-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/30/2010 03:46 AM, David O'Brien wrote:
Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<snip>
[PATCH 2/2] Support SRV servers in failover Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests.
Please keep in mind that there is one more patch on the list which actually uses this feature in back ends. These two only add the code that makes it possible for back ends to use service discovery into the failover code.
This looks doc-worthy... Can somebody explain "SRV servers" and how they work here? My limited understanding makes me think I can define _failover._tcp as SRV records in my DNS with weights and priorities, etc. Is that right?
Pretty much, yeah. For every service that you want to use service discovery with, you need to add a special DNS record in the form of "_service._protocol._domain TTL priority weight port hostname" to your DNS server.
There are usually multiple records like this with different priority (for failover) and different weights (for load balancing).
The client then makes a SRV DNS query in the form of "_service._protocol._domain", for example "_ldap._tcp._redhat.com" and gets back a list of host names along with their priorities and weights. The client then sorts this list according to priorities and weights and connects to the first server in this sorted list.
For full (actually quite readable) explanation, please see RFC 2782. The wikipedia entry on "SRV record" is also quite nice and maybe easier to digest.
How about an example? Has this made it into a man page yet?
Some documentation is in the back end integration patch - look for "[PATCH] Use service discovery in backends". If you could review the man page additions, it would be much appreciated!
Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh.
What's the option? I missed it... :(
Sorry this was not very clear. This is actually not a new configuration option for sssd, but rather a new member of the fo_options structure.
I think it would be nice to use the TTL value here but unfortunately our resolver does not return the TTL field of the SRV records.
Currently this is hardcoded to 8 hours (value pulled out of thin air..).
thanks a bunch~!