SyferLock Help Center

Installing GridGuard Nonce Replication Check Script

This script runs checks at regular intervals to verify if nonce-replication is functioning normally.
It checks to verify that the context CSNs on the local node, include references to all other servers in the cluster. If for some reason, the context CSN for any peer node is missing, this script will automatically restart the slapd-proxy service. Restarting the service will force a refresh of the context CSNs and correct the error.

This script should be installed on each node in a GridGuard cluster.

Installation

Perform these steps on each node in the cluster:

- Copy (scp) the file attached to this article, 'slapd-proxy-check.php' to /usr/local/sbin on your GridGuard server
- Open an SSH session to the GridGuard server as gridadmin and execute the following commands:

dos2unix /usr/local/sbin/slapd-proxy-check.php
chmod 500 /usr/local/sbin/slapd-proxy-check.php
chown root:root /usr/local/sbin/slapd-proxy-check.php
echo "* * * * * gridadmin /usr/local/sbin/slapd-proxy-check.php >/dev/null 2>&1" > /etc/cron.d/slapd-proxy-check.cron

 

Logging

The script is configured to run once every minute. Every time it runs, it will log a syslog entry.
If there are no errors found, an entry similar to the following will be logged:

Jul 29 14:33:01 ggva1 slapd-proxy-check[24471]: All context CSNs found. No action performed.

If there are any context CSNs missing (i.e. error condition), entries similar to the following will be logged:

Jul 29 14:31:01 ggva1 slapd-proxy-check[24341]: No match found for context CSN pattern '/#002#/'
Jul 29 14:31:01 ggva1 slapd-proxy-check[24341]: Restarting slapd-proxy. Context CSNs missing!!!!

 

Disabling Script

To disable the script, delete the cron entry.
This will prevent the script from running every minute. You will still be able to invoke the script from command line, if necessary.

/bin/rm -f /etc/cron.d/slapd-proxy-check.cron
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk