==== LDAP Load Balancing ====
<file bash>
# yum install ipvsadm
</file>

IP virtual que sera utilizado no cluster LDAP:
<code bash>
# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.0.2.199
BROADCAST=192.0.2.199
NETMASK=255.255.255.255
</code>

<file bash>
# ifdown eth1 && ifup eth1
</file>

Implementar Load Balancer na porta 389:
<file bash>
# ipvsadm -A -t 192.0.2.199:389 -s rr
# ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.110 -g -w 1
# ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.111 -g -w 1
</file>

Ative o repasse de pacotes através do arquivo /etc/sysctl.conf
<code bash>
# vim /etc/sysctl.conf
[...]
net.ipv4.ip_forward = 1
[...]
</code>

<file bash>
# sysctl -p
</file>

Para monitorar as conexões execute o comando ipvsadm:
<file bash>
# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.0.2.199:389                     0        0        0        0        0
  -> 192.0.2.110:389                     0        0        0        0        0
  -> 192.0.2.111:389                     0        0        0        0        0
</file>

Para definir esta configuração durante o boot, use o comando ipvsadm-save para salvar as regras em /etc/sysconfig/ipvsadm
<file bash>
# service ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm:      [  OK  ]
</file>

<code bash>
# cat /etc/sysconfig/ipvsadm
-A -t 192.0.2.199:389 -s rr
-a -t 192.0.2.199:389 -r 192.0.2.110:389 -g -w 1
-a -t 192.0.2.199:389 -r 192.0.2.111:389 -g -w 1
</code>

==== Configurar servidores LDAP ====
  * Executar nas máquinas LDAP Master 01 e LDAP Master 02

Para começar vamos configurar que o kernel Linux, não deve mais responder a solicitações ARP na rede nos servidores LDAP.
<code bash>
# vim /etc/sysctl.conf
[...]
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
</code>

<file bash>
# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
</file>

O próximo passo é configurar o IP virtual na interface lo:0 no servidores LDAP.
<code bash>
# cat /etc/network/interfaces 
[...]
auto lo:0
iface lo:0 inet static
	address 192.0.2.199
	netmask 255.255.255.255
[...]
</code>

==== Testando o Load Balancer ====
  * O teste será feito no servidor slave [[master-slave|Replicações Master-Slave]]

Vamos editar o arquivo de configuração da replicação Slave alterando o nome do servidor:
<code bash>
# cat repica-slave.ldif 
dn: olcdatabase={1}hdb,cn=config
changetype: modify
replace: olcsyncRepl
olcsyncrepl: rid=003 provider=ldap://lvs.laboratorio.com.br type=refreshAndPersist interval=00:00:00:10 searchbase=dc=laboratorio,dc=com,dc=br filter="(objectClass=*)" scope=sub attrs="*" schemachecking=off bindmethod=simple starttls=yes tls_cacert=/etc/ldap/tls/cacert.pem binddn=cn=Replicator,dc=laboratorio,dc=com,dc=br credentials=4linux retry="10 +"
</code>

<file bash>
# ldapmodify -x -D cn=admin,cn=config -w senha -f repica-slave.ldif 
modifying entry "olcdatabase={1}hdb,cn=config"
</file>

Para testar a Replicação com LVS, pare o servidor e remova a base:
<file bash>
# service slapd stop
# rm -rf /var/lib/ldap/*
</file>

Reinicie o LDAP do servidor ldapmaster01 e veja que nossa base no slave já está populada:
<file bash>
# service slapd start
</file>

<file bash>
# ldapsearch -x -LLL -b dc=laboratorio,dc=com,dc=br -ZZ
dn: dc=laboratorio,dc=com,dc=br
objectClass: top
objectClass: dcObject
objectClass: organization
o: laboratorio.com.br
dc: laboratorio

dn: cn=admin,dc=laboratorio,dc=com,dc=br
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

dn: o=matriz,dc=laboratorio,dc=com,dc=br
o: matriz
objectClass: organization
objectClass: top

dn: o=filial,dc=laboratorio,dc=com,dc=br
o: filial
objectClass: organization
objectClass: top

dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Usuarios
objectClass: organizationalUnit
objectClass: top

dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br
ou: Usuarios
objectClass: organizationalUnit
objectClass: top

dn: cn=Tim Berners-Lee,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br
uid: timb
cn: Tim Berners-Lee
sn: timb
objectClass: inetOrgPerson
objectClass: posixAccount
loginShell: /bin/bash
uidNumber: 1021
gidNumber: 1021
homeDirectory: /home/timb

dn: ou=Computadores,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Computadores
objectClass: organizationalUnit
objectClass: top

dn: ou=Agendas,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Agendas
objectClass: organizationalUnit
objectClass: top

dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br
ou: Grupos
objectClass: organizationalUnit
objectClass: top

dn: ou=Computadores,o=filial,dc=laboratorio,dc=com,dc=br
ou: Computadores
objectClass: organizationalUnit
objectClass: top

dn: ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br
ou: Agendas
objectClass: organizationalUnit
objectClass: top

dn: ou=restrito,ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br
ou: restrito
objectClass: organizationalUnit
objectClass: top

dn: cn=Linus Torvalds da Silva,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=b
 r
uid: linust
sn: linust
objectClass: inetOrgPerson
objectClass: posixAccount
homeDirectory: /home/linust
loginShell: /bin/bash
uidNumber: 1020
gidNumber: 1020
cn: Linus Torvalds da Silva

dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Grupos
objectClass: organizationalUnit
objectClass: top

dn: cn=Replicator,dc=laboratorio,dc=com,dc=br
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: Replicator
description: LDAP Replicator
</file>