This script runs checks at regular intervals to verify if nonce-replication is functioning normally.
It checks to verify that the context CSNs on the local node, include references to all other servers in the cluster. If for some reason, the context CSN for any peer node is missing, this script will automatically restart the slapd-proxy service. Restarting the service will force a refresh of the context CSNs and correct the error.
This script should be installed on each node in a GridGuard cluster.
Perform these steps on each node in the cluster:
- Copy (scp) the file attached to this article, 'slapd-proxy-check.php' to /usr/local/sbin on your GridGuard server
- Open an SSH session to the GridGuard server as gridadmin and execute the following commands:
dos2unix /usr/local/sbin/slapd-proxy-check.php chmod 500 /usr/local/sbin/slapd-proxy-check.php chown root:root /usr/local/sbin/slapd-proxy-check.php echo "* * * * * gridadmin /usr/local/sbin/slapd-proxy-check.php >/dev/null 2>&1" > /etc/cron.d/slapd-proxy-check.cron
The script is configured to run once every minute. Every time it runs, it will log a syslog entry.
If there are no errors found, an entry similar to the following will be logged:
Jul 29 14:33:01 ggva1 slapd-proxy-check: All context CSNs found. No action performed.
If there are any context CSNs missing (i.e. error condition), entries similar to the following will be logged:
Jul 29 14:31:01 ggva1 slapd-proxy-check: No match found for context CSN pattern '/#002#/' Jul 29 14:31:01 ggva1 slapd-proxy-check: Restarting slapd-proxy. Context CSNs missing!!!!
To disable the script, delete the cron entry.
This will prevent the script from running every minute. You will still be able to invoke the script from command line, if necessary.
/bin/rm -f /etc/cron.d/slapd-proxy-check.cron