Hi, > I am currently working on a "High Availability Installation" of OpenCA...
sounds familiar... :-) > Scenario: Two identical Server, both running Linux and OpenCA with > identical config on both. MySQL Server with native replication.... > > Is it necessary to keep the disks in sync to run a failover scenario ? > The current plan is to use Server I untill it goes down and than switch > to Server II - AFAIK it shoulb bve sufficient to keeb the Database in > sync as no stati are really kept on the disks - or am I missing something > ? > > Chances on the configs etc are of course replicated - I just talk about > certificate enrollment through the standard interfaces I am pretty sure that you will have to synchronize the var/crypto directory, in particular the serial, index and crlnumber files. If I am not mistaken then these files are rewritten only during Recovery (Rebuild OpenSSL database). I think the cleanest approach is not to use an active/active configuration but rather an active/passive setup. Use heartbeat to start/stop the OpenCA daemon and apache and a shared NAS, RAID or maybe drbd to synchronize the state directory. I think a single database can be shared between the two nodes. Martin ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ OpenCA-Devel mailing list OpenCA-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-devel
