daniellindgren
MIS
Hello.
Due to limitations in SEF cluster software we have been forced to use a "warm standby" solution with two HW-identical Sun servers. We have been trying to copy the config directory (/var/adm/sg) from the active server to the "warm standby"-server and it looks promising; all rules, interfaces, network entities etc seem to be there. We haven't done any extensive testing, but SRMC accepts the files and (almost) everything looks OK. There are however two obvious problems:
- The routes file is copied, but the old routes-data is immediately written to file if you use SRMC to (re-)connect to the "warm" server.
- All VPN shared secrets are gone.
What our scripts do:
1. Copy contents of active machine's sg-folder to a /tmp/sg-folder, skipping these files/directories:
sg/key
sg/keystore.cf
sg/remkeys
sg/logfile
sg/gwconsock
sg/eaglelog.socket
sg/eaglelog.log
sg/gwconsock.gwp
sg/version.out
sg/version.raw
sg/hawkkey
sg/backup
sg/tmp
2. Parse /tmp/sg-files and replace all unique IP-adresses with "warm standby"-machine IP-adresses.
3. Parse /tmp/sg-files and replace all active machine name references with "warm standby"-name.
4. Tar /tmp/sg and copy it to warm standby.
5. Untar files to /var/adm/sg on warm standby.
6. Reboot warm standby.
After that we have a routes file with correct data on the warm standby. We then connect to the warm standby via SRMC, a question pops up about "files look like they have been manually edited, do you want to restore from backup?", answer NO. The routes file is then overwritten with old data, I have no idea from where.
Questions:
1. How can we prevent the routes file from being overwritten?
2. Is there any way to transfer the VPN shared secret passwords?
Due to limitations in SEF cluster software we have been forced to use a "warm standby" solution with two HW-identical Sun servers. We have been trying to copy the config directory (/var/adm/sg) from the active server to the "warm standby"-server and it looks promising; all rules, interfaces, network entities etc seem to be there. We haven't done any extensive testing, but SRMC accepts the files and (almost) everything looks OK. There are however two obvious problems:
- The routes file is copied, but the old routes-data is immediately written to file if you use SRMC to (re-)connect to the "warm" server.
- All VPN shared secrets are gone.
What our scripts do:
1. Copy contents of active machine's sg-folder to a /tmp/sg-folder, skipping these files/directories:
sg/key
sg/keystore.cf
sg/remkeys
sg/logfile
sg/gwconsock
sg/eaglelog.socket
sg/eaglelog.log
sg/gwconsock.gwp
sg/version.out
sg/version.raw
sg/hawkkey
sg/backup
sg/tmp
2. Parse /tmp/sg-files and replace all unique IP-adresses with "warm standby"-machine IP-adresses.
3. Parse /tmp/sg-files and replace all active machine name references with "warm standby"-name.
4. Tar /tmp/sg and copy it to warm standby.
5. Untar files to /var/adm/sg on warm standby.
6. Reboot warm standby.
After that we have a routes file with correct data on the warm standby. We then connect to the warm standby via SRMC, a question pops up about "files look like they have been manually edited, do you want to restore from backup?", answer NO. The routes file is then overwritten with old data, I have no idea from where.
Questions:
1. How can we prevent the routes file from being overwritten?
2. Is there any way to transfer the VPN shared secret passwords?