Netmail Secure 5.x
Situations may arise where the quarantine directory must be moved to another node, such as when a node holding the quarantine directory is to be decommissioned, or if disk space on the node holding the quarantine directory is insufficient. This article will explain how to move the quarantine directory to another machine in a Netmail Secure cluster and point the logging database to that node, and (optionally), how to decommission the node that originally held the quarantine directory.
1) Open an SSH session and connect to the Netmail Secure primary node.
2) Login and gain root privileges by issuing the sudo su command.
30 Stop the netmail and cfs services by invoking the following commands:
service netmail stop
service cfsd stop
4) Navigate to the quarantine directory, located in /var/netmail/store/quarantine.
Compress the existing quarantine directory in preparation for the move using the tar archiving utility. The syntax of the command is:
tar -zcvf <archivename.tar.gz> /var/netmail/store/quarantine (insert the name of the compressed archive to be created between the angle brackets).
The archive will be created in the current directory unless otherwise specified. For example, to create a quarantine archive called qt-archive-sept-2014 in the current directory, the command would be:
tar -zcvf qt-archive-sept-2014.tar.gz> /var/netmail/store/quarantine
5) Once the quarantine archive is generated, move it to the equivalent quarantine directory on the target node and decompress the archive.
The syntax for the decompression command is:
tar –zxvf <archivename.tar.gz> where the name of the archive to be decompressed is inserted between the angle brackets; all files will be extracted to the current directory. In this example, the command would be:
tar –zxvf qt-archive-sept-2014.tar.gz
6) The next step is to update the configuration on the target Secure node. Configuration information is contained in the cfs.conf file. The quarantine section of this file must be updated on the target node so that it contains the same information that is in the cfs.conf file on the primary Secure node.
7) On the primary Secure node, stop the services listed in Step 3, and navigate to the directory holding the cfs.conf file; the file is located in /opt/ma/netmail/etc/
8) Open the file for editing using the vi editor: vi /opt/ma/netmail/etc/cfs.conf
A sample cfs.conf file is shown in the screenshot below. The file will look something like this:
9) Take note of the information about the quarantine store parameter (3rd section of the file, highlighted in yellow in the screenshot above). Copy that section (quarantine store name, path, flags, id etc.; example shown below) to a text file so it remains accessible:
10) Save the file and connect to the target node in the Secure cluster that will now host the quarantine through an SSH session.
Open the cfs.conf file on the target node for editing, and modify the file so it contains the primary node’s quarantine store information (i.e., the information that was copied to the text file in Step 9).
11) Since the quarantine information is also stored in the PostgreSQL database, the database configuration should also be modified as follows:
Ensure that all nodes in the cluster are trusted in the pg_hba.conf file ( located in /var/lib/pgsql/data). An example of the pg_hba.conf file is provided below:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 trust sameuser
host all all 10.205.5.12/32 trust sameuser
# IPv6 local connections:
host all all ::1/128 trust sameuser
Navigate to /root and view the .odbc.ini SQL database configuration file. Verify that logging is pointing to the new (target) server. An example of an .odbc.ini file is provided below.
Make changes to the Servername (IP address of the target node) as needed:
12) Once the configuration is updated, restart the netmail and cfsd services on the target node using the following commands:
service netmail start
service cfsd start
The target node will now hold the quarantine directory for the system.
13) If the primary Netmail Secure node is to be decommissioned, make sure that the netmail service on the node was not restarted, and temporarily disable the firewall by issuing the following command:
service nmFirewall stop
After the service stops, connect to the Netmail Secure eDirectory tree using an LDAP browser.
Delete all OUs in eDirectory that reference the decommissioned primary node:
Disconnect from eDirectory and restart the firewall service:
service nmFirewall stop
Restart the netmail service on the node that now serves as the primary node in the secure cluster:
service netmail start