Month: July 2010

How to backup and restore DataStore configurations

Creating DataStore configurations is never fun. You have to fill those lists with LDAP objectclasses and attributes, so OpenAM will see them, and if you have mistyped something then you’re probably going to end up debugging, why X functionality is broken and such. That’s why the best way to create datastore configurations is using the ssoadm command. The ssoadm is essentually a command line interface for OpenAM management. With help of ssoadm you can create scripts, which will configure OpenAM in the way you want, and sometimes you can configure things that you’ve never heard of in Console.

So let’s state, that you have an already working DataStore configuration, which you want to move to an another server or just simply backup for later. Here’s the command that you need to use from ssoadm install directory:

openam/bin/ssoadm show-datastore --realm / --name OpenDS --adminid amadmin
--password-file .pass > datastore_config.txt

As you can see, you can specify the realm and the datastore name which one you want to backup, the adminid is the name of the realm admin, the last one is the password-file parameter, in this case the .pass file is containing the amadmin password in plain text. Unfortunately there is no output-file but you could easily redirect the output with the > sign, or just copy the output into a file for later.
So backup done, but how could you restore it? Use the following command:

openam/bin/ssoadm create-datastore -e / -m OpenDS -t LDAPv3ForOpenDS
-u amAdmin -f .pass -D datastore_config.txt

At the restore you’re specifying the realm and the name again, but yet you have a magic parameter, the –datatype parameter. After some Googling around I was able to find some doc about it, but it’s not that uptodate, so here is what we (Allan and me) could find out about these types:

  • Database -> some kind of Database Server
  • LDAPv3 -> Generic LDAPv3 Server
  • LDAPv3ForAD -> Microsoft Active Directory with Host and Port
  • LDAPv3ForADAM -> Active Directory Application Mode
  • LDAPv3ForAMDS -> Equivalent with Sun DS in OpenAM console
  • LDAPv3ForOpenDS – Sun OpenDS
  • LDAPv3ForTivoli -> IBM Tivoli Directory Server

These are the valid values for the datatype parameter, choose one based on your DataStore.

And that’s it, this is how you can backup and restore datastore configurations, cheers!

Monitoring number of active sessions with SNMP

Monitoring the quantity of active sessions is always a great way to monitor your OpenAM instances load, and guess what OpenAM has an interface for that. 🙂 In OpenAM admin console you can see the active sessions under the Sessions tab, but the list is limited by default to 120 entry. You can’t find a programmatic way to find this out either, since you only could find something like:

SSOTokenManager.getValidSessions();

which will retrieve every single session, but why would anyone do that to get only the count of them?
So if you want to monitor your sessions in a proper way, then you just need to follow the next few steps:

  • In SSO console go to Configuration -> System -> Monitoring
  • Check that the ‘Monitoring SNMP interface status’ is enabled
  • Install the ‘snmpwalk’ SNMP tool on your system
  • Execute the following command:
  • snmpwalk -c public -v 2c :8085 enterprises.42.2.230.3.1.1.2.1.11.1.0
    

and there you go. This way you could easily create a munin script, so you could show nice charts about active sessions for management. 🙂

Note: the SNMP port is 8085 by default, but it’s configurable of course.