[Date Prev][Date Next]
Re: Is this a sensible architecture?
On Wed, 14 Mar 2012, Brett Watson wrote:
I'm currently planning a shift in our use of LDAP to incorporate mirror
mode masters for the sake of high availability. The plan is to hide a
mirror mode master pair behind a virtual IP using "sorry server"
fail-over, such that the primary mirror server takes 100% of the load
when it's up and responsive, with fall-back to the secondary mirror
server when the primary is down. In this way, the virtual IP presents a
"virtual master" to the outside world, and the plan is for *all* outside
LDAP interaction with the masters to happen over this single virtual IP.
There will be other "slave" servers which replicate the master (to
distribute read-only load), and the plan is for them to syncrepl from
the master virtual IP. I gather that a possible alternative to this
arrangement is to have the "slave" servers act as syncrepl consumers to
*both* masters simultaneously, via their real IP addresses. If this is
indeed a valid configuration, does it convey any advantages? The single
"virtual master" approach seems architecturally simpler, but is it
considered robust by those in the know? Thanks in advance.
Well, people test this quite regularly (via OpenLDAP's included test
suite) and it seems to work without issue; there are also live sites using
mirrormode and (anecdotally) I don't believe they have an excessive defect
rate versus other installations.
As with most the-other-node-must-be-dead scenarios, the ugly edge cases
rest more on the traffic direction methods than the actual application.
You'd probably be well served by taking a careful stock of your "virtual
IP" methods -- split brain, false positives, what have you -- and OpenLDAP
will likely serve you well.