UnboundID Metrics Engine Command-Line Tool Reference

Metrics Engine Documentation Index
Command-Line Tool Reference Home

config-diff

Description

Compares Metrics Engine configurations and produces a dsconfig batch file needed to bring the source inline with the target.

Its uses include comparing multiple servers for configuration differences, producing a batch file to reconfigure a server from scratch from the out-of-the-box configuration, and comparing a local server against an expected configuration.

Both the source and the target configurations can be retrieved over LDAP, accessed from the local server's file system, extracted from a specific file, or retrieved from every server in a configuration server group. Also, with the exception of accessing a configuration from a specific file, the source and/or target configurations can be compared as they existed at any point in the past, including the baseline, pre-installation configuration.

Some configuration differences (those that will always differ between instances, like instance-name) are excluded by default to reduce the amount of spurious output, but these can be included by specifying the --includeExpectedDifferences command. Further differences can be excluded with the --exclude option.

This tool attempts to generate a batch file that can be applied to the source server without any errors. However, there are some edge case configurations that the tool is not sophisticated enough to handle. For example, it cannot handle two peer configuration objects that would require swapping values for a property (e.g. evaluation-order-index) that must be unique within the server. It will still generate a dsconfig batch file that includes these changes, but they might be rejected by the server. In these rare cases, the batch file can be hand edited so that it can be applied to a running server or it can be applied with the server shut down using 'dsconfig --offline'.

Examples

Compare the current configurations of server1 and server2. The changes necessary to bring server1's configuration in-line with server2 are written to the console. The same credentials are used for connecting to both servers:

config-diff --sourceHost server1 --sourceBindDN "cn=Directory Manager" \
     --sourceBindPassword password --targetHost server2

Compare the current configuration of the local server to the baseline, pre-installation configuration, ignoring any changes that could be made by the installer, and writing the output to the configuration-steps.dsconfig file. This provides a script that can be used to configure a newly installed server identically to the local server:

config-diff --sourceLocal --sourceBaseline --targetLocal \
     --exclude differs-after-install --outputFile configuration-steps.dsconfig

Determine the configuration steps necessary to undo all configuration changes that were made to the local server in the last two weeks:

config-diff --sourceLocal --targetLocal --targetDate -2w

Audit the configuration of all servers in the configuration server group against an expected configuration. The baseline, pre-installation configuration is retrieved and the dsconfig batch file, standard-config.dsconfig, is applied to it (in-memory) to establish the expected configuration. The configuration of each server in the configuration server group of server1 is then compared to this authoritative configuration, and the steps necessary to return each server to this configuration are written out to the non-compliance-config-changes/ directory. Configuration settings that differ by the Location of the server or ones that are set by the installer are ignored:

config-diff --sourceConfigGroup --targetHost server1 \
     --targetBindDN "cn=Directory Manager" --targetBindPassword password \
     --targetBaseline --targetPreDiffBatchFile standard-config.dsconfig \
     --exclude differs-by-location --exclude differs-after-install \
     --outputDir non-compliance-config-changes/

Arguments

-V
--version

Description

Display Metrics Engine version information

-H
--help

Description

Display general usage information

--help-debug

Description	Display help for using debug options
Advanced	Yes

-h {host}
--sourceHost {host}

Description	Metrics Engine host name or IP address of the source server whose contents will be used as the source of the computed diff. The output dsconfig batch file could be applied to this server to synchronize its configuration with the target
Required	No
Multi-Valued	No

-p {port}
--sourcePort {port}

Description	Metrics Engine LDAP port number of the server whose contents will be used as the source of the computed diff
Default Value	389
Required	No
Multi-Valued	No

--sourceUseSSL

Description

Use SSL for secure communication with the source server

--sourceUseStartTLS

Description

Use StartTLS to secure communication with the source server

-D {bindDN}
--sourceBindDN {bindDN}

Description	DN used to bind to the source Metrics Engine
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

-w {bindPassword}
--sourceBindPassword {bindPassword}

Description	Password used to bind to the source Metrics Engine
Required	No
Multi-Valued	No

--sourceBindPasswordFile {bindPasswordFile}

Description	File containing the password used to bind to the source server
Required	No
Multi-Valued	No

--sourceSASLOption {name=value}

Description	A SASL option (in the form 'name=value') to use when attempting to authenticate to the source server
Required	No
Multi-Valued	Yes

--sourceLocal

Description

Use the local server configuration as the source of the comparison instead of retrieving the configuration over LDAP

--sourceFile my-config.ldif

Description	Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the source of the comparison instead of retrieving the configuration over LDAP
Required	No
Multi-Valued	No

--sourceConfigGroup

Description

Use each server in the target server's configuration-server-group as the source of the configuration comparison. This requires the --targetHostName option to identify the target configuration and assumes that the target credentials can be used to authenticate to all servers in the group

--sourceBaseline

Description

Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the source of the comparison

--sourceDate [2013-08-10T12:30 or -2d]

Description	Use the source configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds
Required	No
Multi-Valued	No

--sourcePreDiffBatchFile pre-diff-changes.dsconfig

Description	A dsconfig batch file containing a list of dsconfig commands that should be applied to the source configuration in-memory before performing the diff
Required	No
Multi-Valued	No

--targetHost {host}

Description	Metrics Engine host name or IP address of the target server whose contents will be used as the target of the computed diff. The output dsconfig batch file could be applied to the source server to synchronize it's configuration with this server
Required	No
Multi-Valued	No

--targetPort {port}

Description	Metrics Engine LDAP port number of the server whose contents will be used as the target of the computed diff
Default Value	389
Required	No
Multi-Valued	No

--targetUseSSL

Description

Use SSL for secure communication with the target server

--targetUseStartTLS

Description

Use StartTLS to secure communication with the target server

--targetBindDN {bindDN}

Description	DN used to bind to the target Metrics Engine. Defaults to the source bind DN if not specified
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

--targetBindPassword {bindPassword}

Description	Password used to bind to the target Metrics Engine. Defaults to the source password if not specified
Required	No
Multi-Valued	No

--targetBindPasswordFile {bindPasswordFile}

Description	File containing the password used to bind to the target server. Defaults to the source password file if not specified
Required	No
Multi-Valued	No

--targetSASLOption {name=value}

Description	A SASL option (in the form 'name=value') to use when attempting to authenticate to the target server
Required	No
Multi-Valued	Yes

--targetLocal

Description

Use the local server configuration as the target of the comparison instead of retrieving the configuration over LDAP

--targetFile my-config.ldif

Description	Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the target of the comparison instead of retrieving the configuration over LDAP
Required	No
Multi-Valued	No

--targetConfigGroup

Description

Use each server in the source server's configuration-server-group as the target of the configuration comparison. This requires the --sourceHostName option to identify the source configuration and assumes that source credentials can be used to authenticate to all servers in the group

--targetBaseline

Description

Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the target of the comparison

--targetDate [2013-08-13T12:30 or -2d]

Description	Use the target configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds
Required	No
Multi-Valued	No

--targetPreDiffBatchFile pre-diff-changes.dsconfig

Description	A dsconfig batch file containing a list of dsconfig commands that should be applied in-memory to the target configuarion before performing the diff
Required	No
Multi-Valued	No

--outputFile config-differences.dsconfig

Description	Output file where the configuration differences should be written
Required	No
Multi-Valued	No

--outputDir config-differences/

Description	Output directory where the configuration differences should be written
Required	No
Multi-Valued	No

--includeExpectedDifferences

Description

Include configuration differences which are expected (such as the instance-name setting) in the output

--exclude [differs-by-location, differs-after-install]

Description	This option allows certain types of configuration differences to be excluded from the output. Allowed values are differs-by-location, which will ignore configuration settings that could differ for servers in different configured Locations, and differs-after-install, which will ignore configuration settings that can be changed by the installer. Note that some differences are excluded by default. These can be included in the output using the --includeExpectedDifferences option
Required	No
Multi-Valued	Yes

-X
--trustAll

Description

Trust all server SSL certificates

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description	Certificate key store path
Required	No
Multi-Valued	No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description	Certificate key store PIN
Required	No
Multi-Valued	No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description	Certificate key store PIN file
Required	No
Multi-Valued	No

-N {nickname}
--certNickname {nickname}

Description	Nickname of the certificate for SSL client authentication
Required	No
Multi-Valued	No

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description	Certificate trust store path
Required	No
Multi-Valued	No