Cisco Ace - Gracefully shut down rserver with SSL connections

Unanswered Question
Nov 26th, 2008
User Badges:

Hello


I run a ace module in a 6509

Version A2(1.2) [build 3.0(0)A2(1.2)



How do i gracefully shut down a rserver with current ssl connections?


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/realserv.html#wpmkr1015382


In this dokument it says that the: no inservice command resets all ssl connections. I want to let clients finish their ssl connections, then take the server out of service.



Does it let the clients finish their ssl sessions, if i take the rserver out of service with the: inservice standby command under serverfarm > rserver instead?


as in:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/servfarm.html#wpmkr1036418


If it does, I have another problem, i want do restrict what commands my webmasters can run, and they need to shut down a server grecefully but limit other commands. If i give there users any of the predefined roles or try to make a own role, a can't make them gain access to take a rserver out of service (no inservice or inservice standby command i missing) in a serverfarm...? but my admin user can run those commands.


Does anyone have a idea what role that work or if i make my own role what rules i should use?

Appreciate any help!


//Kristoffer


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ciscocsoc Wed, 11/26/2008 - 07:57
User Badges:
  • Silver, 250 points or more

Hi Kristoffer,


The minimum required access is modify to real-inservice.


ace1/Test(config)# role SCOPED1

ace1/Test(config-role)# description Allow control of servers

ace1/Test(config-role)# rule 1 permit modify feature real-inservice

ace1/Test(config-role)# rule 2 permit create feature config-copy

ace1/Test(config-role)# exit

ace1/Test(config)# exit


Then create a user and associate it with the scope.


ace1/Test(config)# username adminScoped password ReallySecret role SCOPED1 domain default-domain


Roles are documented in the Virtualisation Guide and in the Command Reference.


HTH


Cathy

krilleorg Wed, 11/26/2008 - 23:40
User Badges:

doesn't seem to have that command:

rule 1 permit modify feature real-inservice


do you know what relese it is supported in?


or any other useful page a can look at the software releses or development train?


//Kristoffer

Actions

This Discussion