| *** volga629 has parted #wikid (None) | 01:40 | |
| *** volga629 (~bendersky@host7.pythian.com) has joined #wikid | 11:54 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 13:18 | |
| nowen | volga629: did you figure out your token issue? | 13:19 |
|---|---|---|
| volga629 | no yet, but I think network client not configured properly | 13:21 |
| nowen | what is your domain identifier? | 13:22 |
| volga629 | I got talking my primary radius to wikid | 13:22 |
| volga629 | just sec | 13:22 |
| volga629 | 295710486014 | 13:26 |
| nowen | that doesn't look like a zero padded IP address | 13:30 |
| nowen | what is the ip address of the server? | 13:30 |
| volga629 | I don't have public ip | 13:30 |
| volga629 | for right now | 13:30 |
| nowen | it also doesn't look like a private ip | 13:30 |
| volga629 | pirvate ip 10.237.236.131 for lab | 13:33 |
| nowen | so, your domain id should be 010237236131 | 13:34 |
| volga629 | ok what rules for domain id creations, I don't have clue about it | 13:35 |
| volga629 | If I want use network like 10.237.236.0/24 | 13:35 |
| nowen | the tokens talk to the server, so if you're on an internal network, only internal clients will see it | 13:37 |
| nowen | you can NAT the server and route the external traffic internally. if you do, use the external ip for the domain identifier | 13:37 |
| volga629 | If I have radius on the middle it still need go directly to wikid ? | 13:38 |
| nowen | that's a different communication channel. the tokens don't use it | 13:39 |
| volga629 | yes, that only for routers and so on | 13:39 |
| nowen | right | 13:40 |
| volga629 | So can I put for user on DMZ read only replica | 13:40 |
| nowen | I don't follow | 13:40 |
| volga629 | If I need give access to user communicate with wikid for authentication. I prefer create replication node and expose in read mode only | 13:41 |
| volga629 | that master will stay in shadow | 13:42 |
| nowen | I don't what that means, so I'm worried it will not work | 13:42 |
| volga629 | "master server" ----->"cluster Replication Node Read Only" <-------- User authentication | 13:46 |
| volga629 | you see nobody will authenticate to master only to second node | 13:46 |
| volga629 | So back to domain ID, what criteria need to use when creating new domain ? | 13:48 |
| nowen | ok, well, if you use WiKID replication, the users will hit the master. no one will hit the secondary | 13:49 |
| nowen | the domain id needs to be the zero-padded IP address of the server | 13:49 |
| nowen | it needs to be routable | 13:49 |
| volga629 | Ok I understand, that clear | 13:52 |
| volga629 | so why need replication | 13:52 |
| volga629 | ? | 13:52 |
| nowen | replication creates a real-time back up that can easily be promoted | 13:52 |
| volga629 | And If primary going down what happens ? | 13:56 |
| nowen | you promote the secondary | 13:56 |
| volga629 | It doing failover or it manual process ? | 13:57 |
| nowen | it is manual, but can be scripted | 14:05 |
| nowen | you can put a proxy in your dmz and have it talk to the WiKID server | 14:06 |
| volga629 | Is wikid suitable for staff like pacemaker ? | 14:11 |
| nowen | pacemaker? | 14:11 |
| volga629 | cluster | 14:12 |
| nowen | I don't know why not, but I'm not familiar with it | 14:13 |
| volga629 | http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Clusters_from_Scratch/ | 14:14 |
| volga629 | we using it providing all tool for app monitoring and failover | 14:14 |
| volga629 | nowen thank you for information, I will continue on testing | 14:22 |
| nowen | ok - I suspect that pacemaker will work fine. it's really just a tomcat app on centos | 14:23 |
| volga629 | I will need test it and see I can make it work, because database is involved too | 14:32 |
| nowen | you might be able to use the built-in replication for the db. I can show you how to get wikidctl status working | 14:33 |
| nowen | and there's a webpage you can hit to check the status | 14:33 |
| nowen | so, if the master goes down, run the script to promote the secondary | 14:33 |
| volga629 | yes, this will be next stage. First I will correct domain ID and make tokens working and authenticate properly. If I want create domain not per host, but per subnet is this possible ? | 14:35 |
| nowen | hmm. I think what you want is multiple network clients per subnet and not domains | 14:36 |
| volga629 | yes we have user in different subnets like VPN, USER_NET, PUBLIC_DMZ | 14:45 |
| volga629 | specify like 10.237.236.0/24 | 14:46 |
| volga629 | inside this network clinet a 10.237.236.123, client b 10.237.236.45 and so on | 14:46 |
| volga629 | client | 14:47 |
| nowen | do you have different groups of users in each one? | 14:56 |
| volga629 | no | 15:03 |
| nowen | you might also think about having all those subnets talk to your Radius server and have one network client on WiKID: the radius server | 15:03 |
| volga629 | yes need to think about it | 15:22 |
| *** nowen has quit (Ping timeout: 245 seconds) | 17:49 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 18:04 | |
| bman1 | how does a node know its a slave or master, it seems /opt/Wikid/conf/replica.conf is irrelevant it ignores it | 18:21 |
| nowen | do you want to know how to find out if a server is the replicant? | 18:24 |
| bman1 | yes | 18:24 |
| nowen | did you see my response to you yesterday? | 18:25 |
| nowen | bman1: http://www.wikidsystems.com/webdemo/irclogs/2013-03-19.log.html | 18:25 |
| bman1 | that seems to be based on the healthcheck question I asked, so I went about it differently | 18:28 |
| bman1 | figured out a diff way to do a healthcheck but will look at that again and see what it produces | 18:29 |
| nowen | if you do it our way, there's an url you can ping too: https://serverip/wikid/HeartBeat | 18:30 |
| bman1 | ok that gives me incentive to try thanks | 18:34 |
| *** bman1 has parted #wikid (None) | 18:37 | |
| *** bman1 (~burrutia@64.19.224.6) has joined #wikid | 18:40 | |
| *** bman1 has parted #wikid (None) | 18:40 | |
| *** bman1 (~burrutia@64.19.224.6) has joined #wikid | 18:49 | |
| bman1 | ok for the Heartbeat is there anything other than "OK" that should be echoed back in the page? | 18:53 |
| nowen | no | 18:53 |
| bman1 | ok thanks | 18:54 |
| *** bman1 has parted #wikid (None) | 18:54 | |
| *** nowen has quit (Quit: Leaving.) | 19:49 | |
| *** volga629 has parted #wikid (None) | 20:05 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 20:22 | |
| *** nowen1 (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 20:45 | |
| *** nowen has quit (Read error: Connection reset by peer) | 20:45 | |
| *** nowen1 has quit (Quit: Leaving.) | 20:52 | |
| *** nowen (~nowen@99-174-93-102.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 20:52 | |
| *** nowen has quit (Quit: Leaving.) | 22:01 | |
| *** bman1 (~burrutia@64.19.224.6) has joined #wikid | 22:47 | |
| bman1 | ok so for reference in case anyone asks, previously i asked how do I tell where a box defines if it is master or slave, I had seen a file called /opt/WiKID/conf/replica.conf and that is not used, the file is /opt/WiKID/conf/setup.conf ( and this was being overwritten by my config mgmt software ) | 22:50 |
| *** bman1 has parted #wikid (None) | 22:50 | |
| *** volga629 (~bendersky@CPE00090f1b215c-CM7cb21b15b251.cpe.net.cable.rogers.com) has joined #wikid | 23:44 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!