<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 03/08/2014 10:47 PM, Joshua Dotson wrote:
<blockquote
cite="mid:CAHWHj86pBAai1V-F8n7KPbvMgOemB8FAj8LR_Y4+S3M868aujQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class=""><span class="">I posted the following in IRC. The
question was so involved that I decided it would probably be
best to just join the users mailing list and ask here. So,
here I am. <br>
<br>
Please let me know your thoughts/questions/comments. <br>
<br>
</span></div>
<div class=""><span class="">Thanks,<br>
Joshua<br>
</span></div>
<div class=""><span class=""><br>
[22:29] </span><span><<span class="">wrale-josh</span>>
hello.. i'm building an virtualization cluster of six nodes
[on a common 10GbE LAN] to house administrative functions
(e.g. logstash) for a mid-size environment.. i'm using
gluster (replica 3), ovirt self-hosted engine and freeipa.<span> </span>fencing
will be done via ipmi.<span> </span>distro is Fedora 19.<span> </span>Anyway,
because FreeIPA is so fundamental to the cluster and the
environment at large, I'm thinking of having replicas on all
six servers (bare metal).. (cont.)</span></div>
<div class=""><span class="">[22:30] </span><span><<span
class="">wrale-josh</span>> I read some about the trust
relationships.<span> </span>I read on the mailing list that
upwards of 20 server environments have been tested.<span> </span>What
kind of method of trust should i use so that any two servers
can be down at any given time, with no loss of service?</span></div>
<div class=""><span class="">[22:32] </span><span><<span
class="">wrale-josh</span>> I think I'd need a minimum
of three FreeIPA servers to gain the ability to lose two
servers without service interruption.<span> </span>Should
I, for example, make nodes 2 and 3 have trust with node 1
but not each other?<span> </span></span></div>
<div class=""><span class="">[22:33] </span><span><<span
class="">wrale-josh</span>> And if I were to do six
nodes, what should that look like, so far as trust is
conerned? </span></div>
<div class=""><span class="">[22:36] </span><span><<span
class="">wrale-josh</span>> Ahem.. And is there any odd
vs. even quantity for quorum analog here (ala gluster
wanting even number of nodes, vs. zookeeper wanting an odd
number of nodes)?</span></div>
<div class=""><span class="">[22:36] </span><span><<span
class="">wrale-josh</span>> (i think i'll just send
this to the mailing list).. :)</span></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
I think you are confusing trust and replication. You want to install
several freeIPA replicas. Say you want 6 replicas and you want to
make sure that the remaining replicas can talk to each other if any
two are down. Then each replica should have at least 3 replication
agreements. So you install replicas and then make sure that
additional replication agreements are established.<br>
You use ipa-replica-management tool to do that.<br>
<br>
Diagram shows how you would connect them.<br>
<br>
<img src="cid:part1.09050103.05070100@redhat.com" alt=""> <br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>