Multi-master needs rework for production in compose

[Anton-Latukha]

Section of replication is nasty:

---

Multi master replication

Quick example, with the default config.

#Create the first ldap server, save the container id in LDAP_CID and get its IP:
LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.8)
LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)

#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.8)
LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)

#Add the pair "ip hostname" to /etc/hosts on each containers,
#beacause ldap.example.org and ldap2.example.org are fake hostnames
docker exec $LDAP_CID bash -c "echo $LDAP2_IP ldap2.example.org >> /etc/hosts"
docker exec $LDAP2_CID bash -c "echo $LDAP_IP ldap.example.org >> /etc/hosts"

That's it!...

---

It is impossible to implement in production Compose file.

When I got to this, I'm going to work on it, but also ask your input and collaboration.

I think it can be done by algorithm:
Requirement - hostnames must be ldap.anything as main master, ldap[0-9].anything as other, as domain names.
Then we can do hostnames pattern match:

# This pattern match hostnames with dot, ldap.anything (master server)
echo "$HOSTNAME" | grep -E "^ldap\."
# Then search for ldap2.domain (if needed, ldap3... and so on)
# If lookup is successful - you found host. Do configuration with it (write results to /etc/hosts if it is a proper way)

# This pattern match hostnames with dot, ldap(numbers).anything
echo "$HOSTNAME" | grep -E "^ldap[0-9]+\."
# Then search for master ldap. (if needed, other numbers, ldap3... and so on)
# If lookup is successful - you found master host. Do configuration with it (write results to /etc/hosts if it is a proper way)

This is for any number of hosts, but we can make boundary for two-three.
This is simplicity way, if hostname is starting with ^ldap. - lookup ldap2 and write it, and otherwise. Which is the same I described above :p
Lookup retries/timeout is sufficient option, while next ldap(number) is not found - just stop further lookups.

This obviously part for initialization script, when replication set "true".

It is great to implement for two or three nodes - it is sufficient for majority of setups, I think. But I require your experienced input.

[Anton-Latukha]

Client was unrealistic about LDAP usage in his project.
So there was no work further.

I am also thinking, does replication really used in LDAP.

[kenrestivo-stem]

Replication is really used in LDAP if you want redundancy, multiple locations, and load balancing.

That said, don't use compose in production, and all will be well :)

We use ldap replication on kubernetes in production,
To do so we use 2 deployments of 1 replica each to run openldap, and 3 services.

The services are something like:

• ldap (select pods of deployment 1 and 2)
• ldap1 (select pod of deployment 1)
• ldap2 (select pod of deployment 2)

"ldap" service is used to request the ldap server (it loadbalances request between pods of deployment 1 and 2)

ldap1 and ldap2 services are used for the replication.

The first deployment looks like this :

spec:
  replicas: 1 # keep it to one!
  [...]
    spec:
      containers:
        - name: openldap
          image: osixia/openldap-backup:1.1.8
          env:
            - name: HOSTNAME
              value: "ldap1" #  important same name as the front service name
            - name: LDAP_REPLICATION_HOSTS
              value: "#PYTHON2BASH:['ldap://ldap1', 'ldap://ldap2']"

the second:

spec:
  replicas: 1 # keep it to one!
  [...]
    spec:
      containers:
        - name: openldap
          image: osixia/openldap-backup:1.1.8
          env:
            - name: HOSTNAME
              value: "ldap2" # important same name as the front service name
            - name: LDAP_REPLICATION_HOSTS
              value: "#PYTHON2BASH:['ldap://ldap1', 'ldap://ldap2']"

this is not the best solution since stateful set are availables but it works :)