EEM with redundancy inter-device

dmitry · ‎06-17-2013

Hi,

I'm putting together a tcl script to read the cisco IOS CA server certificate requests (pending, granted, etc) in CLI and make the results available via SNMP expression MIB. The two CA servers are configured as a redundant pair with redundancy inter-device. During the script test in EEM the active CA crashed and the standby took over however the EEM /TCL on now active would not run showing

EEM policy CA.tcl has not been scheduled to run because scheduling is not allowed on standby processor

I verified the redundancy role of the CA to make sure it is active:

Redundancy inter-device state: RF_INTERDEV_STATE_ACT

Scheme: Standby

Groupname: CASB Group State: Active

Peer present: RF_INTERDEV_PEER_COMM

Security: Not configured

Since then I tried to move the active back to the original active (the one that had the tcl originally run) by rebooting the now acitve, however I was receiving the same message

the event line of the TCL is

::cisco::eem::event_register_timer watchdog name watchdog time $countdown_entry maxrun 240

event manager environment countdown_entry 60

EEM 3.2, IOS 15.1.3T4

Thanks

Joe Clarke · ‎06-17-2013

There may be a bug where EEM doesn't support inter-device RF. Is there a general RF state or command you can show? EEM Looks to make sure the device is in RF_ACTIVE_FAST to know the policy can be scheduled. It may be that the RFI state is putting the device in an alternate RF state.

dmitry · ‎06-17-2013

Nope, does not look like there is one that provides RF_ACTIVE_FAST.

The "sh redundancy states" gives

my state = 13 -ACTIVE

peer state = 8 -STANDBY HOT

Mode = Duplex

Unit ID = 0

Maintenance Mode = Disabled

Manual Swact = enabled

Communications = Up

client count = 11

client_notification_TMR = 30000 milliseconds

RF debug mask = 0x0

none of the "sh standby .." commands

The "sh redundancy inter-device" on the stand by CA gives:

Redundancy inter-device state: RF_INTERDEV_STATE_STDBY

Scheme: Standby

Groupname: CASB Group State: Standby

Peer present: RF_INTERDEV_PEER_COMM

Security: Not configured

The interesting thing is that it worked up until the active CA router crashed.

Joe Clarke · ‎06-17-2013

Interesting. RF_ACTIVE_FAST is state 9, so state 13 should be good (all states greater than or equal to RF_ACTIVE_FAST are considered to be ACTIVE). Are you getting this error now if you simply try re-registering the EEM policy?

dmitry · ‎06-17-2013

tried several times:

no event manager policy CA.tcl authorization bypass type user

event manager policy CA.tcl authorization bypass type user

(the debug output of registration is attached)

The scheduler runs the TCL:

003478: Jun 17 17:01:45.402 EDT: fh_fd_timer_process_async

003479: Jun 17 17:01:45.402 EDT: fh_fd_timer_event_expire: re=0x681A48CC

003480: Jun 17 17:01:45.402 EDT: fh_send_server_sig_hndlr: received a pulse from timer on node0/0 with fdid: 19

003481: Jun 17 17:01:45.402 EDT: fh_send_timer_fd_msg: msg_type=64

003482: Jun 17 17:01:45.402 EDT: fh_send_timer_fd_msg: sval=0

003483: Jun 17 17:01:45.402 EDT: fh_send_server_sig_hndlr: received FH_MSG_EVENT_PUBLISH

003484: Jun 17 17:01:45.402 EDT: EEM: server processes multi events: timewin=1, sync_flag=0, ec_index=0, cmp_occ=1

003485: Jun 17 17:01:45.402 EDT: EEM: ctx=7:(7,1,1)

003486: Jun 17 17:01:45.402 EDT: EEM: server processes multi events: corr_res=1, cur_tcnt=1, cmp_tcnt=1

003487: Jun 17 17:01:45.402 EDT: fh_schedule_policy: prev_epc=0x0; epc=0x67E0ED88

003488: Jun 17 17:01:45.402 EDT: EEM policy CA.tcl has not been scheduled to run because scheduling is not allowed on standby processor

Also tried the manual run (tcl to ::cisco::eem::event_register_none) and got the same message

Joe Clarke · ‎06-17-2013

I think you may have identified a bug with inter-device RF and EEM. I recommend you open a TAC case so more analysis can be done here.

dmitry · ‎06-17-2013

will do

thanks for looking into this