Document Actions
ldms_auto_gateway
switch between gateway mode and direct mode automatically
Make gateway-enabled clients smarter
Agents configured to use the Management Gateway do not connect to the gateway for remote control service by default; this is because leaving the connection on will use up resources on the gateway. They also do not report every IP address change in many cases, because they use miniscan.exe which doesn't go through the gateway. Finally, manually configured test machines will have a separate file that governs the broker behavior, and it may not do the right thing. Here's a program to detect the current state and configure the system properly without human intervention.
Installation and configuration
The ldms_auto_gateway.zip file includes the program, source code, and a custom vulnerability definition.
- Copy the program to a location on your core, then import the definition.
- Modify its patch path to point to the location where you put the ldms_auto_gateway.exe program.
- Go to Patch installation and check that the command line is what you want.
- Save the vulnerability and scan systems.
- Repair as desired.
The vulnerability definition will copy the program to ldclient, then install a local scheduler task. This should make the program run within one minute of an IP address change. One handy side effect of doing it this way is that Local Scheduler is running as Local System, so your end user doesn't have to have permissions to write registry values and restart services.
For even greater reliability, you might change the local scheduler syntax to run every hour or two... more scans means more load, but it might be necessary for those of us whose cores are on roaming laptops themselves :)
Command Line and Behavior
The program looks for a broker certificate; if there is none, it exits.
The program then looks for the core name in the registry; if it can't find one, it exits.
There are two supported ways to detect a core -- ping, and file transfer. If you select /ping it will use ICMP to ping the core once. If you select /file it will use UNC to access a small
file (ldlogon/ldiscn.vroot) from the core. This file is opened for reading, it is not downloaded. You can't use both options together,
and you can't specify the file, and you can't use HTTP.
If the core is reachable, the remote control service should be in direct mode and the on-ip-change inventory scan should be miniscan. If they are not that way, they will be made that way.
If the core is not reachable, the remote control service should be in gateway mode and the on-ip-change inventory scan should be ldiscn32. If they are not that way, they will be made that way.
If the broker.conf.xml file exists, it will be forced into the proper mode as well, UNLESS it's in "Dynamically Determine Connection Route" mode (0).
If the ISSUSER service is not running, it will be started.
If changes had to be made, that's a good indication that inventory needs to be refreshed at the core. If we're coming from direct to gateway, miniscan won't work and a regular scan should be sent. If we're coming from gateway to direct, a miniscan would work, but a a regular scan will probably initiate the out-of-sync process (which might as well start now). Why assume that inventory scans from gateway devices are out of sync? Because laptops enjoy at least some amount of "open the lid for 1 or 2 minutes and then re-suspend" activity, not to mention questionable internet connections. It's not guaranteed that the inventory is incorrect, but the likelihood is high enough to be worth working around. So, if there was a change, ldms_auto_gateway is going to initiate a regular inventory scan.
If the /gateway switch is specified, the core presence tests are not used and do not have to be set on the command line (in other words, ldms_auto_gateway.exe /gateway is an okay command line). The node will be forced into gateway mode if it is not currently in gateway mode.
Logging is non-existent unless you use the /debug flag... this script could potentially run often, and is intended to be transparent and fast. If you do specify logging, an ldms_auto_gateway.log text file will be written into the LDCLIENT directory. This file is replaced on every run.
Changelog. Source code revision system
| switch | effect |
|---|---|
| /p(ing) | Use a single ICMP packet to locate the core |
| /f(ile) | Use UNC access to \\core\ldlogon\ldiscn.vroot to locate the core |
| /d(ebug) | Enable logging. |
Forgot your password?
New user?
