> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Jakub Hrozek
> Sent: 20 August 2012 15:28
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Specifying load balancing to SSSD clients
> On Mon, Aug 20, 2012 at 02:48:30PM +0100, Innes, Duncan wrote:
> > Folks,
> > 
> > Hopefully this isn't a dumb question, but I'm constrained by a few 
> > things on my estate and would be looking to deploy something like
> > the following:
> > 
> > 2 Datacentres
> > 2 IPA servers at each datacentre
> > 
> > ipa1.domain.com \_ datacentre A
> > ipa2.domain.com /
> > 
> > ipa3.domain.com \_ datacentre B
> > ipa4.domain.com /
> > 
> > The datacentres are linekd, but bandwidth not great.
> > 
> > Client's in datacentre A should therefore use ipa1.domain.com and 
> > ipa2.domain.com as primary servers and only fail over to ipa3 &
> > ipa4 when both 1 & 2 are out of action.  Clients would revert to
> > using ipa1/ipa2 whenever either of them came back online.
> > 
> > I understand this configuration has already been done as part of
> > https://fedorahosted.org/freeipa/ticket/2282
> Yes, this has been done on the SSSD side as
> https://fedorahosted.org/sssd/ticket/1128
> The new feature is going to be part of SSSD 1.9.0. In 
> particular, you would configure the IPA domain like this:
> ipa_server = ipa1.domain.com, ipa2.domain.com 
> ipa_backup_server = ipa3.domain.com, ipa4.domain.com
> > 
> > What I'm wondering is if I can force my clients to load balance 
> > communication between ipa1 & ipa2.
> > 
> No, load balancing is currently not supported.
> What *might* work, although I haven't tested the scenario, is 
> creating a new DNS A record that would resolve to IP 
> addresses of both ipa1 and ipa2. The clients would then 
> connect to the first IP address they received. But as I said, 
> I haven't tested this at all.
> Feel free to file an RFE, but quite frankly, I think this is 
> precisely what SRV records have been designed for. The load 
> balancing would be performed based on the value of the 
> "weight" field in the SRV record.

I think I'll raise a ticket then.  Not that the _srv_ records don't do
the right job.  It's just that in my scenario they are unusable.  I
can't be alone in deploying IPA in a network already "dominated" by AD.

For now (as I said in another reply), I'll randomly configure clients to
either ipa1/ipa2 or ipa2/ipa1.



Northern Rock plc is part of the Virgin Money group of companies.

This e-mail is intended to be confidential to the recipient. If you receive a 
copy in error, please inform the sender and then delete this message. 

Virgin Money Personal Financial Service Limited is authorised and regulated by 
the Financial Services Authority. Company no. 3072766. 

Virgin Money Unit Trust Managers Limited is authorised and regulated by the 
Financial Services Authority. Company no. 3000482. 

Virgin Money Cards Limited. Introducer appointed representative only of Virgin 
Money Personal Financial Service Limited. Company no. 4232392.

Virgin Money Management Services Limited. Company no. 3072772.

Virgin Money Holdings (UK) Limited. Company no. 3087587.

Each of the above companies is registered in England and Wales and has its 
registered office at Discovery House, Whiting Road, Norwich NR4 6EJ. 

Northern Rock plc. Authorised and regulated by the Financial Services 
Authority. Registered in England and Wales (Company no. 6952311) with its 
registered office at Northern Rock House, Gosforth, Newcastle upon Tyne NE3 

The above companies use the trading name Virgin Money.

Freeipa-users mailing list

Reply via email to