Hi,
> we are planning to setup up an active/active system over two geo locations.
> Does anyone have experience with such a scenario and can share some best
> practices?
> We would otherwise testing db replication or setting up different signing
> ca’s within the datacenters, but I would rather have this in a way to be able
> to control duplicated certificates.
Yes, active-active works without any problems with any number of worker nodes.
For an active-active setup you need:
- a redundant database, All OpenXPKI worker node need to access the same
database instance
- any number of OpenXPKI worker nodes. All worker nodes must have the same
configuration.
- the OpenXPKI web interface must be configured to store sessions in the
database. For a long time this has been the default.
- a load balancer which proxies all the worker nodes' web interfaces. The load
balancer shall be configured in a way that for a given worker node topology
queries get routed to the same worker node based on the Source IP (e. g. source
IP hash).
Cheers
Martin
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users