thanks Matrix.. I will add this option to my config params Regards, Rakesh
On Sat, Jan 21, 2017 at 7:17 PM, Matrix <[email protected]> wrote: > Hi, Rakesh > > Try 'ipa-client-install' with this option '--fixed-primary'. with it, > '_srv_' will disappeared > > From man page: > --fixed-primary > Configure SSSD to use a fixed server as the primary IPA > server. The default is to > use DNS SRV records to determine the primary server to use > and fall back to the > server the client is enrolled with. When used in > conjunction with --server then no > _srv_ value is set in the ipa_server option in sssd.conf. > > Matrix > ------------------ Original ------------------ > *From: * "Rakesh Rajasekharan";<[email protected]>; > *Date: * Sat, Jan 21, 2017 10:09 PM > *To: * "Matrix"<[email protected]>; > *Cc: * "freeipa-users"<[email protected]>; > *Subject: * Re: [Freeipa-users] Freeipa replica info to clents: guidance > > Thanks Matrix.. for the inputs.. > > > Firstly, '_srv_' means clients will find out which servers will be > connected with by dns srv records. In your explanation, DNS did not > configure in your env. > > After running the ipa-client, the _srv_ was automatically added . The > configs options I passed for configuring the host as a IPA client is > > ipa-client-install --domain=mydomain.com --server=ipa-master-int. > mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir > --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U > > > While configuring IPA server , I did not pass the setup-dns options.( > that avoids setting up the dns server I assume ) > > > ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P > mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U > > So, I did not explicitly specify the _srv_ options. However, this has been > working fine till now. > > > > Secondly, 'replica' key words ? I can not find it from man pages of > sssd-ipa. is it really working fine? > sorry that was a typo from my side . > Its actually > ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com. > > > So, I suggested to configure it in this way: > > ipa_server = <ipa1> > > ipa_backup_server = <ipa2> > > > For another half clients, > > ipa_server = <ipa2> > > ipa_backup_server = <ipa1> > > I will try this out.. probably I can safely leave out _srv_ > > Thanks > Rakesh > > On Sat, Jan 21, 2017 at 6:10 PM, Matrix <[email protected]> wrote: > >> For my understanding, there is something wrong with your configuration >> >> >> ipa_server = _srv_, ipa-master-mydomain.com, repilca >> ipa-replica-mydomain.com >> >> Firstly, '_srv_' means clients will find out which servers will be >> connected with by dns srv records. In your explanation, DNS did not >> configure in your env. >> >> Secondly, 'replica' key words ? I can not find it from man pages of >> sssd-ipa. is it really working fine? >> >> >>Also, can I define priority based on the order in which the IPA servers >> are defined in >> >>ipa_server = _srv_ ,<ipa1>,<ipa2> >> >> your understanding is correct. server priority is based on sequence in >> conf file. There is a problem for this configuration. Once 'ipa1' failed, >> all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was >> back, all clients will be sticky on 'ipa2' >> >> So, I suggested to configure it in this way: >> ipa_server = <ipa1> >> ipa_backup_server = <ipa2> >> >> For another half clients, >> ipa_server = <ipa2> >> ipa_backup_server = <ipa1> >> >> Matrix >> >> ------------------ Original ------------------ >> *From: * "Rakesh Rajasekharan";<[email protected]>; >> *Date: * Sat, Jan 21, 2017 08:25 PM >> *To: * "freeipa-users"<[email protected]>; >> *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance >> >> Hi, >> >> My Freeipa setup is on AWS ec2 instances and has been working fine with >> just one master for a while now. >> >> I am now trying to setup replica servers which, I was able to and the >> replication between both masters go fine. >> >> So, I have a master serer ipa-master-mydomain.com and repilca >> ipa-replica-mydomain.com >> >> I am not using DNS and rely on AWS for DNS resolution instead. >> >> My question is , how do I tell clients about the new replica server . >> >> I tried an entry in the sssd.conf domain section of the clients >> >> >> id_provider = ipa >> auth_provider = ipa >> ipa_server = _srv_, ipa-master-mydomain.com, repilca >> ipa-replica-mydomain.com >> >> >> This approach works fine and clients reach out to the replica as a >> failover. However, wanted to verify if this is the correct way. >> >> Also, can I define priority based on the order in which the IPA servers >> are defined in >> ipa_server = _srv_ ,<ipa1>,<ipa2> >> >> If the above assumption is right, I could have half of my clients connect >> to master always and rest to the replica that way balancing the load. >> >> >> Thanks >> Rakesh >> >> >> >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
