From 26c315d481978d099ecb39ad02055962aa7fe940 Mon Sep 17 00:00:00 2001 From: Shawn McKinney Date: Fri, 28 May 2021 14:51:04 -0500 Subject: [PATCH] ITS#9443 add lloadd admin guide --- doc/guide/admin/Makefile | 2 + doc/guide/admin/intro.sdf | 13 ++ doc/guide/admin/load-balancer-scenario.png | Bin 0 -> 16119 bytes doc/guide/admin/loadbalancer.sdf | 169 +++++++++++++++++++++ doc/guide/admin/master.sdf | 3 + 5 files changed, 187 insertions(+) create mode 100644 doc/guide/admin/load-balancer-scenario.png create mode 100644 doc/guide/admin/loadbalancer.sdf diff --git a/doc/guide/admin/Makefile b/doc/guide/admin/Makefile index ef04ca9dcf..4edb4f1c13 100644 --- a/doc/guide/admin/Makefile +++ b/doc/guide/admin/Makefile @@ -37,6 +37,7 @@ sdf-src: \ guide.sdf \ install.sdf \ intro.sdf \ + loadbalancer.sdf \ maintenance.sdf \ master.sdf \ monitoringslapd.sdf \ @@ -69,6 +70,7 @@ sdf-img: \ intro_tree.png \ ldap-sync-refreshandpersist.png \ ldap-sync-refreshonly.png \ + load-balancer-scenario.png \ n-way-multi-provider.png \ push-based-complete.png \ push-based-standalone.png \ diff --git a/doc/guide/admin/intro.sdf b/doc/guide/admin/intro.sdf index bbab488c09..b14c8633e3 100644 --- a/doc/guide/admin/intro.sdf +++ b/doc/guide/admin/intro.sdf @@ -450,3 +450,16 @@ reasonable defaults, making your job much easier. Configuration can also be performed dynamically using LDAP itself, which greatly improves manageability. +H2: What is lloadd and what can it do? + +{{lloadd}}(8) is a daemon that provides an LDAPv3 load balancer service. +It is responsible for distributing requests across a set of {{slapd}} +instances. + +See the {{SECT:Load Balancing with lloadd}} chapter for information +about how to configure and run {{lloadd}}(8). + +Alternatively, the load balancer can run as a module embedded inside of +{{slapd}}. This is also described in the {{SECT:Load Balancing with lloadd}} chapter. + + diff --git a/doc/guide/admin/load-balancer-scenario.png b/doc/guide/admin/load-balancer-scenario.png new file mode 100644 index 0000000000000000000000000000000000000000..8774352a43581a3e2e840097e08fdb7d80948a27 GIT binary patch literal 16119 zc-rl|WpEu$vnD7;i!El!l58xh||EoKWXW@cH;OLsVFajgn)+t1_p*CB`K;51_mDZabF4t^KpJy-Rk(b zgnOxK0+fy1NgSOW%&lzANC2LWW+Y}FR_0(}9xG~b<46I5aH1EgM)0qx3S2{$#;~aj zC-%nogoa@W;GB6cK~*AU`I7^4pAhBbHe{fXp%QU^K9mP9he|sw9|?KDjXN&*D`8@1 zYA)>`+fO3%w9Y+!exio&Z&@68rg?&emZLcFdAI}Xd@QEJ1a`8YfPo>vSbbDUQ%;uK z#KDf<$kf5ujNZe}5$tc`74UF0GO;lOkQkd;SlRQDU3B!2kyx4Xk!i5WG0HiLm|0p$ zdO4e^c*(1pc-fe6nUV?cBk+1~e+aNM0~nEb*xA~>{9GcdTjyVJX~ z&^tI=Ffeg(aWOD5GcYsLeUzYc@w5jRdC=LrkpC6&A2LMETuhv;9067i_9TCwjf@>! z0eoa+A9Rv`3IA*U|0&(x|H*pz(>Zy$@X8UTK@}`iJjvg>R(CRQg%ibW*Sze0L%Ym`%i+TnU#el;J>ga zI9r*0*Z}Y!!pIo@T9V;kru=9bhX2_#{Qtbr|JUi?O8%|n-%9?ioWI{(q$e z;Xi{rGy9K-&ix~F>+dQ&{|Nh_T!f`m;XaZNoM{9Y7zvn^sF141%2|%Phw9?*@XenY zrgJo;8DNQEfna3Hr-rafiggB+8e%p18eP<0XL(39T|a`p26>%9*Y!hVqJoPFqZO41 zj}=XtK0m!LVPFU+fPG6g?V5JU&ER5j`O~P?(*@M`rbC4i`hRzDlW=oE2a&){_9GO5 zuLlwdT02I<>;%WVPM=7E_h&7s)74h=ojB)Hw=VE8Akgy!2-Zku=hq8xw`&l4o|`B4WzS;crX1Rnk*W)$_!6Rpfk6izEQDP; zZzLyKi;8Ksaspdk(e*v0ZHBeeucx`9aiO?nb$#OpnS`rZF;G+UuyS&`hRJqQUrs4; zURnP<&Xv=rj+?O9ujd}W7Jdni7TOPz6%AYnH6)k{BOM3Lh~UEQCA_3aR23ONb&vOY z##G%{fXb=SK$?s*~3XQZ>(5p+N_x@N??T)cU$e^*NirW6$XAj~f zYBCbIpc!6q3d%46c9b~vf{V^Qbist3ivquV;$WqK^yrK3!q2b4Vhn$2y; zR)_M+TVI;LoV6&=w~@a6w!anp?w1S6#pBO6tm15De+b)mduDJ@4zapl?d;HqLVZ|1 zv)A_bOS5g;NJ6gt8DKay?}CKpgm7~I`sCq3t7{D*hy)B3N4)6zv}19zRj|Ktn-{>QWePB;w{ zyh_N>%%1-BGI+GjIJDUM&8y!Jw2rBzgU?t}ssqWcQ$$Kmo|KNm0uOKWg(B3X39oLM zZ1$wjaK@xzu_L8Y9Yabg_3d0xDiSe#;N{??lNZ*{KR^)d`r6u&)93s51!eU=L-y{; zc^8JO&D2%-y;7z{v%re9Vz*wf9Ggc+jitlc^YrX&m?1qN??06ais>w2&Zg$|{ z(((`HeUdlQ(ZP?wZBp#nR%ZJKvY~La%#(L~*Hz=8|7bM??S# zTz^5NphQU<842XT$0wqP^Vip){y7PW3jY0i(EgtOY0dv#c1ZQ``8svYOhLWN!Mnf2 z-!i1X9$z+%2BSnar?&cD{4OG?wpMJ!{&KA3oUMY|)w*4%PM7K)p6i*vQm?q=3>P*Z zEK3mLmtxR&eb)EyvWuJinx^s5@>Xm1oOh~{GAiGSVNt>kax46MilC-AA-x{Lq7ck( z)96E&8@30r7ay!`NLetp%4%t@hGK(hYC6K(#wy|!iMJ#aje z%~B*RUrnR%$;XnRtLS&0C*?{Kg{8n-2)l*++X3t+!PR=`vnJq-JWrM1+vT<;jm8f> z-zG1G`I%;WF_w(`x7BE@0=e{Bknb80f|W+8xi$FX#qNdVkz;Vc`Mmp=>JqX$4_<;{ zeiHS!IytU6C8WV_7#7r;#Qg-VU2fO9RcVJIshoJ-1uZPx3yA+?LSIE?2$fQ5;AB-x z{~d6k+3xN_;2N${2iBnzeAB;XO~Cbg%Gnd|H~5|1f>zC{8?O|^pIwPe|G}yTy*o?; z>Yj$(-bTgO0d>p627-N0?Wd_J>oY1<>Ef_J&h{W%I=ftTV6;hPes$kO!b0@9o$ZDV zUq%1M@C{B_qgZR7B8@=X+DsU2+qWmkdXf)s8YRlS@kx)FFzM()Korw8lQyj$a!pVuphWt(=UH> zz2HqjVVxVeUQJnIw;HCd2!@8{k(9JVNI2;g9z2-Eeuc|AeHs0CC}E9fB;n)Bsf_s) z27#NH_(el4u^fn@q$ZXmA3k+J{^JKkvVOdNsfdAU$n3=?Xb1^LQf?5|(of)hNwd?O zg}#T_UzcD%5KO)z#iu39IXJL$OxjPcDXK}3e=BvI{6oWkdl05X_G0(4Z=o0xITmGO zeZ2V8^zNlaMsHX&EDlYn#K$LgGY5MK8~g6O^=S(spSRT>pLtp3BYU2?Noc&sKlly= zH1y5PrrcIc^nwUN&FqBtfi8l;$FBt9@pA98!iPrzsGtjWQIRSk=K|G6z?^hUknX$N zA^CzJa_~Coulk1D4_u4Dw&iRqu$C6LT)7l6b&qqgq0My2Qldj>n{H>S|}S zvhoZ}mb$w#e~^_HcdikhI6fM?a!bGYopBhd)P}cyeykEgQTph{xJeU*g8hXr?^t@} zoVB&T%NiPshB$Suo)Kpzp(}COY9`%`kSEiMg#Ds2wHVG|W?Ail(h>>`c0D=mUaXKA z_kVBu)#Yp^rRh}1(r?UE`Lq1m51|vq78C8G8ANC=DHzEfpP>!M3L0NS_;6Cvao)dJ zc1`oOq_I00o8LyDjmkA|h+vk^57(P@Xx18*+MKTm_;_{sg%50Z|E!;TsQT!{0k-{t z7XgJqHN-IIN%M2ew?`N+A*(n7u&UCw(fz4hw%4&w&G^29I=O)tgm4+-X#T;Gj(p$MC6p};-y`JZlEx#k ze!wd67BM|TL&waM2Xw2KK;99OZKBRW{_O9X@S}P1v4iOctq#`)W@}Y#O*c2%V3@(= z6ig9kXOEHd*YowJy+13Pu`+1UIiP&o5`5VgdXM+%$%-CKv|7;oO7a?Y+(PYg+dSTU$(*Z8Y^4W0orzb;+ z{TR74Dr;4%3>20wdOFB#Y#@hj0XDtn(X6JXqUabVl%%9FMMaL4>g4P?rnNJjL|IiE zRi;gulG633?y%C*x|{?X0w0|S*X0XjpYRPECjq~-wDpI#nzVF`PP^CI>7=MDZhc{% zJ3Lt&SLQJcm}2v3rLn!WbeENvhup2U$^EDH$yYFZEY+NNKt$}>fmiGsARqtZ1J$Fx ze$4#QE^|*_{QfOG-8TriZ8s4=e%noZNBa!|eLY3PTMdmYUr$f)WMIWSHs%v;{=hy$ z`l(yIQmF_mx86q_diZc55HM~ylbDIOjd(6gLO*qihyr|Jm77;qnWRtthFZG}(63mm zP>{JfdAWC$xH~Mo8$nnAU3v9Enq&zs2^!U(p7zddb&uC}op?Z+jjf5$@y{`s1P^8uB1O6wK zCw(q5ROKI@Uj%_;I9&OC?NgKx19#jTc{$-7LYW1 zspz6mqEOrj3}C=~Wv>@-5h@ID49EE8k-Hj$Ft;m5bnTOHeoZ8e>AvD4kAnU_)?S*H zG!n9zD^U^%P6C`T=|%09FZq)#sMAl@Na5*4(|WV@UU4e;|r`V{;^- zoNqtsktFnCqg%;H>o;#Z4NTp8?&`c|B}Jw2kgX?7D6~LSEN~V_+H$~#6n9Rw0zg*R zuP3|DOzZ6#-}~W+c!QcL?8xONo)!>KT>H(# zcp}ky)YE!<>7PPR1ka8YQa#Sqi+7)^NkujjN9G9OSS(+fg^Hc0=-B_wVj-sIa;`C3 zNCLotgVMF6MS{8&AA7=U;Qwy4!EqxnckOO_f&~YK1J&hhym!W{-}WZ}r8K>?w; z#{Nr{#B1Jp6}yE5t}ZVIaLAZFjVHYqyab5JjkzAs)CXE}LBfM3gRrB8z*=B^#4r5u z!}UPdIpwW>R0a0eAeFZEOSnyreD~ww`VNN$@9xNE8y!0;TqiPbWcdm?*$lI;&BDzH z-)`C4gJ%1QaPMrH)#Ze{rMrI=Vr$jV(2kmtJF}njeCHS}~)QUV*f51=fobyzD zE#K%1&(pTOJ`stMW?IoFyhr=$Np7+;*FFn%_^p|k8dZJtTN7eI8EOe>aH4bDH z9r&ba5xyo&x|aw|&?&FV>I0r-%D%$mCgLgjwzAybKo$kKjRT~*A9E3`%}RXtv+WLR z0k*m;XsV9F+BwN2htQ6YR1g)SP}&AiQwv9c>D!|`mA9?=ni7jULR4aEsceYMaeWxN@&G$w4s9q=|yYg|4x|49Aj4@A@LfK`)D_)BI5ED41`*6PWYc zXSu0rJ0dSQ7A04qTk)zYDyCOa8K`GB!poFnK+yci@6ESR+DcI9ff`kbvm(UaMyc=V zv!%tM$C1>_dIYU6B^52Noq$L-R5)EEpIK-z!Qnu)@+eq+>6pD%h7xp+O4!u6>tW3% zNP3Ty6>02fnToci$QxY^#!gZ!)xOK2TU%p2X6msjQl-9B2a!*#IV9EIwPNe2Jc`Sf zIawv^8Lmn$NZ-sZEV*F4sdnarHa9CE317STR+IoSd#-4`N4*?!5mQ3Zz31zw7!9CT zz88}N`4LNDw=Vs!Ujq&;BLqfDT)d-tBR|H|sq_Yhvet_$>}UK~!a~{AF*BL+Qhg^s zyQ=vs@Ny3c9SMx4Qn+6Q2%7Uvl<$KP6)HU520 z!-PA;49KUkMYm}NhI3zVxIg>7Abm`P-k+x9$RRi~WR2YUxm@(OmXu0M0F6BTN-C3d zK;6!#gJPM^K*6m~D{hq}pVx%G^`4cn4z-odtbm}!`oMV6%#8Y}fEY~e420bT^GTDA zvlXqpe*E-R+nJQwQ9%)4V5==6qEKI`IOrgF+{*<+h+@SV#>RSg0~cW8c;aCZ5DUEB zC8d^ipeW@-5a|PMrh<>H50^2bqWb^=XGhIg;Cz>&vbJlU7d~yQZ8{GC6^U*ZeQ*2c zskB^=5dt`cYo~Pj;b2(s;ijImqx^y4fEL}^T?JxkXx9HxqOhfpAJR9Xw$3pFHc@l+0 z1XvH>xd>8Pr(!ehy1+dIzJis4bqvIccKafwUIj}X*{YL_L9j3k0?yIC=(9)Huo5MEk2EK+>LA;5hi!bF0CpXa4ZPlX}tQHTVUlYdDX zSqwd(uMg|3*YJcNpKT;PI+KozsuhHv>7>AG#+>i(iasUcBntm)USS}K!n)UOB;omi z*b}PRK9pl4AOz}gv**35zMe0SisGka-i|Q^k$#OcDVsTvp7Y6c-@g5J?zezYI2nY9 z9OcbGgTN~#H6?rX{D#nQwxjeI-2-p?oxsE9dt`~#z!HyY4IL9~thb1Wz-P>XF04nk z!#PiA&FMg@*%OPItKYq>=m!cE<=(Qu31;tYMoxajakGY}gX5fRm2*ShTBTE~a1z=j z7Xe6|XlENg_)diEVQ}Pk4Yj_(`n}Lybx5-Gb*70!s_u%Z%NUz6RyB`j1?UDb`7fT8GATNM@ zAxCw_X45dvYy$s!0;%go_@MTiIR`RJfwU2cPss&*3J#$+Gk+UI_6S`KczFnK*;GHzE&5{i3VIZ2a{zF&;dDAvyxt}|KOEjMde%olK|CJQupu-3$FjoO z%>$8tr@rLzBd|vmFbDqjQ-_QD5ERF~T~wi;edE+p?VRSxYcGy+o^b$JSPRMYT~cPX z$iD{~%J@Ul5sPdLhggD-mm7k;^qh)4SH zl`?og19na7%(fi$EGAwTO53%vPhQ@$nPdrO?BP|=8ns$Ji4R;a*{a$jN2-lv_w zL6uG{B2&^?NkpvACV|NTu0p{*V2@8EEz8zqwWjc&F@Ji1el zSFfv8ey!T}QEg0_xyDhtQ9IUtSr3Nksc!NgiT(1gH5Yly(eiQ<3h2rG6@RG1z$iiY z1}@uqAPt8O&yC@wL7mxrSpAJWF4_!h6}C0m;ya8r2h=(@EQ{hQUbfB5&73RMmghC^ zob1jkmtm)0E64?6+An;*)Jd%>95kk7h1L!o`<}kFdx7)`>LaDcRF?6y4s^3a!<@A39C0>*4Caq~kir>s)F;-C@1ciE<3v zlb=rDL-Q|)X(~;w{hM#1@u#6;wo?Ul#vR9)oNGQh%9CF*FQTzNd#Ns&=WGka@cF*j z&5n;vP3#3;JIgC53^RJMZZ9uWhp^DtTzG;P{5oGx$U?+tFEg7Z>kJKjoST2D&JVD1 z^S&9YAWDD>kr1`bV!F7=g^b7fU3{^|!2fg+)={FXChnUVu6UptoC{ujE%gsR z%^NRxZ8xJ__OxYNm!={5@^>dST&I13j`drw$G{wH081$x+l+fj{qGi?3cL{E;i;)d ztf8~y#6UQojy(z0E1oCbzkXY0u@luNdVHfkWo1z4(op{K2Y2br+IXee&Jr3L6)lkJ zTjcueY^6J=W~UWKo)fBT6N)I*v$)uBrEVuXgL3J~3VDQnjRby1iYgi$6ildP1!&qE zEuF}0JLseDeSGlbOo&8%~thAz*N22Zk@o`=PEK>V!#xY zmL{hp_9>E(GbinpQ!C$jk(HNA&K=D>`G~5j8qS@}o&XM`qZpsFNG)I>i%NDNS$l~6 zZE5uzaML#91?c0h1;I)erMp+<+WG|b%_w@RwFg)7*R2v4C}E8!YxwM5e+?7)p5NiL zm2SVPh`)9|J={%0I)ok46PeAhJlulg{CUfXv2=QGB+) z=rRBSR14ClgT+A-EBstPF0om8+!F@TnRYG<$aP!^x=PxkGLNYt0>L_>MLGf*Z_9Sy zdJ{=oZOpf39WnBHT-f0AHfQc3E??+9Ofv8U^)$+IVYLk<9efj4)Kxm)SYDHW-BkQ5 z5Dxl*N3k@L^0oDh-;xfNI|OAd%)VYaY{9A`+#?1}$BTvvZw5-s&_m29iS?SY#~-G# zw5q)cUi7dP;Y#W!nWYf`fhL z5%L%*F+<-G3q&MLm2-3`YQmeJy^!Y@n5U zW6WH&)zN|+5A!n<&EZ@I{wercczHEDQA)RIY5KA}8AM+i}wqBP!}=_9zVM7FSSvX@fQjH5lKYs^B9dDFl0*`#*rps z1UIzzMXZksXyW(m!~BEp^)qoFWZ%g`BJNVYSRSk{awSw8_%nD*KJ$z;-Z`>p1ICCa zpT3PuNtAx`9uHB+fjZ15qOqYhwpWWG9sh0%2AchA7x_QQgFW^4X(?+iH*BUT1pQ%6 zJBCY&(zfH)D;q8iNPpg`Owa){ScfZo z=`W-Do<-Gx|CyEX{s!0|f=$W-e-4thWBHuHiY|UfaXP29*4&(MGiJ?+m@?Nvjv871 zjR|Xi)x8h~Kn#x6;9lTfz!DuWeSj1lVcE8oG<@EcVqxH)7o#73wfm!HIlZG~behlS zK#uoup<<7K|ND=i99{3(44-yUU$-?bY^S-UE85p<7Jh$!qWB)(@YC!*U7!8CDrzvW z-y@QcTDn>M%T_&A4fUki6GpH&TwiLi1_Q75 zL`3S|5+s|px98`gmBG*_PV0qVs{_yG73!Wo5c&$M_kx6RcyO_qjV8bMST07wr9h8f z?aRU*WDi5eIGNyeeYOz;-hG*!hVfhOt@iY{^6I2E?}EPL{*GR6COL4QReKZpzNg^EFhF&KL{Mc0uwd!zLp=5Gt|wVumtNvXzKm8MIffrCw$Cl|Jt*Nchv zS~BlGyj;Hc;KYa{+_)#boQ!qxmjX}f#Ko_s(qtl|;)Lc|{q))hY)nlrG0uRuRh3_B zpifC1kvP2HVsyKbSL@#=2^sW)wxbF~T=)eqOf}n~t=GmpYBt~@mA9jHJ^aur(_y%* zP~DT;>zh69x(u!t+%-6Gj2j0lc=@{noLNH4c`T=#)31?pzalD}mG986xHGE~Y6)Ra zYZ`tTtLY(GdQNMH*NZVn`II$jWJZVC{1bS>K_*nx{n#jT=MnwU^wUcvvBKd}>xf zSy!3Ri(_@&B48CZe7!hzOxxqpb}@0 zDThgDxCmvME-%*yOtFK3VZ8mt0vHyEO0mg$z;DuBC@E@1PCZL zRk{SE1+uEDPk|!90CJgxRjBq&MDv9j7uneZI+Uz`*AfzXTzJNN3`WZ4hnVh95d~q_ z+e?!(%?C_b6Iu2o#fjX>s#mnTU#?Yb`Iy_bo4uJbWdq{gAyJ0WiQTh z3wWM#Ve`FgB{RtU!8M%AD0FrKR(fTl<}%r`U*0bTYHqX!ea>K7dsb~TJYI$3*NN`> zJ^83jEYQ3?9bVw96)U8+6lFebYOCfPx*`TuSvHpnWJL`u48$x0;JK1H5>h{xPlA5J ze&_j0$-fO0>#=Q+JSRbscsNtvzwv}c-DwNH^&*N#*zJFyGU018NXzJ2`9r$~mu$Yx zbolgjdP=QP?mYj~@i=vya4|y-O=G=uwRDFIm7%a1PW1`AF8oqJ5DZ@+i(;bYd%`(9 znCS2jCa=It@VOpe^kF}PKt<=>ii|Ux98Yub>Ge-@NC#bBh_`6$WLhmzoj7fVwRh4$ zuJNDnk8NdRlh{>{E|d$uD%*u=Mv=6i5#eG5p$mcw1QJke@LUf3Z{vC@@)|h|JWFKf z8$Agv(|Yb7NBvy5Ht$=5=kl7jlXXBdT6KiZ=L0vh3_dE`MG`ddf)9o#SA6-OJwBH~ zS0hCA7WeX^ffdMkK?puv!kzqv9_I*gT^uuBZLyuB%w_IBe|Ta(Og{>mX2VT)8u;2c zJVl{I9ZkroFTi`r#oK~fI@-HfjI3QRWGINKjT?-|J7K7>=_iFqJjKh2QVQUZL;)=FF7H_ zQ%hu|LD_;z?}en`iBy3=!2Nxb^)(7$3JNm;pLVO0BVK0eTffxBVh;KtlFDRnM|5>jD}FRoY5Bm#J{hf>D? zfyeuV#LGyWHaJp6!Pe;*0qRIxz}7yJ`G~h<@>}WfAj&@FnQv7Xo`6gj3@Llh%2d&U zB6>G|4N>v4otBx@j(_`4}T(xrTmJxVcNnLFQqVUWX+%e*%&+{Z!KB*j~W_A>fU`ws zn56qQH7(QzPCX`bq1|k1wBKUjvt}m0K<>V-tfyuL>Q06S>qXAX!(cz(sXO)l>0?it za@|s9F@%nDO>$0H%&Vw7nh*Ioz^Io`h`a}r6FbHC#?er*cCo975DHASJOV>0c-$3Y zCj7Z5!e;+iM#0ekQ7SfLu$LIV@`^~M$WGH?YRzuUiFI5%+FX;f#h7zaEqC< z-4n?(qE%NAPAI116TSyE#`OA+XQhA}{ zFC4D9bBbs>d;tqv=t#d{iBEEYi4Y+ibyeE;1Pas=ZRr(wyniuDL43nOzgsE8_n@1# z3ms%7<-Kkv6|l6pZ5n5yilZ~Uo;(-rHO}A+MX+0EV|#P3Fj_jf;ommJQI{9rk1k$6 z0VfAAjQ+IsBb+ZO$hbaLF zl}akIgHhkGE1Quqd)A!{4UPP}s^LYwhMo@ebb$UamO^1PI5-6tJy=^(KKAnMl7H-O z$&D;Ogv3ujeqzHy05lYynp(;KJD2utlVgqh$ze*n^hS2;!0_Qwrd{3dj&ZACgt0pF z!M%TqV8OJdS>;lUUY7|!ezsR96thx-LJL14Y5_MOb437#lkAZGi2!r5p*T4wYB*3Q zm~MOmc_E8S^Zx+XwQ5cVc4)G*V-Ob?nR7eFb3^xGWB0?3owH>I8wS~)o*^Zb8$fM` zKdmFXwPFp8bEnj_&ThD2w(GZ_N;zL~^_mdv-x&fQ{0sVz%%g^<@5&ZFSXG*1&_Sr=>u`tBc9qJryc>L+$XjN@2LwV6tXjXO8blUKtcuqmYen+b>{%#K{tc!tIp{t-C&R}mi6r$!{Pg1gm9 zpQ-ITNn;D)0DY<2yT5gm3tcHr37Kkx`Cy~)B*?(N*SUL6_}mjf-9d>}kwSj*I?wWe z;&sG|G$$__EJsfygl<7Oe@*Y5xNw4EeOEvGGYswgIlGLX9;YylF*#u@1SC0BJ^KT5ep5E7ucA(J?in|uq|U`8y;%; zO)&c_J$=cYtk5K````+@Kb+WCcqF%RZhesVW`yq@3J&20G$1Y@Xm&sdHX(oiJL!MA(!O6TYM;q&g3*QCQiQz%{> zYGyIaY^lhrrN#7xD*T*r>Hi)Ipnz7kD{EuAXEPATO=>+x_z-GgeutQWp{ZqbkOMR@ zpQ@PlBqJ}>UslugfJMjl&DXVDxaprP-SW4DkQzdr65K=V9Wcm$JHXd9hXkf@d5F*x z=l5&Z!11f+4}qD_u|bfqRtfoYabWvB_U-A`^(!~|@fr1i&Z8=;kZ|VbtH879<`NRo zq-0|olm`gc!_yKFtc!az=rniPLAl$gUCQlKA z&t?KR4%5wK3@?MeeR(*+@)|v4$EqlD7)*K9)*W2d%MYa?2!Ue_T}66&s`c&YYx8vR za1{!iHPExW-`|Ip)vu8^P~B??Ku)7EtY765&p{?U1c-^r7jE`|W_*K%B&@AN7+P5Z zTR9sTcy%x4S>?kriw&hb)O>{f{r4toB9c(YwIQLQ za_kus^E=7PmDu`zv91%3H<7UlmUqO}uH0IW`&2%!=LDM{Qy_1XU5pL7iB(T3@0X6y z-~;XCK#2>1=w8B7G-8Co16HJ5Ew~4tD4L1hMrBxqaWiyeQ7CTag0B!rT%_#m@8YHN zOeGrX1{b3yRHB3|$EMGwD8CF@iLQqr1Hp9s45qIyu&>|xYkYdD-nC?;&+m1_JfChe zGsohOS_hkIAngnJ!*~`(Sn)h69GLkI6iAySgkR1^;+R`av2q36>dZ9Qb~$_DS%V@1 zA_P|rVd7$A;xa5*ai$y>768+SuIV<1BfGTCxm__ot#FGBK~gtXWF5($P3Pw zHKr-0=Sesj5kd2~*P1UXNoV-l+ToIhes=BnhTolp+QrE7}Iyt}WjzX%?xXTki%n2(+i zTiM|$q6u|8!gQR$QwbYMtf%nsoju*Drvjnc1M*^;=PRvR6-c+vB`8907#+O8sstQ` zqtlZo04^X(sE2Cp7gCKu+*J^{4g>BwY{hnF%Vh|zM_XBxj#Bc=Uo@&{{s0S(CR(Su z0oX220^9=AT9L(u)N)AAn|u3kvte!@0+lWY$|msS8;!f8`lT-XhaMI&LF@4_cJr;+ zt=+;hVG_bb%ndNe9^K&=-1%AtO(1idd$&Hy^23f+XNKoKvR5P+Tz?=r8S2U!_9^^p z)Y#2j;!kM%N;jsf%7bq`k8B8puo-~m?XZ&rbWRZFDW?3?*YYi9ZV6?Mzew44(=XHn z3&CRs3tB#Fh`!*@JsnXFw)0>0+V^|=UDNDB-ye3~A2s+ZDvL|Uhg+O0;QIT>O&|)! zxmAU0D0(Zm+8Y$5CRrC$L3V&sV~*WeFa5S>P6&lO1&$j7S+uLit#gH0bK0S8ct@?O z()mR%tQ8_$3{*5YE9)g5CS8*a82aH<3HsFJ9hqc#MYQx`1gZLP~|KDMaxrxfTMXXdUhY)p}L_w&HD_ zgi#b_wX;)Gi24Ey-=$q)3v!$~wii@L>Ew#P6Y=8YdRM={C87WCHj!~bOeTgSs9(QY zYQvSt2FBu(@)9)Lhu%yDdtap3kirGc%$)*@>&=l?5=bo<7cKdTS7aE@j*y>^s2aIk zjs*k^!B$e~ENi;L+*YjaPQpixG_ggk z^Jq4g<4&Yu%YZ{qU!~UA<)$x(Chg^{#0xP2)?Z+_r9^%G)+9$t-|r*Ccb|yp;Ar|F zBEGHr)s!p$cTdhYfX7AGv-)e>L4Ud0@tynTw*dj8AoL^@fe@v_?^!>YOoo3ye2o!b zgtU?~WzQgi(@XhhL#`z1()0D|o~QNC6i(`20&IZ9*fz{6stz{rCR@ zp+}o~78cL^&g}X5d8Qa5IS;qyDA4rSinqSt*E(;Gy+8e7NY+}7a1KVK-M4^lny-eL z>+;oqA@ssGqf%1azkZ3vxwqkHDhs2eAtq0TnKu}Xj0B|Pum#e5ga5z65wl9hC#Avq z^&s#}j;maxd@u8aaqGxTZ??nN76KO)-I9_vb_cMY5F%qato*W=;T>T3kN-CM18#2t z^~}sT2&SUqNxEuc<@ySuYM4^ogxq=Y5m5-TUVL6T$i7Nw;ywN#d=4BEHcaCDr?*EF zldH_h)>pq*C#UbQ5S&%&*X#CUNHEvbG*7OJ)W0E~0(9u(N&a_0;{PXyaOocq_>MIb V1f(ja@ZX=qrNrb#tA!1N{s*~7=g|NF literal 0 Hc-jL100001 diff --git a/doc/guide/admin/loadbalancer.sdf b/doc/guide/admin/loadbalancer.sdf new file mode 100644 index 0000000000..2f9061d999 --- /dev/null +++ b/doc/guide/admin/loadbalancer.sdf @@ -0,0 +1,169 @@ +# $OpenLDAP$ +# Copyright 2021 The OpenLDAP Foundation, All Rights Reserved. +# COPYING RESTRICTIONS APPLY, see COPYRIGHT. +H1: Load Balancing with lloadd + +As covered in the {{SECT:Replication}} chapter, replication is a fundamental +requirement for delivering a resilient enterprise deployment. As such +there's a need for an LDAPv3 capable load balancer to spread the load between the +various directory instances. + +{{lloadd}}(8) provides the capability to distribute LDAP v3 requests between a +a set of running {{slapd}} instances. It can run as a standalone daemon +{{lloadd}}, or as an embedded module running inside of {{slapd}}. + +H2: Overview + +{{lloadd}}(8) was designed to handle LDAP loads. +It is protocol-aware and can balance LDAP loads on a per-operation basis rather +than on a per-connection basis. + +{{lloadd}}(8) distributes the load across a set of slapd instances. The client +connects to the load balancer instance which forwards the request to one +of the servers and returns the response back to the client. + +H2: When to use the OpenLDAP load balancer + +In general, the OpenLDAP load balancer spreads the load across configured backend servers. It does not perform +so-called intelligent routing. It does not understand semantics behind the operations being performed by the clients. + +More considerations: + + - Servers are indistinguishable with respect to data contents. The exact same copy of data resides on every server. + - Clients do not require 'sticky' sessions. + - The sequence of operations isn't important. For example, read after update isn't required by the client. + - If your client can handle both connection pooling and load distribution then it's preferable to lloadd. + - Clients that require a consistent session (e.g. do writes), the best practice is to let them set up a direct session to one of the providers. The read-only clients are still free to use lloadd. + - 2.6 release of lloadd will include sticky sessions (coherency). + +H2: Runtime configurations + +It deploys in one of two ways: + +^ Standalone daemon: {{ lloadd }} ++ Loaded into the slapd daemon as a module: {{ lloadd.la }} + +It is recommended to run with the balancer module embedded in slapd because dynamic configuration (cn=config) and the monitor backend are then available. + +{{B: Sample load balancer scenario:}} + +!import "load-balancer-scenario.png"; align="center"; title="Load Balancer Scenario" +FT[align="Center"] Figure: Load balancer sample scenario + +^ The LDAP client submits an LDAP operation to +the load balancer daemon. + ++ The load balancer forwards the request to one of the backend instances in its pool of servers. + ++ The backend slapd server processes the request and returns the response to +the load balancer instance. + ++ The load balancer returns the response to the client. The client's unaware that it's connecting to a load balancer instead of slapd. + +H2: Build Notes + +To build the load balancer from source, follow the instructions in the +{{SECT: A Quick-Start Guide}} substituting the following commands: + +^ To configure as standalone daemon: + +..{{EX:./configure --enable-balancer=yes}} + ++ To configure as embedded module to slapd: + +..{{EX:./configure --enable-modules --enable-balancer=mod}} + +H2: Sample Runtime + +^ To run embedded as {{ lloadd }} module: + +..{{EX: slapd [-h URLs] [-f lloadd-config-file] [-u user] [-g group]}} + + - the startup is the same as starting the {{ slapd }} daemon. + - URLs is for slapd management. The load balancer's listener URLs set in the configuration file or node. (more later) + ++ To run as standalone daemon: + +..{{EX: lloadd [-h URLs] [-f lloadd-config-file] [-u user] [-g group]}} + + - Other than a different daemon name, running standalone has the same options as starting {{ slapd }}. + - -h URLs specify the lloadd's interface directly, there is no management interface. + +For a complete list of options, checkout the man page {{ lloadd.8 }} + +H2: Configuring load balancer + +H3: Common configuration options + +Many of the same configuration options as slapd. For complete list, check +the {{lloadd}}(5) man page. + +.{{S: }} +{{B:Edit the slapd.conf or cn=config configuration file}}. + +To configure your working {{lloadd}}(8) you need to make the following changes to your configuration file: + ^ include {{ core.schema }} (embedded only) + + {{ TLSShareSlapdCTX { on | off } }} + + Other common TLS slapd options + + Setup argsfile/pidfile + + Setup moduleload path (embedded mode only) + + {{ moduleload lloadd.la }} + + loglevel, threads, ACL's + + {{ backend lload }} begin lloadd specific backend configurations + + {{ listen ldap://:PORT }} Specify listen port for load balancer + + {{ feature proxyauthz }} Use the proxy authZ control to forward client's identity + + {{ io-threads INT }} specify the number of threads to use for the connection manager. The default is 1 and this is typically adequate for up to 16 CPU cores + +H3: Sample backend config + +Sample setup config for load balancer running in front of four slapd instances. + +>backend lload +> +># The Load Balancer manages its own sockets, so they have to be separate +># from the ones slapd manages (as specified with the -h "URLS" option at +># startup). +>listen ldap://:1389 +> +># Enable authorization tracking +>feature proxyauthz +> +># Specify the number of threads to use for the connection manager. The default is 1 and this is typically adequate for up to 16 CPU cores. +># The value should be set to a power of 2: +>io-threads 2 +> +># If TLS is configured above, use the same context for the Load Balancer +># If using cn=config, this can be set to false and different settings +># can be used for the Load Balancer +>TLSShareSlapdCTX true +> +># Authentication and other options (timeouts) shared between backends. +>bindconf bindmethod=simple +> binddn=dc=example,dc=com credentials=secret +> network-timeout=5 +> tls_cacert="/usr/local/etc/openldap/ca.crt" +> tls_cert="/usr/local/etc/openldap/host.crt" +> tls_key="/usr/local/etc/openldap/host.pem" +> +> +># List the backends we should relay operations to, they all have to be +># practically indistinguishable. Only TLS settings can be specified on +># a per-backend basis. +> +>backend-server uri=ldap://ldaphost01 starttls=critical retry=5000 +> max-pending-ops=50 conn-max-pending=10 +> numconns=10 bindconns=5 +>backend-server uri=ldap://ldaphost02 starttls=critical retry=5000 +> max-pending-ops=50 conn-max-pending=10 +> numconns=10 bindconns=5 +>backend-server uri=ldap://ldaphost03 starttls=critical retry=5000 +> max-pending-ops=50 conn-max-pending=10 +> numconns=10 bindconns=5 +>backend-server uri=ldap://ldaphost04 starttls=critical retry=5000 +> max-pending-ops=50 conn-max-pending=10 +> numconns=10 bindconns=5 +> +>####################################################################### +># Monitor database +>####################################################################### +>database monitor diff --git a/doc/guide/admin/master.sdf b/doc/guide/admin/master.sdf index 05a00625cf..40a926a7ac 100644 --- a/doc/guide/admin/master.sdf +++ b/doc/guide/admin/master.sdf @@ -84,6 +84,9 @@ PB: !include "monitoringslapd.sdf"; chapter PB: +!include "loadbalancer.sdf"; chapter +PB: + !include "tuning.sdf"; chapter PB: -- 2.47.3