[ClusterLabs] Openldap and freeradius question
Ken Gaillot
kgaillot at redhat.com
Wed Oct 19 16:49:03 CEST 2016
On 10/19/2016 07:19 AM, Marcos Renato da Silva Junior wrote:
> Hi,
>
>
> In my test environment, I'm using two Raspberry Pi :
>
> rasp1 - openldap (syncrepl mirror mode) + freeradius
>
> rasp2 - openldap (syncrepl mirror mode) + freeradius
>
>
> So I configured Openldap resource and clone it for both nodes :
>
> crm configure primitive slapd_mirrormode ocf:heartbeat:slapd params\
> slapd="/usr/sbin/slapd" \
> config="/etc/ldap/slapd.d/" \
> user="openldap" group="openldap" \
> services="ldap:///" \
> watch_suffix="dc=mrsj,dc=lab" \
> meta migration-threshold="3" \
> op monitor interval=10s
>
> crm configure clone ldap_clone slapd_mirrormode
>
>
>
> And configured Floating IP resource :
>
> crm configure primitive virtual_ip ocf:heartbeat:IPaddr2 \
> params ip="192.168.0.8" nic="eth0" cidr_netmask="24" \
> op monitor interval="10s" timeout="20s"
>
> crm configure colocation virtual_ip_with_slapd inf: virtual_ip ldap_clone
>
> crm configure order virtual_ip_before_slapd inf: virtual_ip ldap_clone
>
> crm configure location prefer_rasp1 virtual_ip 50: rasp1
>
>
>
> At this point :
>
> if Openldap service on rasp1 fail, the Floating IP change to rasp2
> if rasp1 fail, the Floating IP change to rasp2
> if Freeradius service fail on rasp1, the Floating IP still in rasp1.
>
>
>
> So my question is about the best way to add Freeradius resource to this
> environment.
>
> I think something like, but not sure it is correct:
>
> crm configure primitive freeradius lsb:freeradius meta
> migration-threshold="3" op monitor interval=10s
>
> crm configure clone freeradius_clone freeradius
>
> crm configure colocation virtual_ip_with_freeradius inf: virtual_ip
> freeradius_clone
>
> crm configure order virtual_ip_before_freeradius inf: virtual_ip
> freeradius_clone
Looks good to me
BTW a former coworker and I used to joke about converting our clusters
to Raspberry Pis, but this is the first real Pi cluster I've seen. :)
They can be a decent SOHO solution; we had a (single) pi providing a vpn
gateway and dns at a remote site. The lack of ECC RAM is a minus.
More information about the Users
mailing list