Joel Heenan
2007-Jul-06 04:54 UTC
[Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Hey, I have successfully setup multi-master replication between two servers using SSL. Life is good. I would like to have a single Administration server that connects to both Directory Servers. Seems to make more sense than running one Admin server per Directory Server instance. I can''t work out how I can add two Directory Servers who have the same domain. When I open the Admin Server console it has the domain "blah.example.com" which includes an IP address and port. I can add another domain but both servers are managing the same domain. I couldn''t see an easy way to add another server, I poked around trying to do this behind the scenes in the Directory Server backend and I got another IP address and server group to appear but it seems that ip address (the one shown with the computer icon) is only cosmetic and the real IP address it uses to connect is the one in the domain. Am I going about this the wrong way? Guide you can point me to? Thanks -- Joel The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
Richard Megginson
2007-Jul-06 14:14 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Joel Heenan wrote:> Hey, > > I have successfully setup multi-master replication between two servers > using SSL. Life is good. > > I would like to have a single Administration server that connects to > both Directory Servers. Seems to make more sense than running one Admin > server per Directory Server instance. >How did you create your directory server instances? Usually the first one you create is your Configuration Directory Server, the one the console uses as sort of a network registry (the o=NetscapeRoot suffix). Subsequent directory server instance creation should use this one instead of creating a new Config DS. The setup program should give you these options.> I can''t work out how I can add two Directory Servers who have the same > domain. When I open the Admin Server console it has the domain > "blah.example.com" which includes an IP address and port. I can add > another domain but both servers are managing the same domain. I couldn''t > see an easy way to add another server, I poked around trying to do this > behind the scenes in the Directory Server backend and I got another IP > address and server group to appear but it seems that ip address (the one > shown with the computer icon) is only cosmetic and the real IP address > it uses to connect is the one in the domain. > > Am I going about this the wrong way? Guide you can point me to? > > Thanks >
Joel Heenan
2007-Jul-09 00:56 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
On Sat, 2007-07-07 at 00:14 +1000, Richard Megginson wrote:> How did you create your directory server instances? Usually the first > one you create is your Configuration Directory Server, the one the > console uses as sort of a network registry (the o=NetscapeRoot suffix). > Subsequent directory server instance creation should use this one > instead of creating a new Config DS. The setup program should give you > these options.Oh ok I made a mistake during the setup process then. Anyway to change this after the fact? Setting up SSL replication was very difficult. Thanks -- Joel Heenan The information contained in this e-mail message and any accompanying files is or may be confidential. If you are not the intended recipient, any use, dissemination, reliance, forwarding, printing or copying of this e-mail or any attached files is unauthorised. This e-mail is subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If you have received this e-mail in error please advise the sender immediately by return e-mail or telephone and delete all copies. Fairfax does not guarantee the accuracy or completeness of any information contained in this e-mail or attached files. Internet communications are not secure, therefore Fairfax does not accept legal responsibility for the contents of this message or attached files.
Richard Megginson
2007-Jul-09 15:44 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Joel Heenan wrote:> On Sat, 2007-07-07 at 00:14 +1000, Richard Megginson wrote: > > >> How did you create your directory server instances? Usually the first >> one you create is your Configuration Directory Server, the one the >> console uses as sort of a network registry (the o=NetscapeRoot suffix). >> Subsequent directory server instance creation should use this one >> instead of creating a new Config DS. The setup program should give you >> these options. >> > > Oh ok I made a mistake during the setup process then. > > Anyway to change this after the fact? Setting up SSL replication was > very difficult. >It''s probably going to be more difficult to register the servers after the fact with the console. However, if you are really determined to do it this way, I suggest you start first by hacking on some perl scripts in CVS head - adminserver/admserv/newinst/src/register_servers.pl - you''ll need the new perl modules from Fedora DS CVS head, adminutil, and adminserver also from CVS head. http://directory.fedoraproject.org/wiki/Developers> Thanks >
Richard Megginson
2007-Jul-09 16:29 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Daryle A. Tilroe wrote:> Joel Heenan wrote: > >> On Sat, 2007-07-07 at 00:14 +1000, Richard Megginson wrote: >> >>> How did you create your directory server instances? Usually the >>> first one you create is your Configuration Directory Server, the one >>> the console uses as sort of a network registry (the o=NetscapeRoot >>> suffix). Subsequent directory server instance creation should use >>> this one instead of creating a new Config DS. The setup program >>> should give you these options. > > I have a closely related question. Is there a correct way in a simple > dual multimaster setup to have the two servers both be config servers > for the same DB? I tried just replicating NetscapeRoot but I ended up > with things messed up.How so?> I have not yet tried again but was curious > if there was a ''correct'' method.Not really. There are too many places where the host:port of the config DS are hard coded, and there is not really a provision for specifying more than one for failover.> Otherwise I was just going to have > the two be independent insofar as the config DB went. I require > this so either will be completely, and indefinitely, functional when > the other is down. >
Daryle A. Tilroe
2007-Jul-09 16:30 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Joel Heenan wrote:> On Sat, 2007-07-07 at 00:14 +1000, Richard Megginson wrote: > >>How did you create your directory server instances? Usually the first >>one you create is your Configuration Directory Server, the one the >>console uses as sort of a network registry (the o=NetscapeRoot suffix). >>Subsequent directory server instance creation should use this one >>instead of creating a new Config DS. The setup program should give you >>these options.I have a closely related question. Is there a correct way in a simple dual multimaster setup to have the two servers both be config servers for the same DB? I tried just replicating NetscapeRoot but I ended up with things messed up. I have not yet tried again but was curious if there was a ''correct'' method. Otherwise I was just going to have the two be independent insofar as the config DB went. I require this so either will be completely, and indefinitely, functional when the other is down. -- Daryle A. Tilroe
Richard Megginson
2007-Jul-09 16:49 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Daryle A. Tilroe wrote:> Richard Megginson wrote: > >> Daryle A. Tilroe wrote: >> >>> I have a closely related question. Is there a correct way in a simple >>> dual multimaster setup to have the two servers both be config servers >>> for the same DB? I tried just replicating NetscapeRoot but I ended up >>> with things messed up. >> >> How so? > > It was a couple weeks ago but IIRC the admin server on the second > master would not run properly. I will really have to try it again > to confirm. > >>> I have not yet tried again but was curious >>> if there was a ''correct'' method. >> >> Not really. There are too many places where the host:port of the >> config DS are hard coded, and there is not really a provision for >> specifying more than one for failover. > > So basically I should have my two multimasters run independent admin > servers? I did notice that I can admin the other "independent" > secondary master with the ''left over'' entry in the config DB of > the primary (it was left there after I redid the secondary since > the I left the primary). This suggests I could probably add each > of the two master to each other''s config DB manually.Yes, you could do that too.> I''m not really > sure that this is even useful though in a small install. Probably > best to leave them as separate admin servers with the userRoot > replicated; that seems to work just fine. > >
Daryle A. Tilroe
2007-Jul-09 16:52 UTC
Re: [Fedora-directory-users] Admin Server connecting to two Directory Servers within the same domain
Richard Megginson wrote:> Daryle A. Tilroe wrote: > >> I have a closely related question. Is there a correct way in a simple >> dual multimaster setup to have the two servers both be config servers >> for the same DB? I tried just replicating NetscapeRoot but I ended up >> with things messed up. > > How so?It was a couple weeks ago but IIRC the admin server on the second master would not run properly. I will really have to try it again to confirm.>> I have not yet tried again but was curious >> if there was a ''correct'' method. > > Not really. There are too many places where the host:port of the config > DS are hard coded, and there is not really a provision for specifying > more than one for failover.So basically I should have my two multimasters run independent admin servers? I did notice that I can admin the other "independent" secondary master with the ''left over'' entry in the config DB of the primary (it was left there after I redid the secondary since the I left the primary). This suggests I could probably add each of the two master to each other''s config DB manually. I''m not really sure that this is even useful though in a small install. Probably best to leave them as separate admin servers with the userRoot replicated; that seems to work just fine. -- Daryle A. Tilroe