cancel
Showing results for 
Search instead for 
Did you mean: 

Triggering a script to run on a particular vTM in a cluster

Highlighted
Frequent Visitor

Triggering a script to run on a particular vTM in a cluster

Hi, 

We set up a letsencrypt module a couple of months ago on one of the vTMs to generate certificates, and it’s come to the time it needs to renew the certificate, we have an alert that runs that's supposed to trigger a script (from this page I think https://community.pulsesecure.net/t5/Pulse-vADC-Updates/Using-Let-s-Encrypt-certificates-with-Brocad... )

the scripts+keys are located on vTM 1, and we locked the virtual server down to that traffic manager as well, but for some reason every time it runs, it tries to do it on vTM 2. (My colleague who set this up, did it this way for a particular reason, but I've forgotten why, and he's on vacation for a fortnight...)

Is there any way to force it to run on vTM1? I would have thought that it would alternate, but it's been trying to run the script for 2 days, and it's been on vTM2 every single time...

1 REPLY
Pulser

Re: Triggering a script to run on a particular vTM in a cluster

Hi @masbrey,

 


the scripts+keys are located on vTM 1, and we locked the virtual server down to that traffic manager as well, but for some reason every time it runs, it tries to do it on vTM 2. 

It would be helpful if you could clarify what you mean by "locking down" the virtual server to a specific traffic manager - are you using multi-site management mode for this?

 

Is there any way to force it to run on vTM1? I would have thought that it would alternate, but it's been trying to run the script for 2 days, and it's been on vTM2 every single time...

The normal issue we see is the script doesn't alternate but rather runs simultaneously on every traffic manager in a cluster - this is not-ideal, but the configuration should become eventually consistent.

 

If the problem is that you are partitioning responsibilities with MSM, then this would explain what you are seeing (certificate expiry warnings are only issues when a certificate is actively configured by a virtual server...). In this case, creating a dummy virtual server (listening on localhost, using the discard pool) with SSL decryption enabled using the Let's Encrypt certificate on the same traffic manager that is hosting the Let's Encrypt scripts/keys should be enough to trigger the alert and thus the script.