# yum install ipvsadm

IP virtual que sera utilizado no cluster LDAP:

# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.0.2.199
BROADCAST=192.0.2.199
NETMASK=255.255.255.255

# ifdown eth1 && ifup eth1

Implementar Load Balancer na porta 389:

# ipvsadm -A -t 192.0.2.199:389 -s rr
# ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.110 -g -w 1
# ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.111 -g -w 1

Ative o repasse de pacotes através do arquivo /etc/sysctl.conf

# vim /etc/sysctl.conf
[...]
net.ipv4.ip_forward = 1
[...]

# sysctl -p

Para monitorar as conexões execute o comando ipvsadm:

# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.0.2.199:389                     0        0        0        0        0
  -> 192.0.2.110:389                     0        0        0        0        0
  -> 192.0.2.111:389                     0        0        0        0        0

Para definir esta configuração durante o boot, use o comando ipvsadm-save para salvar as regras em /etc/sysconfig/ipvsadm

# service ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm:      [  OK  ]

# cat /etc/sysconfig/ipvsadm
-A -t 192.0.2.199:389 -s rr
-a -t 192.0.2.199:389 -r 192.0.2.110:389 -g -w 1
-a -t 192.0.2.199:389 -r 192.0.2.111:389 -g -w 1

• Executar nas máquinas LDAP Master 01 e LDAP Master 02

Para começar vamos configurar que o kernel Linux, não deve mais responder a solicitações ARP na rede nos servidores LDAP.

# vim /etc/sysctl.conf
[...]
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
 
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

O próximo passo é configurar o IP virtual na interface lo:0 no servidores LDAP.

# cat /etc/network/interfaces 
[...]
auto lo:0
iface lo:0 inet static
	address 192.0.2.199
	netmask 255.255.255.255
[...]

• O teste será feito no servidor slave Replicações Master-Slave

Vamos editar o arquivo de configuração da replicação Slave alterando o nome do servidor:

# cat repica-slave.ldif 
dn: olcdatabase={1}hdb,cn=config
changetype: modify
replace: olcsyncRepl
olcsyncrepl: rid=003 provider=ldap://lvs.laboratorio.com.br type=refreshAndPersist interval=00:00:00:10 searchbase=dc=laboratorio,dc=com,dc=br filter="(objectClass=*)" scope=sub attrs="*" schemachecking=off bindmethod=simple starttls=yes tls_cacert=/etc/ldap/tls/cacert.pem binddn=cn=Replicator,dc=laboratorio,dc=com,dc=br credentials=4linux retry="10 +"

# ldapmodify -x -D cn=admin,cn=config -w senha -f repica-slave.ldif 
modifying entry "olcdatabase={1}hdb,cn=config"

Para testar a Replicação com LVS, pare o servidor e remova a base:

# service slapd stop
# rm -rf /var/lib/ldap/*

Reinicie o LDAP do servidor ldapmaster01 e veja que nossa base no slave já está populada:

# service slapd start

# ldapsearch -x -LLL -b dc=laboratorio,dc=com,dc=br -ZZ
dn: dc=laboratorio,dc=com,dc=br
objectClass: top
objectClass: dcObject
objectClass: organization
o: laboratorio.com.br
dc: laboratorio
 
dn: cn=admin,dc=laboratorio,dc=com,dc=br
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
 
dn: o=matriz,dc=laboratorio,dc=com,dc=br
o: matriz
objectClass: organization
objectClass: top
 
dn: o=filial,dc=laboratorio,dc=com,dc=br
o: filial
objectClass: organization
objectClass: top
 
dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Usuarios
objectClass: organizationalUnit
objectClass: top
 
dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br
ou: Usuarios
objectClass: organizationalUnit
objectClass: top
 
dn: cn=Tim Berners-Lee,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br
uid: timb
cn: Tim Berners-Lee
sn: timb
objectClass: inetOrgPerson
objectClass: posixAccount
loginShell: /bin/bash
uidNumber: 1021
gidNumber: 1021
homeDirectory: /home/timb
 
dn: ou=Computadores,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Computadores
objectClass: organizationalUnit
objectClass: top
 
dn: ou=Agendas,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Agendas
objectClass: organizationalUnit
objectClass: top
 
dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br
ou: Grupos
objectClass: organizationalUnit
objectClass: top
 
dn: ou=Computadores,o=filial,dc=laboratorio,dc=com,dc=br
ou: Computadores
objectClass: organizationalUnit
objectClass: top
 
dn: ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br
ou: Agendas
objectClass: organizationalUnit
objectClass: top
 
dn: ou=restrito,ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br
ou: restrito
objectClass: organizationalUnit
objectClass: top
 
dn: cn=Linus Torvalds da Silva,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=b
 r
uid: linust
sn: linust
objectClass: inetOrgPerson
objectClass: posixAccount
homeDirectory: /home/linust
loginShell: /bin/bash
uidNumber: 1020
gidNumber: 1020
cn: Linus Torvalds da Silva
 
dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br
ou: Grupos
objectClass: organizationalUnit
objectClass: top
 
dn: cn=Replicator,dc=laboratorio,dc=com,dc=br
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: Replicator
description: LDAP Replicator