Multiserver clarifications

Discussion in 'General' started by jmhoms, Mar 18, 2010.

  1. jmhoms

    jmhoms New Member

    root@srv20:/var/log# netstat -tap | grep dns
    tcp 0 0 srv20.amalteahos:domain *:* LISTEN 26447/mydns
    tcp 0 0 localhost.locald:domain *:* LISTEN 26447/mydns
    tcp6 0 0 ip6-localhost:domain [::]:* LISTEN 26447/mydns

    and using the password in mydns.conf i can connect :
    root@srv20:/var/log# mysql -u ispconfig -h localhost -p
    Enter password:
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 1307
    Server version: 5.0.51a-24+lenny3 (Debian)

    Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

  2. till

    till Super Moderator

    Please post the contents of the mydns.conf file (remove the password please).
  3. jmhoms

    jmhoms New Member

    possibly a server_id problem ? , i see that mydns sql filters it ...

    ## INFORMATION (database, db-*)...
    ## PLEASE RUN 'dpkg-reconfigure mydns-mysql' INSTEAD.
    ## ON UPGRADE:
    ## user, group, pidfile, db-*, database

    ## /etc/mydns.conf
    ## Thu Aug 2 16:36:26 2007
    ## For more information, see mydns.conf(5).


    db-host = localhost # SQL server hostname
    db-user = ispconfig # SQL server username
    db-password = XXXXXXXXXXXXXXXXXXXXXXXXXX # SQL server password
    database = dbispconfig # MyDNS database name


    user = nobody # Run with the permissions of this user
    group = nogroup # Run with the permissions of this group
    listen = * # Listen on these addresses ('*' for all)
    no-listen = # Do not listen on these addresses


    zone-cache-size = 2048 # Maximum number of elements stored in the zone cache
    zone-cache-expire = 60 # Number of seconds after which cached zones expires
    reply-cache-size = 2048 # Maximum number of elements stored in the reply cache
    reply-cache-expire = 30 # Number of seconds after which cached replies expire


    log = LOG_DAEMON # Facility to use for program output (LOG_*/stdout/stderr)
    pidfile = /var/run/ # Path to PID file
    timeout = 120 # Number of seconds after which queries time out
    multicpu = 1 # Number of CPUs installed on your system
    recursive = # Location of recursive resolver
    allow-axfr = yes # Should AXFR be enabled?
    allow-tcp = yes # Should TCP be enabled?
    allow-update = no # Should DNS UPDATE be enabled?
    ignore-minimum = no # Ignore minimum TTL for zone?
    soa-table = dns_soa # Name of table containing SOA records
    rr-table = dns_rr # Name of table containing RR data
    soa-where = server_id = 2 # Extra WHERE clause for SOA queries
    rr-where = server_id = 2 # Extra WHERE clause for RR queries
    use-soa-active = yes # To fix bug 295 where active or inactive status is ignored.
    use-rr-active = yes# To fix bug 295 where active or inactive status is ignored.
  4. till

    till Super Moderator

    Please change the lines:

    soa-where = server_id = 2 # Extra WHERE clause for SOA queries
    rr-where = server_id = 2 # Extra WHERE clause for RR queries


    soa-where = server_id = 1 # Extra WHERE clause for SOA queries
    rr-where = server_id = 1 # Extra WHERE clause for RR queries

    and restart mydns.
  5. jmhoms

    jmhoms New Member

    is working now ... thank you very much !!

    do you think installation should have taken care of this change, or its a manual step ? i ask myself because of install/uninstall/install, and im unsure if there may be other issues ... anyway seems logical to be a manual change because its only appliable if mirroring is selected ...
  6. till

    till Super Moderator

    Currently it is a manual step. But I will see if it is not possible to remove these two lines at all in future versions of ISPConfig.
  7. jmhoms

    jmhoms New Member


    so returning to the original topic, with this setup :

    -We can add services to master, and the configuration (db) will be replicated to slave, but not the information, like php files or mails. So as it is, is only usefull for dns (because all info is in db).

    -We can add services directly to slave (vi master cp), and in this case the configuration will only be in the slave db. True ?

    If it work that way, i see the inconvenient that accounts (www,mail) created in master, are less secure, because a security problem in a slave can compromise credentials in master.

    That way, maybe the functionalities not pay the risk, so i guess there is a way to setup a dns zone in a slave that works like a traditional bind secondary zone, being notified from changes from master. Is there any way to implement this scenario with isconfig/mydns ?
  8. till

    till Super Moderator

    No, thats not the case. You use a san, clusterfilesystem or shared NFS server for /var/www and /var/vmail for such setups.

    Yes. Or you combine it with a mirror. You can manage as many servers as you need and mirror some or all of them as needed for a specific setup.

    No, thats not the case. As the slave servers dont have access to these tables on the master.
  9. jmhoms

    jmhoms New Member

    Ok, i understand. This kind of setup is useful when fs is replicated also via any method.

    Now that i have the mirroring activated from master to slave, when i try to add a site or mail domain, cp only let me choose the master server. So i cant add a service only in slave. I guess that in a replicated relationship it makes no sense to create services only in slave. Then that setup is not worth to have dns replicated.

    Actually, as all db is mirrored, per definition, all info is available also in slaves (for example accounts hashed passwords). My needs are two servers, that when one is a main mail server, the other one acts as a relay, the web sites can be in both to load balance, and for dns one must be primary and the other one secondary. That way, the mirrored setup doesnt work for that setup, and i will be better with two standalone servers, if i can manage how to configure one dns zone to act as secondary.
  10. till

    till Super Moderator

    Thats the case only in your setup. Normally you use other server layouts in multiserver enviroments, these can also be vservers. Example:

    1) One controlpanel server that does not run any services.
    2) 2 DNS Servers, were each server mirros the other one.
    3) One or more mailservers. Mailservers can also be used in form of one or more mirrored clusters were every cluster uses a shared network drive.
    4) One or more webservers. Webservsers can also be used in form of one or more mirrored clusters were every cluster uses a shared network drive.
  11. jmhoms

    jmhoms New Member

    Ok, i see how usefull is in large scale deployments.

    For my needs, that i'm sure are common to many other people, maybe the best ispconfig implementation is with no mirroring (two standalone server or master/slave).

    To solve the dns primary/secondary issue, im thinking in manually create a replication of only dns tables (would be great to check select what to mirror in the cp). As an easy alternative, can make slave mydns to query directly master db, but if master server goes down, no dns will work at all, so not a good option.

    Thanks for your patience Till, i'm sure this thread will help many people to plan their scenario.
  12. jmhoms

    jmhoms New Member

    I'm trying to add a --replicate-do-table to limit what have to be replicated, but i dont find where the replication is defined ... its not in /etc/mysql/my.conf

    how can know what replication options ara active, and where are defined, when :

    -choose to join a slave during expert installation

    -activate mirror from cp
  13. till

    till Super Moderator

    ISPConfig is not using mysql replication as we found it to be not fault tolerant enough for our purposes and it was not possible to configure the records based on a more complex permission scheme.
  14. jmhoms

    jmhoms New Member

    Ok, so how it works then ? where can i look to try to customize ? I'm interested in know what exactly does when master/slave and mirroring options are active.
  15. till

    till Super Moderator

    Take a look at the file /usr/local/ispconfig/server/lib/classes/ it contains a function processDatalog which reads the datalog entrys from the master server, replicates them to the slave if nescessary and then raises the events for the server plugins and modules.
  16. jmhoms

    jmhoms New Member

    ok, i see. Lots of php changes are required, and will fall outside main branch, so i will try to just sync dns tables with mysql replication.

    What tables are synced between master/slave with no mirroring ?

    I guess that with "mirroring" ALL tables are synced, right?
  17. till

    till Super Moderator

    Syncing is not based on tables. It is based on the server_id of individual records.

    No. As explained above, the syncing is not based on tables as every slave gets only the absolute minimum data that is required to run its services for security reasons.

    Mirroring is based on the changeset records that are saved in the sys_datalog table. If you enable mirroring, a specific server will replicate data that is intended for its server_id and also data that is intended for the server_id of the server that he mirrors. Other data from the same tables that is intended for other servers dont get mirrored.
  18. till

    till Super Moderator

    If you want to do a manual mysql replication for dns only, then its enough to mirror just the dns_rr and dns_soa tables, as mydns reads only from these tables.
  19. jmhoms

    jmhoms New Member

    OK, then if i understand correctly, in a master/slave scenario, one service RECORD, (if no mirroring active) will only be available in the db of the correspondant server_id. I guess that there is a trigger/cron that connects from slave to master to fetch the changes (because the sync db user is created in master). So i havent to worry for a "sync" colision if manually setting a dns* table mysql replication, simply just dont add dns zones to slave from cp.

    It's safe to disable the mirror ? or better to uninstall/install again ?
  20. till

    till Super Moderator

    Yes, thats the way it works.


    Just disable the mirror. If you additionally uncheck the dns checkbox which is on the same page then the mirror setting, then the second server will not be presented as an target server for dns records in the interface anymore.

Share This Page