start/stop systemd httpd service in mirror servers
Hello Everyone,
We currently have CSP application that runs under 2 servers(usually primary), and every month the server reboots for patching SERVER1(primary) in the morning and SERVER2(backup) at night.
Whenever the SERVER1 reboots SERVER2 behaves as primary and when SERVER1 comes back up it will act as backup server.
First Patching:
So, when SERVER1 is down, I need to start httpd service for SERVER2 and stop httpd service for SERVER1 (which is now backup server).
I tried using the code below in terminal to start httpd service for SERVER2 with no success.
// Need to provide password for current running user
set sc = $ZF(-100, "/SHELL /LOGCMD", "echo 'userpwd' | sudo -S systemctl start httpd.service")
ObjectScriptObjectScript
This works in terminal but no use, as I need to input password separately.
// Does not matter if I use flags (/SHELL LOGCMD)
set sc = $ZF(-100, "", "sudo", "systemctl", "start", "httpd.service")
ObjectScriptObjectScript
And, since I am in SERVER2, I need to stop the httpd service for SERVER1(usually the httpd service also stops but just to make sure it's actually stopped).
I tried with the code below but not able to make it work.
set sc = $ZF(-100, "", ". ~user/ssh-agent.sh; ssh user@IP.Address -o BatchMode=yes 'echo \"userpwd\" | sudo -S systemctl stop httpd.service'")
ObjectScriptObjectScript
Second Patching:
At the moment, the SERVER2 is primary and SERVER1 is backup. In second patching, the SERVER2 restarts and SERVER1 becomes primary again. So, I need to start the httpd service for primary server and stop for backup server.
Note: It works if I run with $ZF(-1) in both the cases but it is deprecated.
Have you guys ever come across this situation?
Any help would be highly appreciated.
Thank you
Hi,
you could configure sudo like
irisusr ALL = NOPASSWD: /usr/bin/systemctl stop httpd.service
where irisusr is the user that runs iris.
For the other server you could do the same thing and setup ssh to authenticate via keys
On source server:
su - irisusr
ssh-copy-id this_is_the_other_web_server
but the real question is: why do you want to stop httpd?
You could configure webgateway to have the other server as a failover.
configure connection to server2
setup application to be server1 primary, server2 backup
Hi,
Sounds Good! We had thought of this, but due to some of our resources encrypted, using them without password may not be feasible.
I think, I was not very clear in my question but have updated it.
So, there is one web application that uses (should use) primary(SERVER1) server only and when it fails over other(SERVER2) server will become primary and consumed by the web application. And same thing happens at night time when the primary(SERVER2 at this moment) server stops and taken over by other server (SERVER1) again. And this continues every month.
My plan was to enable the httpd.service for primary server, so if the httpd service stops other than during the patching then I want it to restart again.
So, if I could run the command for other server from primary server then I could also disable the service and perform few more other tasks.
My main concern was, If there anyway I can utilize the $ZF(-100) command.
Hi,
using zf will always be difficult as IRIS is not running a root. You will need to configure the OS to allow privilege escalation for the irisusr, which open quite a big door.
Or allow irisusr to start/stop httpd, which might be the safer way.
The other options is, if this is only about the application via webgateway contacting the correct primary.
1. set web gateways to be mirror aware
2. configure a VIP address in the mirror and point the cspgateways to this ip address.
Hi @Timo Lindenschmid and @Pietro Montorfano ,
Thank you for you suggestions, these are really good stuffs you have shared but I had to stick with $ZF(-1) at the moment as it is working as expected with the current Cache version we are using.
I am sure your thoughts will help other developers with similar issue.
Hi @Sandeep K C
As said before you can use zf, but you need to configure the underlying os to let you use unauthenticated access between 2 systems (sudo and ssh keyless).