1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-12-11 09:24:11 +01:00
yubikey-val/doc/SyncMonitor.adoc

28 lines
1.2 KiB
Plaintext
Raw Normal View History

2014-08-11 15:52:11 +02:00
= YK-VAL Synchronization Monitor =
If you deploy multiple YK-VAL instances, it is important to monitor
them to make sure the data they have is synchronized. While there are
many mechanisms to achieve this, we provide a simple yet flexible
approach. The 'ykval-checksum-clients' tool reads out the important
fields from the database and computes a SHA-1 hash of it, and
truncates the hash to 10 hex characters and prints them to stdout.
The "important fields" are currently considered to be the id, active,
and secret columns of the clients table.
The typical way to use this is either manually or to run it in a cron
job and output the hash to a file that can be downloaded by a remote
monitor system such as Nagios.
2014-08-14 13:25:48 +02:00
user@val:~$ sudo sh -c 'cat > /etc/cron.hourly/run-ykval-checksum-clients'
#!/bin/sh
FILE=/var/www/checksum-clients.txt
(date --utc +%s; ykval-checksum-clients) > $FILE.tmp
mv $FILE.tmp $FILE
user@val:~$ sudo chmod +x /etc/cron.hourly/run-ykval-checksum-clients
2014-08-11 15:52:11 +02:00
If you notice mismatches, you may want to run ykval-checksum-clients
with the '-v' parameter on the different hosts and then use 'diff -ur'
or similar tool to compare the outputs. This should make it possible
2014-08-14 13:25:48 +02:00
to identify the missmatching entries easily.