On Wed, Feb 12, 2025 at 11:37:10AM -0000, alexey@filimonic.net wrote:
I plan few OpenLDAP servers: N readonly secondaries and single writable main.
In my case OpenLDAP is critical as readonly database, and changes are allowed to fail. But I need all readonly replicas contain the same data same time, and I have possibilities to temporarily disconnect readonly secondaries from master.
Is there a some kind of operational\replication mode when:
- Transactional changes over all servers:
Writable main fails writing to database and propagating them to secondaries in case any of secondaries can not receive same changes
- Secondary server may start "empty" and self-register as secondary
server on writeable main, then get in sync. Until sync complete, secondary server will not satisfy any requests from clients.
Hi Alexey, my advice to these sorts of requirements tends to be: - set up some sort of proxy/load balancer in front of the replicas - establish a system for replication monitoring, let this system be in charge of which replicas are exposed through the balancer(s) adding/removing them according to whether they are considered reasonably up-to-date
lloadd or haproxy might be your traffic forwarders (lloadd can certainly be managed online in this way). As a quick and dirty (yet surprisingly robust) solution, you can start with synccheck[0] in a cron-like setup to decide which replicas should be included, this is how I've done it before.
But if you're interested in a more responsive system, synccheck is built on top of a much more powerful (WIP) Python library that you can use for real-time replication monitoring, happy to cooperate if you are interested in developing the coordination layer as it has been on my radar for a while.
[0]. https://git.openldap.org/openldap/syncmonitor
Regards,