Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Fix krb5 with failover

Browse source 
Seems like IPA 4.5.0 broke active/active failover of krb5 KDC.
While we wait on getting that fixed, let's set us up for active/passive failover on the HTTPD end.
Since we can't do active/passive for UDP (there's no checks there), let's just remove ipa02 for those.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2017-09-15 22:50:02 +00:00
parent 369a68a5a2
commit 4005fd5929
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/haproxy/templates/haproxy.cfg
View file

@ -340,7 +340,7 @@ listen ipa 0.0.0.0:10053
balance hdr(appserver)
server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
{% if env != "staging" %}
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
{% endif %}
option httpchk GET /ipa/ui/
@ -354,7 +354,7 @@ listen krb5 0.0.0.0:1088
timeout connect 86400000
server ipa01 ipa01:88 weight 1 maxconn 16384
{% if env == "production" %}
server ipa02 ipa02:88 weight 1 maxconn 16384
# server ipa02 ipa02:88 weight 1 maxconn 16384
{% endif %}
listen docker-candidate-registry 0.0.0.0:10054