --provider-name "Multimaster Synchronization" --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
    • DS 7: $ ./dsconfig delete-replication-server --provider-name "Multimaster Synchronization" --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  2. Set up a new RS-only instance. The following options must be the same as the original DS+RS instance to ensure the new RS instance joins the same replication topology: replicationPort, bootstrapReplicationServer, and deploymentId or deploymentKey. Additionally, you should not specify an LDAP(S) port because this is not required when installing an RS-only instance. For example:
    • DS 7.2 and later: $ ./setup --instancePath /path/to/ds --serverId server1 --deploymentId $DEPLOYMENT_ID --deploymentIdPassword password --rootUserDN uid=admin --rootUserPassword password --hostname rs.example.com --adminConnectorPort 5444 --start --replicationPort 8989 --bootstrapReplicationServer rs.example.com:8989 --acceptLicense
    • DS 7.0.x and 7.1.x: $ ./setup --instancePath /path/to/ds --serverId server1 --deploymentKey $DEPLOYMENT_KEY --deploymentKeyPassword password --rootUserDN uid=admin --rootUserPassword password --hostname rs.example.com --adminConnectorPort 5444 --start --replicationPort 8989 --bootstrapReplicationServer rs.example.com:8989 --acceptLicense
  3. Ensure the bootstrapReplicationServer option for the DS instance is set to the new RS instance. You can update this setting using dsconfig, for example:
    • DS 7.1 and later: $ ./dsconfig set-synchronization-provider-prop --provider-name "Multimaster Synchronization" --remove bootstrap-replication-server:old_rs.example.com:8989 --add bootstrap-replication-server:rs.example.com:8989 --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
    • DS 7: $ ./dsconfig set-synchronization-provider-prop --provider-name "Multimaster Synchronization" --remove bootstrap-replication-server:old_rs.example.com:8989 --add bootstrap-replication-server:rs.example.com:8989 --hostname ds.example.com --port 4444 --bindDN uid=admin --bindPassword password --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  4. Define replication groups as needed. See Replication groups for further information.

Example

This example assumes you have two data centers, each with two DS+RS instances:

  • Data center 1: DS1+RS1 and DS2+RS2
  • Data center 2: DS3+RS3 and DS4+RS4

And you want to migrate to standalone DS and RS instances in a replication topology similar to the following:

  • Data center 1: DS1 and DS2 replicating with RS1
  • Data center 2: DS3 and DS4 replicating with RS3

Where RS1 and RS3 are in replication.

To achieve this, the high levels steps would be:

  1. Delete RS1 and RS2 using the dsconfig delete-replication-server command.
  2. Set up a new RS-only instance (RS1) with the same replicationPort and deploymentId/deploymentKey as the original RS1, and bootstrapReplicationServer set to both RS1 and RS3 using the setup command.
  3. Delete RS3 and RS4 using the dsconfig delete-replication-server command.
  4. Set up a new RS-only instance (RS3) with the same replicationPort and deploymentId/deploymentKey as the original RS3, and bootstrapReplicationServer set to both RS1 and RS3 using the setup command.
  5. Ensure the bootstrapReplicationServer option for DS1, DS2, DS3 and DS4 is set to both RS1 and RS3 using the dsconfig set-synchronization-provider-prop command.
  6. Define replication groups so that DS1, DS2 and RS1 are in one group and DS3, DS4 and RS3 are in another.

See Also

Replication in DS

Install standalone servers

Replication

Related Training

DS Deployments High Availability

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.