On 03/08/2014 10:47 PM, Joshua Dotson wrote:
I posted the following in IRC.  The question was so involved that I decided it would probably be best to just join the users mailing list and ask here.  So, here I am. 

Please let me know your thoughts/questions/comments.

Thanks,
Joshua

[22:29]
<wrale-josh> hello.. i'm building an virtualization cluster of six nodes [on a common 10GbE LAN] to house administrative functions (e.g. logstash) for a mid-size environment.. i'm using gluster (replica 3), ovirt self-hosted engine and freeipa.  fencing will be done via ipmi.  distro is Fedora 19.  Anyway, because FreeIPA is so fundamental to the cluster and the environment at large, I'm thinking of having replicas on all six servers (bare metal).. (cont.)
[22:30] <wrale-josh> I read some about the trust relationships.  I read on the mailing list that upwards of 20 server environments have been tested.  What kind of method of trust should i use so that any two servers can be down at any given time, with no loss of service?
[22:32] <wrale-josh> I think I'd need a minimum of three FreeIPA servers to gain the ability to lose two servers without service interruption.  Should I, for example, make nodes 2 and 3 have trust with node 1 but not each other?  
[22:33] <wrale-josh> And if I were to do six nodes, what should that look like, so far as trust is conerned?
[22:36] <wrale-josh> Ahem.. And is there any odd vs. even quantity for quorum analog here (ala gluster wanting even number of nodes, vs. zookeeper wanting an odd number of nodes)?
[22:36] <wrale-josh> (i think i'll just send this to the mailing list).. :)


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
I think you are confusing trust and replication. You want to install several freeIPA replicas. Say you want 6 replicas and you want to make sure that the remaining replicas can talk to each other if any two are down. Then each replica should have at least 3 replication agreements. So you install replicas and then make sure that additional replication agreements are established.
You use ipa-replica-management  tool to do that.

Diagram shows how you would connect them.

 

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to