Compares Data Governance Server configurations and produces a dsconfig batch file needed to bring the source inline with the target.
Its uses include comparing multiple servers for configuration differences, producing a batch file to reconfigure a server from scratch from the out-of-the-box configuration, and comparing a local server against an expected configuration.
Both the source and the target configurations can be retrieved over LDAP, accessed from the local server's file system, extracted from a specific file, or retrieved from every server in a configuration server group. Also, with the exception of accessing a configuration from a specific file, the source and/or target configurations can be compared as they existed at any point in the past, including the baseline, pre-installation configuration.
Some configuration differences (those that will always differ between instances, like instance-name) are excluded by default to reduce the amount of spurious output, but these can be included by specifying the --includeExpectedDifferences command. Further differences can be excluded with the --exclude option.
This tool attempts to generate a batch file that can be applied to the source server without any errors. However, there are some edge case configurations that the tool is not sophisticated enough to handle. For example, it cannot handle two peer configuration objects that would require swapping values for a property (e.g. evaluation-order-index) that must be unique within the server. It will still generate a dsconfig batch file that includes these changes, but they might be rejected by the server. In these rare cases, the batch file can be hand edited so that it can be applied to a running server or it can be applied with the server shut down using 'dsconfig --offline'.
config-diff
config-diff --sourceHost server1 --sourceBindDN "cn=Directory Manager" \
--sourceBindPassword password --targetHost server2
config-diff --sourceLocal --sourceTag postSetup --targetLocal \
--exclude differs-after-install --outputFile configuration-steps.dsconfig
config-diff --sourceLocal --targetLocal --targetDate -2w
config-diff --sourceConfigGroup --targetHost server1 \
--targetBindDN "cn=Directory Manager" --targetBindPassword password \
--targetBaseline --targetPreDiffBatchFile standard-config.dsconfig \
--exclude differs-by-location --exclude differs-after-install \
--outputDir non-compliance-config-changes/
-V
--version
| Description | Display Data Governance Server version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--sourceHost {host}
| Description | Data Governance Server host name or IP address of the source server whose contents will be used as the source of the computed diff. The output dsconfig batch file could be applied to this server to synchronize its configuration with the target |
| Required | No |
| Multi-Valued | No |
-p {port}
--sourcePort {port}
| Description | Data Governance Server LDAP port number of the server whose contents will be used as the source of the computed diff |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
--sourceUseSSL
| Description | Use SSL for secure communication with the source server |
--sourceUseStartTLS
| Description | Use StartTLS to secure communication with the source server |
-D {bindDN}
--sourceBindDN {bindDN}
| Description | DN used to bind to the source Data Governance Server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--sourceBindPassword {bindPassword}
| Description | Password used to bind to the source Data Governance Server |
| Required | No |
| Multi-Valued | No |
--sourceBindPasswordFile {bindPasswordFile}
| Description | File containing the password used to bind to the source server |
| Required | No |
| Multi-Valued | No |
--sourceSASLOption {name=value}
| Description | A SASL option (in the form 'name=value') to use when attempting to authenticate to the source server |
| Required | No |
| Multi-Valued | Yes |
--sourceLocal
| Description | Use the local server configuration as the source of the comparison instead of retrieving the configuration over LDAP |
--sourceFile my-config.ldif
| Description | Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the source of the comparison instead of retrieving the configuration over LDAP |
| Required | No |
| Multi-Valued | No |
--sourceConfigGroup
| Description | Use each server in the target server's configuration-server-group as the source of the configuration comparison. This requires the --targetHostName option to identify the target configuration and assumes that the target credentials can be used to authenticate to all servers in the group |
--sourceBaseline
| Description | Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the source of the comparison |
--sourceDate [2013-08-10T12:30 or -2d]
| Description | Use the source configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds |
| Required | No |
| Multi-Valued | No |
--sourceTag postSetup
| Description | Use the source configuration with the given tag. Currently, "postSetup" is the only supported tag |
| Required | No |
| Multi-Valued | No |
--sourcePreDiffBatchFile pre-diff-changes.dsconfig
| Description | A dsconfig batch file containing a list of dsconfig commands that should be applied to the source configuration in-memory before performing the diff |
| Required | No |
| Multi-Valued | No |
--targetHost {host}
| Description | Data Governance Server host name or IP address of the target server whose contents will be used as the target of the computed diff. The output dsconfig batch file could be applied to the source server to synchronize it's configuration with this server |
| Required | No |
| Multi-Valued | No |
--targetPort {port}
| Description | Data Governance Server LDAP port number of the server whose contents will be used as the target of the computed diff |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
--targetUseSSL
| Description | Use SSL for secure communication with the target server |
--targetUseStartTLS
| Description | Use StartTLS to secure communication with the target server |
--targetBindDN {bindDN}
| Description | DN used to bind to the target Data Governance Server. Defaults to the source bind DN if not specified |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
--targetBindPassword {bindPassword}
| Description | Password used to bind to the target Data Governance Server. Defaults to the source password if not specified |
| Required | No |
| Multi-Valued | No |
--targetBindPasswordFile {bindPasswordFile}
| Description | File containing the password used to bind to the target server. Defaults to the source password file if not specified |
| Required | No |
| Multi-Valued | No |
--targetSASLOption {name=value}
| Description | A SASL option (in the form 'name=value') to use when attempting to authenticate to the target server |
| Required | No |
| Multi-Valued | Yes |
--targetLocal
| Description | Use the local server configuration as the target of the comparison instead of retrieving the configuration over LDAP |
--targetFile my-config.ldif
| Description | Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the target of the comparison instead of retrieving the configuration over LDAP |
| Required | No |
| Multi-Valued | No |
--targetConfigGroup
| Description | Use each server in the source server's configuration-server-group as the target of the configuration comparison. This requires the --sourceHostName option to identify the source configuration and assumes that source credentials can be used to authenticate to all servers in the group |
--targetBaseline
| Description | Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the target of the comparison |
--targetDate [2013-08-13T12:30 or -2d]
| Description | Use the target configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds |
| Required | No |
| Multi-Valued | No |
--targetTag postSetup
| Description | Use the target configuration with the given tag. Currently, "postSetup" is the only supported tag |
| Required | No |
| Multi-Valued | No |
--targetPreDiffBatchFile pre-diff-changes.dsconfig
| Description | A dsconfig batch file containing a list of dsconfig commands that should be applied in-memory to the target configuration before performing the diff |
| Required | No |
| Multi-Valued | No |
--outputFile config-differences.dsconfig
| Description | Output file where the configuration differences should be written |
| Required | No |
| Multi-Valued | No |
--outputDir config-differences/
| Description | Output directory where the configuration differences should be written |
| Required | No |
| Multi-Valued | No |
--rest
| Description | Instead of dsconfig commands, shows how to make the necessary changes through the Configuration API |
--prettyPrint
| Description | Lists dsconfig commands with line wrapping enabled for readability. This format is parsed the exact same way by 'dsconfig' as the output without this argument |
--includeExpectedDifferences
| Description | Include configuration differences which are expected (such as the instance-name setting) in the output |
--exclude [differs-by-location, differs-after-install, differs-in-topology-registry]
| Description | This option allows certain types of configuration differences to be excluded from the output. Allowed values are differs-by-location, which will ignore configuration settings that could differ for servers in different configured Locations, differs-after-install, which will ignore configuration settings that can be changed by the installer, and differs-in-topology-registry, which will ignore configuration settings in the topology registry. Note that some differences are excluded by default. These can be included in the output using the --includeExpectedDifferences option. Also, note that "--sourceTag postSetup" and "--targetTag postSetup" should be preferred over differs-after-install |
| Required | No |
| Multi-Valued | Yes |
--includeAllWarnings
| Description | Include all warnings in the output. This includes ones that are expected such as warnings about creating configuration objects that are marked as edit-only since they are managed by tools other than dsconfig |
-X
--trustAll
| Description | Trust all server SSL certificates |
-K {keystorePath}
--keyStorePath {keystorePath}
| Description | Certificate keystore path |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore PIN |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore PIN file |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
-P {truststorePath}
--trustStorePath {truststorePath}
| Description | Certificate truststore path |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Certificate truststore PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate truststore PIN file |
| Required | No |
| Multi-Valued | No |