For those who run Redhat Linux Enterprise servers / Suse Enterprise Linux or any other Linux distribution with some kind of Application clustering such as Pacemaker ( PCM ) / Corosync and OpenSSH
which are supposed to be always identical in terms of configurations files in /etc/ configurations of haproxy /etc/hosts* below are few steps to follow to always keep files from server1 to server2 the same.
1. Create rsyncuser on 1st machine and second machine
– Create user with useradd on node1 and node2 and generate RSA SSH key pair with ssh-keygen command.
– Copy id_rsa.pub from local server1 host to remote host server2
– Test and confirm remote passwordless authentication is working
– To make rsyncuser be able to copy files with root privileges
echo ‘rsyncuser ALL=NOPASSWD:/usr/bin/rsync’ >> /etc/sudoers
For indepth descriptions of above steps please check my previous artice
Rsync copy files with root privileges between servers with root superuser account disabled.
2. CREATE sync-commands file desired to be executed on logout from the system of the user into
some file like /root/sync_check.sh
root@host # vim /root/sync_check.sh
#!/bin/sh
# sync logout script
echo "###################checking sync Line1 and Line2 now ################"
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/hosts.deny rsyncuser@server2:/etc/hosts.deny
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/haproxy/certs/*.* rsyncuser@server2:/etc/haproxy/certs/
rsync –dry-run –delete -avze 'ssh -i /home/rsyncuser/.ssh/id_rsa' '–rsync-path=sudo rsync' /etc/haproxy/*.cfg rsyncuser@server2:/etc/haproxy/
echo "################### done sync_check.sh ################"
3. Edit root lougout-script /root/.bash_logout
root@host # vi /root/.bash_logout
== Append the following lines:
# ~ / .bash_logout
echo "################### run root bash_logout ################"
/root/sync_check.sh
echo "################### root logged out ################"
== Save and close the file.
– To make the rsync to sync some specific files such as user's personal home directory etc. and hence you need it to be user wide you can add the file to be executed for all users via
/etc/bashrc or /etc/profile
What you will have as a result is an an override copy of /etc/hosts.deny /etc/haproxy/certs* /etc/haproxy/*.cfg on each and every root logout.
The meaning of all this is to make sure this 3 files always stay identical, to prevent someone to mess up some configuration by mistake and on next haproxy standby / reload to not load with unworking config due to the user stupidity.
That's all folks. Test it and be happy 🙂