| Solution |
To format the log disk on a FortiWeb appliance without breaking High Availability (HA), follow these steps carefully to ensure that the FortiWeb appliances continue to function correctly in HA mode:
- Check the HA Configuration.
Before proceeding, verify the current HA state of the problematic node by running the following command:
diagnose system ha status
diagnose system ha status
HA information
Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20
HA group member information: is_manage_master=1.
LocalSN: FVVM08TM22000174
MasterSN: FVVM08TM22000174
FVVM08TM22000174: Primary, 5, 0, 282052, 579, FortiWeb
FVVM08TM22000171: Secondary, 6, 0, 315811, 34327, dc01-waf-prod-01
-
Switch HA Role (if the problematic node is master/primary):
- If the override is enabled, the primary unit is chosen based on the following rule: Available ports number (Monitor) -> Priority -> Uptime -> SN (Serial Number).
- By increasing the priority (where a lower number means higher priority), the current Slave/Secondary will take over as the Master. This can be triggered by ensuring that the Slave/Secondary has a higher priority (numerically lower value) than the problematic Master node.
config system ha
set mode active-passive
set group-id 20
set group-name WAF-PROB-CLOUD
set priority 5
set override enable
set network-type udp-tunnel
set tunnel-local 10.134.4.107
set tunnel-peer 10.134.3.107
set monitor port1 port3
set ha-mgmt-status enable
set ha-mgmt-interface port2
set l7-persistence-sync enable
end
FortiWeb # config system ha
FortiWeb (ha) # set priority 7
FortiWeb (ha) # end
diagnose system ha status
HA information
Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20
HA group member information: is_manage_master=1.
LocalSN: FVVM08TM22000171
MasterSN: FVVM08TM22000171
FVVM08TM22000171: Primary, 6, 0, 316445, 34327, dc01-waf-prod-01
FVVM08TM22000174: Secondary, 7, 0, 282684, 579, FortiWeb
- If the override is disabled, the primary unit will be elected based on the following rule: Available ports number (Monitor) -> Uptime -> Priority -> SN (Serial Number).
- When the problematic Master unit is rebooted with the override disabled, it will trigger a failover. After the reboot, the previous Slave/Secondary unit will take over as the new Master and remain as Master, as its uptime will be higher, and the rebooted node will have lower uptime. This is because uptime takes precedence over priority when the override is disabled.
config system ha
set override disable
end
After the reboot:
diagnose system ha status
HA information
Model=FortiWeb-VM 7.05,build0129(GA),230106, Mode=active-passive Group=20
HA group member information: is_manage_master=1.
LocalSN: FVVM08TM22000174
MasterSN: FVVM08TM22000174
FVVM08TM22000174: Primary, 7, 0, 287445, 287004, FortiWeb
FVVM08TM22000171: Secondary, 6, 0, 467, 26, dc01-waf-prod-01
Note: For more information on HA heartbeat and active node election, see this document
-
Format the Log Disk on the problematic node. Once the failover is complete and the problematic node is no longer the active Master, access the problematic node and format the log disk by issuing the following command:
execute formatlogdisk
Note: This operation formats the whole log disk /var/log, so all logs and databases used by varied modules stored on this disk will be cleared.
|
