[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Designing large environment

On Friday 23 December 2005 04:27, Don Hoover wrote:
> I have started to put some though into how I would
> deploy OpenLDAP for a largish environment and some
> questions have come to mind.
> I am planning on having a single master and about 5-6
> or so read-only replicas.
> Hopefully someone with experience can answer these:
> 1) Is it a good idea to also run a read-only
> replica/secondary server on my master server, so I can
> point clients to it as well?  I could then put my
> master on a different port I guess.  I think I have
> seen people recommend this instead of going directly
> against your master server.  Any opinions?

Why waste the resources (CPU, memory, IO) on your master when you have enough 
slaves around?

If you're worried that all your slaves will fail, why would you bother with a 
read-only on the master? The master on the server will be able to server 
clients (it this is really necessary).

> 2) I have seen some people mention having a "hot
> standby" master server or something, but nothing like
> that is in any documentation or articles that I can
> find on the web.  I couldnt even find anything in the
> list archives.

With syncrepl and back-config (or even just with different config files), you 
should be able to easily switch a slave to be a master.

However, maybe you should list your actual requirements here, we run HA 
clusters using Red Hat Cluster Suite for our masters (we have a SAN for 
shared storage, heartbeat with drbd may be a cheaper solution that should 
work ok).

> Does this mean something different than a replica
> server? If so how would I implement one?

Don't know, what are your requirements?

> 3) I am going to be forced to use the OpenLDAP that is
> included with Redhat Enterprise 4, which is 2.2.13.

Who is doing the forcing? Have they read the changelogs since 2.2.13? Are they 
aware of some of the issues with 2.2 which RH's packages don't take into 
account (such as database recovery?).

Hint: http://anorien.csc.warwick.ac.uk/mirrors/buchan/openldap/rhel4

(It is possible to run the original RH packages and these in parallel, on 
different ports of course, although its not necessary)

> Should I try to use Syncrepl or should I stick with
> slurpd?

syncrepl seems to be working relatively stable for us in our 2.3 deployment 
(2.3.11 with patches on the master and one slave, 2.3.13 on the other slave).

> Thanks for any advice, I am nervous about putting in
> this deployment.   It's basically going to replace 15
> years of various NIS environments and replicated local
> /etc/passwd files that have grown over the years for
> hundreds of systems in several locations.\

I'd be nervious about not deploying it :-P.


Buchan Milne
ISP Systems Specialist

Attachment: pgpfZhNejWZXh.pgp
Description: PGP signature