Thanks Matrix.. for the inputs.. > Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env.
After running the ipa-client, the _srv_ was automatically added . The configs options I passed for configuring the host as a IPA client is ipa-client-install --domain=mydomain.com --server= ipa-master-int.mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U While configuring IPA server , I did not pass the setup-dns options.( that avoids setting up the dns server I assume ) ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U So, I did not explicitly specify the _srv_ options. However, this has been working fine till now. > Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? sorry that was a typo from my side . Its actually ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com. > So, I suggested to configure it in this way: > ipa_server = <ipa1> > ipa_backup_server = <ipa2> > For another half clients, > ipa_server = <ipa2> > ipa_backup_server = <ipa1> I will try this out.. probably I can safely leave out _srv_ Thanks Rakesh On Sat, Jan 21, 2017 at 6:10 PM, Matrix <matrix...@qq.com> wrote: > For my understanding, there is something wrong with your configuration > > >> ipa_server = _srv_, ipa-master-mydomain.com, repilca > ipa-replica-mydomain.com > > Firstly, '_srv_' means clients will find out which servers will be > connected with by dns srv records. In your explanation, DNS did not > configure in your env. > > Secondly, 'replica' key words ? I can not find it from man pages of > sssd-ipa. is it really working fine? > > >>Also, can I define priority based on the order in which the IPA servers > are defined in > >>ipa_server = _srv_ ,<ipa1>,<ipa2> > > your understanding is correct. server priority is based on sequence in > conf file. There is a problem for this configuration. Once 'ipa1' failed, > all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was > back, all clients will be sticky on 'ipa2' > > So, I suggested to configure it in this way: > ipa_server = <ipa1> > ipa_backup_server = <ipa2> > > For another half clients, > ipa_server = <ipa2> > ipa_backup_server = <ipa1> > > Matrix > > ------------------ Original ------------------ > *From: * "Rakesh Rajasekharan";<rakesh.rajasekha...@gmail.com>; > *Date: * Sat, Jan 21, 2017 08:25 PM > *To: * "freeipa-users"<freeipa-users@redhat.com>; > *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance > > Hi, > > My Freeipa setup is on AWS ec2 instances and has been working fine with > just one master for a while now. > > I am now trying to setup replica servers which, I was able to and the > replication between both masters go fine. > > So, I have a master serer ipa-master-mydomain.com and repilca > ipa-replica-mydomain.com > > I am not using DNS and rely on AWS for DNS resolution instead. > > My question is , how do I tell clients about the new replica server . > > I tried an entry in the sssd.conf domain section of the clients > > > id_provider = ipa > auth_provider = ipa > ipa_server = _srv_, ipa-master-mydomain.com, repilca > ipa-replica-mydomain.com > > > This approach works fine and clients reach out to the replica as a > failover. However, wanted to verify if this is the correct way. > > Also, can I define priority based on the order in which the IPA servers > are defined in > ipa_server = _srv_ ,<ipa1>,<ipa2> > > If the above assumption is right, I could have half of my clients connect > to master always and rest to the replica that way balancing the load. > > > Thanks > Rakesh > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project