Re: Mirror Mode question

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday 18 June 2009 23:00:25 Ivan Ordonez wrote:
> Quanah Gibson-Mount wrote:
> > --On Thursday, June 18, 2009 1:21 PM -0700 Ivan Ordonez
> >
> > <iordonez@nature.berkeley.edu> wrote:
> >> Why is it that when I shut down host1, both openldap and samba stop
> >> working on host2?  I thought the purpose of mirroring is to have a
> >> backup
> >> server to take over in case the other fails?
> >
> > Depends on how you configured your clients to handle fail over.  If
> > you've done it right, it'll happen just like you expect.
> >
> > --Quanah
> >
> > --
> >
> > Quanah Gibson-Mount
> > Principal Software Engineer
> > Zimbra, Inc
> > --------------------
> > Zimbra ::  the leader in open source messaging and collaboration
>
> Here is our setup and we thought we had it working the way we want but
> failed when we did the test this morning.
>
> Host1 and Host2 are both configured as PDC by way of samba and using
> UCARP at the same time.

There is no need for this from the samba perspective. The difference between 
PDC and BDC is really just which one is talking to an LDAP server that will 
accept writes ... you can in theory have multiple "PDC"s that talk to one LDAP 
master. Regardless, you shouldn't use UCARP here IMHO.

> We test UCARP, and could see that it is working
> fine.  I configured openldap for mirror mode

With 2.3?

> and things are working as
> expected. 

Are you sure? How did you test?

> I can add machine, user to the domain without any issue.

You can do this without mirrormode, as samba chases referrals ...

> We
> can access shared drive without any issue as well.  I can make changes
> using smbldap tools in node2 and the changes are clearly seen on node1
> and vice versa.
>
> I decided to shutdown one of the machine just to see if the failover
> will work and to my surprise, it did not.

What worked, and what did not? What error messages did you get?

> Can someone please advise?  what changes do I need to do on the client
> machines?

None.

> anything I need to do on node1 and node2?

Can't tell, since you don't provide any detail of the configuration, and we 
have to guess from your incomplete statements what you have done.

> maybe instead of
> having two PDC inside UCARP, make a PDC and BDC instead?
>
> Any advise is greeatly appreciated.  Thanks in advance.

Ensure that all your LDAP client software (nss_ldap if you use it, pam_ldap if 
you use it, samba etc.) is configured to fail over to both the real hosts (so, 
if they don't need writes, they have a better chance of getting read-only 
requests answered, even if ucarp is not running etc.), and if you have any 
software that does a lot of writes, then point that at the UCARP address, 
which you should only use for LDAP (I would recommend that you don't make 
samba available on the UCARP address, unless you have ctdb in place with a 
shared filesystem between the two, otherwise you are lying to the clients).

Ensure that nss_ldap configuration is correct to allow failover (look at 
bind_policy, nss_reconnect_triest, nss_reconnect_sleeptime, 
nss_reconnect_maxsleeptime, nss_reconnect_maxconntries options)

I note that you may be able to get better answers on the samba-specific parts 
of your problem on the samba lists.

Regards,
Buchan