16.8. How can I setup HA (High Availability) with privacyIDEA?¶
privacyIDEA does not track any state internally. All information is kept in the database. Thus you can configure several privacyIDEA instances against one DBMS 1 and have the DBMS do the high availability.
The passwords and OTP key material in the database is encrypted using the encKey. Thus it is possible to put the database onto a DBMS that is controlled by another database administrator in another department.
16.8.1. HA setups¶
When running HA you need to assure to configure the pi.cfg file on all
privacyIDEA instances accordingly. You might need to adapt the
Be sure to set the same
PI_PEPPER on all instances.
Then you need to provide the same encryption key (file encKey) and the same audit signing keys on all instances.
220.127.116.11. Using one central DBMS¶
If you already have a high available, redundant DBMS -
like MariaDB Galera Cluster - which might even be
addressable via one cluster IP address the configuration is fairly simple.
In such a case you can configure the same
SQLALCHEMY_DATABASE_URI on all
18.104.22.168. Using MySQL master-master-replication¶
If you have no DBMS or might want to use a dedicated database server for privacyIDEA, you can setup one MySQL server per privacyIDEA instance and configure the MySQL servers to run in a master-master-replication.
The master-master-replication only works with two MySQL servers.
There are some good howtos out there like 2.
Database management system