Hi, > we are planning to setup up an active/active system over two geo locations. > Does anyone have experience with such a scenario and can share some best > practices? > We would otherwise testing db replication or setting up different signing > ca’s within the datacenters, but I would rather have this in a way to be able > to control duplicated certificates.
Yes, active-active works without any problems with any number of worker nodes. For an active-active setup you need: - a redundant database, All OpenXPKI worker node need to access the same database instance - any number of OpenXPKI worker nodes. All worker nodes must have the same configuration. - the OpenXPKI web interface must be configured to store sessions in the database. For a long time this has been the default. - a load balancer which proxies all the worker nodes' web interfaces. The load balancer shall be configured in a way that for a given worker node topology queries get routed to the same worker node based on the Source IP (e. g. source IP hash). Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
