15.7. How can I setup HA (High Availability) with eduMFA?¶
eduMFA does not track any state internally. All information is kept in the database. Thus you can configure several eduMFA instances against one DBMS [1] and have the DBMS do the high availability.
Note
The passwords and OTP key material in the database is encrypted using the encKey. Thus it is possible to put the database onto a DBMS that is controlled by another database administrator in another department.
15.7.1. HA setups¶
When running HA you need to assure to configure the edumfa.cfg file on all
eduMFA instances accordingly. You might need to adapt the
SQLALCHEMY_DATABASE_URI
accordingly.
Be sure to set the same SECRET_KEY
and EDUMFA_PEPPER
on all instances.
Then you need to provide the same encryption key (file encKey) and the same audit signing keys on all instances.
15.7.1.1. Using one central DBMS¶
If you already have a high available, redundant DBMS -
like MariaDB Galera Cluster - which might even be
addressable via one cluster IP address the configuration is fairly simple.
In such a case you can configure the same SQLALCHEMY_DATABASE_URI
on all
instances.
15.7.1.2. Using MySQL master-master-replication¶
If you have no DBMS or might want to use a dedicated database server for eduMFA, you can setup one MySQL server per eduMFA instance and configure the MySQL servers to run in a master-master-replication.
Note
The master-master-replication only works with two MySQL servers.
There are some good howtos out there like [2].
Footnotes