----- Original Message ----- > OK - thanks. > > But is there any way IPA can be tweaked to do this without an > "external" > product (albeit a Red Hat one)? Is it possible for the sssd clients > to > round-robin their requests between 2 or more servers?
At the monment only by using _srv_ records you could do some round-robin (assuming DNS supports it). Please do not use the load balancer as suggest in a previous reply, also using a A record would not work as machines joined to IPa need the 'correct' serve name to be able to perform GSSAPI authentication. A round-robin A record would make that fail. A round-robin CNAME record might work if your DNS server supports something like that. > Is this an sssd question or generic enough to be in this list? It's both, SSSD implements the client, but in FreeIPA domains we need a joint solution due to Kerberos requirements for DNS names. > Would this functionallity be of use to freeIPA in general? (my view = yes) Yes. HTH, Simo. > Cheers > > Duncan Innes | Linux Architect > > > > ________________________________ > > From: Mark St. Laurent [mailto:[email protected]] > Sent: 20 August 2012 15:15 > To: Innes, Duncan > Cc: [email protected] > Subject: Re: [Freeipa-users] Specifying load balancing to SSSD > clients > > > > http://www.redhat.com/products/enterprise-linux-add-ons/load-balancing/ > > > Norman "Mark" St. Laurent > Federal Team: Senior Solutions Architect > Red Hat > 8260 Greensboro Drive, Suite 300 > McLean VA, 22102 > Email: [email protected] > Cell: 703.772.1434 > > Check this Link out!!! Cool Stuff: http://mil-oss.org/ > > > ________________________________ > > From: "Duncan Innes" <[email protected]> > To: [email protected] > Sent: Monday, August 20, 2012 9:48:30 AM > Subject: [Freeipa-users] Specifying load balancing to SSSD > clients > > Folks, > > Hopefully this isn't a dumb question, but I'm constrained by a > few > things on my estate and would be looking to deploy something > like the > following: > > 2 Datacentres > 2 IPA servers at each datacentre > > ipa1.domain.com \_ datacentre A > ipa2.domain.com / > > ipa3.domain.com \_ datacentre B > ipa4.domain.com / > > The datacentres are linekd, but bandwidth not great. > > Client's in datacentre A should therefore use ipa1.domain.com > and > ipa2.domain.com as primary servers and only fail over to ipa3 & > ipa4 > when both 1 & 2 are out of action. Clients would revert to > using > ipa1/ipa2 whenever either of them came back online. > > I understand this configuration has already been done as part of > https://fedorahosted.org/freeipa/ticket/2282 > > What I'm wondering is if I can force my clients to load balance > communication between ipa1 & ipa2. > > I don't have the ability to use the _srv_ records in DNS as > that's set > up for the AD servers on our network. I also can't create > separate DNS > servers for the Linux estate (not that I'd particularly want > to). > > Is there any current configuration that I can use to force load > balancing between ipa1/ipa2 under ideal conditions. Falling > back to > ipa2 when ipa1 is out of action. Falling back to (load balanced > perhaps?) ipa3/ipa4 when ipa1 & ipa2 are both out of action. > > Hope the description is reasonable. > > Thanks > > Duncan Innes | Linux Architect > > > > > Northern Rock plc is part of the Virgin Money group of companies. > > This e-mail is intended to be confidential to the recipient. If you > receive a copy in error, please inform the sender and then delete > this message. > > Virgin Money Personal Financial Service Limited is authorised and > regulated by the Financial Services Authority. Company no. 3072766. > > Virgin Money Unit Trust Managers Limited is authorised and regulated > by the Financial Services Authority. Company no. 3000482. > > Virgin Money Cards Limited. Introducer appointed representative only > of Virgin Money Personal Financial Service Limited. Company no. > 4232392. > > Virgin Money Management Services Limited. Company no. 3072772. > > Virgin Money Holdings (UK) Limited. Company no. 3087587. > > Each of the above companies is registered in England and Wales and > has its registered office at Discovery House, Whiting Road, Norwich > NR4 6EJ. > > Northern Rock plc. Authorised and regulated by the Financial Services > Authority. Registered in England and Wales (Company no. 6952311) > with its registered office at Northern Rock House, Gosforth, > Newcastle upon Tyne NE3 4PL. > > The above companies use the trading name Virgin Money. > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
