I searched devcentral before deciding to start new thread. We are on version 11.4.1 and have multiple config sync failover clusters in prod and pre prod environments.
In pre 'devops' world. It was OK for an admin to say the environment has been stable and it is time for syncing the nodes.
I want to automate sync on a daily basis with certain criteria.
say a cron job runs the script.
i want tthe script to find out the active node in the device group and exit if it is the passive node.
on active node find out when last failover happened. If failover was > 24 hours, sync config. If not send an email saying, 'Decided against config sync, humans please verify.'
What do you guys think? Is this doable and does it make sense?
It would depend on what your change management policy is? Who is changing your environment? Are they always changing the active box? If someone is testing out new monitors on a standby box and just wanting to evaluate how they do over a period of then and you sync over it, they won't be happy.
What happens if someone added a VLAN to a box and didn't add it to all of the boxes, now your config sync will fail. Sames goes for a new floating self IP without a non floating on that VLAN. I think it'd be more useful to generate a "notification" of changes on each box, a diff of the configs and say do you approve these changes. Click yes, then it syncs the config.
At that point you'll have spent a week writing a script to save 10 minutes of config sync work which should be covered in any changes that are made (IE if you change a VIP, you test it, why would you not sync the config?).
TLDR: I don't think it's worth the time it'd take and there are a lot more necessary devops scripts or documentation work that'd be more helpful.
