[Freeipa-users] Specifying load balancing to SSSD clients
Jakub Hrozek
jhrozek at redhat.com
Mon Aug 20 14:27:42 UTC 2012
On Mon, Aug 20, 2012 at 02:48:30PM +0100, Innes, Duncan wrote:
> Folks,
>
> Hopefully this isn't a dumb question, but I'm constrained by a few
> things on my estate and would be looking to deploy something like the
> following:
>
> 2 Datacentres
> 2 IPA servers at each datacentre
>
> ipa1.domain.com \_ datacentre A
> ipa2.domain.com /
>
> ipa3.domain.com \_ datacentre B
> ipa4.domain.com /
>
> The datacentres are linekd, but bandwidth not great.
>
> Client's in datacentre A should therefore use ipa1.domain.com and
> ipa2.domain.com as primary servers and only fail over to ipa3 & ipa4
> when both 1 & 2 are out of action. Clients would revert to using
> ipa1/ipa2 whenever either of them came back online.
>
> I understand this configuration has already been done as part of
> https://fedorahosted.org/freeipa/ticket/2282
Yes, this has been done on the SSSD side as
https://fedorahosted.org/sssd/ticket/1128
The new feature is going to be part of SSSD 1.9.0. In particular, you
would configure the IPA domain like this:
ipa_server = ipa1.domain.com, ipa2.domain.com
ipa_backup_server = ipa3.domain.com, ipa4.domain.com
>
> What I'm wondering is if I can force my clients to load balance
> communication between ipa1 & ipa2.
>
No, load balancing is currently not supported.
What *might* work, although I haven't tested the scenario, is creating a new
DNS A record that would resolve to IP addresses of both ipa1 and ipa2. The
clients would then connect to the first IP address they received. But as
I said, I haven't tested this at all.
Feel free to file an RFE, but quite frankly, I think this is precisely what
SRV records have been designed for. The load balancing would be performed
based on the value of the "weight" field in the SRV record.
More information about the Freeipa-users
mailing list