OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Restart node from another cluster node

https://forums.openvpn.net/viewtopic.php?t=34494

Page 1 of 1

Restart node from another cluster node

Posted: Tue Jul 05, 2022 8:04 pm
by vlisnyi
Is there any ability to restart cluster node from other node, something like

Code: Select all

/usr/local/openvpn_as/scripts/sacli start
but on another node of the cluster.

Also is there any command which can be executed on the node and show that "Restart pending on this Node".

Re: Restart node from another cluster node

Posted: Thu Jul 07, 2022 12:47 pm
by vlisnyi
OpenVPN support helped me with this. Below you can find a needed solution.

Below is an example that was just tested in my Cluster with 2 Nodes:
+ Make sure that ""xmlrpc.relay_level" is set to 2 on the Destination Server:

Code: Select all

sudo su
cd /usr/local/openvpn_as/scripts
./sacli --key "xmlrpc.relay_level" --value 2 ConfigPut
./sacli start
+ Then run the below command from the Source Node to the Destination Node:

Code: Select all

curl -k -X POST -d '<?xml version="1.0"?><methodCall><methodName>RunStart</methodName><params><param><value><string>warm</string></value></param><param><value><nil/></value></param></params></methodCall>' https://openvpn:openpass@12.12.12.12/RPC2/
Where:

Source Node: The Node where you run the command
Destination Node: The Node where you want to apply the command

openvpn = Admin User on Destination Node
openpass = Admin Password on Destination Node
12.12.12.12 = Destination Node Access Server IP

The above command will run "./sacli start" on the Destination Node from the Source Node

Re: Restart node from another cluster node

Posted: Thu Jul 07, 2022 2:18 pm
by openvpn_inc
Hi vlisnyi,

Thanks for this. I was not sure. But I can give you another way to do the same thing.

If the other node is running sshd, and that node's sshd is reachable from the first node, and assuming ssh as root is not prohibited:

Code: Select all

ssh root@second.example /usr/local/openvpn_as/scripts/sacli start
Note that in Access Server version 2.10 and later, the path is not needed; the "sacli" script is in the $PATH for the root user.

This can of course be secured in various ways, but that's the core of it.

regards, rob0
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/