Synchronize Policy Configuration and Other Configuration Files

Although all configuration databases are automatically synchronized across the Service Group, other configuration such as Privilege Management for Unix and Linux policy scripts and encryption keys are not. They must be manually configured to synchronize across the Service Group. Only files that are kept within the standard configuration database pb.db on a primary server can be synchronized, so they need to be imported, and then synchronization configured.

All configuration databases are automatically synchronized across the Service Group. Other files, such as policy scripts and encryption keys, are not similarly treated and must be manually set up for synchronization. Only files that are kept within the standard configuration database /etc/pb.db on a primary server can be synchronized, so they need to be imported, and then synchronization configured.

 

The pbdbutil utility has been enhanced to provide the new synchronization options:

pbdbutil --cfg [<options>] [ <file> <file> ...]
-A <file> <svcgname> <...> Set file as being automatically synchronized within Service Group.
-X <file> <svcgname> <...> Unset file as being automatically synchronized within Service Group.
-L List synchronization configuration for CFG files in the database.

Synchronize Privilege Management for Unix and Linux REST appkeys

Privilege Management for Unix and Linux REST appkeys are often required to authenticate users and services on remote servers, and are specific to each host. However, to provide role-based access to servers across a Service Group, REST appkeys can now be marked as synchronized across the Service Group.

The host must be the primary of the specified Service Group to synchronize the appkeys.

pbdbutil --rest [<options>] [ <file> <file> ...]
-g <appid> [--svcgname <name>] [<acl> ...]

Create new Application key with ACLs.

Specify svcgname to sync key across Service Group.

Database Synchronization

dbsyncdb

  • Version 9.3.0 and earlier: dbsyncdb setting not available.
  • Version 9.4.0 and later: dbsyncdb setting available.

The dbsyncdb option specifies the full path to the Database Synchronization Summary Database. This file is created in databasedir by default, unless the file name starts with a slash (/).

dbsyncdb	/etc/pbdbsync.db
dbsyncdb	/opt/<prefix>pbul<suffix>/dbs/dbsync.db

All primary servers when Registry Name Server is enabled.

dbsyncrefresh

  • Version 9.3.0 and earlier: dbsyncrefresh setting not available.
  • Version 9.4.0 and later: dbsyncrefresh setting available.

The dbsyncrefresh option defines the interval in seconds between database synchronization tasks. Increasing this value lowers the load on primary servers, but increases the time before configuration changes are applied to secondary servers.

dbsyncrefresh	360
dbsyncrefresh	3600

All primary servers when Registry Name Server is enabled.

dbsyncloginterval

  • Version 9.3.0 and earlier: dbsyncloginterval setting not available.
  • Version 9.4.0 and later: dbsyncloginterval setting available.

The dbsyncloginterval option defines the interval in seconds between logging synchronization success and failure messages. Increasing this time makes the REST log smaller, but provides slower feedback on current status of the Database Synchronization on any given host.

dbsyncloginterval	360
dbsyncloginterval	720

All primary servers when Registry Name Server is enabled.