The clusterXL_admin Script

Description

You can use the clusterXL_admin script to initiate a manual fail-over from a Cluster Member Security Gateway that is part of a cluster..

Location of this script on your Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members is:

$FWDIR/bin/clusterXL_admin

Script Workflow

This shell script does one of these:

Registers a Critical Device A special software device on each Cluster Member, through which the critical aspects for cluster operation are monitored. When the critical monitored component on a Cluster Member fails to report its state on time, or when its state is reported as problematic, the state of that member is immediately changed to Down. The complete list of the configured critical devices (pnotes) is printed by the 'cphaprob -ia list' command or 'show cluster members pnotes all' command. Synonyms: Pnote, Problem Notification. called "admin_down" and reports the state of that Critical Device as "problem".

This gracefully changes the state of the Cluster Member to "DOWN".
Reports the state of the registered Critical Device "admin_down" as "ok".

This gracefully changes the state of the Cluster Member to "UP".

Then, the script unregisters the Critical Device "admin_down".

For more information, see sk55081.

Example

#! /bin/csh -f

# The script will cause the machine to get into down state, thus the member will not filter packets.

# It will supply a simple way to initiate a failover by registering a new device in problem state when

# a failover is required and will unregister the device when wanting to return to normal operation.

# USAGE:

# clusterXL_admin <up|down>

set PERSISTENT = ""

# checking number of arguments

if ( $#argv > 2 || $#argv < 1 ) then

        echo "clusterXL_admin : Invalid Argument Count"

        echo "Usage: clusterXL_admin <up|down> [-p]"

        exit 1

else if ( "$1" != "up" && "$1" != "down" ) then

        echo "clusterXL_admin : Invalid Argument ($1)"

        echo "Usage: clusterXL_admin <up|down> [-p]"

        exit 1

else if ( $#argv == 2 ) then

        if ( "$2" != "-p" ) then

                echo "clusterXL_admin : Invalid Argument ($2)"

                echo "Usage: clusterXL_admin <up|down> [-p]"

                exit 1

        endif

        set PERSISTENT = "-p"

endif

#checking if cpha is started

$FWDIR/bin/cphaprob stat | grep "Cluster" > /dev/null

if ($status) then

        echo "HA is not started"

        exit 1

endif

# Inform the user that the command can run with persistent mode.

if ("$PERSISTENT" != "-p") then

        echo "This command does not survive reboot. To make the change permanent, please run 'set cluster member admin down/up permanent' in clish or add '-p' at the end of the command in expert mode"

endif

if ( $1 == "up" ) then

        echo "Setting member to normal operation ..."

        $FWDIR/bin/cphaconf set_pnote -d admin_down $PERSISTENT unregister > & /dev/null

        if ( `uname` == 'IPSO' ) then

                sleep 5

        else

                sleep 1

        endif

        set stateArr = `$FWDIR/bin/cphaprob stat | grep "local"`

        $FWDIR/bin/cphaprob stat | egrep "Sync only|Bridge Mode" > /dev/null

        #If it's third party or bridge mode, use column 4 , otherwise 5

        if ($status) then

                set state = $stateArr[5]

        else

                set state = $stateArr[4]

        endif

        echo "Member current state is $state"

        if (($state != "Active" && $state != "Standby") && ($state != "ACTIVE" && $state != "STANDBY" && $state != "ACTIVE(!)")) then

                echo "Operation failed: member is still down, please run 'show cluster members pnotes problem' in clish or 'cphaprob list' in expert mode for further details"

        endif

        exit 0

endif

if ( $1 == "down" ) then

        echo "Setting member to administratively down state ..."

        $FWDIR/bin/cphaconf set_pnote -d admin_down -t 0 -s problem $PERSISTENT register > & /dev/null

        sleep 1

        set stateArr = `$FWDIR/bin/cphaprob stat | grep "local"`

        $FWDIR/bin/cphaprob stat | egrep "Sync only|Bridge Mode" > /dev/null

        #If it's third party or bridge mode, use column 4 , otherwise 5

        if ($status) then

                set state = $stateArr[5]

        else

                set state = $stateArr[4]

        endif

        echo "Member current state is $state"

        if ( $state == "Active attention" || $state == "ACTIVE(!)" ) then

                echo "All the members within the cluster have problem/s and the local member was chosen to become active"

        else

                if ( $state != "Down" && $state != "DOWN" ) then

                        echo "Operation failed: member is still down, please run 'show cluster members pnotes problem' in clish or 'cphaprob list' in expert mode for further details"

                endif

        endif

        exit 0

else

        echo "clusterXL_admin : Invalid Option ($1)"

        echo "Usage: clusterXL_admin <up|down> [-p]"

        exit 1

endif