diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-09-15 22:50:02 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2017-09-15 22:53:35 +0000 |
| commit | 4005fd5929c034436e21c56af0322d53cef04e74 (patch) | |
| tree | ec3f36eead8238218bf84286cecab285d7ab3871 | |
| parent | 369a68a5a2e9fb027d7f6726383b0d1639788769 (diff) | |
| download | ansible-4005fd5929c034436e21c56af0322d53cef04e74.tar.gz ansible-4005fd5929c034436e21c56af0322d53cef04e74.tar.xz ansible-4005fd5929c034436e21c56af0322d53cef04e74.zip | |
Fix krb5 with failover
Seems like IPA 4.5.0 broke active/active failover of krb5 KDC.
While we wait on getting that fixed, let's set us up for active/passive failover on the HTTPD end.
Since we can't do active/passive for UDP (there's no checks there), let's just remove ipa02 for those.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
| -rw-r--r-- | roles/haproxy/templates/haproxy.cfg | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index be1e5b5d4..cda10abc5 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -340,7 +340,7 @@ listen ipa 0.0.0.0:10053 balance hdr(appserver) server ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem {% if env != "staging" %} - server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem + server ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup {% endif %} option httpchk GET /ipa/ui/ @@ -354,7 +354,7 @@ listen krb5 0.0.0.0:1088 timeout connect 86400000 server ipa01 ipa01:88 weight 1 maxconn 16384 {% if env == "production" %} - server ipa02 ipa02:88 weight 1 maxconn 16384 + # server ipa02 ipa02:88 weight 1 maxconn 16384 {% endif %} listen docker-candidate-registry 0.0.0.0:10054 |