<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 25/08/14 03:33, gaolei wrote:<br>
</div>
<blockquote cite="mid:2014082510330240559130@knet.cn" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
BLOCKQUOTE {
MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em; MARGIN-TOP: 0px
}
OL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
UL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
P {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
DIV.FoxDiv20140825101228512977 {
FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; COLOR: #000000; LINE-HEIGHT: 1.5
}
BODY {
FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; COLOR: #000000; LINE-HEIGHT: 1.5
}
</style>
<meta name="GENERATOR" content="MSHTML 11.00.9600.17239">
<div><br>
<div style="TEXT-INDENT: 2em">I wonder if enforcer runs on both
nodes,what will happen ? Does the enforcer on slave have to be
stopped?</div>
<div style="TEXT-INDENT: 2em"><br>
</div>
</div>
<div> <br>
</div>
</blockquote>
<br>
There are several things that could make two enforcers use different
keys. Even though it uses the oldest suitable key it finds it may
enforce multiple zones in a different order because of slight
differences in runtimes or system reboots, etc... As time goes on
the possibility of the two machines diverging increases.<br>
<br>
Basically there is no advantage to running the enforcer on the
slave, only possible downsides. So long as the signer on the slave
agrees about which keys to use then switching to the slave should
work, in your case where you have the same backend database then
failover would involve:<br>
<br>
1) starting the enforcer on the slave machine so that it picks up
the current keyset<br>
2) checking that the files in the signconf directory have current
timestamps<br>
3) checking the keys in use in the zone match the current "live" set
(i.e. the keys that are out in the wild)<br>
<br>
then you should be good to publish from the slave.<br>
<br>
Sion<br>
</body>
</html>