mirror of
https://github.com/Yubico/yubikey-val.git
synced 2024-12-01 15:24:16 +01:00
31 lines
1.2 KiB
Plaintext
31 lines
1.2 KiB
Plaintext
== YK-VAL Synchronization Monitor
|
|
|
|
If you deploy multiple YK-VAL instances, it is important to monitor
|
|
them to make sure the data they have is synchronized. While there are
|
|
many mechanisms to achieve this, we provide a simple yet flexible
|
|
approach. The 'ykval-checksum-clients' tool reads out the important
|
|
fields from the database and computes a SHA-1 hash of it, and
|
|
truncates the hash to 10 hex characters and prints them to stdout.
|
|
|
|
The "important fields" are currently considered to be the id, active,
|
|
and secret columns of the clients table.
|
|
|
|
The typical way to use this is either manually or to run it in a cron
|
|
job and output the hash to a file that can be downloaded by a remote
|
|
monitor system such as Nagios.
|
|
|
|
[source, sh]
|
|
----
|
|
user@val:~$ sudo sh -c 'cat > /etc/cron.hourly/run-ykval-checksum-clients'
|
|
#!/bin/sh
|
|
FILE=/var/www/checksum-clients.txt
|
|
(date --utc +%s; ykval-checksum-clients) > $FILE.tmp
|
|
mv $FILE.tmp $FILE
|
|
user@val:~$ sudo chmod +x /etc/cron.hourly/run-ykval-checksum-clients
|
|
----
|
|
|
|
If you notice mismatches, you may want to run ykval-checksum-clients
|
|
with the '-v' parameter on the different hosts and then use 'diff -ur'
|
|
or similar tool to compare the outputs. This should make it possible
|
|
to identify the missmatching entries easily.
|