[Freeipa-users] Requesting Guidance on FreeIPA Replica Cluster across Six Nodes
Dmitri Pal
dpal at redhat.com
Sun Mar 9 18:37:37 UTC 2014
On 03/08/2014 10:47 PM, Joshua Dotson wrote:
> I posted the following in IRC. The question was so involved that I
> decided it would probably be best to just join the users mailing list
> and ask here. So, here I am.
>
> Please let me know your thoughts/questions/comments.
>
> Thanks,
> Joshua
>
> [22:29] <wrale-josh> hello.. i'm building an virtualization cluster of
> six nodes [on a common 10GbE LAN] to house administrative functions
> (e.g. logstash) for a mid-size environment.. i'm using gluster
> (replica 3), ovirt self-hosted engine and freeipa.fencing will be done
> via ipmi.distro is Fedora 19.Anyway, because FreeIPA is so fundamental
> to the cluster and the environment at large, I'm thinking of having
> replicas on all six servers (bare metal).. (cont.)
> [22:30] <wrale-josh> I read some about the trust relationships.I read
> on the mailing list that upwards of 20 server environments have been
> tested.What kind of method of trust should i use so that any two
> servers can be down at any given time, with no loss of service?
> [22:32] <wrale-josh> I think I'd need a minimum of three FreeIPA
> servers to gain the ability to lose two servers without service
> interruption.Should I, for example, make nodes 2 and 3 have trust with
> node 1 but not each other?
> [22:33] <wrale-josh> And if I were to do six nodes, what should that
> look like, so far as trust is conerned?
> [22:36] <wrale-josh> Ahem.. And is there any odd vs. even quantity for
> quorum analog here (ala gluster wanting even number of nodes, vs.
> zookeeper wanting an odd number of nodes)?
> [22:36] <wrale-josh> (i think i'll just send this to the mailing
> list).. :)
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
I think you are confusing trust and replication. You want to install
several freeIPA replicas. Say you want 6 replicas and you want to make
sure that the remaining replicas can talk to each other if any two are
down. Then each replica should have at least 3 replication agreements.
So you install replicas and then make sure that additional replication
agreements are established.
You use ipa-replica-management tool to do that.
Diagram shows how you would connect them.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140309/6144aaef/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fcegbbja.png
Type: image/png
Size: 9579 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140309/6144aaef/attachment.png>
More information about the Freeipa-users
mailing list