Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 13700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to sync UP2Date Files to Slave (manually)

seroal

Hi,

I´ve got a question regarding the syncing of the update files in case of a HA Cluster. I want to understand, how the files are transfered to the standby Node.

I introduced to update new machines with uploading the updates files manually to the up2date/sys folder, especially because its faster than downloading it from the web again and again. Now I want to know, how I can force the replication for this files or how do I initiate the update process in the right way, that this works?

Actually the Installation on the first machine succeeds, but the second has an "Up2date Failed" State....

Best Regards

Sebastian



This thread was automatically locked due to age.
Parents
  • 0

    Hi Sebastian,

    For High Availiability (HA) and cluster units, Up2Dates are applied to one unit at a time. The failover time is minimal as the higher version unit takes over the connection tracking tables to become the new master. The sequence occurs as:

    1. Up2date applied to HA slave node
    2. Slave node reboots
    3. Slave node after reboot takes master control as it has higher version
    4. Old master takes slave role and applies up2date
    5. Old master reboots 
    6. HA pair is synchronized again and resumes normal operation The High availability status view will show the state of the units during the Up2Date process

    Hope that helps.

    Thanks

    Sachin gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi Sebastian,

    For High Availiability (HA) and cluster units, Up2Dates are applied to one unit at a time. The failover time is minimal as the higher version unit takes over the connection tracking tables to become the new master. The sequence occurs as:

    1. Up2date applied to HA slave node
    2. Slave node reboots
    3. Slave node after reboot takes master control as it has higher version
    4. Old master takes slave role and applies up2date
    5. Old master reboots 
    6. HA pair is synchronized again and resumes normal operation The High availability status view will show the state of the units during the Up2Date process

    Hope that helps.

    Thanks

    Sachin gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
  • 0 in reply to sachingurung

    Hi Sachin,

    thanks for your answer, but I think you misunderstood my question... I didn´t want to know how the normal update procedure works (I´m pretty familiar with it), I wanted to know, how I can force the sync process of the .gpg files between the two nodes.... For the installation the update packages must be available on both machines. And I want to know, which process is responsible for the synchronization of these files and how I can trigger this manually.

    Thanks

  • 0 in reply to seroal

    Hi Sebastian,

    The service responsible for sync process in HA is "repctl".

    Generally, sync process will initiate on every configuration changes on the Master Appliance. Forcing a sync process is not suggested as it is an automatic behavior of UTM.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    ok, then my question is, what causes the repctl process to sync the files between the two nodes? Lets assume I upload an .gpg file, when does repctl sync the file to the other node? Is it time based / periodically? So does repctl stats certain folders for its content and then sync´s this files?

    Would be interesting for me to knowhow how it works...

  • 0 in reply to seroal

    I've had to do this before, but I had no choice, Sebastian.  It's been almost two years since I've done this, so I'd just do it the normal way if possible.  Proceed at your own risk...

    Once you have uploaded the gpg files to the Master (the normal, manual way in WebAdmin, not from the command line), you can transfer the files to the Slave.  As root on the Master (the following assumes that the Master has the Node 1 IP, 192.168.250.1 - if not, use the .1 IP and reverse the Node numbers in the following):

    cd /var/up2date/sys
    rsync -avz *.gpg -e ssh loginuser@198.19.250.2:/home

    And then run the Up2Date on the Slave with:

    ha_utils ssh
    su -
    cd /var/up2date/sys
    mv /home/*.gpg ./
    /sbin/auisys.plx --rpmargs --force

    Finally, after the Up2dDates have been applied to Node 2, run the Up2Date on the new Slave (Node 1) with:

    ha_utils ssh
    su -
    cd /var/up2date/sys
    /sbin/auisys.plx --rpmargs --force

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML