Using a Notes client to automatically replicate between two disconnected Domino domains 

Sean Cull  April 29 2009 22:37:49

It is often necessary to replicate Notes / Domino applications between different organisations. for example a Notes Development Shop may want to maintain a replica of a clients production database to allow easier support.

In most cases you would manage this process via a server - server connection. This is bread and butter stuff for a Domino server and there are lots of options to specify frequencies, end points etc.. This is definitely the preferred route.

Sometimes however the particular topology of the networks mean that it is not possible or affordable for two servers to connect to each other. I had a case such as this and was manually using a Notes client to relay information from one server to the other server - a pretty tedious process. I then came up with the following scheme to use a dedicated client machine ( in actual fact a virtual machine ) to do this automatically via a local replica.


The crux of the problem is that with a Notes client you cannot schedule alternating replication between two different servers. I tried programmatically changing the location documents and the connection documents but he Notes client caches the last known server and I could not get it to reliably alternate between servers.

The solution that I used was to deliberately sabotage the server connections at operating system level on a rotating basis. In Windows a scheduled task disables one of the connections using the routeadd command whilst in Linux I found it easier to manipulate the firewall ( note that this was not the only firewall in use )




The Linux Solution

The final solution was to run a linux virtual PC with the Notes client installed. I used a scheduled job to run the following script which blocks access to one of the servers at a time using some firewall rules.

NOTE : in the example shown the PC was protected by a number of firewalls so I was able to keep the script very simple. If you are manipulating your primary firewall you will need a more sophisticated approach. I am no Linux expert so please feel free to improve my code but I would appreciate a copy !


###########################################
# This code is used to alternately block traffic between two Notes servers
# so that the client will effectively replicate between them
# as it falls over form one to the other. Icons for both server replicas
# and the local replica must exist on the workspace
# Note that this code manipulates the iptables.
# These tables may also be manipulated by a firewall program so be
# sure that they do not over-write each other
# The script must be run by root in order to change the iptables
# use sudo iptables -L to view the current iptables
#
# see https://help.unbunt.com/community/CronHowto for setting up cron jobs
# remember to sudo crontab
# */20 * * * * /usr/bin/FoCul/FoCul_toggle_firewall
#
# Sean Cull, www.focul.net, sean_cull@focul.net
# No warranty is given or implied and all spelling mistakes are deliberate
#
##!/bin/bash -x

#############################################
# Set variables
#############################################
logfile="/tmp/FoCul_Firewall_Toggle-log-file"
server1=12.345.67.89
server2=89.67.345.12

echo "########################################" >>$logfile
echo "`date`" >> $logfile
#############################################
# Write Iptables to file so that it can be greped
# if there is a way to grep it directly
# please let me know
#############################################
sudo iptables-save > /tmp/FoCul_Firewall_rules
grep $server1 "/tmp/FoCul_Firewall_rules"
#############################################
# conditionally set a firewall rule blocking one
# of the servers and removing the block
# for the other if it exists
#############################################

if [ $? = 0 ]; then
    echo "found $server1 in rules" >> $logfile
    echo enabling $server1 >> $logfile
    sudo iptables -D INPUT -s $server1 -j DROP
    # need to make sure that we don't add multiple rules
    grep $server2 "/tmp/FoCul_Firewall_rules"
    if [ $? = 0 ]; then
            echo WARNING $server2 already disabled for some reason >> $logfile
            # multiple entries will sort themselves out after a few cycles
    else
            echo disabling $server2 >> $logfile
            sudo iptables -I INPUT -s $server2 -j DROP
    fi        
else
    grep $server2 "/tmp/FoCul_Firewall_rules"
    if [ $? = 0 ]; then
            echo "found $server2 in rules" >> $logfile
            echo enabling $server2  >> $logfile
            sudo iptables -D INPUT -s $server2 -j DROP
            grep $server1 "/tmp/FoCul_Firewall_rules"
            if [ $? = 0 ]; then
                    echo WARNING $server1 already disabled for some reason >> $logfile
                    # multiple entries will sort themselves out after a few cycles
            else
                    echo disabling $server1 >> $logfile
                    sudo iptables -I INPUT -s $server1 -j DROP
            fi        
    else
            # did not find either code so add server1
            echo did not find $server1 or $server2 in the rules >> $logfile
            sudo iptables -I INPUT -s $server1 -j DROP
            echo disabling $server1 >> $logfile
    fi
fi

#echo "=========================================" >>$logfile
#echo "after" >>$logfile
#iptables -L -n >>$logfile
echo "########################################" >>$logfile


The Windows Solution

The windows solution uses a bat file to disrupt one of the connection end points. This bat file is run on the half hour by the Scheduled Tasks controller found on the Control Panel. Note that to schedule a task more frequently than daily you need to use the advanced options and it is not particularly intuitive ( see below )

@echo off
REM This code adds a routing table entry to stop the Notes Client connecting to a server
REM If the entry already exists it will remove the routing entry
REM The dummy_IP value needs to be an IP address in the local range

echo ################################################# >> %logfile%
echo ################################################# >> %logfile%
echo ################################################# >> %logfile%
echo %date% %time% >> %logfile%

set server1=12.34.567.89
set server2=89.567.34.12
set dummy_IP=192.168.1.2
set logfile=C:\Log_File.txt
route print >> %logfile%
route print| find /i "%server1%" > NULL

if errorlevel 1 GOTO :NOT_FOUND
if errorlevel 0 GOTO :FOUND

:FOUND
ECHO Server1 found in routing tables >> %logfile%
ECHO server1 found in routing tables
ECHO Removing server1 Route now >> %logfile%
ECHO Removing Server1 Route now
ROUTE DELETE %server1%
route add %server2% MASK 255.255.255.255 %dummy_IP% Metric 1
GOTO :End

:NOT_FOUND
ECHO server1 NOT found >> %logfile%
ECHO Adding server1 to routing tables now >> %logfile%
ECHO server1 NOT found
ECHO Adding server1 to routing tables now
route add %server1% MASK 255.255.255.255 %dummy_IP% Metric 1
ROUTE DELETE %server2%
:End





missed some screens here












If you are using a dedicated PC then you will most probably need a notes licence. Using Ubuntu 8.04 works fine and will reduce your licensing costs. I was able to run it as a virtual machine on an existing box

Between developing this method and writing this post I read a post by a recent post  Cristian D'Aloisio where he showed how the nreplica.exe task from the server code could be used with the client to replicate the database from one server and then the other. This method has some merit and is simpler than the above approach in many ways but the two main advantage here is that once the three icons ( server 1, server 2 and local ) are on the workspace the system will look after the replication with no further coding and there is no need to take server code and put it into the client.

Please leave a comment