19.02.2013 12:54, Timo Sirainen пишет:
Set login_trusted_networks so both servers trust each others. SSL isn't required then. Also the client's real IP address gets proxied to logs/etc then.
With login_trusted_networks I have very strange behavior.
On every of two servers are presented external IP (EIP1&2) and internal IP (IIP1&2). Everyone are listened on all interfaces and trusted for connections from internal network:
listen = *, :: login_trusted_networks = IIP1 IIP2
Client connects on EIP1 and password_query returns
host=IIP2
Server1 proxed to IIP2, but it returns
Error: proxy(...): TTL reached zero - proxies appear to be looping?
I thought that algorithm of the proxy as follows:
Client connects to the EIP Query returns IIP1 or IIP2 If one of them is local, then no need proxy, direct connection, else — proxy to the remote IP.
As result we are get configuration with two replicated servers in master-master mode. Replication via SSH will be only available between remote SSH servers. If one of them fails then external cluster software (like pacemaker) migrates EIP and IIP on the live host and all must be fine. Replication with yourself will not work because SSH connection fails. When the broken server will be repaired, IPs migrates back and replication success.