thoughts on synchronizing config between failover partners
rob0 at gmx.co.uk
Wed Oct 18 16:36:29 UTC 2006
On Wednesday 18 October 2006 10:05, Aaron Bennett wrote:
> I'm curious what other people do about syncing your config files
> between failover peers.
> When I've got this all implemented, I'm planning to hand it to a
> network engineer and I'd like to give him a more elegant way to keep
> the config files in sync then 'make the same edits to the file on
> each host' method. I was thinking of a solution with an nfs share
> and a cron job running on the other host, like..
> host1: shares /var/dhcpd_config to host2.
> edit /etc/dhcpd.master (included by /etc/dhcpd.conf) on host1. Copy
> it to /var/dhcpd_config and restart dhcpd.
> cron job on host2 sees change to /var/dhcpd_config/dhcpd.master,
> copies it to /etc, restarts dhcpd.
> Fairly simple. Of course I'd do stuff like preserve the old version,
> etc, and use iptables to make sure only host2 can access the share.
> How do you handle this?
You can pin down NFS for a firewall:
However, I don't think that's the best plan.
On Wednesday 18 October 2006 10:58, Aaron Bennett wrote:
> John Abbott wrote:
> > i use rsync over ssh seems to work well.
> Sure, but then you need to allow root ssh & either type the root
> password or use a pass-phraseless ssh key.
Um, why root? Make a dedicated user with a no-passphrase key. Allow
said user a sudo(1) command. Or, just have the user set a flag for a
root cron job to check, and overwrite the /etc/dhcpd.conf and restart
dhcpd if said flag (a file?) is detected. (The root cron job would
reset the flag: delete the file.)
There are a few million other ways to do this:
HTTP / wget(1)
FTP / ncftpget(1) or other automated FTP client
nsupdate(8) and DNS TXT records to do the signalling
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the dhcp-users