On Mon, Aug 20, 2012 at 02:48:30PM +0100, Innes, Duncan wrote: > Folks, > > Hopefully this isn't a dumb question, but I'm constrained by a few > things on my estate and would be looking to deploy something like the > following: > > 2 Datacentres > 2 IPA servers at each datacentre > > ipa1.domain.com \_ datacentre A > ipa2.domain.com / > > ipa3.domain.com \_ datacentre B > ipa4.domain.com / > > The datacentres are linekd, but bandwidth not great. > > Client's in datacentre A should therefore use ipa1.domain.com and > ipa2.domain.com as primary servers and only fail over to ipa3 & ipa4 > when both 1 & 2 are out of action. Clients would revert to using > ipa1/ipa2 whenever either of them came back online. > > I understand this configuration has already been done as part of > https://fedorahosted.org/freeipa/ticket/2282
Yes, this has been done on the SSSD side as https://fedorahosted.org/sssd/ticket/1128 The new feature is going to be part of SSSD 1.9.0. In particular, you would configure the IPA domain like this: ipa_server = ipa1.domain.com, ipa2.domain.com ipa_backup_server = ipa3.domain.com, ipa4.domain.com > > What I'm wondering is if I can force my clients to load balance > communication between ipa1 & ipa2. > No, load balancing is currently not supported. What *might* work, although I haven't tested the scenario, is creating a new DNS A record that would resolve to IP addresses of both ipa1 and ipa2. The clients would then connect to the first IP address they received. But as I said, I haven't tested this at all. Feel free to file an RFE, but quite frankly, I think this is precisely what SRV records have been designed for. The load balancing would be performed based on the value of the "weight" field in the SRV record. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
