LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Highly available ldap

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Highly available ldap
From: Tim Mooney <Tim.Mooney@xxxxxxxx>
Date: Mon, 10 Sep 2007 16:03:18 -0500 (CDT)
In regard to: Re: [lvs-users] Highly available ldap, Joseph Mack NA3T said...:

> On Mon, 10 Sep 2007, Tim Mooney wrote:
>
>> In regard to: Re: [lvs-users] Highly available ldap, Joseph Mack NA3T 
>> said...:
>>
>>> On Thu, 6 Sep 2007, Penza Kenneth at MITTS wrote:
>>>
>>>> People,
>>>>
>>>>
>>>>
>>>>            I am trying to load balance two openldap servers using LVS
>>>> in CentOS 5.0, using direct routing. Did anyone managed to get this
>>>> working? Any help would be appreciated.
>>>
>>> no-one has done it.
>>
>> We've actually been load balancing OpenLDAP for years using LVS-DR.
>>
>> Our clients do NOT update LDAP though -- to them it's read only.
>
> ah. Important difference, but good to know it's been done.

Yeah, it is.  When clients can update LDAP, balancing becomes much more
tricky.

> anything special we should know?

No, it's pretty standard.  Original setup was done by someone else, but
openldap was the first service we used LVS for, before even http.  We've
been using LVS-DR with OpenLDAP for at least 5 years, probably closer to
7.

> Is it only one port?

For now, yeah.  Clients don't need to bind and can't retrieve anything
that's sensitive, so we're only doing ldap (no ldaps).

> what's the output of `ipvsadm` look like?

We have additional balanced services beyond LDAP, but the LDAP portion
looks like:

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  vs2.ndsu.NoDak.edu:ldap lc
   -> obscured2.NoDak.edu:ldap       Route   1      16         982
   -> obscured1.NoDak.edu:ldap       Route   1      17         984


If you do an ldapsearch against our directory, you're getting our LVS-DR
openldap:

        ldapsearch -x -LLL -h ldap.nodak.edu -b dc=ndsu,dc=nodak,dc=edu \
                uid=mooney

There's another organization co-located with the IT organization here at
the university, and they've also been running LVS-DR in front of their
openldap directory for nearly as along as we have.

LDAP is a critical component of Hurderos, which we've been using since
its inception.  Hence the need for a highly-available LDAP.

Tim
-- 
Tim Mooney                                        Tim.Mooney@xxxxxxxx
Information Technology Services                   (701) 231-1076 (Voice)
Room 242-J6, IACC Building                        (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164


<Prev in Thread] Current Thread [Next in Thread>