pikemon — PIKE cluster protocol control daemon
pikemon [-hv]
pikemon [-d ] dbglev-f cfgfile
pikemon [-d ] dbglev-f cfgfile-c command
test-pikemon [-hv] [-d ] dbglev-f [cfgfile-r] [-t ]test_expr
The redundancy cluster feature of Kernun firewall needs a daemon monitoring the status of cluster members and operation ability using the PIKE protocol. This is the task of the pikemon application. The second task of the application is to execute special commands for controling the cluster. For this purpose, the application is called in non-daemon mode.
When started as the PIKE protocol monitor,
pikemon reads
the status-file and sets the (Master or Backup) role
of the node according to the content of the file.
Then it starts to check its health status by
sending ICMP ECHO messages to all configured targets
(ping groups)
and monitoring status of interfaces defined in the configuration.
It also starts to send HELLO
messages from the PIKE protocol over
the heart-beat interface to the cluster peer.
The health status and the result of the dialogue with
the partner in the cluster can lead to taking or dropping the Master role
of the node.
Taking the Master role means stealing the shared
virtual IP and MAC addresses of all controlled
interfaces i.e. sending proper gratuitous ARP packets.
Thus, all bridge interfaces must have the IP address assigned
in the configuration. The MAC address is assigned
as 02:IP address:00 by default,
but it can be changed.
The Backup node keeps the IP address assigned unless marked as
nomadic in the pike item.
The daemon runs in fact as three processes, like Kernun proxies do. The main process just controls run of its children. The Asynchronous Configuration Resolver provides for DNS resolution refreshing. The regular child process handles the real operation and in its process information (shown by the ps), the current status of all virtual clusters is figured out. There is a group of three letters for each virtual cluster with following meaning:
This node wants to act as the primary node.
This node wants to act as the secondary node.
This node currently plays the Master role.
This node currently plays the Backup role.
This node has responses from all ping groups (“up” state).
This node did not get response from at least one ping group (“down” state).
The current status of this host and the cluster peer as well as results of pinging to the target hosts can be watched by the monitor(1) tool avaliable also as a command of the kat(8) tool.
When started with the -c option,
pikemon reads the status file and the configuration,
executes command requested and exits.
The pikemon daemon handles following signals:
SIGUSR1Log level increasing.
SIGUSR2Log level decreasing.
SIGINFOOperation status logging; parent process logs info about all children, child process logs current status of all ping groups.
SIGHUPService termination; the daemon keeps the state until a new instance is started which kills it.
SIGINT,
SIGQUIT,
SIGTERMImmediate termination; the daemon immediately closes the service and drops Master role.
-hPrint usage information.
-vDisplay version information and exit.
-d
dbglevSet debuging level to a specific number. Permitted values are 3 through to 9, 3 being the least and 9 the most verbose. See logging(7) for details. This setting is relevant only till configuration reading is finished.
-f cfgfileRead cfgfile
for configuration information.
-c commandExecute command
(see below) and exit.
VCID]Takes Master role in all virtual clusters,
or just in the virtual cluster with number
VCID.
VCID]Drops Master role in all virtual clusters,
or just in the virtual cluster with number
VCID.