[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Multimaster further work

To: "'Derek Simkowiak'" <dereks@itsite.com>, "'Clayton Donley'" <clayton.donley@octetstring.com>
Subject: RE: Multimaster further work
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 24 Oct 2002 17:56:27 -0700
Cc: "'Daniel Tiefnig'" <daniel.tiefnig@infonova.com>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.33L2.0210241540020.31291-100000@dev.itsite.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek Simkowiak

> > In many cases this comes down to directory design.

> 	Well, yes, but then you don't have conflicting entries for the
> same DN.  You have non-conflicting entries for different DNs,
> and you're
> not even in the discussion anymore  :)

Sometimes the best approach when faced with a hard problem is to take a
different path and avoid facing it in the first place.

I don't see the example of the "boss' stolen laptop, master slapd is down"
being a compelling argument for multimaster replication. I see this as an
extraordinary circumstance which merits a special-case solution. Nothing says
that you can't have multiple copies of your slurpd configuration lying
around. I'd generate a replog entry by hand with the desired modifications
and manually invoke slurpd from an alternate machine to propagate the
revocation to the remaining slaves.

Talk about "5 nines" reliability or somesuch, server up 99.999% of the time.
This translates to 10 minutes of downtime per week. This in itself is pretty
generous, to my mind. I have slapd servers providing SSO/authentication, etc.
to various web sites that have been running for 9-10 months at a time; the
only reason they restart is for software upgrades. There probably isn't even
10 minutes of downtime per *year*. And if it fails, it will assuredly take
less than 10 minutes for failover to the spare server to occur. As such, the
spectre of "single point of failure" also isn't very compelling.

The issue of load-balancing is a red herring. If you have a pool of servers
and you are distributing queries across all of them, the load from write
operations is the same whether you are using single-master or multi-master
replication - the update still has to propagate to every other server. As
such, multi-master replication offers no benefit, while introducing a slew of
potential problems.

>	I strongly disagree.  I think this is an issue that should have
>strong input from the endusers.  Devel lists are somewhat exclusive to
>people who are great at writing code, but not necessarily great at
>identifying endusers' needs.  I think this discussion is best held out "in
>the open", where real-world users of OpenLDAP can make sure their needs
>are being taken into account.

Endusers who have not been around the subject area for a great length of time
tend to misidentify their needs and desired solutions. In any profession, the
percentage of people proficient at thinking critically in that field is a
tiny amount compared to the field as a whole, and as such most enduser input
is typically no better than random noise. I also think it's naive to believe
that developers are not also endusers themselves, and fully cognizant of the
features needed to apply an arbitrary technology to a real world problem.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: Multimaster further work
  - From: Derek Simkowiak <dereks@itsite.com>
- Re: Multimaster further work
  - From: Markus Storm <Markus.Storm@mediaWays.net>

References:
- RE: Multimaster further work
  - From: Derek Simkowiak <dereks@itsite.com>

Prev by Date: RE: Multimaster further work
Next by Date: Re: Access Control List question for Open LDAP
Index(es):
- Chronological
- Thread