Hi All,
I work on an important infrastructure of 20 LDAP Servers, One Producer and 19 consumers. We are migrating on multimaster-mode achieving 22 server, 2 Producers ( in mirror mode ) and 20 consumers.
I'm here to asking all which is the better way for understanding if all the LDAP servers are synchronized.
We want to create some tools for checking periodically whether there is some consumer not yet synchronized or not.
Could you suggest me something?
We were thinking on analyzing entryCSN, however if we are going to analyze all of them could lead in an overload problem since we are dealing with more then 3 Millions of objects, and we want to check the sync at least every X minutes and not Hours or day.....
Many Thanks in advance
2009/12/24 Andrea Cirulli acirulli@gmail.com:
Hi All, I work on an important infrastructure of 20 LDAP Servers, One Producer and 19 consumers. We are migrating on multimaster-mode achieving 22 server, 2 Producers ( in mirror mode ) and 20 consumers. I'm here to asking all which is the better way for understanding if all the LDAP servers are synchronized. We want to create some tools for checking periodically whether there is some consumer not yet synchronized or not. Could you suggest me something? We were thinking on analyzing entryCSN, however if we are going to analyze all of them could lead in an overload problem since we are dealing with more then 3 Millions of objects, and we want to check the sync at least every X minutes and not Hours or day..... Many Thanks in advance
Hi,
you can look at this Nagios script: http://ltb-project.org/wiki/documentation/nagios-plugins/check_ldap_syncrepl...
It checks ContextCSN values.
Clément.
On Thu, Dec 24, 2009 at 11:07 AM, Andrea Cirulli acirulli@gmail.com wrote:
Hi All, I work on an important infrastructure of 20 LDAP Servers, One Producer and 19 consumers. We are migrating on multimaster-mode achieving 22 server, 2 Producers ( in mirror mode ) and 20 consumers. I'm here to asking all which is the better way for understanding if all the LDAP servers are synchronized. We want to create some tools for checking periodically whether there is some consumer not yet synchronized or not. Could you suggest me something? We were thinking on analyzing entryCSN, however if we are going to analyze all of them could lead in an overload problem since we are dealing with more then 3 Millions of objects, and we want to check the sync at least every X minutes and not Hours or day..... Many Thanks in advance
Hi Andrea,
I wrote a Python script that compare the contextCSN values of a provider and its consumer. I have noticed that in the mirror mode configuration the contextCSN attribute on the providers hold multiple values.
I am working on migrating my OL platform to a similiar setup (but with less read-only consumers). Which replication method are you using: syncrepl or delta-syncrepl? Are your providers sharing a virtual IP address with the help of a heartbeat failover mechanism and are your consumers replicating using this specific IP address?
Thanks.
-- Sam
Hi Sam,
we are using syncrepl mechanism, and we don't decide yet if the consumer will point to a specific IP ( let's say half of consumer on multimaster1 and the rest on multimaster 2) or pointing to Virtual IP of a RADWARE that is in charge of balancing ( only failover not load balancing).
In any case, I have to implent or found a solution more general as possible, in order to handle the two scenarios.
If you have any suggestion or something already implemented I will appreciate your help.
Best Regards, Andrea
On Mon, Dec 28, 2009 at 5:02 PM, Sam Tran stlist@gmail.com wrote:
On Thu, Dec 24, 2009 at 11:07 AM, Andrea Cirulli acirulli@gmail.com wrote:
Hi All, I work on an important infrastructure of 20 LDAP Servers, One Producer
and
19 consumers. We are migrating on multimaster-mode achieving 22 server, 2 Producers (
in
mirror mode ) and 20 consumers. I'm here to asking all which is the better way for understanding if all
the
LDAP servers are synchronized. We want to create some tools for checking periodically whether there is
some
consumer not yet synchronized or not. Could you suggest me something? We were thinking on analyzing entryCSN, however if we are going to
analyze
all of them could lead in an overload problem since we are dealing with
more
then 3 Millions of objects, and we want to check the sync at least every
X
minutes and not Hours or day..... Many Thanks in advance
Hi Andrea,
I wrote a Python script that compare the contextCSN values of a provider and its consumer. I have noticed that in the mirror mode configuration the contextCSN attribute on the providers hold multiple values.
I am working on migrating my OL platform to a similiar setup (but with less read-only consumers). Which replication method are you using: syncrepl or delta-syncrepl? Are your providers sharing a virtual IP address with the help of a heartbeat failover mechanism and are your consumers replicating using this specific IP address?
Thanks.
-- Sam
On Mon, Dec 28, 2009 at 12:39 PM, Andrea Cirulli acirulli@gmail.com wrote:
Hi Sam, we are using syncrepl mechanism, and we don't decide yet if the consumer will point to a specific IP ( let's say half of consumer on multimaster1 and the rest on multimaster 2) or pointing to Virtual IP of a RADWARE that is in charge of balancing ( only failover not load balancing). In any case, I have to implent or found a solution more general as possible, in order to handle the two scenarios. If you have any suggestion or something already implemented I will appreciate your help.
We have decided to point the consumers to a virtual IP fronting the pair of providers for LDAP replication. In my tests where I manually fail over from one provider to the other, syncrepl in refreshAndPersist mode works with no problem. Delta-syncrepl most of the time works. But I had instances where replication was lagging; the consumer manages to contact the active provider, but queries to the accesslog database return no entry when an ldapsearch with the same filter on the command line returns more than one entry. Eventually the consumer would resync again.
I am updating my python script that checks whether a given consumer is in sync with the provider. Once I am done I can share it with you if you wish. Buchan wrote a Perl script that does something similar and works with Nagios: http://www.zarb.org/~bgmilne/hobbit/bb-openldap.pl
-- Sam
Thank you!
If you have some news drop me an e-mail.
In the mean while I'll work on improvements, according my needs, of the script you point me out.
Thank you again Andrea
On Mon, Jan 4, 2010 at 4:58 PM, Sam Tran stlist@gmail.com wrote:
On Mon, Dec 28, 2009 at 12:39 PM, Andrea Cirulli acirulli@gmail.com wrote:
Hi Sam, we are using syncrepl mechanism, and we don't decide yet if the consumer will point to a specific IP ( let's say half of consumer on multimaster1
and
the rest on multimaster 2) or pointing to Virtual IP of a RADWARE that is
in
charge of balancing ( only failover not load balancing). In any case, I have to implent or found a solution more general as
possible,
in order to handle the two scenarios. If you have any suggestion or something already implemented I will appreciate your help.
We have decided to point the consumers to a virtual IP fronting the pair of providers for LDAP replication. In my tests where I manually fail over from one provider to the other, syncrepl in refreshAndPersist mode works with no problem. Delta-syncrepl most of the time works. But I had instances where replication was lagging; the consumer manages to contact the active provider, but queries to the accesslog database return no entry when an ldapsearch with the same filter on the command line returns more than one entry. Eventually the consumer would resync again.
I am updating my python script that checks whether a given consumer is in sync with the provider. Once I am done I can share it with you if you wish. Buchan wrote a Perl script that does something similar and works with Nagios: http://www.zarb.org/~bgmilne/hobbit/bb-openldap.pl
-- Sam
openldap-software@openldap.org
-
Andrea Cirulli -
Clément OUDOT -
Sam Tran