We’ve got an error on the primary firewall of anactive/passive cluster.
The error is as follows:
The system has transitioned into failure mode for the following reason:
Daemon was unable to read a configuration file. Perhaps a config file is locked by an editor or contains an invalid entry.
This is our second group of firewalls and are currently not in production. The two firewalls in the cluster are on ver. 8.3.0P02 and havethe 8.3.0E14 patch applied as well per the recommendation from McAfee.
The problem pops up after joining the secondary to the cluster. "cf cluster set failure_mode=off" and a restart brings it/them up but we are worried about it happening in production.
Does anyone have any ideas?
Message was edited by: stevenhamori on 4/9/13 12:43:07 PM CDT
Message was edited by: stevenhamori on 4/9/13 1:10:30 PM CDT
on 4/9/13 2:38:01 PM CDT
on 4/9/13 2:43:24 PM CDT
I think the audit would have to be consulted to see what file was locked/unreadable. I think that it might be best to open a ticket with support.
Do you have any tips for preventing file locks and/or best practices for setting up a cluster that will fail over when called to do so?
Check /secureos/etc/server.conf for differences to a known working version.
I recently stumbled across this bug quite a few times when installing patches in the 8.3.x series.
In my cases it was always a change in the parameter section of the zebra server - even changing the order of the parameters lead to a failure_mode.