Chapter 9. Removing an instance from a replication topology

In certain situations, such as hardware outages or structural changes, administrators want to remove Directory Server instances from a replication topology. The procedure of removing an instance depends on the role of the replica you want to remove.

9.1. Removing a consumer or hub from a replication topology

If a consumer or hub is no longer needed in a replication topology, remove it.

Prerequisites

  • The instance to remove is a consumer or hub.
  • If the host to remove is a hub that also acts as a supplier to other servers in the topology, you configured other suppliers or hubs to replicate data to these servers to prevent them from becoming isolated.

Procedure

  1. On the consumer or hub to remove:

    1. List the suffixes and their corresponding databases: 

      # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix list
dc=example,dc=com (userroot)

      Note the name of the databases.

    2. Set the databases into read-only mode to prevent any further updates: 

      # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix set --enable-readonly "userroot"

  2. On all suppliers that have a replication agreement with the consumer or hub you want to remove:

    1. List the replication agreements for the suffix that is replicated: 

      # dsconf -D "cn=Directory Manager" ldap://server.example.com repl-agmt list --suffix "dc=example,dc=com"
dn: cn=example-agreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
cn: example-agreement
...

      The cn attribute contains the replication agreement name that you need in the next step.

    2. Remove the replication agreement: 

      # dsconf -D "cn=Directory Manager" ldap://server.example.com repl-agmt delete --suffix "dc=example,dc=com" example-agreement

  3. On the consumer or hub to remove, disable replication for all suffixes: 

    # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com replication disable --suffix "dc=example,dc=com"

    If this host was a hub, disabling replication automatically also deletes all replication agreements for this suffix on this server.

Next steps

  • If you want to use the removed instance for testing purposes, disable the read-only mode: 

    # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix set --disable-readonly userroot
    Important

    If you want to use the instance you removed from the topology for testing purposes, ensure that no clients continue using it.

  • Remove the instance: 

    # dsctl instance_name remove --do-it

Additional resources

9.2. Removing a supplier from a replication topology

Removing a supplier cleanly from a replication topology is more complex than removing a hub or consumer. This is because every supplier in the topology stores information about other suppliers, and they retain that information even if a supplier suddenly becomes unavailable.

Directory Server maintains information about the replication topology in a set of metadata called the replica update vector (RUV). The RUV contains information about the supplier, such as its ID, URL, latest change state number (CSN) on the local server, and the CSN of the first change. Both suppliers and consumers store RUV information, and they use it to control replication updates.

To remove a supplier cleanly, you must remove its metadata along with the configuration entries.

Prerequisites

  • The instance to remove is a supplier.
  • If the host to remove also acts as a supplier to other servers in the topology, you configured other suppliers or hubs to replicate data to these servers to prevent them from becoming isolated.

Procedure

  1. On the supplier to remove:

    1. List the suffixes and their corresponding databases: 

      # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix list
dc=example,dc=com (userroot)

      Note the name of the databases.

    2. Set the databases into read-only mode to prevent any further updates: 

      # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix set --enable-readonly "userroot"

    3. Wait until all other servers in the topology received all data from this supplier. To verify, ensure that the CSN on other servers is equal or greater than the CSN on the supplier to remove: 

      # ds-replcheck online -D "cn=Directory Manager" -w password -m ldap://host-to-remove.example.com:389 -r ldap://server.example.com:389 -b dc=example,dc=com
================================================================================
         Replication Synchronization Report  (Tue Mar  5 09:46:20 2021)
================================================================================

Database RUV's
=====================================================

Supplier RUV:
  {replica 1 ldap://host-to-remove.example.com:389} 5c7e8927000100010000 5c7e89a0000100010000
  {replicageneration} 5c7e8927000000010000

Replica RUV:
  {replica 1 ldap://host-to-remove.example.com:389} 5c7e8927000100010000 5c7e8927000400010000
  {replica 2 ldap://server.example.com:389}
  {replicageneration} 5c7e8927000000010000

    4. Display the replica ID: 

      # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com replication get --suffix "dc=example,dc=com" | grep -i "nsds5replicaid"
nsDS5ReplicaId: 1

      In this example, the replica ID is 1. Remember your replica ID for the last step of this procedure.

  2. On all suppliers that have a replication agreement with the host you want to remove:

    1. List the replication agreements for the suffix that is replicated: 

      # dsconf -D "cn=Directory Manager" ldap://server.example.com repl-agmt list --suffix "dc=example,dc=com"
dn: cn=example-agreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
cn: example-agreement
...

      The cn attribute contains the replication agreement name that you need in the next step.

    2. Remove the replication agreement: 

      # dsconf -D "cn=Directory Manager" ldap://server.example.com repl-agmt delete --suffix "dc=example,dc=com" example-agreement

  3. On the supplier to remove, disable replication for all suffixes: 

    # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com replication disable --suffix "dc=example,dc=com"

    Disabling replication automatically also deletes all replication agreements for this suffix on this server.

  4. Before you proceed, ensure that all Directory Server instances listed in the Replica RUV section of the ds-replcheck output are online.

  5. On one of the remaining suppliers in the topology, clean the RUVs for the replica ID: 

    # dsconf -D "cn=Directory Manager" ldap://server.example.com repl-tasks cleanallruv --suffix "dc=example,dc=com" --replica-id 1

    This command requires that you specify the replica ID displayed in an earlier step of this procedure.

Verification

  • Verify in the output of the ds-replcheck command that no entries with the replica ID and URL of the host you removed are left: 

    # ds-replcheck online -D "cn=Directory Manager" -w password -m ldap://host-to-remove.example.com:389 -r ldap://server.example.com:389 -b dc=example,dc=com

Next steps

  • If you want to use the removed instance for testing purposes, disable the read-only mode: 

    # dsconf -D "cn=Directory Manager" ldap://host-to-remove.example.com backend suffix set --disable-readonly userroot
    Important

    If you want to use the instance you removed from the topology for testing purposes, ensure that no clients continue using it.

  • Remove the instance: 

    # dsctl instance_name remove --do-it

Additional resources