[Freeipa-users] SSSD in redundant configuration
Jakub Hrozek
jhrozek at redhat.com
Fri Mar 20 10:51:14 UTC 2015
On Fri, Mar 20, 2015 at 11:06:04AM +0100, Jan Pazdziora wrote:
> On Wed, Mar 18, 2015 at 01:11:44PM -0400, Rob Crittenden wrote:
> > On Wed, Mar 18, 2015 at 17:40:19 +0100, Andrew Holway wrote:
> > >
> > > Im wondering how we should be handing SSSD for redundant configurations
> > > on our freeipa clients. We have three freeipa servers; how can we make
> > > SSSD check another freeipa in the event that one goes down?
> > >
> > > [...]
> > >
> > > ipa_server = _srv_, test-freeipa-2.cloud.domain.de
> >
> > _srv_ tells SSSD to check DNS for SRV records. The trailing server gives
> > it a hardcoded fallback in case DNS fails for some reason. Their current
> > configuration is correct.
>
> However, it does not set priority for the preferred IPA server which
> can be useful if they are in different geos and by default you want
> the traffic to go to the local server. In that case
>
> ipa_server = test-freeipa-2.cloud.domain.de, _srv_
>
> might actually be preferred.
Or even better, set the weight and priority fields on the server and
keep using SRV resolution :-)
More information about the Freeipa-users
mailing list