Re: Master-slave replication procedure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Terraform is excellent for provisioning the machine and network infrastructure, but it is not a very good tool for managing LDAP replication.  Adding a new DS to the replication cluster involves not just changes to that new instance (creating the replication account, replica, possibly changelog, etc.) but also to all of its replication partners.  And of course, Terraform does not really fix the configuration management issue, since not only the Terraform configuration needs to be managed, but also its state.  (Replform does not need to store state, since it inspects the servers over LDAP to determine its plan.)

 

If you run it globally (‘--global’ ) you only need to maintain one configuration file at all.

 

If you run it on each host (our preferred way) there are number of ways you might manage the replform configuration across all the LDAP hosts (eg, Puppet) but our normal practice is simple: we keep the ‘replform’ configuration in source control and have a cron job on each LDAP host that periodically checks for updates to the configuration and executes ‘replform’.  This is all setup automatically when the host is provisioned by Terraform.  That works equally well for a new host that needs to configure replication from scratch and for all the existing LDAP hosts which just need to create a replication agreement to the new one.

From past experience, it is quite possible to bring Terraform, Vault, and ‘replform’ together to create an entire LDAP cluster, including issuing SSL certs and configuring MMR replication, completely automated.

 

I’ll add an example cron script to GitHub on Monday for the replform part.

 

Cheers,

 

--

Thomas E Lackey

 

From: Michal Medvecky <michal@xxxxxxxxxxxx>
Sent: Friday, June 22, 2018 4:07 AM
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [389-users] Re: Master-slave replication procedure

 

Hello,



19. 6. 2018 v 23:43, Thomas E Lackey <telackey@xxxxxxxxxxxxxxx>:

 

By happy timing, we (Bozeman Pass) just added one of our in-house tools for configuring replication to GitHub: https://github.com/bozemanpass/replform.

 

I had a look at this but I don’t like the fact you need to statically define the configuration. I have variable number of masters and variable number of slaves and if I understand this correctly, adding a new backend server would need copypasting the replform config.

 

Have you considered creating LDAP providers for Terraform itself?

 

Michal

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/UQWBNKMNC23EWS7HKUZ2GH2JLYEICM6M/
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux