Hi all, After a lot of debugging, it seems IPA 4.5.0 broke active/active failover for krb5. While I wait on getting that fixed, I would like to request +1s for the following patch.
commit 4005fd5929c034436e21c56af0322d53cef04e74 Author: Patrick Uiterwijk <[email protected]> Date: Fri Sep 15 22:50:02 2017 +0000 Fix krb5 with failover Seems like IPA 4.5.0 broke active/active failover of krb5 KDC. While we wait on getting that fixed, let's set us up for active/passive failover on the HTTPD end. Since we can't do active/passive for UDP (there's no checks there), let's just remove ipa02 for those. Signed-off-by: Patrick Uiterwijk <[email protected]> diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index be1e5b5..cda10ab 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -340,7 +340,7 @@ listen ipa 0.0.0.0:10053 balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% if env != "staging" %} - server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem + server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup {% endif %} option httpchk GET /ipa/ui/ @@ -354,7 +354,7 @@ listen krb5 0.0.0.0:1088 timeout connect 86400000 server ipa01 ipa01:88 weight 1 maxconn 16384 {% if env == "production" %} - server ipa02 ipa02:88 weight 1 maxconn 16384 + # server ipa02 ipa02:88 weight 1 maxconn 16384 {% endif %} listen docker-candidate-registry 0.0.0.0:10054 _______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected]
