Hi,
I try to replicate pi and my user database as masterand slave
After replication, I cannot login my master privacy idea server.I get this
error:
Authentication failed. (OperationalError) (2003, “Can’t connect to MySQL
server on ‘127.0.0.1’ (111)”) None None
I dont know which configuration file shoud change to fix it.
Can you help me?
Regards…
hi,
Well,
I understand. But. one more question.
My pi.cfg is like this:
import logging
SUPERUSER_REALM = [‘super’]
#SQLALCHEMY_DATABASE_URI = ‘sqlite:////etc/privacyidea/data.sqlite’
#SECRET_KEY = ‘t0p s3cr3t’
#PI_PEPPER = “Never know…”
PI_ENCFILE = ‘/etc/privacyidea/enckey’
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.base’
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.sqlaudit’
PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’
PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’
PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’
PI_LOGLEVEL = logging.INFO
PI_PEPPER = ‘uAIujqnTFRbkQ00TZ_9Kj6gW’
SECRET_KEY = ‘s_LnCyQuADzUZVSEBxoJdNWo’
SQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’
As u see, there is paramater or configs point server IP or hostname.
So if I copy all files under /etc/privacyidea, pi.cfg shows exact configs.
right?
14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı:>
Hi Tevfik,
I am not sure if we are using the same words here.
You need to file-copy this stuff:
/etc/privacyidea/*
Adapt the pi.cfg to point to the DB slave, not the master.Then copy the necessary parts of RADIUS - probably /etc/freeradius.
You will not need to change these files. Usually the contents of all
these file is fixed.Then you will need to setup a replicated database.
(I sent a link earlier)
Variable data is only stored in the database - not in files.So when talking of HA or Replication there have to be taken into account
to things
- Copy the necessary files
- setup the replicated database (which is totally independent of
privacyIDEA)And I have the impression, that you missed 2. ?
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik Ceydeliler:
Hi Tom,
Can you describe briefly how did you that?
For example, I replicate only pi and radius user databases.
and copy enckey and pi.cfg files to slave PI server
But cant achieve to replicate , I cant see enrolled tokens on slave
Can you help me?
Regards…14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole yazdı:
We are currently setup Master/Slave with the Slave in our DR
data center. I have had no issues, but I found the easiest
way to get it working right was to upgrade to MySQL 5.6 as it
uses GTID. This way I didn’t run into duplicate errors,
etc.On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: Hi, you can do it the same way. Setup a PI node in A that refers to DB master in A. Setup a PI node in B that refers to DB slave in B. Both PIs should have same encryption keys! (/etc/privacyidea/enckey and pi.cfg) Now do you master-slave-repl on a DATABASE level! If site A burns down, you can switch to using site B. Regards Cornelius Am Dienstag, den 14.07.2015, 04:42 -0700 schrieb Tevfik Ceydeliler: > Hi, > Problem is; > We have System Center A and Disaster center B > Master PI is located on Site A > Slave PI is located on Site B > So there is no 3rd location to that stores shared db as u told. > Tats why I can use Master-Slave but Slave standby. > How can suppose that PI keeps standby? > > > 14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hello Tevfik, > > privacyIDEA does not keep any states (except OTP counter) and > does not > replicate any data itself. > > I assume you run a setup like this: > > [privacyIDEA A] [privacyIDEA B] > | | > | | > | | > [ DB 1 ]---<replication>---[ DB 2 ] > > So the database is totally transparent and you can do whatever > you want > on the database level. > Well, if you are doing Master-Slave replication, you can not > use the > Slave for active authentication, since during authentication > the OTP > counter is increased in the database. And this information > needs to be > replicated to the other server. Otherwise you can use the same > OTP value > to authenticate on the other server. > > Having said this, you can use any replication scenario on a > database you > wish to. Master-Master, Multi-Master, Master-Slave. In case of > Master > slave the slave would only be a standby. > > Just check the web for your preferred replication setup like >How To Set Up MySQL Master-Master Replication | DigitalOcean
> > Anyway, you can run several privacyIDEA instances with one > virtual DBMS > like this, given that the DBMS provides the availability by > other means: > > [privacyIDEA A] [privacyIDEA B] > | | > | | > | | > [ DBMS with high availablity ] > > > On each privacyIDEA node you need to configure pi.cfg > accordingly. > > I hope this clarifies things. > > Kind regards > Cornelius > > > Am Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik > Ceydeliler: > > Hi, > > Yes I use mysql. > > I can use master- master replication. But generally we use > > master-slave. Thats all. > > Is there any procedure for replication? > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hi, > > you are running mysql? > > Why not replicate master-master? > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > Tevfik > > Ceydeliler: > > > Hi again, > > > How to replicate if you have two PI server one of > master and > > other is > > > slave? > > > Specially tokens > > > Regards > > > > > > 14 Temmuz 2015 Salı 11:05:28 UTC +3 tarihinde > Cornelius > > Kölbel yazdı: > > > Hello Tevfik, > > > > > > the configuration file, where the SQL > connection is > > configure, > > > is > > > pi.cfg. > > > > > > Usually it is located > at /etc/privacyidea/pi.cfg. > > > > > > See the config file documentation: > > > > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > > > If you are missing anything, you are > welcome to add > > infos to > > > the docs > > > here: > > > > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > > > > Kind regards > > > Cornelius > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > Tevfik > > > Ceydeliler: > > > > Hi, > > > > I try to replicate pi and my user > database as > > masterand > > > slave > > > > After replication, I cannot login my > master > > privacy idea > > > server.I get > > > > this error: > > > > > > > > > > > > Authentication failed. > (OperationalError) (2003, > > "Can't > > > connect to > > > > MySQL server on '127.0.0.1' (111)") None > None > > > > > > > > > > > > > > > > I dont know which configuration file > shoud change > > to fix > > > it. > > > > Can you help me? > > > > Regards.. > > > > -- > > > > You received this message because you > are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group and stop > receiving > > emails > > > from it, send > > > > an email to > privacyidea...@googlegroups.com. > > > > To post to this group, send email to > > > priva...@googlegroups.com. > > > > To view this discussion on the web > visit > > > > > > > > > >> > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > >> > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi again,
How to replicate if you have two PI server one of master and other is slave?
Specially tokens
Regards
14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius Kölbel yazdı:>
Hello Tevfik,
the configuration file, where the SQL connection is configure, is
pi.cfg.Usually it is located at /etc/privacyidea/pi.cfg.
See the config file documentation:
2.5. The Config File — privacyIDEA 3.8 documentation
If you are missing anything, you are welcome to add infos to the docs
here:https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik Ceydeliler:
Hi,
I try to replicate pi and my user database as masterand slave
After replication, I cannot login my master privacy idea server.I get
this error:Authentication failed. (OperationalError) (2003, “Can’t connect to
MySQL server on ‘127.0.0.1’ (111)”) None NoneI dont know which configuration file shoud change to fix it.
Can you help me?
Regards…You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi,
Problem is;
We have System Center A and Disaster center B
Master PI is located on Site A
Slave PI is located on Site B
So there is no 3rd location to that stores shared db as u told.
Tats why I can use Master-Slave but Slave standby.
How can suppose that PI keeps standby?
14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı:>
Hello Tevfik,
privacyIDEA does not keep any states (except OTP counter) and does not
replicate any data itself.I assume you run a setup like this:
[privacyIDEA A] [privacyIDEA B]
| |
| |
| |
[ DB 1 ]——[ DB 2 ]So the database is totally transparent and you can do whatever you want
on the database level.
Well, if you are doing Master-Slave replication, you can not use the
Slave for active authentication, since during authentication the OTP
counter is increased in the database. And this information needs to be
replicated to the other server. Otherwise you can use the same OTP value
to authenticate on the other server.Having said this, you can use any replication scenario on a database you
wish to. Master-Master, Multi-Master, Master-Slave. In case of Master
slave the slave would only be a standby.Just check the web for your preferred replication setup like
How To Set Up MySQL Master-Master Replication | DigitalOcean
Anyway, you can run several privacyIDEA instances with one virtual DBMS
like this, given that the DBMS provides the availability by other means:[privacyIDEA A] [privacyIDEA B]
| |
| |
| |
[ DBMS with high availablity ]On each privacyIDEA node you need to configure pi.cfg accordingly.
I hope this clarifies things.
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik Ceydeliler:
Hi,
Yes I use mysql.
I can use master- master replication. But generally we use
master-slave. Thats all.
Is there any procedure for replication?14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hi,
you are running mysql?
Why not replicate master-master?Kind regards Cornelius Am Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik Ceydeliler: > Hi again, > How to replicate if you have two PI server one of master and other is > slave? > Specially tokens > Regards > > 14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hello Tevfik, > > the configuration file, where the SQL connection is configure, > is > pi.cfg. > > Usually it is located at /etc/privacyidea/pi.cfg. > > See the config file documentation: >2.5. The Config File — privacyIDEA 3.8 documentation
> > If you are missing anything, you are welcome to add infos to > the docs > here: >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > Kind regards > Cornelius > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik > Ceydeliler: > > Hi, > > I try to replicate pi and my user database as masterand > slave > > After replication, I cannot login my master privacy idea > server.I get > > this error: > > > > > > Authentication failed. (OperationalError) (2003, "Can't > connect to > > MySQL server on '127.0.0.1' (111)") None None > > > > > > > > I dont know which configuration file shoud change to fix > it. > > Can you help me? > > Regards.. > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
We are currently setup Master/Slave with the Slave in our DR data center.
I have had no issues, but I found the easiest way to get it working right
was to upgrade to MySQL 5.6 as it uses GTID. This way I didn’t run into
duplicate errors, etc.On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote:
Hi,
you can do it the same way.
Setup a PI node in A that refers to DB master in A.
Setup a PI node in B that refers to DB slave in B.
Both PIs should have same encryption keys! (/etc/privacyidea/enckey and
pi.cfg)Now do you master-slave-repl on a DATABASE level!
If site A burns down, you can switch to using site B.
Regards
CorneliusAm Dienstag, den 14.07.2015, 04:42 -0700 schrieb Tevfik Ceydeliler:
Hi,
Problem is;
We have System Center A and Disaster center B
Master PI is located on Site A
Slave PI is located on Site B
So there is no 3rd location to that stores shared db as u told.
Tats why I can use Master-Slave but Slave standby.
How can suppose that PI keeps standby?14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hello Tevfik,privacyIDEA does not keep any states (except OTP counter) and does not replicate any data itself. I assume you run a setup like this: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DB 1 ]---<replication>---[ DB 2 ] So the database is totally transparent and you can do whatever you want on the database level. Well, if you are doing Master-Slave replication, you can not use the Slave for active authentication, since during authentication the OTP counter is increased in the database. And this information needs to be replicated to the other server. Otherwise you can use the same OTP value to authenticate on the other server. Having said this, you can use any replication scenario on a database you wish to. Master-Master, Multi-Master, Master-Slave. In case of Master slave the slave would only be a standby. Just check the web for your preferred replication setup likeHow To Set Up MySQL Master-Master Replication | DigitalOcean
Anyway, you can run several privacyIDEA instances with one virtual DBMS like this, given that the DBMS provides the availability by other means: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DBMS with high availablity ] On each privacyIDEA node you need to configure pi.cfg accordingly. I hope this clarifies things. Kind regards Cornelius Am Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik Ceydeliler: > Hi, > Yes I use mysql. > I can use master- master replication. But generally we use > master-slave. Thats all. > Is there any procedure for replication? > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi, > you are running mysql? > Why not replicate master-master? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik > Ceydeliler: > > Hi again, > > How to replicate if you have two PI server one of master and > other is > > slave? > > Specially tokens > > Regards > > > > 14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hello Tevfik, > > > > the configuration file, where the SQL connection is > configure, > > is > > pi.cfg. > > > > Usually it is located at /etc/privacyidea/pi.cfg. > > > > See the config file documentation: > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > If you are missing anything, you are welcome to add > infos to > > the docs > > here: > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > Kind regards > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > Tevfik > > Ceydeliler: > > > Hi, > > > I try to replicate pi and my user database as > masterand > > slave > > > After replication, I cannot login my master > privacy idea > > server.I get > > > this error: > > > > > > > > > Authentication failed. (OperationalError) (2003, > "Can't > > connect to > > > MySQL server on '127.0.0.1' (111)") None None > > > > > > > > > > > > I dont know which configuration file shoud change > to fix > > it. > > > Can you help me? > > > Regards.. > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > >> > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hello Tevfik,
privacyIDEA does not keep any states (except OTP counter) and does not
replicate any data itself.
I assume you run a setup like this:
[privacyIDEA A] [privacyIDEA B]
| |
| |
| |
[ DB 1 ]——[ DB 2 ]
So the database is totally transparent and you can do whatever you want
on the database level.
Well, if you are doing Master-Slave replication, you can not use the
Slave for active authentication, since during authentication the OTP
counter is increased in the database. And this information needs to be
replicated to the other server. Otherwise you can use the same OTP value
to authenticate on the other server.
Having said this, you can use any replication scenario on a database you
wish to. Master-Master, Multi-Master, Master-Slave. In case of Master
slave the slave would only be a standby.
Just check the web for your preferred replication setup like
Anyway, you can run several privacyIDEA instances with one virtual DBMS
like this, given that the DBMS provides the availability by other means:
[privacyIDEA A] [privacyIDEA B]
| |
| |
| |
[ DBMS with high availablity ]
On each privacyIDEA node you need to configure pi.cfg accordingly.
I hope this clarifies things.
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik Ceydeliler:
Hi,
Yes I use mysql.
I can use master- master replication. But generally we use
master-slave. Thats all.
Is there any procedure for replication?14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hi,
you are running mysql?
Why not replicate master-master?Kind regards Cornelius Am Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik Ceydeliler: > Hi again, > How to replicate if you have two PI server one of master and other is > slave? > Specially tokens > Regards > > 14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hello Tevfik, > > the configuration file, where the SQL connection is configure, > is > pi.cfg. > > Usually it is located at /etc/privacyidea/pi.cfg. > > See the config file documentation: > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > If you are missing anything, you are welcome to add infos to > the docs > here: > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > Kind regards > Cornelius > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik > Ceydeliler: > > Hi, > > I try to replicate pi and my user database as masterand > slave > > After replication, I cannot login my master privacy idea > server.I get > > this error: > > > > > > Authentication failed. (OperationalError) (2003, "Can't > connect to > > MySQL server on '127.0.0.1' (111)") None None > > > > > > > > I dont know which configuration file shoud change to fix > it. > > Can you help me? > > Regards.. > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/739c203c-9935-4b7b-8227-080a68669488%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi Tevfik,
I am not sure if we are using the same words here.
You need to file-copy this stuff:
/etc/privacyidea/*
Adapt the pi.cfg to point to the DB slave, not the master.
Then copy the necessary parts of RADIUS - probably /etc/freeradius.
You will not need to change these files. Usually the contents of all
these file is fixed.
Then you will need to setup a replicated database.
(I sent a link earlier)
Variable data is only stored in the database - not in files.
So when talking of HA or Replication there have to be taken into account
to things
And I have the impression, that you missed 2. ?
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik Ceydeliler:
Hi Tom,
Can you describe briefly how did you that?
For example, I replicate only pi and radius user databases.
and copy enckey and pi.cfg files to slave PI server
But cant achieve to replicate , I cant see enrolled tokens on slave
Can you help me?
Regards…14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole yazdı:
We are currently setup Master/Slave with the Slave in our DR
data center. I have had no issues, but I found the easiest
way to get it working right was to upgrade to MySQL 5.6 as it
uses GTID. This way I didn’t run into duplicate errors,
etc.On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: Hi, you can do it the same way. Setup a PI node in A that refers to DB master in A. Setup a PI node in B that refers to DB slave in B. Both PIs should have same encryption keys! (/etc/privacyidea/enckey and pi.cfg) Now do you master-slave-repl on a DATABASE level! If site A burns down, you can switch to using site B. Regards Cornelius Am Dienstag, den 14.07.2015, 04:42 -0700 schrieb Tevfik Ceydeliler: > Hi, > Problem is; > We have System Center A and Disaster center B > Master PI is located on Site A > Slave PI is located on Site B > So there is no 3rd location to that stores shared db as u told. > Tats why I can use Master-Slave but Slave standby. > How can suppose that PI keeps standby? > > > 14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hello Tevfik, > > privacyIDEA does not keep any states (except OTP counter) and > does not > replicate any data itself. > > I assume you run a setup like this: > > [privacyIDEA A] [privacyIDEA B] > | | > | | > | | > [ DB 1 ]---<replication>---[ DB 2 ] > > So the database is totally transparent and you can do whatever > you want > on the database level. > Well, if you are doing Master-Slave replication, you can not > use the > Slave for active authentication, since during authentication > the OTP > counter is increased in the database. And this information > needs to be > replicated to the other server. Otherwise you can use the same > OTP value > to authenticate on the other server. > > Having said this, you can use any replication scenario on a > database you > wish to. Master-Master, Multi-Master, Master-Slave. In case of > Master > slave the slave would only be a standby. > > Just check the web for your preferred replication setup like > https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication > > Anyway, you can run several privacyIDEA instances with one > virtual DBMS > like this, given that the DBMS provides the availability by > other means: > > [privacyIDEA A] [privacyIDEA B] > | | > | | > | | > [ DBMS with high availablity ] > > > On each privacyIDEA node you need to configure pi.cfg > accordingly. > > I hope this clarifies things. > > Kind regards > Cornelius > > > Am Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik > Ceydeliler: > > Hi, > > Yes I use mysql. > > I can use master- master replication. But generally we use > > master-slave. Thats all. > > Is there any procedure for replication? > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hi, > > you are running mysql? > > Why not replicate master-master? > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > Tevfik > > Ceydeliler: > > > Hi again, > > > How to replicate if you have two PI server one of > master and > > other is > > > slave? > > > Specially tokens > > > Regards > > > > > > 14 Temmuz 2015 Salı 11:05:28 UTC +3 tarihinde > Cornelius > > Kölbel yazdı: > > > Hello Tevfik, > > > > > > the configuration file, where the SQL > connection is > > configure, > > > is > > > pi.cfg. > > > > > > Usually it is located > at /etc/privacyidea/pi.cfg. > > > > > > See the config file documentation: > > > > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > > > If you are missing anything, you are > welcome to add > > infos to > > > the docs > > > here: > > > > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > > > > Kind regards > > > Cornelius > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > Tevfik > > > Ceydeliler: > > > > Hi, > > > > I try to replicate pi and my user > database as > > masterand > > > slave > > > > After replication, I cannot login my > master > > privacy idea > > > server.I get > > > > this error: > > > > > > > > > > > > Authentication failed. > (OperationalError) (2003, > > "Can't > > > connect to > > > > MySQL server on '127.0.0.1' (111)") None > None > > > > > > > > > > > > > > > > I dont know which configuration file > shoud change > > to fix > > > it. > > > > Can you help me? > > > > Regards.. > > > > -- > > > > You received this message because you > are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group and stop > receiving > > emails > > > from it, send > > > > an email to > privacyidea...@googlegroups.com. > > > > To post to this group, send email to > > > priva...@googlegroups.com. > > > > To view this discussion on the web > visit > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/739c203c-9935-4b7b-8227-080a68669488%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/da4462fe-bfb8-4bb5-a041-db9044d956bc%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/84a320d4-022e-4e5c-af64-f4392bf4a65d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi,
you can do it the same way.
Setup a PI node in A that refers to DB master in A.
Setup a PI node in B that refers to DB slave in B.
Both PIs should have same encryption keys! (/etc/privacyidea/enckey and
pi.cfg)
Now do you master-slave-repl on a DATABASE level!
If site A burns down, you can switch to using site B.
Regards
CorneliusAm Dienstag, den 14.07.2015, 04:42 -0700 schrieb Tevfik Ceydeliler:
Hi,
Problem is;
We have System Center A and Disaster center B
Master PI is located on Site A
Slave PI is located on Site B
So there is no 3rd location to that stores shared db as u told.
Tats why I can use Master-Slave but Slave standby.
How can suppose that PI keeps standby?14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hello Tevfik,privacyIDEA does not keep any states (except OTP counter) and does not replicate any data itself. I assume you run a setup like this: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DB 1 ]---<replication>---[ DB 2 ] So the database is totally transparent and you can do whatever you want on the database level. Well, if you are doing Master-Slave replication, you can not use the Slave for active authentication, since during authentication the OTP counter is increased in the database. And this information needs to be replicated to the other server. Otherwise you can use the same OTP value to authenticate on the other server. Having said this, you can use any replication scenario on a database you wish to. Master-Master, Multi-Master, Master-Slave. In case of Master slave the slave would only be a standby. Just check the web for your preferred replication setup like https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication Anyway, you can run several privacyIDEA instances with one virtual DBMS like this, given that the DBMS provides the availability by other means: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DBMS with high availablity ] On each privacyIDEA node you need to configure pi.cfg accordingly. I hope this clarifies things. Kind regards Cornelius Am Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik Ceydeliler: > Hi, > Yes I use mysql. > I can use master- master replication. But generally we use > master-slave. Thats all. > Is there any procedure for replication? > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi, > you are running mysql? > Why not replicate master-master? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik > Ceydeliler: > > Hi again, > > How to replicate if you have two PI server one of master and > other is > > slave? > > Specially tokens > > Regards > > > > 14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hello Tevfik, > > > > the configuration file, where the SQL connection is > configure, > > is > > pi.cfg. > > > > Usually it is located at /etc/privacyidea/pi.cfg. > > > > See the config file documentation: > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > If you are missing anything, you are welcome to add > infos to > > the docs > > here: > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > Kind regards > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > Tevfik > > Ceydeliler: > > > Hi, > > > I try to replicate pi and my user database as > masterand > > slave > > > After replication, I cannot login my master > privacy idea > > server.I get > > > this error: > > > > > > > > > Authentication failed. (OperationalError) (2003, > "Can't > > connect to > > > MySQL server on '127.0.0.1' (111)") None None > > > > > > > > > > > > I dont know which configuration file shoud change > to fix > > it. > > > Can you help me? > > > Regards.. > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/739c203c-9935-4b7b-8227-080a68669488%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/da4462fe-bfb8-4bb5-a041-db9044d956bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hello Tevfik,
the configuration file, where the SQL connection is configure, is
pi.cfg.
Usually it is located at /etc/privacyidea/pi.cfg.
See the config file documentation:
http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html
If you are missing anything, you are welcome to add infos to the docs
here:
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik Ceydeliler:
Hi,
I try to replicate pi and my user database as masterand slave
After replication, I cannot login my master privacy idea server.I get
this error:Authentication failed. (OperationalError) (2003, “Can’t connect to
MySQL server on ‘127.0.0.1’ (111)”) None NoneI dont know which configuration file shoud change to fix it.
Can you help me?
Regards…You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi,
you are running mysql?
Why not replicate master-master?
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik Ceydeliler:
Hi again,
How to replicate if you have two PI server one of master and other is
slave?
Specially tokens
Regards14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hello Tevfik,the configuration file, where the SQL connection is configure, is pi.cfg. Usually it is located at /etc/privacyidea/pi.cfg. See the config file documentation: http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html If you are missing anything, you are welcome to add infos to the docs here: https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst Kind regards Cornelius Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik Ceydeliler: > Hi, > I try to replicate pi and my user database as masterand slave > After replication, I cannot login my master privacy idea server.I get > this error: > > > Authentication failed. (OperationalError) (2003, "Can't connect to > MySQL server on '127.0.0.1' (111)") None None > > > > I dont know which configuration file shoud change to fix it. > Can you help me? > Regards.. > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi Tom,
Can you describe briefly how did you that?
For example, I replicate only pi and radius user databases.
and copy enckey and pi.cfg files to slave PI server
But cant achieve to replicate , I cant see enrolled tokens on slave
Can you help me?
Regards…
14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole yazdı:>
We are currently setup Master/Slave with the Slave in our DR data center.
I have had no issues, but I found the easiest way to get it working right
was to upgrade to MySQL 5.6 as it uses GTID. This way I didn’t run into
duplicate errors, etc.On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote:
Hi,
you can do it the same way.
Setup a PI node in A that refers to DB master in A.
Setup a PI node in B that refers to DB slave in B.
Both PIs should have same encryption keys! (/etc/privacyidea/enckey and
pi.cfg)Now do you master-slave-repl on a DATABASE level!
If site A burns down, you can switch to using site B.
Regards
CorneliusAm Dienstag, den 14.07.2015, 04:42 -0700 schrieb Tevfik Ceydeliler:
Hi,
Problem is;
We have System Center A and Disaster center B
Master PI is located on Site A
Slave PI is located on Site B
So there is no 3rd location to that stores shared db as u told.
Tats why I can use Master-Slave but Slave standby.
How can suppose that PI keeps standby?14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hello Tevfik,privacyIDEA does not keep any states (except OTP counter) and does not replicate any data itself. I assume you run a setup like this: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DB 1 ]---<replication>---[ DB 2 ] So the database is totally transparent and you can do whatever you want on the database level. Well, if you are doing Master-Slave replication, you can not use the Slave for active authentication, since during authentication the OTP counter is increased in the database. And this information needs to be replicated to the other server. Otherwise you can use the same OTP value to authenticate on the other server. Having said this, you can use any replication scenario on a database you wish to. Master-Master, Multi-Master, Master-Slave. In case of Master slave the slave would only be a standby. Just check the web for your preferred replication setup likeHow To Set Up MySQL Master-Master Replication | DigitalOcean
Anyway, you can run several privacyIDEA instances with one virtual DBMS like this, given that the DBMS provides the availability by other means: [privacyIDEA A] [privacyIDEA B] | | | | | | [ DBMS with high availablity ] On each privacyIDEA node you need to configure pi.cfg accordingly. I hope this clarifies things. Kind regards Cornelius Am Dienstag, den 14.07.2015, 03:19 -0700 schrieb Tevfik Ceydeliler: > Hi, > Yes I use mysql. > I can use master- master replication. But generally we use > master-slave. Thats all. > Is there any procedure for replication? > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi, > you are running mysql? > Why not replicate master-master? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik > Ceydeliler: > > Hi again, > > How to replicate if you have two PI server one of master and > other is > > slave? > > Specially tokens > > Regards > > > > 14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hello Tevfik, > > > > the configuration file, where the SQL connection is > configure, > > is > > pi.cfg. > > > > Usually it is located at /etc/privacyidea/pi.cfg. > > > > See the config file documentation: > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > If you are missing anything, you are welcome to add > infos to > > the docs > > here: > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > Kind regards > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > Tevfik > > Ceydeliler: > > > Hi, > > > I try to replicate pi and my user database as > masterand > > slave > > > After replication, I cannot login my master > privacy idea > > server.I get > > > this error: > > > > > > > > > Authentication failed. (OperationalError) (2003, > "Can't > > connect to > > > MySQL server on '127.0.0.1' (111)") None None > > > > > > > > > > > > I dont know which configuration file shoud change > to fix > > it. > > > Can you help me? > > > Regards.. > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop receiving > emails > > from it, send > > > an email to privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > >> > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi,
Yes I use mysql.
I can use master- master replication. But generally we use master-slave.
Thats all.
Is there any procedure for replication?
14 Temmuz 2015 Salı 12:01:17 UTC+3 tarihinde Cornelius Kölbel yazdı:>
Hi,
you are running mysql?
Why not replicate master-master?Kind regards
CorneliusAm Dienstag, den 14.07.2015, 01:51 -0700 schrieb Tevfik Ceydeliler:
Hi again,
How to replicate if you have two PI server one of master and other is
slave?
Specially tokens
Regards14 Temmuz 2015 Salı 11:05:28 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hello Tevfik,the configuration file, where the SQL connection is configure, is pi.cfg. Usually it is located at /etc/privacyidea/pi.cfg. See the config file documentation:2.5. The Config File — privacyIDEA 3.8 documentation
If you are missing anything, you are welcome to add infos to the docs here:https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
Kind regards Cornelius Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb Tevfik Ceydeliler: > Hi, > I try to replicate pi and my user database as masterand slave > After replication, I cannot login my master privacy idea server.I get > this error: > > > Authentication failed. (OperationalError) (2003, "Can't connect to > MySQL server on '127.0.0.1' (111)") None None > > > > I dont know which configuration file shoud change to fix it. > Can you help me? > Regards.. > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hm,
you need to make sure, that SQLALCHEMY_DATABASE_URI works on master-PI
and slave-PI.
If on both systems, the database is on localhost and accessable with the
given username and password, you do not need to change pi.cfg and you
can have the same file on both systems.
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik Ceydeliler:
hi,
Well,
I understand. But. one more question.
My pi.cfg is like this:import logging
The realm, where users are allowed to login as administrators
SUPERUSER_REALM = [‘super’]
Your database
#SQLALCHEMY_DATABASE_URI = ‘sqlite:////etc/privacyidea/data.sqlite’
This is used to encrypt the auth_token
#SECRET_KEY = ‘t0p s3cr3t’
This is used to encrypt the admin passwords
#PI_PEPPER = “Never know…”
This is used to encrypt the token data and token passwords
PI_ENCFILE = ‘/etc/privacyidea/enckey’
This is used to sign the audit log
This is the dummy base class
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.base’
This is the default
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.sqlaudit’
This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’
PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’
PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’
PI_LOGLEVEL = logging.INFOPI_PEPPER = ‘uAIujqnTFRbkQ00TZ_9Kj6gW’
SECRET_KEY = ‘s_LnCyQuADzUZVSEBxoJdNWo’
SQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’As u see, there is paramater or configs point server IP or hostname.
So if I copy all files under /etc/privacyidea, pi.cfg shows exact
configs. right?14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hi Tevfik,I am not sure if we are using the same words here. You need to file-copy this stuff: /etc/privacyidea/* Adapt the pi.cfg to point to the DB slave, not the master. Then copy the necessary parts of RADIUS - probably /etc/freeradius. You will not need to change these files. Usually the contents of all these file is fixed. Then you will need to setup a _replicated_ database. (I sent a link earlier) Variable data is only stored in the database - not in files. So when talking of HA or Replication there have to be taken into account to things 1. Copy the necessary files 2. setup the replicated database (which is totally independent of privacyIDEA) And I have the impression, that you missed 2. ? Kind regards Cornelius Am Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik Ceydeliler: > Hi Tom, > Can you describe briefly how did you that? > For example, I replicate only pi and radius user databases. > and copy enckey and pi.cfg files to slave PI server > But cant achieve to replicate , I cant see enrolled tokens on slave > Can you help me? > Regards... > > > 14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole yazdı: > We are currently setup Master/Slave with the Slave in our DR > data center. I have had no issues, but I found the easiest > way to get it working right was to upgrade to MySQL 5.6 as it > uses GTID. This way I didn't run into duplicate errors, > etc. > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > Hi, > > you can do it the same way. > Setup a PI node in A that refers to DB master in A. > Setup a PI node in B that refers to DB slave in B. > Both PIs should have same encryption keys! > (/etc/privacyidea/enckey and > pi.cfg) > > Now do you master-slave-repl on a DATABASE level! > > If site A burns down, you can switch to using site B. > > Regards > Cornelius > > > > Am Dienstag, den 14.07.2015, 04:42 -0700 schrieb > Tevfik Ceydeliler: > > Hi, > > Problem is; > > We have System Center A and Disaster center B > > Master PI is located on Site A > > Slave PI is located on Site B > > So there is no 3rd location to that stores shared > db as u told. > > Tats why I can use Master-Slave but Slave standby. > > How can suppose that PI keeps standby? > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde > Cornelius Kölbel yazdı: > > Hello Tevfik, > > > > privacyIDEA does not keep any states (except > OTP counter) and > > does not > > replicate any data itself. > > > > I assume you run a setup like this: > > > > [privacyIDEA A] > [privacyIDEA B] > > | | > > | | > > | | > > [ DB 1 ]---<replication>---[ DB 2 > ] > > > > So the database is totally transparent and > you can do whatever > > you want > > on the database level. > > Well, if you are doing Master-Slave > replication, you can not > > use the > > Slave for active authentication, since > during authentication > > the OTP > > counter is increased in the database. And > this information > > needs to be > > replicated to the other server. Otherwise > you can use the same > > OTP value > > to authenticate on the other server. > > > > Having said this, you can use any > replication scenario on a > > database you > > wish to. Master-Master, Multi-Master, > Master-Slave. In case of > > Master > > slave the slave would only be a standby. > > > > Just check the web for your preferred > replication setup like > > > https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication > > > > Anyway, you can run several privacyIDEA > instances with one > > virtual DBMS > > like this, given that the DBMS provides the > availability by > > other means: > > > > [privacyIDEA A] > [privacyIDEA B] > > | | > > | | > > | | > > [ DBMS with high availablity > ] > > > > > > On each privacyIDEA node you need to > configure pi.cfg > > accordingly. > > > > I hope this clarifies things. > > > > Kind regards > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 03:19 -0700 > schrieb Tevfik > > Ceydeliler: > > > Hi, > > > Yes I use mysql. > > > I can use master- master replication. But > generally we use > > > master-slave. Thats all. > > > Is there any procedure for replication? > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC +3 > tarihinde Cornelius > > Kölbel yazdı: > > > Hi, > > > you are running mysql? > > > Why not replicate master-master? > > > > > > Kind regards > > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > Tevfik > > > Ceydeliler: > > > > Hi again, > > > > How to replicate if you have two > PI server one of > > master and > > > other is > > > > slave? > > > > Specially tokens > > > > Regards > > > > > > > > 14 Temmuz 2015 Salı 11:05:28 UTC > +3 tarihinde > > Cornelius > > > Kölbel yazdı: > > > > Hello Tevfik, > > > > > > > > the configuration file, > where the SQL > > connection is > > > configure, > > > > is > > > > pi.cfg. > > > > > > > > Usually it is located > > at /etc/privacyidea/pi.cfg. > > > > > > > > See the config file > documentation: > > > > > > > > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > > > > > If you are missing > anything, you are > > welcome to add > > > infos to > > > > the docs > > > > here: > > > > > > > > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > Tevfik > > > > Ceydeliler: > > > > > Hi, > > > > > I try to replicate pi > and my user > > database as > > > masterand > > > > slave > > > > > After replication, I > cannot login my > > master > > > privacy idea > > > > server.I get > > > > > this error: > > > > > > > > > > > > > > > Authentication > failed. > > (OperationalError) (2003, > > > "Can't > > > > connect to > > > > > MySQL server on > '127.0.0.1' (111)") None > > None > > > > > > > > > > > > > > > > > > > > I dont know which > configuration file > > shoud change > > > to fix > > > > it. > > > > > Can you help me? > > > > > Regards.. > > > > > -- > > > > > You received this > message because you > > are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" > group. > > > > > To unsubscribe from > this group and stop > > receiving > > > emails > > > > from it, send > > > > > an email to > > privacyidea...@googlegroups.com. > > > > > To post to this group, > send email to > > > > > priva...@googlegroups.com. > > > > > To view this > discussion on the web > > visit > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > > > For more options, > visit > > > > https://groups.google.com/d/optout. > > > > > > > > -- > > > > Cornelius Kölbel > > > > > corneliu...@netknights.it > > > > +49 151 2960 1417 > > > > > > > > NetKnights GmbH > > > > > http://www.netknights.it > > > > Landgraf-Karl-Str. 19, > 34131 Kassel, > > Germany > > > > Tel: +49 561 3166797, > Fax: +49 561 > > 3166798 > > > > > > > > Amtsgericht Kassel, HRB > 16405 > > > > Geschäftsführer: > Cornelius Kölbel > > > > > > > > > > > > -- > > > > You received this message > because you are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group > and stop receiving > > emails > > > from it, send > > > > an email to > privacyidea...@googlegroups.com. > > > > To post to this group, send > email to > > > priva...@googlegroups.com. > > > > To view this discussion on the > web visit > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com. > > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 > Kassel, Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving emails > > from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/739c203c-9935-4b7b-8227-080a68669488%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed > to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving > emails from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/da4462fe-bfb8-4bb5-a041-db9044d956bc%40googlegroups.com. > > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/84a320d4-022e-4e5c-af64-f4392bf4a65d%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/66781460-9b4c-44d7-935e-b604d1812fc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi Tevfik,
the information you provide do not give an clue.
Please read Getting help – privacyID3A.
I suppose this is no big issue, but without the necessary information, I
can not help you accordingly.
Kind regards
CorneliusAm Dienstag, den 14.07.2015, 22:32 -0700 schrieb Tevfik Ceydeliler:
Hi,
I try this,
But I get error during login in webui.
Authentication failed. (OperationalError) unable to open database file
None None
then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg
but not worksSQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’
pi:wZmTUD0G_F6d is username and pasword i think
Dont know why didnt work.14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hm,you need to make sure, that SQLALCHEMY_DATABASE_URI works on master-PI and slave-PI. If on both systems, the database is on localhost and accessable with the given username and password, you do not need to change pi.cfg and you can have the same file on both systems. Kind regards Cornelius Am Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik Ceydeliler: > hi, > Well, > I understand. But. one more question. > My pi.cfg is like this: > > > import logging > # The realm, where users are allowed to login as administrators > SUPERUSER_REALM = ['super'] > # Your database > #SQLALCHEMY_DATABASE_URI = 'sqlite:////etc/privacyidea/data.sqlite' > # This is used to encrypt the auth_token > #SECRET_KEY = 't0p s3cr3t' > # This is used to encrypt the admin passwords > #PI_PEPPER = "Never know..." > # This is used to encrypt the token data and token passwords > PI_ENCFILE = '/etc/privacyidea/enckey' > # This is used to sign the audit log > # This is the dummy base class > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base' > # This is the default > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit' > # This is used to sign the audit log > PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' > PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' > PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' > PI_LOGLEVEL = logging.INFO > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > SQLALCHEMY_DATABASE_URI = 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > As u see, there is paramater or configs point server IP or hostname. > So if I copy all files under /etc/privacyidea, pi.cfg shows exact > configs. right? > > > > 14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi Tevfik, > > I am not sure if we are using the same words here. > > You need to file-copy this stuff: > > /etc/privacyidea/* > Adapt the pi.cfg to point to the DB slave, not the master. > > Then copy the necessary parts of RADIUS - > probably /etc/freeradius. > > You will not need to change these files. Usually the contents > of all > these file is fixed. > > Then you will need to setup a _replicated_ database. > (I sent a link earlier) > Variable data is only stored in the database - not in files. > > So when talking of HA or Replication there have to be taken > into account > to things > > 1. Copy the necessary files > 2. setup the replicated database (which is totally independent > of > privacyIDEA) > > And I have the impression, that you missed 2. ? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik > Ceydeliler: > > Hi Tom, > > Can you describe briefly how did you that? > > For example, I replicate only pi and radius user databases. > > and copy enckey and pi.cfg files to slave PI server > > But cant achieve to replicate , I cant see enrolled tokens > on slave > > Can you help me? > > Regards... > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole > yazdı: > > We are currently setup Master/Slave with the Slave > in our DR > > data center. I have had no issues, but I found the > easiest > > way to get it working right was to upgrade to MySQL > 5.6 as it > > uses GTID. This way I didn't run into duplicate > errors, > > etc. > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > Hi, > > > > you can do it the same way. > > Setup a PI node in A that refers to DB > master in A. > > Setup a PI node in B that refers to DB slave > in B. > > Both PIs should have same encryption keys! > > (/etc/privacyidea/enckey and > > pi.cfg) > > > > Now do you master-slave-repl on a DATABASE > level! > > > > If site A burns down, you can switch to > using site B. > > > > Regards > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > Tevfik Ceydeliler: > > > Hi, > > > Problem is; > > > We have System Center A and Disaster > center B > > > Master PI is located on Site A > > > Slave PI is located on Site B > > > So there is no 3rd location to that > stores shared > > db as u told. > > > Tats why I can use Master-Slave but Slave > standby. > > > How can suppose that PI keeps standby? > > > > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC +3 > tarihinde > > Cornelius Kölbel yazdı: > > > Hello Tevfik, > > > > > > privacyIDEA does not keep any > states (except > > OTP counter) and > > > does not > > > replicate any data itself. > > > > > > I assume you run a setup like > this: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DB 1 > ]---<replication>---[ DB 2 > > ] > > > > > > So the database is totally > transparent and > > you can do whatever > > > you want > > > on the database level. > > > Well, if you are doing > Master-Slave > > replication, you can not > > > use the > > > Slave for active authentication, > since > > during authentication > > > the OTP > > > counter is increased in the > database. And > > this information > > > needs to be > > > replicated to the other server. > Otherwise > > you can use the same > > > OTP value > > > to authenticate on the other > server. > > > > > > Having said this, you can use any > > replication scenario on a > > > database you > > > wish to. Master-Master, > Multi-Master, > > Master-Slave. In case of > > > Master > > > slave the slave would only be a > standby. > > > > > > Just check the web for your > preferred > > replication setup like > > > > > > https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication > > > > > > Anyway, you can run several > privacyIDEA > > instances with one > > > virtual DBMS > > > like this, given that the DBMS > provides the > > availability by > > > other means: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DBMS with high > availablity > > ] > > > > > > > > > On each privacyIDEA node you need > to > > configure pi.cfg > > > accordingly. > > > > > > I hope this clarifies things. > > > > > > Kind regards > > > Cornelius > > > > > > > > > Am Dienstag, den 14.07.2015, 03:19 > -0700 > > schrieb Tevfik > > > Ceydeliler: > > > > Hi, > > > > Yes I use mysql. > > > > I can use master- master > replication. But > > generally we use > > > > master-slave. Thats all. > > > > Is there any procedure for > replication? > > > > > > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC > +3 > > tarihinde Cornelius > > > Kölbel yazdı: > > > > Hi, > > > > you are running mysql? > > > > Why not replicate > master-master? > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > Tevfik > > > > Ceydeliler: > > > > > Hi again, > > > > > How to replicate if > you have two > > PI server one of > > > master and > > > > other is > > > > > slave? > > > > > Specially tokens > > > > > Regards > > > > > > > > > > 14 Temmuz 2015 Salı > 11:05:28 UTC > > +3 tarihinde > > > Cornelius > > > > Kölbel yazdı: > > > > > Hello Tevfik, > > > > > > > > > > the > configuration file, > > where the SQL > > > connection is > > > > configure, > > > > > is > > > > > pi.cfg. > > > > > > > > > > Usually it is > located > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > See the config > file > > documentation: > > > > > > > > > > > > > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > > > > > > > If you are > missing > > anything, you are > > > welcome to add > > > > infos to > > > > > the docs > > > > > here: > > > > > > > > > > > > > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > > > > > > > > > > Kind regards > > > > > Cornelius > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > Tevfik > > > > > Ceydeliler: > > > > > > Hi, > > > > > > I try to > replicate pi > > and my user > > > database as > > > > masterand > > > > > slave > > > > > > After > replication, I > > cannot login my > > > master > > > > privacy idea > > > > > server.I get > > > > > > this error: > > > > > > > > > > > > > > > > > > > Authentication > > failed. > > > (OperationalError) (2003, > > > > "Can't > > > > > connect to > > > > > > MySQL server > on > > '127.0.0.1' (111)") None > > > None > > > > > > > > > > > > > > > > > > > > > > > > I dont know > which > > configuration file > > > shoud change > > > > to fix > > > > > it. > > > > > > Can you help > me? > > > > > > Regards.. > > > > > > -- > > > > > > You received > this > > message because you > > > are > > > > subscribed to the > > > > > Google > > > > > > Groups > "privacyidea" > > group. > > > > > > To > unsubscribe from > > this group and stop > > > receiving > > > > emails > > > > > from it, send > > > > > > an email to > > > privacyidea...@googlegroups.com. > > > > > > To post to > this group, > > send email to > > > > > > > priva...@googlegroups.com. > > > > > > To view > this > > discussion on the web > > > visit > > > > > > > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > > > > For more > options, > > visit > > > > > > https://groups.google.com/d/optout. > > > > > > > > > > -- > > > > > Cornelius > Kölbel > > > > > > > corneliu...@netknights.it > > > > > +49 151 2960 > 1417 > > > > > > > > > > NetKnights > GmbH > > > > > > > http://www.netknights.it > > > > > > Landgraf-Karl-Str. 19, > > 34131 Kassel, > > > Germany > > > > > Tel: +49 561 > 3166797, > > Fax: +49 561 > > > 3166798 > > > > > > > > > > Amtsgericht > Kassel, HRB > > 16405 > > > > > > Geschäftsführer: > > Cornelius Kölbel > > > > > > > > > > > > > > > -- > > > > > You received this > message > > because you are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" > group. > > > > > To unsubscribe from > this group > > and stop receiving > > > emails > > > > from it, send > > > > > an email to > > privacyidea...@googlegroups.com. > > > > > To post to this group, > send > > email to > > > > > priva...@googlegroups.com. > > > > > To view this > discussion on the > > web visit > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/9617b95e-3362-4c20-8c94-58d758268678%40googlegroups.com. > > > > > For more options, > visit > > > > https://groups.google.com/d/optout. > > > > > > > > -- > > > > Cornelius Kölbel > > > > > corneliu...@netknights.it > > > > +49 151 2960 1417 > > > > > > > > NetKnights GmbH > > > > > http://www.netknights.it > > > > Landgraf-Karl-Str. 19, > 34131 > > Kassel, Germany > > > > Tel: +49 561 3166797, > Fax: +49 561 > > 3166798 > > > > > > > > Amtsgericht Kassel, HRB > 16405 > > > > Geschäftsführer: > Cornelius Kölbel > > > > > > > > > > > > -- > > > > You received this message > because you are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group > and stop > > receiving emails > > > from it, send > > > > an email to > > privacyidea...@googlegroups.com. > > > > To post to this group, send > email to > > > priva...@googlegroups.com. > > > > To view this discussion on the > web visit > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/739c203c-9935-4b7b-8227-080a68669488%40googlegroups.com. > > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 > Kassel, > > Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed > > to the Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving > > emails from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/da4462fe-bfb8-4bb5-a041-db9044d956bc%40googlegroups.com. > > > For more options, visit > > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/84a320d4-022e-4e5c-af64-f4392bf4a65d%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/66781460-9b4c-44d7-935e-b604d1812fc8%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/bf6543c8-eecb-43d4-8dec-f00536ce555e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (819 Bytes)
Hi,
I try this,
But I get error during login in webui.
Authentication failed. (OperationalError) unable to open database file None
None
then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg
but not works
SQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’
pi:wZmTUD0G_F6d is username and pasword i think
Dont know why didnt work.
14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı:>
Hm,
you need to make sure, that SQLALCHEMY_DATABASE_URI works on master-PI
and slave-PI.If on both systems, the database is on localhost and accessable with the
given username and password, you do not need to change pi.cfg and you
can have the same file on both systems.Kind regards
CorneliusAm Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik Ceydeliler:
hi,
Well,
I understand. But. one more question.
My pi.cfg is like this:import logging
The realm, where users are allowed to login as administrators
SUPERUSER_REALM = [‘super’]
Your database
#SQLALCHEMY_DATABASE_URI = ‘sqlite:////etc/privacyidea/data.sqlite’
This is used to encrypt the auth_token
#SECRET_KEY = ‘t0p s3cr3t’
This is used to encrypt the admin passwords
#PI_PEPPER = “Never know…”
This is used to encrypt the token data and token passwords
PI_ENCFILE = ‘/etc/privacyidea/enckey’
This is used to sign the audit log
This is the dummy base class
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.base’
This is the default
#PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.sqlaudit’
This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’
PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’
PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’
PI_LOGLEVEL = logging.INFOPI_PEPPER = ‘uAIujqnTFRbkQ00TZ_9Kj6gW’
SECRET_KEY = ‘s_LnCyQuADzUZVSEBxoJdNWo’
SQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’As u see, there is paramater or configs point server IP or hostname.
So if I copy all files under /etc/privacyidea, pi.cfg shows exact
configs. right?14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hi Tevfik,I am not sure if we are using the same words here. You need to file-copy this stuff: /etc/privacyidea/* Adapt the pi.cfg to point to the DB slave, not the master. Then copy the necessary parts of RADIUS - probably /etc/freeradius. You will not need to change these files. Usually the contents of all these file is fixed. Then you will need to setup a _replicated_ database. (I sent a link earlier) Variable data is only stored in the database - not in files. So when talking of HA or Replication there have to be taken into account to things 1. Copy the necessary files 2. setup the replicated database (which is totally independent of privacyIDEA) And I have the impression, that you missed 2. ? Kind regards Cornelius Am Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik Ceydeliler: > Hi Tom, > Can you describe briefly how did you that? > For example, I replicate only pi and radius user databases. > and copy enckey and pi.cfg files to slave PI server > But cant achieve to replicate , I cant see enrolled tokens on slave > Can you help me? > Regards... > > > 14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole yazdı: > We are currently setup Master/Slave with the Slave in our DR > data center. I have had no issues, but I found the easiest > way to get it working right was to upgrade to MySQL 5.6 as it > uses GTID. This way I didn't run into duplicate errors, > etc. > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > Hi, > > you can do it the same way. > Setup a PI node in A that refers to DB master in A. > Setup a PI node in B that refers to DB slave in B. > Both PIs should have same encryption keys! > (/etc/privacyidea/enckey and > pi.cfg) > > Now do you master-slave-repl on a DATABASE level! > > If site A burns down, you can switch to using site B. > > Regards > Cornelius > > > > Am Dienstag, den 14.07.2015, 04:42 -0700 schrieb > Tevfik Ceydeliler: > > Hi, > > Problem is; > > We have System Center A and Disaster center B > > Master PI is located on Site A > > Slave PI is located on Site B > > So there is no 3rd location to that stores shared > db as u told. > > Tats why I can use Master-Slave but Slave standby. > > How can suppose that PI keeps standby? > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC+3 tarihinde > Cornelius Kölbel yazdı: > > Hello Tevfik, > > > > privacyIDEA does not keep any states (except > OTP counter) and > > does not > > replicate any data itself. > > > > I assume you run a setup like this: > > > > [privacyIDEA A] > [privacyIDEA B] > > | | > > | | > > | | > > [ DB 1 ]---<replication>---[ DB 2 > ] > > > > So the database is totally transparent and > you can do whatever > > you want > > on the database level. > > Well, if you are doing Master-Slave > replication, you can not > > use the > > Slave for active authentication, since > during authentication > > the OTP > > counter is increased in the database. And > this information > > needs to be > > replicated to the other server. Otherwise > you can use the same > > OTP value > > to authenticate on the other server. > > > > Having said this, you can use any > replication scenario on a > > database you > > wish to. Master-Master, Multi-Master, > Master-Slave. In case of > > Master > > slave the slave would only be a standby. > > > > Just check the web for your preferred > replication setup like > > >How To Set Up MySQL Master-Master Replication | DigitalOcean
> > > > Anyway, you can run several privacyIDEA > instances with one > > virtual DBMS > > like this, given that the DBMS provides the > availability by > > other means: > > > > [privacyIDEA A] > [privacyIDEA B] > > | | > > | | > > | | > > [ DBMS with high availablity > ] > > > > > > On each privacyIDEA node you need to > configure pi.cfg > > accordingly. > > > > I hope this clarifies things. > > > > Kind regards > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 03:19 -0700 > schrieb Tevfik > > Ceydeliler: > > > Hi, > > > Yes I use mysql. > > > I can use master- master replication. But > generally we use > > > master-slave. Thats all. > > > Is there any procedure for replication? > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC +3 > tarihinde Cornelius > > Kölbel yazdı: > > > Hi, > > > you are running mysql? > > > Why not replicate master-master? > > > > > > Kind regards > > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > Tevfik > > > Ceydeliler: > > > > Hi again, > > > > How to replicate if you have two > PI server one of > > master and > > > other is > > > > slave? > > > > Specially tokens > > > > Regards > > > > > > > > 14 Temmuz 2015 Salı 11:05:28 UTC > +3 tarihinde > > Cornelius > > > Kölbel yazdı: > > > > Hello Tevfik, > > > > > > > > the configuration file, > where the SQL > > connection is > > > configure, > > > > is > > > > pi.cfg. > > > > > > > > Usually it is located > > at /etc/privacyidea/pi.cfg. > > > > > > > > See the config file > documentation: > > > > > > > > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > > > > > If you are missing > anything, you are > > welcome to add > > > infos to > > > > the docs > > > > here: > > > > > > > > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > Tevfik > > > > Ceydeliler: > > > > > Hi, > > > > > I try to replicate pi > and my user > > database as > > > masterand > > > > slave > > > > > After replication, I > cannot login my > > master > > > privacy idea > > > > server.I get > > > > > this error: > > > > > > > > > > > > > > > Authentication > failed. > > (OperationalError) (2003, > > > "Can't > > > > connect to > > > > > MySQL server on > '127.0.0.1' (111)") None > > None > > > > > > > > > > > > > > > > > > > > I dont know which > configuration file > > shoud change > > > to fix > > > > it. > > > > > Can you help me? > > > > > Regards.. > > > > > -- > > > > > You received this > message because you > > are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" > group. > > > > > To unsubscribe from > this group and stop > > receiving > > > emails > > > > from it, send > > > > > an email to > > privacyidea...@googlegroups.com. > > > > > To post to this group, > send email to > > > > > priva...@googlegroups.com. > > > > > To view this > discussion on the web > > visit > > > > > > > > > > > > > > >> > > > > For more options, > visit > > > > https://groups.google.com/d/optout. > > > > > > > > -- > > > > Cornelius Kölbel > > > > > corneliu...@netknights.it > > > > +49 151 2960 1417 > > > > > > > > NetKnights GmbH > > > > > http://www.netknights.it > > > > Landgraf-Karl-Str. 19, > 34131 Kassel, > > Germany > > > > Tel: +49 561 3166797, > Fax: +49 561 > > 3166798 > > > > > > > > Amtsgericht Kassel, HRB > 16405 > > > > Geschäftsführer: > Cornelius Kölbel > > > > > > > > > > > > -- > > > > You received this message > because you are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group > and stop receiving > > emails > > > from it, send > > > > an email to > privacyidea...@googlegroups.com. > > > > To post to this group, send > email to > > > priva...@googlegroups.com. > > > > To view this discussion on the > web visit > > > > > > > > > >> > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 > Kassel, Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving emails > > from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > >> > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed > to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving > emails from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi,
finally I solved the problem.
Regards…
15 Temmuz 2015 Çarşamba 11:10:53 UTC+3 tarihinde Cornelinux K yazdı:>
Hi Tevfik,
the information you provide do not give an clue.
Please read Getting help – privacyID3A.I suppose this is no big issue, but without the necessary information, I
can not help you accordingly.Kind regards
CorneliusAm Dienstag, den 14.07.2015, 22:32 -0700 schrieb Tevfik Ceydeliler:
Hi,
I try this,
But I get error during login in webui.
Authentication failed. (OperationalError) unable to open database file
None None
then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg
but not worksSQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’
pi:wZmTUD0G_F6d is username and pasword i think
Dont know why didnt work.14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hm,you need to make sure, that SQLALCHEMY_DATABASE_URI works on master-PI and slave-PI. If on both systems, the database is on localhost and accessable with the given username and password, you do not need to change pi.cfg and you can have the same file on both systems. Kind regards Cornelius Am Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik Ceydeliler: > hi, > Well, > I understand. But. one more question. > My pi.cfg is like this: > > > import logging > # The realm, where users are allowed to login as administrators > SUPERUSER_REALM = ['super'] > # Your database > #SQLALCHEMY_DATABASE_URI = 'sqlite:////etc/privacyidea/data.sqlite' > # This is used to encrypt the auth_token > #SECRET_KEY = 't0p s3cr3t' > # This is used to encrypt the admin passwords > #PI_PEPPER = "Never know..." > # This is used to encrypt the token data and token passwords > PI_ENCFILE = '/etc/privacyidea/enckey' > # This is used to sign the audit log > # This is the dummy base class > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base' > # This is the default > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit' > # This is used to sign the audit log > PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' > PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' > PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' > PI_LOGLEVEL = logging.INFO > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > SQLALCHEMY_DATABASE_URI = 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > As u see, there is paramater or configs point server IP or hostname. > So if I copy all files under /etc/privacyidea, pi.cfg shows exact > configs. right? > > > > 14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi Tevfik, > > I am not sure if we are using the same words here. > > You need to file-copy this stuff: > > /etc/privacyidea/* > Adapt the pi.cfg to point to the DB slave, not the master. > > Then copy the necessary parts of RADIUS - > probably /etc/freeradius. > > You will not need to change these files. Usually the contents > of all > these file is fixed. > > Then you will need to setup a _replicated_ database. > (I sent a link earlier) > Variable data is only stored in the database - not in files. > > So when talking of HA or Replication there have to be taken > into account > to things > > 1. Copy the necessary files > 2. setup the replicated database (which is totally independent > of > privacyIDEA) > > And I have the impression, that you missed 2. ? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik > Ceydeliler: > > Hi Tom, > > Can you describe briefly how did you that? > > For example, I replicate only pi and radius user databases. > > and copy enckey and pi.cfg files to slave PI server > > But cant achieve to replicate , I cant see enrolled tokens > on slave > > Can you help me? > > Regards... > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole > yazdı: > > We are currently setup Master/Slave with the Slave > in our DR > > data center. I have had no issues, but I found the > easiest > > way to get it working right was to upgrade to MySQL > 5.6 as it > > uses GTID. This way I didn't run into duplicate > errors, > > etc. > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > Hi, > > > > you can do it the same way. > > Setup a PI node in A that refers to DB > master in A. > > Setup a PI node in B that refers to DB slave > in B. > > Both PIs should have same encryption keys! > > (/etc/privacyidea/enckey and > > pi.cfg) > > > > Now do you master-slave-repl on a DATABASE > level! > > > > If site A burns down, you can switch to > using site B. > > > > Regards > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > Tevfik Ceydeliler: > > > Hi, > > > Problem is; > > > We have System Center A and Disaster > center B > > > Master PI is located on Site A > > > Slave PI is located on Site B > > > So there is no 3rd location to that > stores shared > > db as u told. > > > Tats why I can use Master-Slave but Slave > standby. > > > How can suppose that PI keeps standby? > > > > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC +3 > tarihinde > > Cornelius Kölbel yazdı: > > > Hello Tevfik, > > > > > > privacyIDEA does not keep any > states (except > > OTP counter) and > > > does not > > > replicate any data itself. > > > > > > I assume you run a setup like > this: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DB 1 > ]---<replication>---[ DB 2 > > ] > > > > > > So the database is totally > transparent and > > you can do whatever > > > you want > > > on the database level. > > > Well, if you are doing > Master-Slave > > replication, you can not > > > use the > > > Slave for active authentication, > since > > during authentication > > > the OTP > > > counter is increased in the > database. And > > this information > > > needs to be > > > replicated to the other server. > Otherwise > > you can use the same > > > OTP value > > > to authenticate on the other > server. > > > > > > Having said this, you can use any > > replication scenario on a > > > database you > > > wish to. Master-Master, > Multi-Master, > > Master-Slave. In case of > > > Master > > > slave the slave would only be a > standby. > > > > > > Just check the web for your > preferred > > replication setup like > > > > > >How To Set Up MySQL Master-Master Replication | DigitalOcean
> > > > > > Anyway, you can run several > privacyIDEA > > instances with one > > > virtual DBMS > > > like this, given that the DBMS > provides the > > availability by > > > other means: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DBMS with high > availablity > > ] > > > > > > > > > On each privacyIDEA node you need > to > > configure pi.cfg > > > accordingly. > > > > > > I hope this clarifies things. > > > > > > Kind regards > > > Cornelius > > > > > > > > > Am Dienstag, den 14.07.2015, 03:19 > -0700 > > schrieb Tevfik > > > Ceydeliler: > > > > Hi, > > > > Yes I use mysql. > > > > I can use master- master > replication. But > > generally we use > > > > master-slave. Thats all. > > > > Is there any procedure for > replication? > > > > > > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC > +3 > > tarihinde Cornelius > > > Kölbel yazdı: > > > > Hi, > > > > you are running mysql? > > > > Why not replicate > master-master? > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > Tevfik > > > > Ceydeliler: > > > > > Hi again, > > > > > How to replicate if > you have two > > PI server one of > > > master and > > > > other is > > > > > slave? > > > > > Specially tokens > > > > > Regards > > > > > > > > > > 14 Temmuz 2015 Salı > 11:05:28 UTC > > +3 tarihinde > > > Cornelius > > > > Kölbel yazdı: > > > > > Hello Tevfik, > > > > > > > > > > the > configuration file, > > where the SQL > > > connection is > > > > configure, > > > > > is > > > > > pi.cfg. > > > > > > > > > > Usually it is > located > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > See the config > file > > documentation: > > > > > > > > > > > > > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > > > > > > > If you are > missing > > anything, you are > > > welcome to add > > > > infos to > > > > > the docs > > > > > here: > > > > > > > > > > > > > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > > > > > > > > > > Kind regards > > > > > Cornelius > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > Tevfik > > > > > Ceydeliler: > > > > > > Hi, > > > > > > I try to > replicate pi > > and my user > > > database as > > > > masterand > > > > > slave > > > > > > After > replication, I > > cannot login my > > > master > > > > privacy idea > > > > > server.I get > > > > > > this error: > > > > > > > > > > > > > > > > > > > Authentication > > failed. > > > (OperationalError) (2003, > > > > "Can't > > > > > connect to > > > > > > MySQL server > on > > '127.0.0.1' (111)") None > > > None > > > > > > > > > > > > > > > > > > > > > > > > I dont know > which > > configuration file > > > shoud change > > > > to fix > > > > > it. > > > > > > Can you help > me? > > > > > > Regards.. > > > > > > -- > > > > > > You received > this > > message because you > > > are > > > > subscribed to the > > > > > Google > > > > > > Groups > "privacyidea" > > group. > > > > > > To > unsubscribe from > > this group and stop > > > receiving > > > > emails > > > > > from it, send > > > > > > an email to > > > privacyidea...@googlegroups.com. > > > > > > To post to > this group, > > send email to > > > > > > > priva...@googlegroups.com. > > > > > > To view > this > > discussion on the web > > > visit > > > > > > > > > > > > > > > > > > > > >> > > > > > For more > options, > > visit > > > > > > https://groups.google.com/d/optout. > > > > > > > > > > -- > > > > > Cornelius > Kölbel > > > > > > > corneliu...@netknights.it > > > > > +49 151 2960 > 1417 > > > > > > > > > > NetKnights > GmbH > > > > > > > http://www.netknights.it > > > > > > Landgraf-Karl-Str. 19, > > 34131 Kassel, > > > Germany > > > > > Tel: +49 561 > 3166797, > > Fax: +49 561 > > > 3166798 > > > > > > > > > > Amtsgericht > Kassel, HRB > > 16405 > > > > > > Geschäftsführer: > > Cornelius Kölbel > > > > > > > > > > > > > > > -- > > > > > You received this > message > > because you are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" > group. > > > > > To unsubscribe from > this group > > and stop receiving > > > emails > > > > from it, send > > > > > an email to > > privacyidea...@googlegroups.com. > > > > > To post to this group, > send > > email to > > > > > priva...@googlegroups.com. > > > > > To view this > discussion on the > > web visit > > > > > > > > > > > > > > >> > > > > For more options, > visit > > > > https://groups.google.com/d/optout. > > > > > > > > -- > > > > Cornelius Kölbel > > > > > corneliu...@netknights.it > > > > +49 151 2960 1417 > > > > > > > > NetKnights GmbH > > > > > http://www.netknights.it > > > > Landgraf-Karl-Str. 19, > 34131 > > Kassel, Germany > > > > Tel: +49 561 3166797, > Fax: +49 561 > > 3166798 > > > > > > > > Amtsgericht Kassel, HRB > 16405 > > > > Geschäftsführer: > Cornelius Kölbel > > > > > > > > > > > > -- > > > > You received this message > because you are > > subscribed to the > > > Google > > > > Groups "privacyidea" group. > > > > To unsubscribe from this group > and stop > > receiving emails > > > from it, send > > > > an email to > > privacyidea...@googlegroups.com. > > > > To post to this group, send > email to > > > priva...@googlegroups.com. > > > > To view this discussion on the > web visit > > > > > > > > > >> > > > For more options, visit > > https://groups.google.com/d/optout. > > > > > > -- > > > Cornelius Kölbel > > > corneliu...@netknights.it > > > +49 151 2960 1417 > > > > > > NetKnights GmbH > > > http://www.netknights.it > > > Landgraf-Karl-Str. 19, 34131 > Kassel, > > Germany > > > Tel: +49 561 3166797, Fax: +49 561 > 3166798 > > > > > > Amtsgericht Kassel, HRB 16405 > > > Geschäftsführer: Cornelius Kölbel > > > > > > > > > -- > > > You received this message because you are > subscribed > > to the Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving > > emails from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > To view this discussion on the web visit > > > > > >> > > For more options, visit > > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
You can file an issue at github.
Kind regards
CorneliusAm Dienstag, den 04.08.2015, 23:11 -0700 schrieb Tevfik Ceydeliler:
I appreciated for your assistance.
Where canI share my idea about PI?
Is there any wish list?5 Ağustos 2015 Çarşamba 09:05:06 UTC+3 tarihinde Cornelinux K yazdı:
HI Tevfik,thanks for the feedback. Kind regards Cornelius Am Dienstag, den 04.08.2015, 22:18 -0700 schrieb Tevfik Ceydeliler: > Hi, > Problem was about password of pi database user on MySQL. > After dump and import databases on Slave , I change password of pi > database user as shown pi.cfg on Master. Before I didnt change this. > Now I apply only replication. That is no problem. I perefer > master-slave architecture. > Regards > > 4 Ağustos 2015 Salı 17:58:55 UTC+3 tarihinde Tevfik Ceydeliler yazdı: > Hi, > finally I solved the problem. > Regards.. > > 15 Temmuz 2015 Çarşamba 11:10:53 UTC+3 tarihinde Cornelinux K > yazdı: > Hi Tevfik, > > the information you provide do not give an clue. > Please read > https://www.privacyidea.org/getting-help/. > > I suppose this is no big issue, but without the > necessary information, I > can not help you accordingly. > > Kind regards > Cornelius > > > Am Dienstag, den 14.07.2015, 22:32 -0700 schrieb > Tevfik Ceydeliler: > > Hi, > > I try this, > > But I get error during login in webui. > > Authentication failed. (OperationalError) unable to > open database file > > None None > > then I copy SQLALCHEMY_DATABASE_URI from old slave > pi.cfg > > but not works > > > > > > SQLALCHEMY_DATABASE_URI = > 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > > pi:wZmTUD0G_F6d is username and pasword i think > > Dont know why didnt work. > > > > 14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde > Cornelius Kölbel yazdı: > > Hm, > > > > you need to make sure, that > SQLALCHEMY_DATABASE_URI works on > > master-PI > > and slave-PI. > > > > If on both systems, the database is on > localhost and > > accessable with the > > given username and password, you do not need > to change pi.cfg > > and you > > can have the same file on both systems. > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 14.07.2015, 08:12 -0700 > schrieb Tevfik > > Ceydeliler: > > > hi, > > > Well, > > > I understand. But. one more question. > > > My pi.cfg is like this: > > > > > > > > > import logging > > > # The realm, where users are allowed to > login as > > administrators > > > SUPERUSER_REALM = ['super'] > > > # Your database > > > #SQLALCHEMY_DATABASE_URI = > > 'sqlite:////etc/privacyidea/data.sqlite' > > > # This is used to encrypt the auth_token > > > #SECRET_KEY = 't0p s3cr3t' > > > # This is used to encrypt the admin > passwords > > > #PI_PEPPER = "Never know..." > > > # This is used to encrypt the token data > and token > > passwords > > > PI_ENCFILE = '/etc/privacyidea/enckey' > > > # This is used to sign the audit log > > > # This is the dummy base class > > > #PI_AUDIT_MODULE = > 'privacyidea.lib.auditmodules.base' > > > # This is the default > > > #PI_AUDIT_MODULE = > 'privacyidea.lib.auditmodules.sqlaudit' > > > # This is used to sign the audit log > > > PI_AUDIT_KEY_PRIVATE = > '/etc/privacyidea/private.pem' > > > PI_AUDIT_KEY_PUBLIC = > '/etc/privacyidea/public.pem' > > > PI_LOGFILE = > '/var/log/privacyidea/privacyidea.log' > > > PI_LOGLEVEL = logging.INFO > > > > > > > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > > > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > > > SQLALCHEMY_DATABASE_URI = > > 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > > > > > > > > > > > As u see, there is paramater or configs > point server IP or > > hostname. > > > So if I copy all files > under /etc/privacyidea, pi.cfg shows > > exact > > > configs. right? > > > > > > > > > > > > 14 Temmuz 2015 Salı 17:56:29 UTC +3 > tarihinde Cornelius > > Kölbel yazdı: > > > Hi Tevfik, > > > > > > I am not sure if we are using the > same words here. > > > > > > You need to file-copy this stuff: > > > > > > /etc/privacyidea/* > > > Adapt the pi.cfg to point to the > DB slave, not the > > master. > > > > > > Then copy the necessary parts of > RADIUS - > > > probably /etc/freeradius. > > > > > > You will not need to change these > files. Usually the > > contents > > > of all > > > these file is fixed. > > > > > > Then you will need to setup a > _replicated_ > > database. > > > (I sent a link earlier) > > > Variable data is only stored in > the database - not > > in files. > > > > > > So when talking of HA or > Replication there have to > > be taken > > > into account > > > to things > > > > > > 1. Copy the necessary files > > > 2. setup the replicated database > (which is totally > > independent > > > of > > > privacyIDEA) > > > > > > And I have the impression, that > you missed 2. ? > > > > > > Kind regards > > > Cornelius > > > > > > Am Dienstag, den 14.07.2015, 07:49 0700 schrieb > > Tevfik > > > Ceydeliler: > > > > Hi Tom, > > > > Can you describe briefly how did > you that? > > > > For example, I replicate only pi > and radius user > > databases. > > > > and copy enckey and pi.cfg files > to slave PI > > server > > > > But cant achieve to replicate , > I cant see > > enrolled tokens > > > on slave > > > > Can you help me? > > > > Regards... > > > > > > > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC > +3 tarihinde Tom > > Cole > > > yazdı: > > > > We are currently setup > Master/Slave with > > the Slave > > > in our DR > > > > data center. I have had > no issues, but I > > found the > > > easiest > > > > way to get it working > right was to upgrade > > to MySQL > > > 5.6 as it > > > > uses GTID. This way I > didn't run into > > duplicate > > > errors, > > > > etc. > > > > > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > > > Hi, > > > > > > > > you can do it > the same way. > > > > Setup a PI node > in A that refers > > to DB > > > master in A. > > > > Setup a PI node > in B that refers > > to DB slave > > > in B. > > > > Both PIs should > have same > > encryption keys! > > > > > (/etc/privacyidea/enckey and > > > > pi.cfg) > > > > > > > > Now do you > master-slave-repl on a > > DATABASE > > > level! > > > > > > > > If site A burns > down, you can > > switch to > > > using site B. > > > > > > > > Regards > > > > Cornelius > > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > > > Tevfik > Ceydeliler: > > > > > Hi, > > > > > Problem is; > > > > > We have System > Center A and > > Disaster > > > center B > > > > > Master PI is > located on Site A > > > > > Slave PI is > located on Site B > > > > > So there is no > 3rd location to > > that > > > stores shared > > > > db as u told. > > > > > Tats why I can > use Master-Slave > > but Slave > > > standby. > > > > > How can > suppose that PI keeps > > standby? > > > > > > > > > > > > > > > 14 Temmuz 2015 > Salı 14:07:00 UTC > > +3 > > > tarihinde > > > > Cornelius Kölbel > yazdı: > > > > > Hello > Tevfik, > > > > > > > > > > > privacyIDEA does not > > keep any > > > states (except > > > > OTP counter) > and > > > > > does > not > > > > > > replicate any data > > itself. > > > > > > > > > > I > assume you run a setup > > like > > > this: > > > > > > > > > > > [privacyIDEA A] > > > > [privacyIDEA B] > > > > > > | > > > | > > > > > > | > > > | > > > > > > | > > > | > > > > > [ > DB 1 > > > ]---<replication>---[ DB 2 > > > > ] > > > > > > > > > > So the > database is > > totally > > > transparent and > > > > you can do > whatever > > > > > you > want > > > > > on the > database level. > > > > > Well, > if you are doing > > > Master-Slave > > > > replication, you > can not > > > > > use > the > > > > > Slave > for active > > authentication, > > > since > > > > during > authentication > > > > > the > OTP > > > > > > counter is increased in > > the > > > database. And > > > > this > information > > > > > needs > to be > > > > > > replicated to the other > > server. > > > Otherwise > > > > you can use the > same > > > > > OTP > value > > > > > to > authenticate on the > > other > > > server. > > > > > > > > > > Having > said this, you > > can use any > > > > replication > scenario on a > > > > > > database you > > > > > wish > to. Master-Master, > > > Multi-Master, > > > > Master-Slave. In > case of > > > > > > Master > > > > > slave > the slave would > > only be a > > > standby. > > > > > > > > > > Just > check the web for > > your > > > preferred > > > > replication > setup like > > > > > > > > > > > > > > > https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication > > > > > > > > > > > Anyway, you can run > > several > > > privacyIDEA > > > > instances with > one > > > > > > virtual DBMS > > > > > like > this, given that > > the DBMS > > > provides the > > > > availability by > > > > > other > means: > > > > > > > > > > > [privacyIDEA A] > > > > [privacyIDEA B] > > > > > > | > > > | > > > > > > | > > > | > > > > > > | > > > | > > > > > [ > DBMS with > > high > > > availablity > > > > ] > > > > > > > > > > > > > > > On > each privacyIDEA node > > you need > > > to > > > > configure > pi.cfg > > > > > > accordingly. > > > > > > > > > > I hope > this clarifies > > things. > > > > > > > > > > Kind > regards > > > > > > Cornelius > > > > > > > > > > > > > > > Am > Dienstag, den > > 14.07.2015, 03:19 > > > -0700 > > > > schrieb Tevfik > > > > > > Ceydeliler: > > > > > > Hi, > > > > > > Yes > I use mysql. > > > > > > I > can use master- > > master > > > replication. But > > > > generally we > use > > > > > > > master-slave. Thats > > all. > > > > > > Is > there any procedure > > for > > > replication? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 14 > Temmuz 2015 Salı > > 12:01:17 UTC > > > +3 > > > > tarihinde > Cornelius > > > > > Kölbel > yazdı: > > > > > > > Hi, > > > > > > > you are > > running mysql? > > > > > > > Why not > > replicate > > > master-master? > > > > > > > > > > > > > > Kind regards > > > > > > > Cornelius > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > > > > Tevfik > > > > > > > Ceydeliler: > > > > > > > > Hi again, > > > > > > > > How to > > replicate if > > > you have two > > > > PI server one > of > > > > > master > and > > > > > > > other is > > > > > > > > slave? > > > > > > > > Specially > > tokens > > > > > > > > Regards > > > > > > > > > > > > > > > > 14 Temmuz > > 2015 Salı > > > 11:05:28 UTC > > > > +3 tarihinde > > > > > > Cornelius > > > > > > > Kölbel yazdı: > > > > > > > > > > Hello Tevfik, > > > > > > > > > > > > > > > > the > > > configuration file, > > > > where the SQL > > > > > > connection is > > > > > > > configure, > > > > > > > > is > > > > > > > > > > pi.cfg. > > > > > > > > > > > > > > > > > > Usually it is > > > located > > > > > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > > > > > > > See > > the config > > > file > > > > documentation: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > > > > > > > > > > > > > If > > you are > > > missing > > > > anything, you > are > > > > > > welcome to add > > > > > > > infos to > > > > > > > > the > > docs > > > > > > > > > > here: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > > > > > > > > > > > > > > > > > > > Kind > > regards > > > > > > > > > > Cornelius > > > > > > > > > > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > > > > Tevfik > > > > > > > > > > Ceydeliler: > > > > > > > > > > > Hi, > > > > > > > > > I > > try to > > > replicate pi > > > > and my user > > > > > > database as > > > > > > > masterand > > > > > > > > > > slave > > > > > > > > > > > After > > > replication, I > > > > cannot login my > > > > > > master > > > > > > > privacy idea > > > > > > > > > > server.I get > > > > > > > > > > > this error: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Authentication > > > > failed. > > > > > > (OperationalError) > > (2003, > > > > > > > "Can't > > > > > > > > > > connect to > > > > > > > > > > > MySQL server > > > on > > > > > '127.0.0.1' (111)") None > > > > > None > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I > > dont know > > > which > > > > configuration > file > > > > > shoud > change > > > > > > > to fix > > > > > > > > it. > > > > > > > > > > > Can you help > > > me? > > > > > > > > > > > Regards.. > > > > > > > > > > > -- > > > > > > > > > > > You received > > > this > > > > message because > you > > > > > are > > > > > > > subscribed to > > the > > > > > > > > > > Google > > > > > > > > > > > Groups > > > "privacyidea" > > > > group. > > > > > > > > > > > To > > > unsubscribe from > > > > this group and > stop > > > > > > receiving > > > > > > > emails > > > > > > > > from > > it, send > > > > > > > > > an > > email to > > > > > > > privacyidea...@googlegroups.com. > > > > > > > > > To > > post to > > > this group, > > > > send email to > > > > > > > > > > > > > priva...@googlegroups.com. > > > > > > > > > To > > view > > > this > > > > discussion on > the web > > > > > visit > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > > > > > > > > > For more > > > options, > > > > visit > > > > > > > > > > > > https://groups.google.com/d/optout. > > > > > > > > > ...–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3fe88d56-fd03-48b2-8334-f434779397c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
I appreciated for your assistance.
Where canI share my idea about PI?
Is there any wish list?
5 Ağustos 2015 Çarşamba 09:05:06 UTC+3 tarihinde Cornelinux K yazdı:>
HI Tevfik,
thanks for the feedback.
Kind regards
CorneliusAm Dienstag, den 04.08.2015, 22:18 -0700 schrieb Tevfik Ceydeliler:
Hi,Problem was about password of pi database user on MySQL.
After dump and import databases on Slave , I change password of pi
database user as shown pi.cfg on Master. Before I didnt change this.
Now I apply only replication. That is no problem. I perefer
master-slave architecture.
Regards4 Ağustos 2015 Salı 17:58:55 UTC+3 tarihinde Tevfik Ceydeliler yazdı:
Hi,
finally I solved the problem.
Regards…15 Temmuz 2015 Çarşamba 11:10:53 UTC+3 tarihinde Cornelinux K yazdı: Hi Tevfik, the information you provide do not give an clue. Please read https://www.privacyidea.org/getting-help/. I suppose this is no big issue, but without the necessary information, I can not help you accordingly. Kind regards Cornelius Am Dienstag, den 14.07.2015, 22:32 -0700 schrieb Tevfik Ceydeliler: > Hi, > I try this, > But I get error during login in webui. > Authentication failed. (OperationalError) unable to open database file > None None > then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg > but not works > > > SQLALCHEMY_DATABASE_URI = 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > pi:wZmTUD0G_F6d is username and pasword i think > Dont know why didnt work. > > 14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hm, > > you need to make sure, that SQLALCHEMY_DATABASE_URI works on > master-PI > and slave-PI. > > If on both systems, the database is on localhost and > accessable with the > given username and password, you do not need to change pi.cfg > and you > can have the same file on both systems. > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik > Ceydeliler: > > hi, > > Well, > > I understand. But. one more question. > > My pi.cfg is like this: > > > > > > import logging > > # The realm, where users are allowed to login as > administrators > > SUPERUSER_REALM = ['super'] > > # Your database > > #SQLALCHEMY_DATABASE_URI = > 'sqlite:////etc/privacyidea/data.sqlite' > > # This is used to encrypt the auth_token > > #SECRET_KEY = 't0p s3cr3t' > > # This is used to encrypt the admin passwords > > #PI_PEPPER = "Never know..." > > # This is used to encrypt the token data and token > passwords > > PI_ENCFILE = '/etc/privacyidea/enckey' > > # This is used to sign the audit log > > # This is the dummy base class > > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base' > > # This is the default > > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit' > > # This is used to sign the audit log > > PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' > > PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' > > PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' > > PI_LOGLEVEL = logging.INFO > > > > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > > SQLALCHEMY_DATABASE_URI = > 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > > > > > > As u see, there is paramater or configs point server IP or > hostname. > > So if I copy all files under /etc/privacyidea, pi.cfg shows > exact > > configs. right? > > > > > > > > 14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hi Tevfik, > > > > I am not sure if we are using the same words here. > > > > You need to file-copy this stuff: > > > > /etc/privacyidea/* > > Adapt the pi.cfg to point to the DB slave, not the > master. > > > > Then copy the necessary parts of RADIUS - > > probably /etc/freeradius. > > > > You will not need to change these files. Usually the > contents > > of all > > these file is fixed. > > > > Then you will need to setup a _replicated_ > database. > > (I sent a link earlier) > > Variable data is only stored in the database - not > in files. > > > > So when talking of HA or Replication there have to > be taken > > into account > > to things > > > > 1. Copy the necessary files > > 2. setup the replicated database (which is totally > independent > > of > > privacyIDEA) > > > > And I have the impression, that you missed 2. ? > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 14.07.2015, 07:49 0700 schrieb > Tevfik > > Ceydeliler: > > > Hi Tom, > > > Can you describe briefly how did you that? > > > For example, I replicate only pi and radius user > databases. > > > and copy enckey and pi.cfg files to slave PI > server > > > But cant achieve to replicate , I cant see > enrolled tokens > > on slave > > > Can you help me? > > > Regards... > > > > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC +3 tarihinde Tom > Cole > > yazdı: > > > We are currently setup Master/Slave with > the Slave > > in our DR > > > data center. I have had no issues, but I > found the > > easiest > > > way to get it working right was to upgrade > to MySQL > > 5.6 as it > > > uses GTID. This way I didn't run into > duplicate > > errors, > > > etc. > > > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > > Hi, > > > > > > you can do it the same way. > > > Setup a PI node in A that refers > to DB > > master in A. > > > Setup a PI node in B that refers > to DB slave > > in B. > > > Both PIs should have same > encryption keys! > > > (/etc/privacyidea/enckey and > > > pi.cfg) > > > > > > Now do you master-slave-repl on a > DATABASE > > level! > > > > > > If site A burns down, you can > switch to > > using site B. > > > > > > Regards > > > Cornelius > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > > Tevfik Ceydeliler: > > > > Hi, > > > > Problem is; > > > > We have System Center A and > Disaster > > center B > > > > Master PI is located on Site A > > > > Slave PI is located on Site B > > > > So there is no 3rd location to > that > > stores shared > > > db as u told. > > > > Tats why I can use Master-Slave > but Slave > > standby. > > > > How can suppose that PI keeps > standby? > > > > > > > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC > +3 > > tarihinde > > > Cornelius Kölbel yazdı: > > > > Hello Tevfik, > > > > > > > > privacyIDEA does not > keep any > > states (except > > > OTP counter) and > > > > does not > > > > replicate any data > itself. > > > > > > > > I assume you run a setup > like > > this: > > > > > > > > [privacyIDEA A] > > > [privacyIDEA B] > > > > | > > | > > > > | > > | > > > > | > > | > > > > [ DB 1 > > ]---<replication>---[ DB 2 > > > ] > > > > > > > > So the database is > totally > > transparent and > > > you can do whatever > > > > you want > > > > on the database level. > > > > Well, if you are doing > > Master-Slave > > > replication, you can not > > > > use the > > > > Slave for active > authentication, > > since > > > during authentication > > > > the OTP > > > > counter is increased in > the > > database. And > > > this information > > > > needs to be > > > > replicated to the other > server. > > Otherwise > > > you can use the same > > > > OTP value > > > > to authenticate on the > other > > server. > > > > > > > > Having said this, you > can use any > > > replication scenario on a > > > > database you > > > > wish to. Master-Master, > > Multi-Master, > > > Master-Slave. In case of > > > > Master > > > > slave the slave would > only be a > > standby. > > > > > > > > Just check the web for > your > > preferred > > > replication setup like > > > > > > > > > >How To Set Up MySQL Master-Master Replication | DigitalOcean
> > > > > > > > Anyway, you can run > several > > privacyIDEA > > > instances with one > > > > virtual DBMS > > > > like this, given that > the DBMS > > provides the > > > availability by > > > > other means: > > > > > > > > [privacyIDEA A] > > > [privacyIDEA B] > > > > | > > | > > > > | > > | > > > > | > > | > > > > [ DBMS with > high > > availablity > > > ] > > > > > > > > > > > > On each privacyIDEA node > you need > > to > > > configure pi.cfg > > > > accordingly. > > > > > > > > I hope this clarifies > things. > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > > > > > Am Dienstag, den > 14.07.2015, 03:19 > > -0700 > > > schrieb Tevfik > > > > Ceydeliler: > > > > > Hi, > > > > > Yes I use mysql. > > > > > I can use master- > master > > replication. But > > > generally we use > > > > > master-slave. Thats > all. > > > > > Is there any procedure > for > > replication? > > > > > > > > > > > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı > 12:01:17 UTC > > +3 > > > tarihinde Cornelius > > > > Kölbel yazdı: > > > > > Hi, > > > > > you are > running mysql? > > > > > Why not > replicate > > master-master? > > > > > > > > > > Kind regards > > > > > Cornelius > > > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > > Tevfik > > > > > Ceydeliler: > > > > > > Hi again, > > > > > > How to > replicate if > > you have two > > > PI server one of > > > > master and > > > > > other is > > > > > > slave? > > > > > > Specially > tokens > > > > > > Regards > > > > > > > > > > > > 14 Temmuz > 2015 Salı > > 11:05:28 UTC > > > +3 tarihinde > > > > Cornelius > > > > > Kölbel yazdı: > > > > > > > Hello Tevfik, > > > > > > > > > > > > the > > configuration file, > > > where the SQL > > > > connection is > > > > > configure, > > > > > > is > > > > > > > pi.cfg. > > > > > > > > > > > > > Usually it is > > located > > > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > > > See > the config > > file > > > documentation: > > > > > > > > > > > > > > > > > > > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > > > > > > > > > If > you are > > missing > > > anything, you are > > > > welcome to add > > > > > infos to > > > > > > the > docs > > > > > > > here: > > > > > > > > > > > > > > > > > > > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > > > > > > > > > > > > > Kind > regards > > > > > > > Cornelius > > > > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > > Tevfik > > > > > > > Ceydeliler: > > > > > > > > Hi, > > > > > > > I > try to > > replicate pi > > > and my user > > > > database as > > > > > masterand > > > > > > > slave > > > > > > > > After > > replication, I > > > cannot login my > > > > master > > > > > privacy idea > > > > > > > server.I get > > > > > > > > this error: > > > > > > > > > > > > > > > > > > > > > > > Authentication > > > failed. > > > > (OperationalError) > (2003, > > > > > "Can't > > > > > > > connect to > > > > > > > > MySQL server > > on > > > '127.0.0.1' (111)") None > > > > None > > > > > > > > > > > > > > > > > > > > > > > > > > > > I > dont know > > which > > > configuration file > > > > shoud change > > > > > to fix > > > > > > it. > > > > > > > > Can you help > > me? > > > > > > > > Regards.. > > > > > > > > -- > > > > > > > > You received > > this > > > message because you > > > > are > > > > > subscribed to > the > > > > > > > Google > > > > > > > > Groups > > "privacyidea" > > > group. > > > > > > > > To > > unsubscribe from > > > this group and stop > > > > receiving > > > > > emails > > > > > > from > it, send > > > > > > > an > email to > > > > > privacyidea...@googlegroups.com. > > > > > > > To > post to > > this group, > > > send email to > > > > > > > > > priva...@googlegroups.com. > > > > > > > To > view > > this > > > discussion on the web > > > > visit > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > For more > > options, > > > visit > > > > > > > > > https://groups.google.com/d/optout. > > > > > > ...
HI Tevfik,
thanks for the feedback.
Kind regards
CorneliusAm Dienstag, den 04.08.2015, 22:18 -0700 schrieb Tevfik Ceydeliler:
Hi,Problem was about password of pi database user on MySQL.
After dump and import databases on Slave , I change password of pi
database user as shown pi.cfg on Master. Before I didnt change this.
Now I apply only replication. That is no problem. I perefer
master-slave architecture.
Regards4 Ağustos 2015 Salı 17:58:55 UTC+3 tarihinde Tevfik Ceydeliler yazdı:
Hi,
finally I solved the problem.
Regards…15 Temmuz 2015 Çarşamba 11:10:53 UTC+3 tarihinde Cornelinux K yazdı: Hi Tevfik, the information you provide do not give an clue. Please read https://www.privacyidea.org/getting-help/. I suppose this is no big issue, but without the necessary information, I can not help you accordingly. Kind regards Cornelius Am Dienstag, den 14.07.2015, 22:32 -0700 schrieb Tevfik Ceydeliler: > Hi, > I try this, > But I get error during login in webui. > Authentication failed. (OperationalError) unable to open database file > None None > then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg > but not works > > > SQLALCHEMY_DATABASE_URI = 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > pi:wZmTUD0G_F6d is username and pasword i think > Dont know why didnt work. > > 14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hm, > > you need to make sure, that SQLALCHEMY_DATABASE_URI works on > master-PI > and slave-PI. > > If on both systems, the database is on localhost and > accessable with the > given username and password, you do not need to change pi.cfg > and you > can have the same file on both systems. > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik > Ceydeliler: > > hi, > > Well, > > I understand. But. one more question. > > My pi.cfg is like this: > > > > > > import logging > > # The realm, where users are allowed to login as > administrators > > SUPERUSER_REALM = ['super'] > > # Your database > > #SQLALCHEMY_DATABASE_URI = > 'sqlite:////etc/privacyidea/data.sqlite' > > # This is used to encrypt the auth_token > > #SECRET_KEY = 't0p s3cr3t' > > # This is used to encrypt the admin passwords > > #PI_PEPPER = "Never know..." > > # This is used to encrypt the token data and token > passwords > > PI_ENCFILE = '/etc/privacyidea/enckey' > > # This is used to sign the audit log > > # This is the dummy base class > > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base' > > # This is the default > > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit' > > # This is used to sign the audit log > > PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' > > PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' > > PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' > > PI_LOGLEVEL = logging.INFO > > > > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > > SQLALCHEMY_DATABASE_URI = > 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > > > > > > As u see, there is paramater or configs point server IP or > hostname. > > So if I copy all files under /etc/privacyidea, pi.cfg shows > exact > > configs. right? > > > > > > > > 14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius > Kölbel yazdı: > > Hi Tevfik, > > > > I am not sure if we are using the same words here. > > > > You need to file-copy this stuff: > > > > /etc/privacyidea/* > > Adapt the pi.cfg to point to the DB slave, not the > master. > > > > Then copy the necessary parts of RADIUS - > > probably /etc/freeradius. > > > > You will not need to change these files. Usually the > contents > > of all > > these file is fixed. > > > > Then you will need to setup a _replicated_ > database. > > (I sent a link earlier) > > Variable data is only stored in the database - not > in files. > > > > So when talking of HA or Replication there have to > be taken > > into account > > to things > > > > 1. Copy the necessary files > > 2. setup the replicated database (which is totally > independent > > of > > privacyIDEA) > > > > And I have the impression, that you missed 2. ? > > > > Kind regards > > Cornelius > > > > Am Dienstag, den 14.07.2015, 07:49 0700 schrieb > Tevfik > > Ceydeliler: > > > Hi Tom, > > > Can you describe briefly how did you that? > > > For example, I replicate only pi and radius user > databases. > > > and copy enckey and pi.cfg files to slave PI > server > > > But cant achieve to replicate , I cant see > enrolled tokens > > on slave > > > Can you help me? > > > Regards... > > > > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC +3 tarihinde Tom > Cole > > yazdı: > > > We are currently setup Master/Slave with > the Slave > > in our DR > > > data center. I have had no issues, but I > found the > > easiest > > > way to get it working right was to upgrade > to MySQL > > 5.6 as it > > > uses GTID. This way I didn't run into > duplicate > > errors, > > > etc. > > > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > > Hi, > > > > > > you can do it the same way. > > > Setup a PI node in A that refers > to DB > > master in A. > > > Setup a PI node in B that refers > to DB slave > > in B. > > > Both PIs should have same > encryption keys! > > > (/etc/privacyidea/enckey and > > > pi.cfg) > > > > > > Now do you master-slave-repl on a > DATABASE > > level! > > > > > > If site A burns down, you can > switch to > > using site B. > > > > > > Regards > > > Cornelius > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > > Tevfik Ceydeliler: > > > > Hi, > > > > Problem is; > > > > We have System Center A and > Disaster > > center B > > > > Master PI is located on Site A > > > > Slave PI is located on Site B > > > > So there is no 3rd location to > that > > stores shared > > > db as u told. > > > > Tats why I can use Master-Slave > but Slave > > standby. > > > > How can suppose that PI keeps > standby? > > > > > > > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC > +3 > > tarihinde > > > Cornelius Kölbel yazdı: > > > > Hello Tevfik, > > > > > > > > privacyIDEA does not > keep any > > states (except > > > OTP counter) and > > > > does not > > > > replicate any data > itself. > > > > > > > > I assume you run a setup > like > > this: > > > > > > > > [privacyIDEA A] > > > [privacyIDEA B] > > > > | > > | > > > > | > > | > > > > | > > | > > > > [ DB 1 > > ]---<replication>---[ DB 2 > > > ] > > > > > > > > So the database is > totally > > transparent and > > > you can do whatever > > > > you want > > > > on the database level. > > > > Well, if you are doing > > Master-Slave > > > replication, you can not > > > > use the > > > > Slave for active > authentication, > > since > > > during authentication > > > > the OTP > > > > counter is increased in > the > > database. And > > > this information > > > > needs to be > > > > replicated to the other > server. > > Otherwise > > > you can use the same > > > > OTP value > > > > to authenticate on the > other > > server. > > > > > > > > Having said this, you > can use any > > > replication scenario on a > > > > database you > > > > wish to. Master-Master, > > Multi-Master, > > > Master-Slave. In case of > > > > Master > > > > slave the slave would > only be a > > standby. > > > > > > > > Just check the web for > your > > preferred > > > replication setup like > > > > > > > > > > https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication > > > > > > > > Anyway, you can run > several > > privacyIDEA > > > instances with one > > > > virtual DBMS > > > > like this, given that > the DBMS > > provides the > > > availability by > > > > other means: > > > > > > > > [privacyIDEA A] > > > [privacyIDEA B] > > > > | > > | > > > > | > > | > > > > | > > | > > > > [ DBMS with > high > > availablity > > > ] > > > > > > > > > > > > On each privacyIDEA node > you need > > to > > > configure pi.cfg > > > > accordingly. > > > > > > > > I hope this clarifies > things. > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > > > > > Am Dienstag, den > 14.07.2015, 03:19 > > -0700 > > > schrieb Tevfik > > > > Ceydeliler: > > > > > Hi, > > > > > Yes I use mysql. > > > > > I can use master- > master > > replication. But > > > generally we use > > > > > master-slave. Thats > all. > > > > > Is there any procedure > for > > replication? > > > > > > > > > > > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı > 12:01:17 UTC > > +3 > > > tarihinde Cornelius > > > > Kölbel yazdı: > > > > > Hi, > > > > > you are > running mysql? > > > > > Why not > replicate > > master-master? > > > > > > > > > > Kind regards > > > > > Cornelius > > > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > > Tevfik > > > > > Ceydeliler: > > > > > > Hi again, > > > > > > How to > replicate if > > you have two > > > PI server one of > > > > master and > > > > > other is > > > > > > slave? > > > > > > Specially > tokens > > > > > > Regards > > > > > > > > > > > > 14 Temmuz > 2015 Salı > > 11:05:28 UTC > > > +3 tarihinde > > > > Cornelius > > > > > Kölbel yazdı: > > > > > > > Hello Tevfik, > > > > > > > > > > > > the > > configuration file, > > > where the SQL > > > > connection is > > > > > configure, > > > > > > is > > > > > > > pi.cfg. > > > > > > > > > > > > > Usually it is > > located > > > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > > > See > the config > > file > > > documentation: > > > > > > > > > > > > > > > > > > > > > http://privacyidea.readthedocs.org/en/latest/installation/system/inifile.html > > > > > > > > > > > > If > you are > > missing > > > anything, you are > > > > welcome to add > > > > > infos to > > > > > > the > docs > > > > > > > here: > > > > > > > > > > > > > > > > > > > > > https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst > > > > > > > > > > > > > > > > > > Kind > regards > > > > > > > Cornelius > > > > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > > Tevfik > > > > > > > Ceydeliler: > > > > > > > > Hi, > > > > > > > I > try to > > replicate pi > > > and my user > > > > database as > > > > > masterand > > > > > > > slave > > > > > > > > After > > replication, I > > > cannot login my > > > > master > > > > > privacy idea > > > > > > > server.I get > > > > > > > > this error: > > > > > > > > > > > > > > > > > > > > > > > Authentication > > > failed. > > > > (OperationalError) > (2003, > > > > > "Can't > > > > > > > connect to > > > > > > > > MySQL server > > on > > > '127.0.0.1' (111)") None > > > > None > > > > > > > > > > > > > > > > > > > > > > > > > > > > I > dont know > > which > > > configuration file > > > > shoud change > > > > > to fix > > > > > > it. > > > > > > > > Can you help > > me? > > > > > > > > Regards.. > > > > > > > > -- > > > > > > > > You received > > this > > > message because you > > > > are > > > > > subscribed to > the > > > > > > > Google > > > > > > > > Groups > > "privacyidea" > > > group. > > > > > > > > To > > unsubscribe from > > > this group and stop > > > > receiving > > > > > emails > > > > > > from > it, send > > > > > > > an > email to > > > > > privacyidea...@googlegroups.com. > > > > > > > To > post to > > this group, > > > send email to > > > > > > > > > priva...@googlegroups.com. > > > > > > > To > view > > this > > > discussion on the web > > > > visit > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://groups.google.com/d/msgid/privacyidea/58807d92-42ed-431e-9b83-49a191057b57%40googlegroups.com. > > > > > > > > For more > > options, > > > visit > > > > > > > > > https://groups.google.com/d/optout. > > > > > > > > > > > > -- > > > > > > > Cornelius > > Kölbel > > > > > > > > > corneliu...@netknights.it > > > > > > +49 > 151 2960 > > 1417 > > > > > > > > > > > > > NetKnights > > GmbH > > > > > > > > > http://www.netknights.it > > > > > > > > Landgraf-Karl-Str. 19, > > > 34131 Kassel, > > > > Germany > > > > > > Tel: > +49 561 > > 3166797, > > > Fax: +49 561 > > > > 3166798 > > > > > > > > > > > > > Amtsgericht > > Kassel, HRB > > > 16405 > > > > > > > > Geschäftsführer: > > > Cornelius Kölbel > > > > > > > > > > > > > > > > > > -- > > > > > > You received > this > > message > > > because you are > > > > subscribed to the > > > > > Google > > > > > > Groups > "privacyidea" > > group. > > > > > > To > unsubscribe from > > this group > > > and stop receiving > > > > emails > > > > > from it ...–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/93657fcf-533a-48c1-8eb5-2b65e5d47c57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hi,
Problem was about password of pi database user on MySQL.
After dump and import databases on Slave , I change password of pi database
user as shown pi.cfg on Master. Before I didnt change this.
Now I apply only replication. That is no problem. I perefer master-slave
architecture.
Regards
4 Ağustos 2015 Salı 17:58:55 UTC+3 tarihinde Tevfik Ceydeliler yazdı:>
Hi,
finally I solved the problem.
Regards…15 Temmuz 2015 Çarşamba 11:10:53 UTC+3 tarihinde Cornelinux K yazdı:
Hi Tevfik,
the information you provide do not give an clue.
Please read Getting help – privacyID3A.I suppose this is no big issue, but without the necessary information, I
can not help you accordingly.Kind regards
CorneliusAm Dienstag, den 14.07.2015, 22:32 -0700 schrieb Tevfik Ceydeliler:
Hi,
I try this,
But I get error during login in webui.
Authentication failed. (OperationalError) unable to open database file
None None
then I copy SQLALCHEMY_DATABASE_URI from old slave pi.cfg
but not worksSQLALCHEMY_DATABASE_URI = ‘mysql://pi:wZmTUD0G_F6d@localhost/pi’
pi:wZmTUD0G_F6d is username and pasword i think
Dont know why didnt work.14 Temmuz 2015 Salı 18:22:09 UTC+3 tarihinde Cornelius Kölbel yazdı:
Hm,you need to make sure, that SQLALCHEMY_DATABASE_URI works on master-PI and slave-PI. If on both systems, the database is on localhost and accessable with the given username and password, you do not need to change pi.cfg and you can have the same file on both systems. Kind regards Cornelius Am Dienstag, den 14.07.2015, 08:12 -0700 schrieb Tevfik Ceydeliler: > hi, > Well, > I understand. But. one more question. > My pi.cfg is like this: > > > import logging > # The realm, where users are allowed to login as administrators > SUPERUSER_REALM = ['super'] > # Your database > #SQLALCHEMY_DATABASE_URI = 'sqlite:////etc/privacyidea/data.sqlite' > # This is used to encrypt the auth_token > #SECRET_KEY = 't0p s3cr3t' > # This is used to encrypt the admin passwords > #PI_PEPPER = "Never know..." > # This is used to encrypt the token data and token passwords > PI_ENCFILE = '/etc/privacyidea/enckey' > # This is used to sign the audit log > # This is the dummy base class > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base' > # This is the default > #PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit' > # This is used to sign the audit log > PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem' > PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem' > PI_LOGFILE = '/var/log/privacyidea/privacyidea.log' > PI_LOGLEVEL = logging.INFO > > > PI_PEPPER = 'uAIujqnTFRbkQ00TZ_9Kj6gW' > SECRET_KEY = 's_LnCyQuADzUZVSEBxoJdNWo' > SQLALCHEMY_DATABASE_URI = 'mysql://pi:wZmTUD0G_F6d@localhost/pi' > > > > > As u see, there is paramater or configs point server IP or hostname. > So if I copy all files under /etc/privacyidea, pi.cfg shows exact > configs. right? > > > > 14 Temmuz 2015 Salı 17:56:29 UTC+3 tarihinde Cornelius Kölbel yazdı: > Hi Tevfik, > > I am not sure if we are using the same words here. > > You need to file-copy this stuff: > > /etc/privacyidea/* > Adapt the pi.cfg to point to the DB slave, not the master. > > Then copy the necessary parts of RADIUS - > probably /etc/freeradius. > > You will not need to change these files. Usually the contents > of all > these file is fixed. > > Then you will need to setup a _replicated_ database. > (I sent a link earlier) > Variable data is only stored in the database - not in files. > > So when talking of HA or Replication there have to be taken > into account > to things > > 1. Copy the necessary files > 2. setup the replicated database (which is totally independent > of > privacyIDEA) > > And I have the impression, that you missed 2. ? > > Kind regards > Cornelius > > Am Dienstag, den 14.07.2015, 07:49 -0700 schrieb Tevfik > Ceydeliler: > > Hi Tom, > > Can you describe briefly how did you that? > > For example, I replicate only pi and radius user databases. > > and copy enckey and pi.cfg files to slave PI server > > But cant achieve to replicate , I cant see enrolled tokens > on slave > > Can you help me? > > Regards... > > > > > > 14 Temmuz 2015 Salı 15:42:35 UTC+3 tarihinde Tom Cole > yazdı: > > We are currently setup Master/Slave with the Slave > in our DR > > data center. I have had no issues, but I found the > easiest > > way to get it working right was to upgrade to MySQL > 5.6 as it > > uses GTID. This way I didn't run into duplicate > errors, > > etc. > > > > On Tuesday, July 14, 2015 at 8:03:20 AM UTC-4, Cornelius Kölbel wrote: > > Hi, > > > > you can do it the same way. > > Setup a PI node in A that refers to DB > master in A. > > Setup a PI node in B that refers to DB slave > in B. > > Both PIs should have same encryption keys! > > (/etc/privacyidea/enckey and > > pi.cfg) > > > > Now do you master-slave-repl on a DATABASE > level! > > > > If site A burns down, you can switch to > using site B. > > > > Regards > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 04:42 0700 schrieb > > Tevfik Ceydeliler: > > > Hi, > > > Problem is; > > > We have System Center A and Disaster > center B > > > Master PI is located on Site A > > > Slave PI is located on Site B > > > So there is no 3rd location to that > stores shared > > db as u told. > > > Tats why I can use Master-Slave but Slave > standby. > > > How can suppose that PI keeps standby? > > > > > > > > > 14 Temmuz 2015 Salı 14:07:00 UTC +3 > tarihinde > > Cornelius Kölbel yazdı: > > > Hello Tevfik, > > > > > > privacyIDEA does not keep any > states (except > > OTP counter) and > > > does not > > > replicate any data itself. > > > > > > I assume you run a setup like > this: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DB 1 > ]---<replication>---[ DB 2 > > ] > > > > > > So the database is totally > transparent and > > you can do whatever > > > you want > > > on the database level. > > > Well, if you are doing > Master-Slave > > replication, you can not > > > use the > > > Slave for active authentication, > since > > during authentication > > > the OTP > > > counter is increased in the > database. And > > this information > > > needs to be > > > replicated to the other server. > Otherwise > > you can use the same > > > OTP value > > > to authenticate on the other > server. > > > > > > Having said this, you can use any > > replication scenario on a > > > database you > > > wish to. Master-Master, > Multi-Master, > > Master-Slave. In case of > > > Master > > > slave the slave would only be a > standby. > > > > > > Just check the web for your > preferred > > replication setup like > > > > > >How To Set Up MySQL Master-Master Replication | DigitalOcean
> > > > > > Anyway, you can run several > privacyIDEA > > instances with one > > > virtual DBMS > > > like this, given that the DBMS > provides the > > availability by > > > other means: > > > > > > [privacyIDEA A] > > [privacyIDEA B] > > > | > | > > > | > | > > > | > | > > > [ DBMS with high > availablity > > ] > > > > > > > > > On each privacyIDEA node you need > to > > configure pi.cfg > > > accordingly. > > > > > > I hope this clarifies things. > > > > > > Kind regards > > > Cornelius > > > > > > > > > Am Dienstag, den 14.07.2015, 03:19 > -0700 > > schrieb Tevfik > > > Ceydeliler: > > > > Hi, > > > > Yes I use mysql. > > > > I can use master- master > replication. But > > generally we use > > > > master-slave. Thats all. > > > > Is there any procedure for > replication? > > > > > > > > > > > > > > > > > > > > 14 Temmuz 2015 Salı 12:01:17 UTC > +3 > > tarihinde Cornelius > > > Kölbel yazdı: > > > > Hi, > > > > you are running mysql? > > > > Why not replicate > master-master? > > > > > > > > Kind regards > > > > Cornelius > > > > > > > > Am Dienstag, den 14.07.2015, 01:51 0700 schrieb > > > Tevfik > > > > Ceydeliler: > > > > > Hi again, > > > > > How to replicate if > you have two > > PI server one of > > > master and > > > > other is > > > > > slave? > > > > > Specially tokens > > > > > Regards > > > > > > > > > > 14 Temmuz 2015 Salı > 11:05:28 UTC > > +3 tarihinde > > > Cornelius > > > > Kölbel yazdı: > > > > > Hello Tevfik, > > > > > > > > > > the > configuration file, > > where the SQL > > > connection is > > > > configure, > > > > > is > > > > > pi.cfg. > > > > > > > > > > Usually it is > located > > > at /etc/privacyidea/pi.cfg. > > > > > > > > > > See the config > file > > documentation: > > > > > > > > > > > > > > >2.5. The Config File — privacyIDEA 3.8 documentation
> > > > > > > > > > If you are > missing > > anything, you are > > > welcome to add > > > > infos to > > > > > the docs > > > > > here: > > > > > > > > > > > > > > >https://github.com/privacyidea/privacyidea/blob/master/doc/installation/system/inifile.rst
> > > > > > > > > > > > > > > Kind regards > > > > > Cornelius > > > > > > > > > > > > > > > Am Dienstag, den 14.07.2015, 00:58 -0700 schrieb > > > > Tevfik > > > > > Ceydeliler: > > > > > > Hi, > > > > > > I try to > replicate pi > > and my user > > > database as > > > > masterand > > > > > slave > > > > > > After > replication, I > > cannot login my > > > master > > > > privacy idea > > > > > server.I get > > > > > > this error: > > > > > > > > > > > > > > > > > > > Authentication > > failed. > > > (OperationalError) (2003, > > > > "Can't > > > > > connect to > > > > > > MySQL server > on > > '127.0.0.1' (111)") None > > > None > > > > > > > > > > > > > > > > > > > > > > > > I dont know > which > > configuration file > > > shoud change > > > > to fix > > > > > it. > > > > > > Can you help > me? > > > > > > Regards.. > > > > > > -- > > > > > > You received > this > > message because you > > > are > > > > subscribed to the > > > > > Google > > > > > > Groups > "privacyidea" > > group. > > > > > > To > unsubscribe from > > this group and stop > > > receiving > > > > emails > > > > > from it, send > > > > > > an email to > > > privacyidea...@googlegroups.com. > > > > > > To post to > this group, > > send email to > > > > > > > priva...@googlegroups.com. > > > > > > To view > this > > discussion on the web > > > visit > > > > > > > > > > > > > > > > > > > > >> > > > > > For more > options, > > visit > > > > > > https://groups.google.com/d/optout. > > > > > > > > > > -- > > > > > Cornelius > Kölbel > > > > > > > corneliu...@netknights.it > > > > > +49 151 2960 > 1417 > > > > > > > > > > NetKnights > GmbH > > > > > > > http://www.netknights.it > > > > > > Landgraf-Karl-Str. 19, > > 34131 Kassel, > > > Germany > > > > > Tel: +49 561 > 3166797, > > Fax: +49 561 > > > 3166798 > > > > > > > > > > Amtsgericht > Kassel, HRB > > 16405 > > > > > > Geschäftsführer: > > Cornelius Kölbel > > > > > > > > > > > > > > > -- > > > > > You received this > message > > because you are > > > subscribed to the > > > > Google > > > > > Groups "privacyidea" > group. > > > > > To unsubscribe from > this group > > and stop receiving > > > emails > > > > from it…