[389-users] Re: multimaster replication -preventing clients writes
On 01/22/2016 04:09 PM, German Parente wrote: - Original Message - From: "William Brown" To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org> Sent: Friday, January 22, 2016 4:28:57 AM Subject: [389-users] Re: multimaster replication -preventing clients writes On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote: Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP. The aci will replicate because this is MMR. Yes, but it will be evaluated as false only in master 2. So, master 2 will allow writes while in master 1, they will be forbidden. the ip address in the ip aci rule defines and uses the client ip address, so it can control "from" where it is writable. But I agree it could be nicer to have a read only replica. Hi List, I would like to know if there is a cfg option in a multimaster replication ( 2 servers both accept read-writes) to prevent users/clients application writes to one of the master without affecting the replication agreements. my env 389-ds 1.3.4.4 Thank you Isabella You are actually asking for a read only replica ... if a rw master accepts no writes, it's a read only. If it accepts no writes it has nothing to transmit back to the other master you want a read only replica. Otherwise, if you want rw masters, there is no reason to limit yourself to writes only on one master. That's the point of the replication protocol, to remove the point of failures in write targets. -- Sincerely, William Brown Software Engineer Red Hat, Brisbane -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: multimaster replication -preventing clients writes
- Original Message - > From: "William Brown" > To: "General discussion list for the 389 Directory server project." > <389-users@lists.fedoraproject.org> > Sent: Friday, January 22, 2016 4:28:57 AM > Subject: [389-users] Re: multimaster replication -preventing clients writes > > On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote: > > Hi, I don't know if it will perform well but, you can create an ACI > > on the > > top of the tree and negate writes for all, except the master 2 IP. > > > > The aci will replicate because this is MMR. > Yes, but it will be evaluated as false only in master 2. So, master 2 will allow writes while in master 1, they will be forbidden. But I agree it could be nicer to have a read only replica. > > > > > Hi List, > > > I would like to know if there is a cfg option in a multimaster > > > replication > > > ( 2 servers both accept read-writes) to prevent users/clients > > > application > > > writes to one of the master without affecting the replication > > > agreements. > > > my env 389-ds 1.3.4.4 > > > Thank you > > > Isabella > > You are actually asking for a read only replica ... if a rw master > accepts no writes, it's a read only. If it accepts no writes it has > nothing to transmit back to the other master you want a read only > replica. > > > Otherwise, if you want rw masters, there is no reason to limit yourself > to writes only on one master. That's the point of the replication > protocol, to remove the point of failures in write targets. > > > -- > Sincerely, > > William Brown > Software Engineer > Red Hat, Brisbane > > > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: multimaster replication -preventing clients writes
On Thu, 2016-01-21 at 22:50 -0200, carne_de_passaro wrote: > Hi, I don't know if it will perform well but, you can create an ACI > on the > top of the tree and negate writes for all, except the master 2 IP. > The aci will replicate because this is MMR. > > > Hi List, > > I would like to know if there is a cfg option in a multimaster > > replication > > ( 2 servers both accept read-writes) to prevent users/clients > > application > > writes to one of the master without affecting the replication > > agreements. > > my env 389-ds 1.3.4.4 > > Thank you > > Isabella You are actually asking for a read only replica ... if a rw master accepts no writes, it's a read only. If it accepts no writes it has nothing to transmit back to the other master you want a read only replica. Otherwise, if you want rw masters, there is no reason to limit yourself to writes only on one master. That's the point of the replication protocol, to remove the point of failures in write targets. -- Sincerely, William Brown Software Engineer Red Hat, Brisbane signature.asc Description: This is a digitally signed message part -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: multimaster replication -preventing clients writes
Hi, I don't know if it will perform well but, you can create an ACI on the top of the tree and negate writes for all, except the master 2 IP. 2016-01-21 15:27 GMT-02:00 ghiureai : > Hi List, > I would like to know if there is a cfg option in a multimaster replication > ( 2 servers both accept read-writes) to prevent users/clients application > writes to one of the master without affecting the replication agreements. > my env 389-ds 1.3.4.4 > Thank you > Isabella > -- > 389 users mailing list > 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
