Re: [Freeipa-users] Freeipa replica info to clents: guidance
thanks Matrix.. I will add this option to my config params Regards, Rakesh On Sat, Jan 21, 2017 at 7:17 PM, Matrix wrote: > Hi, Rakesh > > Try 'ipa-client-install' with this option '--fixed-primary'. with it, > '_srv_' will disappeared > > From man page: >--fixed-primary > Configure SSSD to use a fixed server as the primary IPA > server. The default is to > use DNS SRV records to determine the primary server to use > and fall back to the > server the client is enrolled with. When used in > conjunction with --server then no > _srv_ value is set in the ipa_server option in sssd.conf. > > Matrix > -- Original -- > *From: * "Rakesh Rajasekharan";; > *Date: * Sat, Jan 21, 2017 10:09 PM > *To: * "Matrix"; > *Cc: * "freeipa-users"; > *Subject: * Re: [Freeipa-users] Freeipa replica info to clents: guidance > > Thanks Matrix.. for the inputs.. > > > Firstly, '_srv_' means clients will find out which servers will be > connected with by dns srv records. In your explanation, DNS did not > configure in your env. > > After running the ipa-client, the _srv_ was automatically added . The > configs options I passed for configuring the host as a IPA client is > > ipa-client-install --domain=mydomain.com --server=ipa-master-int. > mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir > --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U > > > While configuring IPA server , I did not pass the setup-dns options.( > that avoids setting up the dns server I assume ) > > > ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P > mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U > > So, I did not explicitly specify the _srv_ options. However, this has been > working fine till now. > > > > Secondly, 'replica' key words ? I can not find it from man pages of > sssd-ipa. is it really working fine? > sorry that was a typo from my side . > Its actually > ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com. > > > So, I suggested to configure it in this way: > > ipa_server = > > ipa_backup_server = > > > For another half clients, > > ipa_server = > > ipa_backup_server = > > I will try this out.. probably I can safely leave out _srv_ > > Thanks > Rakesh > > On Sat, Jan 21, 2017 at 6:10 PM, Matrix wrote: > >> For my understanding, there is something wrong with your configuration >> >> >> ipa_server = _srv_, ipa-master-mydomain.com, repilca >> ipa-replica-mydomain.com >> >> Firstly, '_srv_' means clients will find out which servers will be >> connected with by dns srv records. In your explanation, DNS did not >> configure in your env. >> >> Secondly, 'replica' key words ? I can not find it from man pages of >> sssd-ipa. is it really working fine? >> >> >>Also, can I define priority based on the order in which the IPA servers >> are defined in >> >>ipa_server = _srv_ ,, >> >> your understanding is correct. server priority is based on sequence in >> conf file. There is a problem for this configuration. Once 'ipa1' failed, >> all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was >> back, all clients will be sticky on 'ipa2' >> >> So, I suggested to configure it in this way: >> ipa_server = >> ipa_backup_server = >> >> For another half clients, >> ipa_server = >> ipa_backup_server = >> >> Matrix >> >> -- Original -- >> *From: * "Rakesh Rajasekharan";; >> *Date: * Sat, Jan 21, 2017 08:25 PM >> *To: * "freeipa-users"; >> *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance >> >> Hi, >> >> My Freeipa setup is on AWS ec2 instances and has been working fine with >> just one master for a while now. >> >> I am now trying to setup replica servers which, I was able to and the >> replication between both masters go fine. >> >> So, I have a master serer ipa-master-mydomain.com and repilca >> ipa-replica-mydomain.com >> >> I am not using DNS and rely on AWS for DNS resolution instead. >> >> My question is , how do I tell clients about the new replica server . >> >> I tried an entry in the sssd.conf domain section of the clients >> >> >> id_provider = ipa >> auth_provider = ipa >> ipa_server = _srv_, ipa-master-mydomain.com, repilca >> ipa-replica-mydomain.com >> >> >> This approach works fine and clients reach out to the replica as a >> failover. However, wanted to verify if this is the correct way. >> >> Also, can I define priority based on the order in which the IPA servers >> are defined in >> ipa_server = _srv_ ,, >> >> If the above assumption is right, I could have half of my clients connect >> to master always and rest to the replica that way balancing the load. >> >> >> Thanks >> Rakesh >> >> >> >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Freeipa replica info to clents: guidance
Hi, Rakesh Try 'ipa-client-install' with this option '--fixed-primary'. with it, '_srv_' will disappeared From man page: --fixed-primary Configure SSSD to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with. When used in conjunction with --server then no _srv_ value is set in the ipa_server option in sssd.conf. Matrix -- Original -- From: "Rakesh Rajasekharan";; Date: Sat, Jan 21, 2017 10:09 PM To: "Matrix"; Cc: "freeipa-users"; Subject: Re: [Freeipa-users] Freeipa replica info to clents: guidance Thanks Matrix.. for the inputs.. > Firstly, '_srv_' means clients will find out which servers will be connected > with by dns srv records. In your explanation, DNS did not configure in your > env. After running the ipa-client, the _srv_ was automatically added . The configs options I passed for configuring the host as a IPA client is ipa-client-install --domain=mydomain.com --server=ipa-master-int.mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U While configuring IPA server , I did not pass the setup-dns options.( that avoids setting up the dns server I assume ) ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U So, I did not explicitly specify the _srv_ options. However, this has been working fine till now. > Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. > is it really working fine? sorry that was a typo from my side . Its actually ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com. > So, I suggested to configure it in this way: > ipa_server = > ipa_backup_server = > For another half clients, > ipa_server = > ipa_backup_server = I will try this out.. probably I can safely leave out _srv_ Thanks Rakesh On Sat, Jan 21, 2017 at 6:10 PM, Matrix wrote: For my understanding, there is something wrong with your configuration >> ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env. Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? >>Also, can I define priority based on the order in which the IPA servers are >>defined in >>ipa_server = _srv_ ,, your understanding is correct. server priority is based on sequence in conf file. There is a problem for this configuration. Once 'ipa1' failed, all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was back, all clients will be sticky on 'ipa2' So, I suggested to configure it in this way: ipa_server = ipa_backup_server = For another half clients, ipa_server = ipa_backup_server = Matrix -- Original -- From: "Rakesh Rajasekharan";; Date: Sat, Jan 21, 2017 08:25 PM To: "freeipa-users"; Subject: [Freeipa-users] Freeipa replica info to clents: guidance Hi, My Freeipa setup is on AWS ec2 instances and has been working fine with just one master for a while now. I am now trying to setup replica servers which, I was able to and the replication between both masters go fine. So, I have a master serer ipa-master-mydomain.com and repilca ipa-replica-mydomain.com I am not using DNS and rely on AWS for DNS resolution instead. My question is , how do I tell clients about the new replica server . I tried an entry in the sssd.conf domain section of the clients id_provider = ipa auth_provider = ipa ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com This approach works fine and clients reach out to the replica as a failover. However, wanted to verify if this is the correct way. Also, can I define priority based on the order in which the IPA servers are defined in ipa_server = _srv_ ,, If the above assumption is right, I could have half of my clients connect to master always and rest to the replica that way balancing the load. Thanks Rakesh-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Freeipa replica info to clents: guidance
Thanks Matrix.. for the inputs.. > Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env. After running the ipa-client, the _srv_ was automatically added . The configs options I passed for configuring the host as a IPA client is ipa-client-install --domain=mydomain.com --server= ipa-master-int.mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U While configuring IPA server , I did not pass the setup-dns options.( that avoids setting up the dns server I assume ) ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U So, I did not explicitly specify the _srv_ options. However, this has been working fine till now. > Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? sorry that was a typo from my side . Its actually ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com. > So, I suggested to configure it in this way: > ipa_server = > ipa_backup_server = > For another half clients, > ipa_server = > ipa_backup_server = I will try this out.. probably I can safely leave out _srv_ Thanks Rakesh On Sat, Jan 21, 2017 at 6:10 PM, Matrix wrote: > For my understanding, there is something wrong with your configuration > > >> ipa_server = _srv_, ipa-master-mydomain.com, repilca > ipa-replica-mydomain.com > > Firstly, '_srv_' means clients will find out which servers will be > connected with by dns srv records. In your explanation, DNS did not > configure in your env. > > Secondly, 'replica' key words ? I can not find it from man pages of > sssd-ipa. is it really working fine? > > >>Also, can I define priority based on the order in which the IPA servers > are defined in > >>ipa_server = _srv_ ,, > > your understanding is correct. server priority is based on sequence in > conf file. There is a problem for this configuration. Once 'ipa1' failed, > all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was > back, all clients will be sticky on 'ipa2' > > So, I suggested to configure it in this way: > ipa_server = > ipa_backup_server = > > For another half clients, > ipa_server = > ipa_backup_server = > > Matrix > > -- Original -- > *From: * "Rakesh Rajasekharan";; > *Date: * Sat, Jan 21, 2017 08:25 PM > *To: * "freeipa-users"; > *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance > > Hi, > > My Freeipa setup is on AWS ec2 instances and has been working fine with > just one master for a while now. > > I am now trying to setup replica servers which, I was able to and the > replication between both masters go fine. > > So, I have a master serer ipa-master-mydomain.com and repilca > ipa-replica-mydomain.com > > I am not using DNS and rely on AWS for DNS resolution instead. > > My question is , how do I tell clients about the new replica server . > > I tried an entry in the sssd.conf domain section of the clients > > > id_provider = ipa > auth_provider = ipa > ipa_server = _srv_, ipa-master-mydomain.com, repilca > ipa-replica-mydomain.com > > > This approach works fine and clients reach out to the replica as a > failover. However, wanted to verify if this is the correct way. > > Also, can I define priority based on the order in which the IPA servers > are defined in > ipa_server = _srv_ ,, > > If the above assumption is right, I could have half of my clients connect > to master always and rest to the replica that way balancing the load. > > > Thanks > Rakesh > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Freeipa replica info to clents: guidance
For my understanding, there is something wrong with your configuration >> ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env. Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? >>Also, can I define priority based on the order in which the IPA servers are >>defined in >>ipa_server = _srv_ ,, your understanding is correct. server priority is based on sequence in conf file. There is a problem for this configuration. Once 'ipa1' failed, all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was back, all clients will be sticky on 'ipa2' So, I suggested to configure it in this way: ipa_server = ipa_backup_server = For another half clients, ipa_server = ipa_backup_server = Matrix -- Original -- From: "Rakesh Rajasekharan";; Date: Sat, Jan 21, 2017 08:25 PM To: "freeipa-users"; Subject: [Freeipa-users] Freeipa replica info to clents: guidance Hi, My Freeipa setup is on AWS ec2 instances and has been working fine with just one master for a while now. I am now trying to setup replica servers which, I was able to and the replication between both masters go fine. So, I have a master serer ipa-master-mydomain.com and repilca ipa-replica-mydomain.com I am not using DNS and rely on AWS for DNS resolution instead. My question is , how do I tell clients about the new replica server . I tried an entry in the sssd.conf domain section of the clients id_provider = ipa auth_provider = ipa ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com This approach works fine and clients reach out to the replica as a failover. However, wanted to verify if this is the correct way. Also, can I define priority based on the order in which the IPA servers are defined in ipa_server = _srv_ ,, If the above assumption is right, I could have half of my clients connect to master always and rest to the replica that way balancing the load. Thanks Rakesh-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Freeipa replica info to clents: guidance
Hi, My Freeipa setup is on AWS ec2 instances and has been working fine with just one master for a while now. I am now trying to setup replica servers which, I was able to and the replication between both masters go fine. So, I have a master serer ipa-master-mydomain.com and repilca ipa-replica-mydomain.com I am not using DNS and rely on AWS for DNS resolution instead. My question is , how do I tell clients about the new replica server . I tried an entry in the sssd.conf domain section of the clients id_provider = ipa auth_provider = ipa ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com This approach works fine and clients reach out to the replica as a failover. However, wanted to verify if this is the correct way. Also, can I define priority based on the order in which the IPA servers are defined in ipa_server = _srv_ ,, If the above assumption is right, I could have half of my clients connect to master always and rest to the replica that way balancing the load. Thanks Rakesh -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
