On Mon, Aug 20, 2012 at 02:48:30PM +0100, Innes, Duncan wrote:
> Folks,
> 
> Hopefully this isn't a dumb question, but I'm constrained by a few
> things on my estate and would be looking to deploy something like the
> following:
> 
> 2 Datacentres
> 2 IPA servers at each datacentre
> 
> ipa1.domain.com \_ datacentre A
> ipa2.domain.com /
> 
> ipa3.domain.com \_ datacentre B
> ipa4.domain.com /
> 
> The datacentres are linekd, but bandwidth not great.
> 
> Client's in datacentre A should therefore use ipa1.domain.com and
> ipa2.domain.com as primary servers and only fail over to ipa3 & ipa4
> when both 1 & 2 are out of action.  Clients would revert to using
> ipa1/ipa2 whenever either of them came back online.
> 
> I understand this configuration has already been done as part of
> https://fedorahosted.org/freeipa/ticket/2282

Yes, this has been done on the SSSD side as
https://fedorahosted.org/sssd/ticket/1128

The new feature is going to be part of SSSD 1.9.0. In particular, you
would configure the IPA domain like this:

ipa_server = ipa1.domain.com, ipa2.domain.com
ipa_backup_server = ipa3.domain.com, ipa4.domain.com

> 
> What I'm wondering is if I can force my clients to load balance
> communication between ipa1 & ipa2.
> 

No, load balancing is currently not supported.

What *might* work, although I haven't tested the scenario, is creating a new
DNS A record that would resolve to IP addresses of both ipa1 and ipa2. The
clients would then connect to the first IP address they received. But as
I said, I haven't tested this at all.

Feel free to file an RFE, but quite frankly, I think this is precisely what
SRV records have been designed for. The load balancing would be performed
based on the value of the "weight" field in the SRV record.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to