[Linux-HA] LDAP Scheme

Eddie C edlinuxguru at gmail.com
Mon Oct 16 22:43:20 MDT 2006 

Currently we use i-planet LDAP with single master replication.

ldap1.domain.com replicates to ldap5.domain.com. All our LDAP writing
applications point to ldap1.domain.com and most read intensive applications
point at ldap5.idsk.com.

We are planning a migration to multi-master replication.
ldap2.domain.com <->ldap3.domain.com.
What I am trying to accomplish is to float both the ldap1.domain.com and
ldap5.domain.com. This way none of the current configuration files will have
to be re-jigged.

Wanted results
Both LDAP up:
ldap1.domain.com -> ldap2.domain.com
ldap5.domain.com -> ldap3.domain.com

ldap3 failure.
ldap1.domain.com -> ldap2.domain.com
ldap5.domain.com -> ldap2.domain.com

ldap2 failure
ldap1.domain.com -> ldap3.domain.com
ldap5.domain.com -> ldap3.domain.com

I tried to implement this in this manner:

Made resource vip_192.168.200.203 (ldap1.domain.com in DNS)
Made resource vip_192.168.200.202 (ldap5.domain.com in DNS)
Made resource res_ldap_1(this is an heartbeat/rc init script on both servers
)
Made resource res_ldap_2(this is an heartbeat/rc init script on both servers
)

Co location ldap  (this is to says always run LDAP on two separate machines)
res_ldap_1, res_ldap_2,-infinity

(make 203 prefer one ldap, 202 prefer the other)
place_pri  vip_192.168.200.203,res_ldap_1, 100
place_pri2  vip_192.168.200.202,res_ldap_2, 100

(make 203 fallback one ldap, 202 fallback the other. lower score then the
other place rules)
place_sec  vip_192.168.200.202,res_ldap_1, 90
place_sec2  vip_192.168.200.203,res_ldap_2, 90

Now if I kill a node everything fails-over and fails-back well.
Both IP's transfer to the running node. When the failed node restarts, one
IP transfers back after the ldap instance starts.

However here is the funky part. If I kill the ldap instance on
ldap2.domain.com both IP's fail to ldap2.domain.com!. Leaving the running
ldap3.domain.com with no IP.
If I kill the ldap instance on ldap3.domain.com the ip does not float to
ldap2.domain.com.

Does anyone have a better theory on implementing this design?

Edward

More information about the Linux-HA mailing list