Hi Guys, I'm inspiring to configure a HA for my OpenLDAP servers after I've read the HA for NFS servers HowTo by Falko, two thumbs-up to you Falko! But the scenario I want to have is a bit different with the HowTo, I've setup 2 OpenLDAP servers, both of them are operating in Master mode. I want to HA (Active-Passive) this 2 servers with only 2 IP addresses involve. For example, LDAP server 1 is on 192.168.0.1 IP and LDAP server 2 is on 192.168.0.2 IP, instead of providing virtual IP as third IP, I want in the event of LDAP server 1 is down, then LDAP server 2 will configure itself become LDAP server 1 and fail over the LDAP db from server 1 to server 2. I believe it can be done but I just can't figure it out how to configure the heartbeat to not use virtual IP address. I tried to put 192.168.0.1 inside /etc/ha.d/haresources as virtual IP address and it can't work. Any advice or pointer or help will be greatly appreciated. Thanks. Regards, Vibranze
the problem is you need to set server A's IP as an IP of server B in case of server a has gone. But even if having a virtual IP or switching it, don't forget the switches arp cache, which might break that idea... But imagine the server is reachable, but the ldap does not work, than your HA has gone to hell. What you could do even if that's not the best way is to set up a dns name wit h local TTL 0 which forces the client or it's dns server not to cache that. Then you only need to run a script on both machines which tells the dns-server to change the IP on that dns-record if the other machine does not work.
Hi Ben, Thanks for the answer, I just realised that I forgot the ARP thingy, lucky you reminded me. It's a bit hard for me to play on DNS as it controlled by network division. I think I will stick to virtual IP concept rather than having 2 IP addresses only. Can I say that the virtual IP must be at the same network segment as the servers' IP? Or can the server use internal IP and only the virtual IP use the routable IP? Regards, Vibranze
I think you need at least three IPs from the same subnet. That's what I already experienced with appliances such as SSL-VPN etc.
