Name

icasd — Intra Cluster Accessibility Slave Daemon

Synopsis

service icasd { start | stop | restart | reload | status | hash }

Description

This daemon allows one or more Kernun system (masters) to control this Kernun system (slave). Each master starts the complementary daemon icamd(8). The relation is asymetric: the master can control the slave(s). If two systems should be able to control each other, each of them must start both master daemon (icamd) and slave daemon (icasd).

When started, the icasd daemon tries to connect to all the configured masters. If the connection to some master fails, the daemon retries to connect. The daemon tries to keep the connections to the masters established. When the connection to the master is established, the master can control the slave system.

The ssh rsa key pair is used for icasd authentication. The icasd private key is the part of the icasd configuration. The icasd public key is part of the master(s) configuration. Use ssh-keygen(1) for creating the ssh key pair.

Commands

service icasd start

Starts the daemon. The daemon connects to the master(s), and possibly reconnects to them when the connection fails.

service icasd stop

Stops the daemon. The connected master(s) are disconnected.

service icasd restart, service icasd reload

Stops and starts the icasd daemon.

service icasd status

Prints the status of the icasd daemon. If running, all the configured masters are listed with the information whether they are currently connected or not.

service icasd hash

Prints the configuration hash.

Configuration

The icasd daemon is enabled in rc.conf with variable icasd_enable="YES".

The configuration of the icasd daemon is in /usr/local/kernun/etc/icasd.conf. The following variables can be set in the configuration file:

SLAVE_ID_RSA, FN_SLAVE_ID_RSA

The private SSH key of the icasd daemon. Either the contents of the file, or the file name.

WRITE_CFG_HASH

The file name where the hash should be written upon start (including restart, reload).

MASTER_NAMES

The list of masters (space separated). For each master MA, the following variables define each icamd master:

MASTER_ADDR_MA

The address of the master MA. Either IP address or hostname. Slave connects to this address using ssh protocol.

MASTER_PORT_MA

The port of the master MA. Slave connects to this port using ssh protocol.

MASTER_ID_RSA_PUB_MA, FN_MASTER_ID_RSA_PUB_MA

The public SSH key of the icamd master. The authenticity of the master is checked against the ssh key.

MASTER_CFG_NAME_MA

Optional. Defines the name for the master MA. Use this, if the icamd name should differ from MA (MA may not contaion hypens (-)).

See ica(5) for the high level configuration in CML Kernun configuration.

See Also

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.