Question
· Sep 7, 2023

start/stop systemd httpd service in mirror servers

Hello Everyone,

We currently have CSP application that runs under 2 servers(usually primary), and every month the server reboots for patching SERVER1(primary) in the morning and SERVER2(backup) at night.

Whenever the SERVER1 reboots SERVER2 behaves as primary and when SERVER1 comes back up it will act as backup server.

First Patching:

So, when SERVER1 is down, I need to start httpd service for SERVER2 and stop httpd service for SERVER1 (which is now backup server).

I tried using the code below in terminal to start httpd service for SERVER2 with no success.

// Need to provide password for current running user
set sc = $ZF(-100, "/SHELL /LOGCMD", "echo 'userpwd' | sudo -S systemctl start httpd.service")
ObjectScript
ObjectScript

This works in terminal but no use, as I need to input password separately.

// Does not matter if I use flags (/SHELL LOGCMD)
set sc =  $ZF(-100, "", "sudo", "systemctl", "start", "httpd.service")
ObjectScript
ObjectScript

And, since I am in SERVER2, I need to stop the httpd service for SERVER1(usually the httpd service also stops but just to make sure it's actually stopped).

I tried with the code below but not able to make it work.

set sc = $ZF(-100, "", ". ~user/ssh-agent.sh; ssh user@IP.Address -o BatchMode=yes 'echo \"userpwd\" | sudo -S systemctl stop httpd.service'")
ObjectScript
ObjectScript

 

Second Patching:

At the moment, the SERVER2 is primary and SERVER1 is backup. In second patching, the SERVER2 restarts and SERVER1 becomes primary again. So, I need to start the httpd service for primary server and stop for backup server.

Note: It works if I run with $ZF(-1) in both the cases but it is deprecated.

Have you guys ever come across this situation?
Any help would be highly appreciated.

Thank you

Product version: Caché 2018.1
$ZV: Cache for Windows (x86-64) 2018.1.5 (Build 659) Mon Mar 22 2021 07:15:21 EDT
Discussion (5)2
Log in or sign up to continue

Hi,
you could configure sudo like

irisusr ALL = NOPASSWD: /usr/bin/systemctl stop httpd.service

where irisusr is the user that runs iris.

For the other server you could do the same thing and setup ssh to authenticate via keys

On source server:
su - irisusr
ssh-copy-id this_is_the_other_web_server


but the real question is: why do you want to stop httpd?

You could configure webgateway to have the other server as a failover.

configure connection to server2
setup application to be server1 primary, server2 backup

Hi,

Sounds Good! We had thought of this, but due to some of our resources encrypted, using them without password may not be feasible.

I think, I was not very clear in my question but have updated it.

So, there is one web application that uses (should use) primary(SERVER1) server only and when it fails over other(SERVER2) server will become primary and consumed by the web application. And same thing happens at night time when the primary(SERVER2 at this moment) server stops and taken over by other server (SERVER1) again. And this continues every month.

why do you want to stop httpd?

My plan was to enable the httpd.service for primary server, so if the httpd service stops other than during the patching then I want it to restart again.

So, if I could run the command for other server from primary server then I could also disable the service and perform few more other tasks.

My main concern was, If there anyway I can utilize the $ZF(-100) command.

Hi,

using zf will always be difficult as IRIS is not running a root. You will need to configure the OS to allow privilege escalation for the irisusr, which open quite a big door.

Or allow irisusr to start/stop httpd, which might be the safer way.

The other options is, if this is only about the application via webgateway contacting the correct primary.

1. set web gateways to be mirror aware

2. configure a VIP address in the mirror and point the cspgateways to this ip address.