Firewall HA sync
Hello,
I have 2 firewalls in HA using keepalived and i need to keep both with the same configuration like rules, routes. We use the script bellow on the firewall 02, but we have some fails with this approach. If the firewall 01 failed, ok, the firewall 02 is up to date, but when firewall 01 back again, the changes on firewall 02 won´t be replicated to it.
How do you do with the replication? Any good ideas?
Replication script on firewall 02
#!/bin/bash
MD5=`which md5sum`
SSHPASS=`which sshpass`
fileconf[1]="/etc/init.d/firewall";command[1]="/etc/init.d/firewall restart"
fileconf[2]="/etc/squid/squid.conf";command[2]="squid -k reconfigure"
fileconf[3]="/etc/pptpd.conf";command[3]="/etc/init.d/pptpd restart"
fileconf[4]="/etc/ppp/options";command[4]="/etc/init.d/pptpd restart"
fileconf[5]="/etc/ppp/pptpd-options";command[5]="/etc/init.d/pptpd restart"
count=${#fileconf[@]}
for i in `seq 1 $count`
do
if [ -f "${fileconf[$i]}" ]; then
md5sum1=`$SSHPASS -p "password" ssh 10.0.0.1 -l user $MD5 ${fileconf[$i]} | awk -F " " '{print $1}'`
md5sum2=`$MD5 ${fileconf[$i]} | awk -F " " '{print $1}'`
if [ "$( echo $md5sum1 | grep -v ' ' )" -a "$md5sum1" != "$md5sum2" ];then
$SSHPASS -p "password" ssh 10.0.0.1 -l user cat ${fileconf[$i]} > ${fileconf[$i]}
${command[$i]}
fi
fi
done
|