[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is this a sensible architecture?

To: Aaron Richton <richton@nbcs.rutgers.edu>
Subject: Re: Is this a sensible architecture?
From: Nick Urbanik <nick.urbanik@optusnet.com.au>
Date: Thu, 15 Mar 2012 10:45:09 +1100
Cc: Brett Watson <tfbw.optus@240gl.org>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <alpine.SOC.2.02.1203140950110.19644@toolbox.rutgers.edu>
References: <CAJb8Dwzd+X_EHA9_6Fg7m9z5x0be8p_7_da1hgr_fTg0UbQ8Wg@mail.gmail.com> <CAJb8DwxB+rhthKHppoyCHs651EHU0KnBLFZhVE_0scvz0r0yew@mail.gmail.com> <alpine.SOC.2.02.1203140950110.19644@toolbox.rutgers.edu>
User-agent: Mutt/1.5.21 (2010-09-15)

Dear Aaron,

On 14/03/12 09:58 -0400, Aaron Richton wrote:

On Wed, 14 Mar 2012, Brett Watson wrote:
I'm currently planning a shift in our use of LDAP to incorporatemirror mode masters for the sake of high availability. The plan isto hide a mirror mode master pair behind a virtual IP using "sorryserver" fail-over, such that the primary mirror server takes 100%of the load when it's up and responsive, with fall-back to thesecondary mirror server when the primary is down. In this way, thevirtual IP presents a "virtual master" to the outside world, andthe plan is for *all* outside LDAP interaction with the masters tohappen over this single virtual IP.
There will be other "slave" servers which replicate the master (todistribute read-only load), and the plan is for them to syncreplfrom the master virtual IP. I gather that a possible alternative tothis arrangement is to have the "slave" servers act as syncreplconsumers to *both* masters simultaneously, via their real IPaddresses. If this is indeed a valid configuration, does it conveyany advantages? The single "virtual master" approach seemsarchitecturally simpler, but is it considered robust by those inthe know? Thanks in advance.
Well, people test this


Test what?  Replicating from the VIP to the slaves or replicating from
both masters to the slaves?

quite regularly (via OpenLDAP's included test suite) and it seems to
work without issue; there are also live sites using mirrormode and
(anecdotally) I don't believe they have an excessive defect rate
versus other installations.
As with most the-other-node-must-be-dead scenarios, the ugly edgecases rest more on the traffic direction methods than the actualapplication. You'd probably be well served by taking a careful stockof your "virtual IP" methods -- split brain, false positives, whathave you -- and OpenLDAP will likely serve you well.

--
Nick Urbanik http://nicku.org 808-71011 nick.urbanik@optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.

Follow-Ups:
- Re: Is this a sensible architecture?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- Is this a sensible architecture?
  - From: Brett Watson <tfbw.optus@240gl.org>
- Re: Is this a sensible architecture?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: RE: OPENLDAP SYNCREPL
Next by Date: Fwd: OpenLdap Startup Failure
Index(es):
- Chronological
- Thread