[KLUG Members] OpenLDAP failover questions

[Adam Tauno Williams]

> OK fellas, I'm hoping that there's an LDAP person here that's a bit 
> familiar with openldap in a "high availability' type stup here.
> I have two ldap servers.  Both servers are pretty much identical, and 
> are going to be put into production sometime in the very near future. 
> However, instead of the usual master/slave setup, it is going to be 
> running with heartbeat, so that in the event of a failure in the master, 
> the slave's heartbeat process will notice, restart slapd with a "master" 

With 2.3.x you may be able to perform this promotion without a bounce by
using back-config  (no more slap.conf - the configuration is stored live
in a special server backend).

> type configuration file, and then assume the IP address and everything 
> will hopefully be normal.

Don't forget you need to poison the arp cache.  It may be easier to make
a "thin" diskless box that acts as a proxy and does the server but over.

> Here's my issue. In the event of a failover, I'll have a master (down) 
> and a slave.  The slave becomes the master, and the master goes down for 
> a while.  When it comes back up, it becomes the slave.  Is there any 
> assurance  that the master server will notice that the slave is up, and 
> start replicating the changes to it?  

Use at least a late 2.2.x and SyncRepl - this is pull syncronization so
the providers doesn't need to 'notice',  the client can commence the
syncronization.

> Or will i have to log into the new 
> master and kick off a special slurpd process which will then read the 
> replog and start updating the slave?   Do I run the risk of having a 
> master with one dataset and a slave with another dataset in the event of 
> a failover, and if so, how big is that risk?  

If the master goes down it won't be processing updates, so if you are
using pull sycronization it should be just this side of impossible to
miss a write.  The worst you'll have is a very brief period of clients
unable to update.

> I'd like to avoid manually 
> copying files or having automated file copies in the event of failures; 
> I just want them to work and for me to kick off the process and not 
> think about it until it's time to fix a busted server.
> I've been googling and reading man pages but haven't gotten my questions 
> answered yet. bummer.

Linux Journal has had a couple of articles about LDAP & HA.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20050805/6de0ad5d/attachment.bin