OpenLDAP with LDAPS and N-Way Multi-master replication

We have the following setup:

  • Two OpenLDAP servers – openldap1, openldap2
  • They are to be set up as N-Way multi-master
  • Certificates are all set up correctly with alternate names etc and trust each other

I want slapd to bind to all interfaces on the server, so was hoping to run the service as

/usr/sbin/slapd -u ldap -h ldaps://  

However, this gives

5cabf191 <<< dnNormalize: <cn=subschema> 5cabf191 read_config: no serverID / URL match found. Check slapd -h arguments. 5cabf191 slapd destroy: freeing system resources. 5cabf191 syncinfo_free: rid=002 5cabf191 syncinfo_free: rid=002 5cabf191 slapd stopped. 5cabf191 connections_destroy: nothing to destroy. 

I think i understand this to be because of our replication setup which looks like the following ServerIDs:

dn: cn=config objectClass: olcGlobal cn: config ..snipped.. olcTLSCertificateKeyFile: /etc/openldap/certs/keys/ldapskey.pem olcTLSCertificateFile: /etc/openldap/certs/ldapscert.pem olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem olcServerID: 1 ldaps://openldap1 olcServerID: 2 ldaps://openldap2 entryCSN: 20190409004218.061111Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20190409004218Z contextCSN: 20190409004339.981340Z#000000#000#000000 

I think my error is because slapd -h argument cannot match to a serverID in the list?

If this is the case, how do I work around it?

If i manually run the following it, works, but this doesn’t help me bind to all interfaces.

/usr/sbin/slapd -u ldap -h ldaps://openldap1 

I have an IP that floats between both servers to give high availability if one were to go down, so need slapd to listen on all interfaces.

Multi-master PowerDNS setup

I’m trying to set up multiple PowerDNS hosts (masters), that will write to a Galera MariaDB backend.

I provisioned a HAProxy loadbalancer in front of the Galera cluster nodes and all the PowerDNS masters will connect to the Haproxy VIP. Are there any considerations I need for this, as in multiples writes to the same DB coming from multiple locations?

Also, I was thinking about setting up another Haproxy loadbalancer in front of all the PowerDNS masters and have NSedit (PowerDNS frontend GUI) connected to that. Would that be a good idea?

Thanks!

How to set up a multi-master MongoDB in stages?

Background

We are building a web solution that will be used globally. To support the eventual target audience we are trying to design the solution so that it’s hosted in 3 different data centers. users will be routed to the closest server based on location data.

Having said that, to start, we will only deploy this solution to one datacenter, and only users from North America will have this solution available to them.

Technology Set

MongoDB and RethinkDB have has been short listed for the database. We need something that allows multi-master replication, since we need to be able to read and write to the database from any one of the data centers.

Problem

Management wants something delivered in two weeks. The same usual story. They over committed us… under staffed etc.

I need to come up with a design that’s future proof. I’m not familiar enough with MongoDB yet to be confident that I’ve identified all the pieces that I need to deliver right now, and still be future proof.

What I think I know So Far

I think in MongoDB terminology, each data center is a zone. In the final solution, I will have one zone per data center, and in each zone, I will have a primary shard. So in the North America zone, I will have shard A… and that is it’s primary shard. Shard A will be replicated to the Asia Zone… so that if the north american data center goes down, Asia will have it’s data and can kick in.

I also understand that I need to be careful with the shard keys because once I create them, I can’t change them. So I’m thinking of somehow creating a shard based on location. I will know that a request is coming from japan, I send it the “asia” dc, but if it’s coming from France, it’s gonna hit the European DC.

Specific Questions

I’m reading this article; https://docs.mongodb.com/manual/sharding/. Do I need a mongos router in each data center? What about the config server? If I start with just creating “shard A” in Zone North Am, what priority do i give it? Can I worry about priority later?

I’m still mulling things over so I’m sure there are questions I should be asking that I haven’t even thought of yet. If you have any comments or suggestions, I’m all ears. Thank you