LDAP Multi Master Replication
|This article applies to the following ZCS versions.|
Zimbra Multi-Master Replication
The ability to have more than a single functioning master has been added with ZCS 8.0 and later. This document details the steps required for setting up a Multi-Master configuration, as well as how to perform administrative tasks such as promote an existing replica to be part of the multi-master pool. Multi-Master Replication will be shortened to MMR for the rest of this document.
Two example hostnames will be used throughout this document.
master1.example.com (Primary master) master2.example.com (Secondary master that is being added)
Data to have before starting
* Zimbra Admin LDAP Password * LDAP replication password * NGINX LDAP password * Amavis LDAP password * Postfix LDAP password
Enabling Multi-Master replication on an existing Single node master
This assumes you already have an installed single-master ZCS LDAP server that is not already enabled for MMR. Enabling MMR is a manual one-time step. You will need to know the hostname of the secondary master you plan on adding into the multi-master pool before you can enable MMR on your standalone master.
On the single-node master as the zimbra user:
* ./libexec/zmldapenable-mmr -s 1 -m ldap://master2.example.com:389/ * zmlocalconfig -e ldap_master_url="ldap://master1.example.com:389 ldap://master2.example.com:389"
Executing these commands will do the following:
* Set this master's Server ID (sid) to 1. Please see section on Server ID's. * Tell the master that it will be in a pool with a secondary master named master2.example.com that is listening to LDAP on port 389 * It will use the default Replication ID (rid) of 100 for the secondary master. Please see section on Replication ID's. * Writes initiated from this server will go to ldap://master1.example.com by default. If it is down, they will move to ldap://master2.example.com:389
Installing a Secondary master
To install a brand new secondary master, install ZCS as you normally would for a multi-node installation. zcs-ldap must be one of the packages chosen for installation.
* On the installation menu, choose "1" for common configuration * Change the ldap master hostname to be that of your primary master (Ex. master1.example.com) * Change the admin password to be that of the Zimbra admin password on the primary master
* On the installation menu, choose "2" for LDAP configuration * Choose "4" to change the replication type to mmr instead of replica * The Server ID for this secondary master will default to 2. Leave it unchanged if this is the second master. See more in the Server ID section below. * Change "7" to match the replica password from the primary master * Change "8" to match the postfix password from the primary master * Change "9" to match the amavis password from the primary master * Change "10" to match the nginx password from the primary master
* After installation finishes, update the ldap_master_url to contain both masters, preferring this master. * zmlocalconfig -e ldap_master_url="ldap://master2.example.com:389 ldap://master1.example.com:389"
Promoting an existing replica to be a multi-master
In an existing ZCS setup where there is already a single master and multiple replicas, it is very simple to promote an existing replica to become a secondary master. First make sure you have enabled MMR on the primary master as noted above. Assuming the hostname for this replica is master2.example.com, then:
* Obtain the existing values for the following localconfig values on the current primary master: ldap_amavis_password, ldap_bes_searcher_password, ldap_nginx_password, ldap_postfix_password, ldap_replication_password, zimbra_ldap_password * Update these passwords in localconfig on the replica to be promoted so that they match the values on the current master * /opt/zimbra/libexec/zmldappromote-replica-mmr -s 2 * zmlocalconfig -e ldap_master_url="ldap://master2.example.com:389 ldap://master1.example.com:389"
This will update the replica to be MMR enabled with a Server ID of 2. Please see section on Server ID's. It will automatically be configured to be a paired master with the master it was previously replicating from.
Given the critical nature of the Server ID and Replication ID values in the multi-master configuration, Zimbra ships a utility to easily query this information from the local MMR node. When executed, it will print out the Server ID for this master, plus all multi-master servers it is configured to replicate against and the Replication ID values for those masters for this server.
Server ID information (sid)
Server ID's are unique identifiers used in a multi-master cluster. Each master in the cluster must have a different Server ID. If you have two masters with the same Server ID, MMR will break and chaos will ensue.
Replication ID information (rid)
Replication ID's are unique identifiers that are unique internally to a server. A given master may use the same Replication IDs as another master, but internal to a given master's database, those replication IDs must be unique. This only matters if you plan on having more than two masters.
Configuring more than two masters
Theoretically, you can have as many masters as desired in a master pool. Zimbra does not advise having more than 4 masters at this time.
To add additional masters to an existing MMR pool, the following steps should be taken:
On all existing masters in the MMR pool:
- Run /opt/zimbra/libexec/zmldapquery-mmr to find out the RID values for the existing replication agreements
- Run /opt/zimbra/libexec/zmldapenable-mmr -r <new rid> -m ldap://<new master>:389/ to add a replication agreement for the new MMR master
firstname.lastname@example.org:~$ ./libexec/zmldapquery-mmr Server information ServerID: 1 Master replication information Master replica 1 rid: 100 URI: ldap://ldap2.example.com:389/
email@example.com:~$ ./libexec/zmldapenable-mmr -r 101 -m ldap://ldap3.example.com:389/
firstname.lastname@example.org:~$ ./libexec/zmldapquery-mmr Server information ServerID: 2 Master replication information Master replica 1 rid: 100 URI: ldap://ldap1.example.com:389/
email@example.com:~$ ./libexec/zmldapenable-mmr -r 101 -m ldap://ldap3.example.com:389/
Now start ZCS installation on the new server you wish to add to the pool, as described above in the section Installing a Secondary master. Be sure that when the Ldap replication type is changed to mmr that the Server ID for this new server is set to something unique.
Ldap configuration 3) Ldap replication type: mmr 4) Ldap Server ID: 3
After installation of the additional MMR server is complete:
* Add replication agreements to the new master with the the masters it doesn't yet have an agreement with: firstname.lastname@example.org:~$ ./libexec/zmldapenable-mmr -r 101 -m ldap://ldap2.example.com:389/
* Remember to update the localconfig keys ldap_master_url and ldap_url on all servers. Example: email@example.com:~$ zmlocalconfig -e ldap_master_url="ldap://ldap1.example.com:389 ldap://ldap2.example.com:389 ldap://ldap3.example.com:389" firstname.lastname@example.org:~$ zmlocalconfig -e ldap_url="ldap://ldap1.example.com:389 ldap://ldap2.example.com:389 ldap://ldap3.example.com:389"
email@example.com:~$ zmlocalconfig -e ldap_master_url="ldap://ldap2.example.com:389 ldap://ldap3.example.com:389 ldap://ldap1.example.com:389" firstname.lastname@example.org:~$ zmlocalconfig -e ldap_url="ldap://ldap2.example.com:389 ldap://ldap3.example.com:389 ldap://ldap1.example.com:389"
email@example.com:~$ zmlocalconfig -e ldap_master_url="ldap://ldap3.example.com:389 ldap://ldap1.example.com:389 ldap://ldap2.example.com:389" firstname.lastname@example.org:~$ zmlocalconfig -e ldap_url="ldap://ldap3.example.com:389 ldap://ldap1.example.com:389 ldap://ldap2.example.com:389"