[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is this a sensible architecture?

On Wed, 14 Mar 2012, Brett Watson wrote:

I'm currently planning a shift in our use of LDAP to incorporate mirror mode masters for the sake of high availability. The plan is to hide a mirror mode master pair behind a virtual IP using "sorry server" fail-over, such that the primary mirror server takes 100% of the load when it's up and responsive, with fall-back to the secondary mirror server when the primary is down. In this way, the virtual IP presents a "virtual master" to the outside world, and the plan is for *all* outside LDAP interaction with the masters to happen over this single virtual IP.

There will be other "slave" servers which replicate the master (to distribute read-only load), and the plan is for them to syncrepl from the master virtual IP. I gather that a possible alternative to this arrangement is to have the "slave" servers act as syncrepl consumers to *both* masters simultaneously, via their real IP addresses. If this is indeed a valid configuration, does it convey any advantages? The single "virtual master" approach seems architecturally simpler, but is it considered robust by those in the know? Thanks in advance.

Well, people test this quite regularly (via OpenLDAP's included test suite) and it seems to work without issue; there are also live sites using mirrormode and (anecdotally) I don't believe they have an excessive defect rate versus other installations.

As with most the-other-node-must-be-dead scenarios, the ugly edge cases rest more on the traffic direction methods than the actual application. You'd probably be well served by taking a careful stock of your "virtual IP" methods -- split brain, false positives, what have you -- and OpenLDAP will likely serve you well.