[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fail over

On Thu, Sep 12, 2002 at 12:05:10AM +0200, vadim tarassov wrote:
| Hallo Ryan,
| 
| major problem is that existance of some notes on multimastering in the 
| mailing list is far from stage where one can bring such feature in IT 
| department, where lots of other things become importnat, such as for 
| example migration from 2.0.X to 2.1.X where probably a number of bugs 
| has been fixed etc. Now you say that in 2.0.whatsoever one could 
| implement multimaster replication, it is fine from academical point of 
| view, but nobody is able to say if it is possible in 2.1.X without 
| spending month for it., and that's not good.
| 
| Regards, Vadim Tarassov.

Last time I looked (a few minutes ago) 2.0.25 was the last "stable" 
release.  In our IT shop (which I run), we prefer using "stable" code.
If you want to use 2.1.X, your mileage may vary, but don't use that as
a reason to push back. 

Having "done it", my point is that it involves a fair amount of work:
you have to modify the configure.in file and rebuild the configure
script before you can even run "configure --enable-multimaster".  The
archives explain "what to do", but *you* have to do it, its not done
for you out of the box (that's why I say its experimental and not
supported).  I'm also worried that because since you are asking
and not following my suggestion of RTSC the following won't make
sense, but here goes:

************WARNING

Once you follow the archives to turn on multimaster and succeed, there
is still an issue, my quick review of the mm code in 2.1.4 is that it
has the same issue that it had in 2.0.25: once you turn it on and set the
update dn information on a server, ANY authenticated user to that server
can change ANY attribute they have permission for, including
"NO-USER-MODIFICATION" attributes (like modificationTime).  In my book, that
*breaks* the LDAP protocol (for the interested, read RFCs 2251 through 2256).

************

Now, I contributed code to fix this for 2.0.25 to the developer list, because
that's what I use (read: I *have* implemented it and fixed the above).  Since
multimaster is not officially supported, it's up to some volunteer to
figure out how to make that code work in 2.1.x.  To date, I haven't had the
time or I'd volunteer to run with the multi-master part of the project.
Kurt, has anybody volunteered for this yet?

Ryan

| Ryan Moats wrote:
| 
| >On Wed, Sep 11, 2002 at 09:37:05AM -0600, Banzaitron wrote:
| >| Can someone in the know comment about multi-master replication?  It
| >| definitely would be nice to have two LDAPs keeping each other in synch
| >| (rather than one readonly emergency backup).  Is it available in 2.1.X?
| >| What steps are involved in implementing it if it is available?
| >| 
| >| Thanks,
| >| Andy
| >
| >Multimaster involves experimental code that needs some extra work to
| >enable (i.e. you have to do things *before* configure --enable-multimaster
| >will work).  Its in 2.0.25, and my memory is that the mailing list archives
| >(I think development) have notes on how to do it.
| >
| >I should note that before you do that, look *very* carefully at the
| >code that is enabled by multimaster (SLAPD_MULTIMASTER tags), because
| >there are some rather interesting side effects on how multimaster is
| >currently implemented.
| >
| >Ryan Moats
| >
| >| ----- Original Message -----
| >| From: "Tarassov Vadim" <Vadim.Tarassov@winterthur.ch>
| >| To: "'Bjørn Ove Grøtan'" <bjorn.grotan@itea.ntnu.no>; "Kristyan Osborne"
| >| <kris@longhill.brighton-hove.sch.uk>
| >| Cc: "OpenLDAP (E-mail)" <openldap-software@OpenLDAP.org>
| >| Sent: Wednesday, September 11, 2002 6:52 AM
| >| Subject: AW: Fail over
| >| 
| >| 
| >| Hi Bjorn,
| >| 
| >| I am not sure that Kristyan is asking about slurpd. Slurpd will update
| >| replica, it is not substitution for any sort of clustering or so. If master
| >| is not available, you will not be able update replica anyway, which means
| >| that you've zero of failover in applications doing lots of updates. The
| >| better way to achive his goal would be real multi-master replication, but I
| >| am not sure that it works with recent versions of openldap (2.1.*). There
| >| were lots of letters around recently about multimaster replication, but up
| >| to my best knowledge they were related to 2.0.* versions of openldap. People
| >| were suggesting to use --enable-multimaser or #define SLAPD_MULTIMASTER 1 in
| >| portable.h. I don't think in 2.1.2 either of them has an effect, in 2.1..4
| >| #define SLAPD_MULTIMASTER is commented, so perhaps, it would make sense to
| >| try that multimaster activity with 2.1.4? Well, anyway that's all details. I
| >| am reading this maillist during last three month and I have not noticed that
| >| multimaster re!
| >|  plication is sort of "officially" available feature in openldap, well at
| >| least people do not really like to talk about it. In such case it probably
| >| would make more sense to dig in direction of conventional clustering.
| >| 
| >| Regards, Vadim Tarassov.
| >| 
| >| -----Ursprüngliche Nachricht-----
| >| Von: Bjørn Ove Grøtan [mailto:bjorn.grotan@itea.ntnu.no]
| >| Gesendet: Mittwoch, 11. September 2002 14:14
| >| An: Kristyan Osborne
| >| Cc: OpenLDAP (E-mail)
| >| Betreff: Re: Fail over
| >| 
| >| 
| >| Kristyan Osborne:
| >| > Hi,
| >| >
| >| > I'm quite new to openldap so you will have to excuse any stupid questions
| >| from me.
| >| >
| >| > I want to make my ldap server redundant so that if it fails another one
| >| could take over with no or very little down time.
| >| >
| >| > Could someone explain to me how to do this or point me to some
| >| documentation.
| >| >
| >| 
| >| Browse the list archives for "multi-master" and you can catch the
| >| documentation
| >| on Slurpd.
| >| 
| >| Regards
| >| 
| >| Bjørn Ove Grøtan
| >| 
| >| 
| >| 
| >| 
| >
| >  
| >
| 
| 
|