Is it needed watchdog_enabled token on systems with systemd (Linux) or SMF (Solaris) ?
search cancel

Is it needed watchdog_enabled token on systems with systemd (Linux) or SMF (Solaris) ?

book

Article ID: 274610

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

We have a concern about if the watchdog_enabled token, is needed on systems that are using systemd (linux) or SMF (Oracle) as this utilities are already looking for services up or down.

 

Environment

Release : 14.1

Cause

In the last UNAB packages for linux and solaris the systemd is replacing the watchdog so this token is set up disabled. But if we perform UNAB upgrades this token continue being enabled.

Resolution

 

1)First, the watchdog_enabled token controls an external, process-based watchdog.  It is redundant on systems with systemd (Linux) or SMF (Solaris) since those system facilities should be the primary means of ensuring that the service runs or is restarted.  On systems with systemd and SMF, the external watchdog is only likely to interfere with operation of systemd and SMF, so during fresh installation on such systems, the watchdog_enabled  token is set to "no" .

2)External watchdog  only makes sure that uxauthd is running and starts it if it is not.  It does not check memory consumption, number of open files, etc. : an internal uxauthd thread performs those health-checking duties.


3)On machines with redhat 6.x where systemd is not present, the external watchdog should instead be left active to check if the uxauthd daemon is running 

So for Redhat 6.x yes should be needed unab watchdog ?

Yes. On RHEL 6.x  UNAB's watchdog can "keep an eye" on uxauthd to make sure it is started when it is supposed to be running but is not visible in ps output.  UNAB's watchdog is a process started by uxauthd.sh script using script uxauthd_watch.sh. That process checks in a loop for the presence of uxauthd daemon.   If watchdog_enabled = yes, one can see  it as follows:

# ps -ef | grep uxauth
root     11920     1  0 10:58 ?        00:00:00 /bin/sh /opt/CA/uxauth/lbin/uxauthd_watch.sh
root     12110     1  0 10:58 ?        00:00:00 /opt/CA/uxauth/bin/uxauthd -start
root     12169  3388  0 10:59 pts/0    00:00:00 grep --color=auto uxauth

To summarize: on newer Linux and Solaris systems UNAB's watchdog is redundant and is disabled during fresh installations.   The ps command from above on such systems should only show the uxauthd daemon when UNAB is up.

Powered by Wolken Software