[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Complex multi-master topology

To: Patrick <pbrideau@kronostechnologies.com>, Michael Ströder <michael@stroeder.com>, Quanah Gibson-Mount <quanah@zimbra.com>, openldap-technical@openldap.org
Subject: Re: Complex multi-master topology
From: Howard Chu <hyc@symas.com>
Date: Sun, 4 Oct 2015 19:00:21 +0100
In-reply-to: <560ED127.7030608@kronostechnologies.com>
References: <560D5098.205@kronostechnologies.com> <3674AA159AB6BBC8C9DC3A46@[192.168.1.9]> <560E97BC.8060208@kronostechnologies.com> <560ECE60.2030509@stroeder.com> <560ED127.7030608@kronostechnologies.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0 SeaMonkey/2.41a1

Patrick wrote:

On 02/10/15 02:35 PM, Michael Ströder wrote:

Patrick wrote:

dn: cn=config
objectClass: olcGlobal
[...]
olcServerID: 1 ldap://ldap1
olcServerID: 2 ldap://ldap2
olcServerID: 3 ldap://ldap3


Note that

1. you should probably use FQDNs instead of short names

2. you must explicitly start slapd to -h ldap://ldap1 etc. to really assign
the server-ID to a certain replica.

BTW: Personally I prefer to not replicate cn=config (I'm using static
configuration anyway) and just add one server ID per instance to avoid the
strong dependency on -h option.

Ciao, Michael.


Yeah, for simplicity purpose, i removed the fqdn, ssl stuff and
everything from my post... i see i should have included it all.

but yeah, it is all present, starting with -h ldaps://ldap1.fdqn,
getting my /etc/hosts with the required stuff.

it works when every master talk to each other, but i'm one step further
where not every ldap will be available to talk to each other in our prod
environment


This works:

     +-------------------------------+
     v                               V
+-------+       +-------+       +-------+
| ldap1 | <---> | ldap2 | <---> | ldap3 |
+-------+       +-------+       +-------+



this doesn.t:

+-------+       +-------+       +-------+
| ldap1 | <---> | ldap2 | <---> | ldap3 |
+-------+       +-------+       +-------+

Yeah, replicating cn=config is only viable if all servers work with identicalconfiguration. Making this configuration work would require adding a qualifierto the syncrepl config to restrict which server nodes it activates on. I thinkit would be worthwhile to add a feature for this, but it doesn't exist at themoment. Feel free to submit an Enhancement request to the ITS.




Patrick Brideau
Administrateur Système
Kronos Technologies - http://www.kronos-web.com
tel: 418 877-5400 p.216



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Complex multi-master topology
  - From: Michael Ströder <michael@stroeder.com>

References:
- Complex multi-master topology
  - From: Patrick <pbrideau@kronostechnologies.com>
- Re: Complex multi-master topology
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Complex multi-master topology
  - From: Patrick <pbrideau@kronostechnologies.com>
- Re: Complex multi-master topology
  - From: Michael Ströder <michael@stroeder.com>
- Re: Complex multi-master topology
  - From: Patrick <pbrideau@kronostechnologies.com>

Prev by Date: Re: RBAC
Next by Date: Re: Complex multi-master topology
Index(es):
- Chronological
- Thread