Re: Setting up fault tolerant mesh of FDS servers - just checking I have got it right!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howard Wilkinson wrote:
Fedora-ds-1.1.1 on Fedora 7 + (the + is back ports from 8/9, all of the updates applied, and additional packages I have cross ported)
I have succeeded in getting a fault tolerant mesh configured that consists of 2 or more Multi-Master servers, a number of Hub (0+) and a number of consumers (0+).
I have done this by modifying mmr.pl to accept --host1_role and --host2_role parameters which can be set to supplier, hub, or consumer.
For all of the usual DCROOTs i.e. not o=NetscapeRoot I set the relationships up as implied i.e. supplier<->supplier for the Multi-Master Hosts, supplier<->hub, hub<->consumer. Where the site is too small for hub servers I have gone supplier<->consumer direct. Inter-site topology and hub grouping within sites is left as an exercise for the reader (me when it comes back to bite me...)
For the o=Netscape I have chosen to use supplier<->supplier relationships but to apply the same topology. 

Sequence of events are:

    * On first Master

         1. Install clean environment - erase rpm's delete residual
            files, install rpms, patch dirsrv-admin startup to work!
         2. Run setup-ds-admin.pl in silent mode, this adds schema
            files. The inf file has SlapdConfigMC=1, UseExistingMC=0
            and points ConfigDirectoryLdapURL to this host.
         3. Set up SSL certs using certutil commands and openssl
            supplied certificates from our CA.
         4. Restart dirsrv and dirsrv-admin
         5. Create 2nd and subsequent DCROOTS with default aci's and
            "standard" container entries
         6. Preload data into DCROOTS for users and other objects
            being migrated.

    * On other servers - doing other masters first, followed by hubs
      and then consumers - carry out steps 1-5 above creating the
      o=NetscapeRoot DCROOT as well.
          o The inf file has SlapdConfigMC=1, UseExistingMC=1 and
            points ConfigDirectoryLdapUrl to the first Master
    * Then run the mmr.pl script on each connection for each DCROOT
      starting with replicating the first master to all other masters,
      then to hubs, then other masters to hubs and finally hubs to
      consumers.
         1. For o=NetscapeRoot run mmr.pl as supplier<->supplier,
            otherwise honor the role played by each server.
         2. Replace entries in cn=UserDirectory, ou=Global
            Preferences, ou=<localdomain>, o=NetscapeRoot for
            nsDirectoryFailoverList with one for each server other
            than the first master which is mentioned in the
            nsDirectoryURL entry in the same object. *Is this the
            right sort of thing to do?*


Yes.


         1. On every host alter the cn=Pass Through
            Authentication,cn=plugins,cn=config object to have
            nssslapd-pluginarg0 to reference that host rather than the
            first master. *Is this correct on the consumers (or hubs)?*
Yes. Note that you can specify failover in pass through auth by using a special form of the ldap url. See *http://tinyurl.com/32kjqy* 

         1. I am assuming that this is for authentication not for
            password modification purposes!


Right.


         1. Which brings up the question of where in the consumers and
            hubs do I put referrals to the Master(s)?
They are automatically set by the replication protocol. You should not have to do anything. If you attempt to modify a hub or consumer, your client should get LDAP Error 10 and a referral to a master. 

         1. Edit adm.conf on each host to change the ldapurl to point
            to the local host.
Now assuming that this was the right thing to do I now need to set up referrals for writing to the system from the consumers and hubs back to the "site" masters. Where do I put this information? 

I am also getting these errors logged on the first master!
Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error invalid parameter supplied 
Feb 28 22:00:35 bastion ns-slapd: sql_select option missing
Feb 28 22:00:35 bastion ns-slapd: auxpropfunc error no mechanism available

I think you can ignore these.
These are appearing about every 15 minutes. Anybody any idea where these are coming from?
I'm not sure, but the directory server does not support SASL auxprop with sql.
Finally the shutdown time for the dirsrv servers on the suppliers is extremely long - orders of minutes, what could be causing this?
Are they under load while shutting down? Can you post the shutdown sequence from the error log? 

--

Howard Wilkinson

	

Phone:

	

+44(20)76907075

Coherent Technology Limited

	

Fax:

	


23 Northampton Square,

	

Mobile:

	

+44(7980)639379

United Kingdom, EC1V 0HL

	

Email:

	

howard@xxxxxxxxxxx


------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux