During a high availability file synchronization operation, a set of files are copied from the primary appliance to the secondary appliance. The high availability setup is synchronized automatically at an interval of one minute or when you manually run the sync ha files command. The secondary appliance initiates the high availability synchronization.
The rsync process completes the high availability file synchronization and the nsfsyncd process controls the synchronization. The rsync process uses an SSH tunnel for file synchronization, but the default SSH port 22 can be updated when running the rsync process. You can specify a particular port instead of port 22 and disallow Access Control Lists (ACLs) from blocking that port. To run the rsync process at an interval of one minute, the cron utility is used.
You can use the NetScaler command line interface or the Configuration Utility at either the primary or secondary appliance to manually synchronize the appliances. The sync ha files command only synchronizes certain files between the appliances and not the ns.conf file. Files located on the secondary appliance, that are specific to the secondary appliance and not present on the primary appliance, are not deleted during the synchronization.
The following is the syntax for high availability synchronization:
sync ha files <mode>
| This table provides a description to the list of modes used for the sync ha files command | |
|---|---|
| Mode | Descriptions |
| all | In this mode, everything except licenses and rc.conf files are synchronized. Files related to system configuration, NetScaler Gateway bookmarks, SSL certificates, SSL CRL lists, HTML injection scripts, and Application Firewall XML objects are synchronized. The following are the synchronization paths in this mode: /var/download
/var/archive /nsconfig/ssl /var/netscaler/ssl /nsconfig/dns /var/vpn/bookmark /nsconfig/htmlinjection /netscaler/htmlinjection/ens – (a symlink target) /var/wi/tomcat/webapps/ /var/wi/tomcat/conf/Catalina/localhost/ /var/wi/java_home/lib/security/cacerts /var/wi/java_home/jre/lib/security/cacerts /var/wi/Clients/ /nsconfig/rc.netscaler /nsconfig/inetd.conf /nsconfig/sshd_config /nsconfig/hosts /nsconfig/snmpd.conf /nsconfig/monitors /nsconfig/ntp.conf /nsconfig/resolv.conf /nsconfig/syslog.conf /nsconfig/nstemplates /nsconfig/enckey /var/nstemplates – (a symlink target) /nsconfig/httpd.conf /var/nslog/asl/ /var/nslw.bin/etc/krb5.conf /var/nslw.bin/etc/krb5.keytab /var/lib/likewise/db/ /nsconfig/ssh/ /nsconfig/krb/ |
| dns | In this mode, DNS related files are synchronized; /nsconfig/dns is the synchronization path. |
| bookmarks | In this mode, all NetScaler Gateway bookmarks are synchronized; /var/vpn/bookmark/ is the synchronization path. |
| ssl | In this mode, all certificates, keys, and CRLs for the SSL feature are synchronized. The following are the synchronization paths in this mode: /nsconfig/ssl/
/var/netscaler/ssl/ |
| htmlinjection | In this mode, all EdgeSight Monitoring scripts configured for the HTML injection feature are synchronized. The following are the synchronization paths in this mode: /nsconfig/htmlinjection/
/netscaler/htmlinjection/ens |
| imports | In this mode, all XML objects such as WSDLs, schemas, and error pages configured for the Application Firewall are synchronized. The following are the synchronization paths in this mode: /var/download
/var/archive |
| misc | In this mode, all license files and the rc.conf file are synchronized. The following are the synchronization paths in this mode: /nsconfig/license/
/nsconfig/rc.conf |
| all_plus_misc | In this mode, all files related to system configuration, NetScaler Gateway bookmarks, SSL certificates, SSL CRL lists, HTML injection scripts, Application Firewall XML objects, licenses, and the rc.conf file are synchronized. The following are the synchronization paths in this mode: /var/download
/var/archive /nsconfig/ssl /var/netscaler/ssl /nsconfig/dns /var/vpn/bookmark /nsconfig/htmlinjection /netscaler/htmlinjection/ens – (a symlink target) /var/wi/tomcat/webapps/ /var/wi/tomcat/conf/Catalina/localhost/ /var/wi/java_home/lib/security/cacerts /var/wi/java_home/jre/lib/security/cacerts /var/wi/Clients/ /nsconfig/rc.netscaler /nsconfig/inetd.conf /nsconfig/sshd_config /nsconfig/hosts /nsconfig/snmpd.conf /nsconfig/monitors /nsconfig/ntp.conf /nsconfig/resolv.conf /nsconfig/syslog.conf /nsconfig/nstemplates /nsconfig/enckey /var/nstemplates – (a symlink target) /nsconfig/httpd.conf /var/nslog/asl/ /var/nslw.bin/etc/krb5.conf /var/nslw.bin/etc/krb5.keytab /var/lib/likewise/db/ /nsconfig/ssh/ /nsconfig/krb/ /nsconfig/license/ /nsconfig/rc.conf |
Additional Resources
CTX109013 – Troubleshooting the NetScaler High Availability Issues
CTX124439 – High Availability Synchronization on NetScaler Appliance
Citrix Documentation – Synchronizing Configuration Files in a High Availability Setup
Citrix Documentation – High Availability FAQs
Citrix Documentation – Troubleshooting High Availability Issues
Citrix Documentation – Considerations for a High Availability Setup
