thoughts on synchronizing config between failover partners

/dev/rob0 rob0 at
Wed Oct 18 16:36:29 UTC 2006

On Wednesday 18 October 2006 10:05, Aaron Bennett wrote:
> I'm curious what other people do about syncing your config files
> between failover peers.
> When I've got this all implemented, I'm planning to hand it to a
> network engineer and I'd like to give him a more elegant way to keep
> the config files in sync then 'make the same edits to the file on
> each host' method.  I was thinking of a solution with an nfs share
> and a cron job running on the other host, like..
> host1: shares /var/dhcpd_config to host2.
> edit /etc/dhcpd.master (included by /etc/dhcpd.conf) on host1.  Copy
> it to /var/dhcpd_config and restart dhcpd.
> cron job on host2 sees change to /var/dhcpd_config/dhcpd.master,
> copies it to /etc, restarts dhcpd.
> Fairly simple.  Of course I'd do stuff like preserve the old version,
> etc, and use iptables to make sure only host2 can access the share. 
> How do you handle this?

You can pin down NFS for a firewall:

However, I don't think that's the best plan.

On Wednesday 18 October 2006 10:58, Aaron Bennett wrote:
> John Abbott wrote:
> > i use rsync over ssh seems to work well.
> Sure, but then you need to allow root ssh & either type the root
> password or use a pass-phraseless ssh key.

Um, why root? Make a dedicated user with a no-passphrase key. Allow  
said user a sudo(1) command. Or, just have the user set a flag for a 
root cron job to check, and overwrite the /etc/dhcpd.conf and restart 
dhcpd if said flag (a file?) is detected. (The root cron job would 
reset the flag: delete the file.)

There are a few million other ways to do this:
   HTTP / wget(1)
   FTP / ncftpget(1) or other automated FTP client
   nsupdate(8) and DNS TXT records to do the signalling
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

More information about the dhcp-users mailing list