----- Original Message -----
> OK - thanks.
>  
> But is there any way IPA can be tweaked to do this without an
> "external"
> product (albeit a Red Hat one)?  Is it possible for the sssd clients
> to
> round-robin their requests between 2 or more servers?

At the monment only by using _srv_ records you could do some round-robin 
(assuming DNS supports it).

Please do not use the load balancer as suggest in a previous reply, also using 
a A record would not work as machines joined to IPa need the 'correct' serve 
name to be able to perform GSSAPI authentication. A round-robin A record would 
make that fail. A round-robin CNAME record might work if your DNS server 
supports something like that.

> Is this an sssd question or generic enough to be in this list?

It's both, SSSD implements the client, but in FreeIPA domains we need a joint 
solution due to Kerberos requirements for DNS names.

> Would this functionallity be of use to freeIPA in general? (my view = yes)

Yes.

HTH,
Simo.
 
> Cheers
>  
> Duncan Innes | Linux Architect
> 
> 
> 
> ________________________________
> 
>       From: Mark St. Laurent [mailto:mstla...@redhat.com]
>       Sent: 20 August 2012 15:15
>       To: Innes, Duncan
>       Cc: freeipa-users@redhat.com
>       Subject: Re: [Freeipa-users] Specifying load balancing to SSSD
> clients
>       
>       
>       
> http://www.redhat.com/products/enterprise-linux-add-ons/load-balancing/
>       
>       
>       Norman "Mark" St. Laurent
>       Federal Team: Senior Solutions Architect
>       Red Hat
>       8260 Greensboro Drive, Suite 300
>       McLean VA, 22102
>       Email:  m...@redhat.com
>       Cell:  703.772.1434
>       
>       Check this Link out!!!  Cool Stuff:  http://mil-oss.org/
>       
>       
> ________________________________
> 
>       From: "Duncan Innes" <duncan.in...@virginmoney.com>
>       To: freeipa-users@redhat.com
>       Sent: Monday, August 20, 2012 9:48:30 AM
>       Subject: [Freeipa-users] Specifying load balancing to SSSD
> clients
>       
>       Folks,
>       
>       Hopefully this isn't a dumb question, but I'm constrained by a
> few
>       things on my estate and would be looking to deploy something
> like the
>       following:
>       
>       2 Datacentres
>       2 IPA servers at each datacentre
>       
>       ipa1.domain.com \_ datacentre A
>       ipa2.domain.com /
>       
>       ipa3.domain.com \_ datacentre B
>       ipa4.domain.com /
>       
>       The datacentres are linekd, but bandwidth not great.
>       
>       Client's in datacentre A should therefore use ipa1.domain.com
> and
>       ipa2.domain.com as primary servers and only fail over to ipa3 &
> ipa4
>       when both 1 & 2 are out of action.  Clients would revert to
> using
>       ipa1/ipa2 whenever either of them came back online.
>       
>       I understand this configuration has already been done as part of
>       https://fedorahosted.org/freeipa/ticket/2282
>       
>       What I'm wondering is if I can force my clients to load balance
>       communication between ipa1 & ipa2.
>       
>       I don't have the ability to use the _srv_ records in DNS as
> that's set
>       up for the AD servers on our network.  I also can't create
> separate DNS
>       servers for the Linux estate (not that I'd particularly want
> to).
>       
>       Is there any current configuration that I can use to force load
>       balancing between ipa1/ipa2 under ideal conditions.  Falling
> back to
>       ipa2 when ipa1 is out of action.  Falling back to (load balanced
>       perhaps?) ipa3/ipa4 when ipa1 & ipa2 are both out of action.
>       
>       Hope the description is reasonable.
>       
>       Thanks
>       
>       Duncan Innes | Linux Architect
>       
> 
> 
> 
> Northern Rock plc is part of the Virgin Money group of companies.
> 
> This e-mail is intended to be confidential to the recipient. If you
> receive a copy in error, please inform the sender and then delete
> this message.
> 
> Virgin Money Personal Financial Service Limited is authorised and
> regulated by the Financial Services Authority. Company no. 3072766.
> 
> Virgin Money Unit Trust Managers Limited is authorised and regulated
> by the Financial Services Authority. Company no. 3000482.
> 
> Virgin Money Cards Limited. Introducer appointed representative only
> of Virgin Money Personal Financial Service Limited. Company no.
> 4232392.
> 
> Virgin Money Management Services Limited. Company no. 3072772.
> 
> Virgin Money Holdings (UK) Limited. Company no. 3087587.
> 
> Each of the above companies is registered in England and Wales and
> has its registered office at Discovery House, Whiting Road, Norwich
> NR4 6EJ.
> 
> Northern Rock plc. Authorised and regulated by the Financial Services
> Authority. Registered in England and Wales (Company no. 6952311)
> with its registered office at Northern Rock House, Gosforth,
> Newcastle upon Tyne NE3 4PL.
> 
> The above companies use the trading name Virgin Money.
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to