[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Multimaster question

To: "Dieter Kluenter" <dieter@dkluenter.de>, <openldap-software@openldap.org>
Subject: RE: Multimaster question
From: "Clowser, Jeff" <jeff_clowser@fanniemae.com>
Date: Wed, 24 Jun 2009 10:45:06 -0400
Content-class: urn:content-classes:message
In-reply-to: <87ljnikyzt.fsf@rubin.avci.de>
References: <C65F80C878CCF24A9BC19646DE2DCA6202CC303F@EXVG.fanniemae.com> <87ljnikyzt.fsf@rubin.avci.de>
Thread-index: Acn0iL+HTL9q9EPWQ0q73JuJDl5HuAASnHaQ
Thread-topic: Multimaster question

> > I want to set up a cluster of ldap servers.  In that 
> cluster, I want:
> >
> > - One primary supplier server
> > - One hot standby supplier server
> > - N read only consumer replicas.
> > - a load balancer that directs all writes to the primary 
> master if it's
> > up,
> >   or the standby if it's down.
> >
> > However, I want operational attributes like password policy 
> attributes
> > to be replicated across the cluster.  My understanding is that if I
> > set up two suppliers and N consumers, operational attribute changes 
> > (such as password policy attrs) on the consumers will not replicate 
> > across the cluster.
> 
> Where did you find such information?

There was a post about this about a month ago, talking about this as a
problem and using chaining to solve it, but I'm thinking the chaining
idea didn't solve all the problems...

> in order to syhnchronise all user attributes and operational
> attributes just use *,+ as attribute list, as lined out in man
> slapd.conf(5) 
> 
> -Dieter

My understanding is that if I have a master/slave config with a
typical syncrepl setup, and have password policy turned on in the 
consumer, password policy operational attributes are maintained 
locally, and are not replicated back to the master/supplier, but 
operational attributes on a master/supplier will be replicated to a 
consumer.  Given that most clients will talk to a consumer server, 
that would mean password policy op attrs are not replicated to other 
consumers.  Is that correct?  If they are in fact replicated, how 
does the consumer have permission to write back to the master/supplier, 
so it can replicate to other consumers?

I want to find a way to preserve the idea of directory consistency by
writing to a single server from an external client POV, while 
propogating operational knowledge like password failures across the 
cluster.

I'm thinking there are 2 options (in theory - I don't know if these 
actually work - at this point, I'm looking for advice on the best 
direction to go for this in my testing.  Hoping to brainstorm 
possibilities first to limit the number of test cases/situations I 
have to try before I get something workable):

Option 1
Use the chain overlay to forward write operations on a consumer back
to the supplier.  I think I would have to have different aci's on the 
consumer (only non-write aci's) so that a client could not write to 
the consumer and have it chained to the master(?)  I.e. to an external 
client, I still want this to "appear" as a typical single master (well,
single master with a hot standby which is hidden by a load balancer),
multiple 
read-only consumers setup.  I don't really care if the consumer returns 
a referral on a write attempt or an error, since most of my clients
don't 
follow referrals anyway. I definitely don't want all my consumers to 
allow writes directly (I'd actually prefer to firewall my suppliers off 
so only select apps can even get to them to write, while most apps only 
have access to a read-only consumer.) But... I think I saw something 
previously on the list about these operational attributes being written 
directly to the db, so might not follow a chain rule to write it to the 
supplier(?)  Also, creates a single point of failure (well, not single, 
but as many suppliers as you have) in that everything has to be
channeled 
through the master server(s).

Option 2
Everything is a master/supplier, but aci's on designated "masters" allow
read/write operations, while designated "consumers" have aci's that only
allow non-write access.  I believe this would replicate the operational
attributes in a way that chaining may not(?), eliminates single point
of failure, since every server can pass its op changes on to every other
server(?).  Effectively, from an external client, this is a typical one
master, many consumer setup, but internally, operational data is shared
across the entire cluster (assuming it all works like I think it does).

Option 2 has the added benefit that I can promote one of these
"consumers" to be a master in a disaster recovery situation very easily 
by just replacing the aci's.  Option 1 would require me to undo all the
chaining config, and update all my consumers to point to the "new" 
supplier (I suppose DNS tricks could be used to resolve some of that, 
but either way it's more complicated).


So.. Am I on the right track?  Anything I say completely wrong?  Is
there
another, better option to do what I want?

References:
- Multimaster question
  - From: "Clowser, Jeff" <jeff_clowser@fanniemae.com>
- Re: Multimaster question
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Configure openldap with fetch on Debian
Next by Date: RE: Multimaster question
Index(es):
- Chronological
- Thread