Synchronize Scheduled Reports on Brekeke CA
When using scheduled reports with Brekeke CA, here are the settings for synchronizing report files between the primary Server A and secondary Server B.
For file synchronization, use lsyncd, rsync, and ssh.
1. Install “rsync” command.
Since it is not used as a daemon, no special settings are required.
2. Install “lsyncd”
It doesn’t exist in RHEL8’s regular repositories, so it must be installed from the EPEL repositories.
3. Configuration of lsyncd
Edit the lsyncd configuration file (/etc/lsyncd.conf). It is recommended to base it on the example (/usr/share/doc/lsyncdexamples/lrsync.lua).
Example setting:
---- -- User configuration file for lsyncd. -- -- Simple example for default rsync. -- settings { logfile = "<Path of log file> ", ⇒ Specify a log file statusFile = "<Path of Status file>", ⇒ Specify a status file insist = 1, ⇒ Keep retrying even if the connection to the sync destination cannot be established when the machine starts } sync{ default.rsync, ⇒ Use rsync for synchronization delay = 0, ⇒ Delay time from occurrence of file update event to execution of rsync (default: 15 seconds) source = "<Scheduled report output destination>", ⇒ Synchronization source target = "<IP address of opposite server>:<Scheduled report output destination>", ⇒ Synchronization destination rsync = { archive = true, ⇒ Archive mode update = true, ⇒ Do not transfer if the file already exists at the destination and the timestamp at the destination is newer verbose = true, ⇒ Output detailed transfer information rsh = "/bin/ssh -l <Tomcat execution user> -i <private key path>", ⇒ ssh command used when connecting (login user and private key are specified) } }
4. Edit unit file
It is recommended to copy the default (/usr/lib/systemd/system/lsyncd.service).
The changes from the default are as follows.
[Service] SuccessExitStatus=143
After completing the settings, execute the “systemctl daemon-reload” command to reflect the changes.
5. Setup ssh public key authentication
Set public key authentication (no password) for ssh connection so that you can log in with ssh without a password.
Tomcat execution user needs to be able to login via ssh, so check in advance if the the user can log in.
5-1. Create a key pair by executing the ssh-keygen command as the user who runs lsyncd.
ssh-keygen -t rsa /root/.ssh/lsyncd_rsa
5-2. Execute the ssh-copy-id command and set the created public key to the opposite server
ssh-copy-id -I /root/.ssh/lsyncd_rsa.pub <Tomcat execution user>@<Opposite Server>
5-3. Enable public key authentication in the remote server’s sshd configuration file (/etc/ssh/sshd_config) and restart sshd.
PubkeyAuthentication yes
After completing the setting, check the login with ssh.
If it fails or you are asked for your password, there is a high possibility that the owner, owner group, and permissions of the directory where the public key of the opposite server is located are incorrect, so please check them.
6. Edit tomcat’s unit file.
To avoid autostart of lsycnd, add stop lsyncd when Tomcat stops.
Change Tomcat’s unit file as follows.
[Service] ExecStop=/bin/bash -c "<shutdown.sh command of tomcat>;sudo systemctl stop lsyncd"
To enable the setting, execute the following command
systemctl daemon-reload
7. Update the switch role script
Change the following point of the switch role script to enable the scheduled report.
// Whether CA's scheduled report is used (false: no, true: yes)
var CA_SCHEDULED_REPORT = false;