PDA

View Full Version : OSX 10.7.4 Lion Server IP Failover




lucaspkm
Jun 7, 2012, 04:12 AM
Hi guys,

anyone figure it out how to do it for lion servers?



nei0angei0
Jul 27, 2012, 06:02 PM
yessir, best thing to do is create a couple applescripts that will ping your servers. You could set up a monitoring server to do this, or have each server (primary and back up) ping eachother. If ping fails, begin to do scripted actions for fail over.

You can:
-switch IP's with simple commands that change your Network location
-enable or disable protocols
-send out warning emails.

If anyone needs details PM. I was orignally going to release a GUI replacement for fail over but lost my motivation after getting a new job.

shaitan667
Aug 7, 2012, 03:26 AM
nei0angei0 - I am interested in this as well - could you please provide some more info on how to set this up? Would it work with 10.8?

nei0angei0
Aug 8, 2012, 05:01 PM
Sure works in 10.8. I basically run two active scripts. One on each server. One runs on primary server, it's job is to verify services are active and to ping the back up server. If a service fails, it will try and restart it, if it can't be restarted the machine is taken offline. The back up server is also running a script, pinging the main server, if several ping attempts fail, it tell the machine to switch ip addressess and then start the defined services. I use this mainly with AFP/SMB failover. You can also set up a shared drive to store AFP connection tokens so the user is never interrupted, just a short 30 second delay.

nei0angei0
Aug 8, 2012, 05:31 PM
I also run one more start up script on the main server, it checks the machine on boot. You could exercise an option to have your main server do a reboot to try and resolve issues, this start up script would check to see if the reboot fixed the issue, if not it would then power off the main server allowing the back up server's ping to fail, and it will fail over as well.

What is comes down to is how much downtime and how much user warning you want to include. In one scenerio, if a protocol failed like AFP but SMB was still working, it would blast a "server reboot in 1 hour" so SMB users can still work. Then the server would send another warning before reboot. In true high availability the whole process should occur automatically in a matter of seconds or minutes.

lucaspkm
Aug 21, 2012, 01:39 AM
I also run one more start up script on the main server, it checks the machine on boot. You could exercise an option to have your main server do a reboot to try and resolve issues, this start up script would check to see if the reboot fixed the issue, if not it would then power off the main server allowing the back up server's ping to fail, and it will fail over as well.

What is comes down to is how much downtime and how much user warning you want to include. In one scenerio, if a protocol failed like AFP but SMB was still working, it would blast a "server reboot in 1 hour" so SMB users can still work. Then the server would send another warning before reboot. In true high availability the whole process should occur automatically in a matter of seconds or minutes.

cant contact you nei0angei0 has chosen not to receive private messages or may not be allowed to receive private messages. Therefore you may not send your message to him/her.

If you are trying to send this message to multiple recipients, remove nei0angei0 from the recipient list and send the message again.

kd5jos
Aug 21, 2012, 04:34 PM
I'm 99% sure I already know the answer, BUT if I'm running SSL on the primary server, is there a way to make SSL work on the backup (through using a wildcard cert I'm guessing)?

nei0angei0
Aug 21, 2012, 04:43 PM
Lucas, can you try again? I am not sure how I turned off private messages.

And for the second questions

An SSL certificate is linked to the public domain name, not any internal dns or ip. You should be able to install the same cert on both servers.

From another post:
"Install the cert on the primary, then export the cert with the private key and install on the failover.

When the primary goes down, the failover will take over, with the same domain name and same certificate."

lucaspkm
Aug 27, 2012, 12:51 AM
Lucas, can you try again? I am not sure how I turned off private messages.

And for the second questions

An SSL certificate is linked to the public domain name, not any internal dns or ip. You should be able to install the same cert on both servers.

From another post:
"Install the cert on the primary, then export the cert with the private key and install on the failover.

When the primary goes down, the failover will take over, with the same domain name and same certificate."

nei0angei0 has chosen not to receive private messages or may not be allowed to receive private messages. Therefore you may not send your message to him/her.

If you are trying to send this message to multiple recipients, remove nei0angei0 from the recipient list and send the message again.

nei0angei0
Sep 19, 2012, 03:16 PM
not sure.

aim: nei0angei0.

etcinitd
May 1, 2013, 10:17 AM
Can you make available the scripts?

not sure.

aim: nei0angei0.