On Wed, Feb 12, 2025 at 11:37:10AM -0000, [email protected] wrote: > I plan few OpenLDAP servers: N readonly secondaries and single > writable main. > > In my case OpenLDAP is critical as readonly database, and changes are > allowed to fail. But I need all readonly replicas contain the same > data same time, and I have possibilities to temporarily disconnect > readonly secondaries from master. > > Is there a some kind of operational\replication mode when: > - Transactional changes over all servers: > Writable main fails writing to database and propagating them to > secondaries in case any of secondaries can not receive same changes > - Secondary server may start "empty" and self-register as secondary > server on writeable main, then get in sync. Until sync complete, > secondary server will not satisfy any requests from clients.
Hi Alexey, my advice to these sorts of requirements tends to be: - set up some sort of proxy/load balancer in front of the replicas - establish a system for replication monitoring, let this system be in charge of which replicas are exposed through the balancer(s) adding/removing them according to whether they are considered reasonably up-to-date lloadd or haproxy might be your traffic forwarders (lloadd can certainly be managed online in this way). As a quick and dirty (yet surprisingly robust) solution, you can start with synccheck[0] in a cron-like setup to decide which replicas should be included, this is how I've done it before. But if you're interested in a more responsive system, synccheck is built on top of a much more powerful (WIP) Python library that you can use for real-time replication monitoring, happy to cooperate if you are interested in developing the coordination layer as it has been on my radar for a while. [0]. https://git.openldap.org/openldap/syncmonitor Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
