[KLUG Members] OpenLDAP failover questions
Adam bultman
adamb at glaven.org
Tue Aug 9 13:08:37 EDT 2005
Next issue:
I've successfully created two different slapd.conf files
(slapd.master.conf, slapd.slave.conf) and have both ldap and heartbeat
working quite nicely.
The only issue is that of failover. One server (let's call it server1)
is always "master", no matter what. If server1 dies, server2 will kick
in and pick up the slack, but the second server1 comes back, it flips
back over. nice_failback is ON, which means that it shouldn't do that.
(At any rate, it does the same thing with nice_failback off)
Second issue is related to the first. The script I'm running (which
I'll put at the bottom) is nothing more than a juiced-up version of the
ldap init script that came with the rpm. I added a section which
determines if it is 'master' or not via the IP addresses it has, and
then will start ldap with the master config, or the slave config.
Server2 will allow itself to be promoted just fine, but when things flip
back to server1, it is supposed to be demoted. And lo, ldap _is_
restarted, but it restarts as _master_ again, not as a slave. I've
tried making changes to the init script, tried to see if sleeping allows
the server to ditch it's ip address, allowing the slave to come back
up... but it doesn't work. I've tried taking my IP checking and making
it a function (current version) to see if the different times I call it
would help - to no avail. FWIW, both servers have the same exact init
script, but server2 is a bit slower in cpu/disk/ram.
_
Start LDAP init script
#!/bin/bash
#
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid
# Source function library.
. /etc/init.d/functions
##ADDITION BY ADAM BULTMAN FOR LINUX-HA
#We check our IP addresses for our virtual IP addresses.
# If we find the virtual IP address in our ethernet setup, we are the
master.
# If we do not find the virtual ip in our ethernet setup, we are the slave.
# If we are master, use slapd.master.conf, otherwise use slapd.slave.conf
function set_options () {
MASTER_IP="192.168.204.227"
# clear the check_ip, conf file, and options
CHECK_IP=""
SLAPD_CONF=""
SLAPD_OPTIONS=""
SLURPD_OPTIONS=""
CHECK_IP=`/sbin/ifconfig -a |grep 192.168.204.227|sed 's/:/ /g' |awk
'{print $3}'`
echo "MASTER_IP set to $MASTER_IP"
echo "CHECK_IP set to $CHECK_IP"
# Temporary: if check_id isn't set, we just add a garbage value so we
don't have errors.
if [ -s $CHECK_IP ] ; then
CHECK_IP="word"
echo "RST CHECK_IP to $CHECK_IP"
fi
# If we have the virtual ip address, we are master;
# user the master config file.
if [ $MASTER_IP = $CHECK_IP ] ; then
SLAPD_CONF="/etc/openldap/slapd.master.conf"
SLAPD_OPTIONS=" -f $SLAPD_CONF"
SLURPD_OPTIONS=" -f $SLAPD_CONF"
echo "using $SLAPD_CONF as conf file"
else
# Else we are slave.
SLAPD_CONF="/etc/openldap/slapd.slave.conf"
SLAPD_OPTIONS=" -f $SLAPD_CONF -s 10"
SLURPD_OPTIONS=" -f $SLAPD_CONF"
echo "using $SLAPD_CONF as conf file"
fi
} # end set_options
if [ -r /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 0
fi
# Source an auxiliary options file if we have one, and pick up OPTIONS,
# SLAPD_OPTIONS, and SLURPD_OPTIONS.
#if [ -r /etc/sysconfig/ldap ] ; then
# . /etc/sysconfig/ldap
#fi
slapd="/usr/sbin/slapd"
slurpd=/usr/sbin/slurpd
[ -x ${slapd} ] || exit 0
[ -x ${slurpd} ] || exit 0
RETVAL=0
function start() {
set_options
# Check for simple-but-common errors.
user=ldap
ldapuid=`id -u $user`
# Unaccessible database files.
for dbdir in `grep ^directory $SLAPD_CONF | sed s,^directory,,` ; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \(
-name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" \)` ; do
echo -n $"$file is not owned by \"$user\"" ;
warning ; echo
done
done
# Start daemons.
prog=`basename ${slapd}`
echo -n $"Starting $prog: "
if grep -q ^TLS $SLAPD_CONF ; then
daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS
$SLAPD_OPTIONS
RETVAL=$?
else
daemon ${slapd} -u ldap -h "ldap:///" $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
fi
echo
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" $SLAPD_CONF; then
prog=`basename ${slurpd}`
echo -n $"Starting $prog: "
daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
RETVAL=$?
echo
fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
function stop() {
set_options
# Stop daemons.
prog=`basename ${slapd}`
echo -n $"Stopping $prog: "
killproc ${slapd}
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
#if grep -q "slurp" `ps -efw |grep slurpd` ; then
prog=`basename ${slurpd}`
echo -n $"Stopping $prog: "
killproc ${slurpd}
RETVAL=$?
echo
# fi
fi
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
set_options
status ${slapd}
if grep -q "^replogfile" $SLAPD_CONF ; then
status ${slurpd}
fi
;;
restart)
stop
sleep 20
start
;;
condrestart)
if [ -f /var/lock/subsys/ldap ] ; then
stop
start
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|status|condrestart}"
RETVAL=1
esac
exit $RETVAL
More information about the Members
mailing list