On Wed, 2012-01-18 at 03:02 +0000, Charlie Derwent wrote: > Hi > > I've got 5 different IPA servers at 5 differents labs around the > country that are all replicas of one another. In order to keep the the > cross-site network traffic to a minimum I want the IPA clients at Site > "A" to only communicate to IPA Server "A", "B" to "B", "C" to "C" etc. > except in the case of the failure of one of the servers. > > I originally assumed that making the IPA client to connect to a > specific IPA server with "ipa-client-install --server=IPA_server_fqdn" > would suffice but I very quickly found out this wasn't the case with > the client going to multiple servers just to complete the installation > process. Then I found out about modifying the DNS SRV records priority > and weight however, please correct me if I'm wrong, these wouldn't > these changes replicate and be enacted gloablly. (i.e. all clients at > any site would prioritise IPA "A" over IPA "B"). > > Is there any way to get the functionality I desire? >
We're looking at ways to implement a concept of client location into the connection logic. At the moment, however, the only way to do this is manually on the client. You can make the following change in the clients' /etc/sssd/sssd.conf files: In the [domain/your.domain.com] section there is an option "ipa_server". By default, this is configured to be: ipa_server = __srv__, x.x.x.x (Where x.x.x.x is the server you were originally talking to when you ran ipa-client-install, as a backup in case DNS is not working). You can manually change this to be: ipa_server = nearest.server.com, further.server.com, only-in-emergencies.server.com, ... With this manual setup, SSSD (the daemon that manages the client-side portion) will always attempt to connect to nearest.server.com unless it is unavailable, after which time it will fail over to the next in the list, and so on.* * If all of them are unavailable, SSSD switches to offline operation, where it will try to reconnect every couple of minutes, but will serve requests from its cache in the meantime. When it reconnects from an offline state, it will start retrying from the first server in the list (aka the nearest one).
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users