Cisco Ace - Gracefully shut down rserver with SSL connections

Unanswered Question
Nov 26th, 2008

Hello

I run a ace module in a 6509

Version A2(1.2) [build 3.0(0)A2(1.2)

How do i gracefully shut down a rserver with current ssl connections?

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/realserv.html#wpmkr1015382

In this dokument it says that the: no inservice command resets all ssl connections. I want to let clients finish their ssl connections, then take the server out of service.

Does it let the clients finish their ssl sessions, if i take the rserver out of service with the: inservice standby command under serverfarm > rserver instead?

as in:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/servfarm.html#wpmkr1036418

If it does, I have another problem, i want do restrict what commands my webmasters can run, and they need to shut down a server grecefully but limit other commands. If i give there users any of the predefined roles or try to make a own role, a can't make them gain access to take a rserver out of service (no inservice or inservice standby command i missing) in a serverfarm...? but my admin user can run those commands.

Does anyone have a idea what role that work or if i make my own role what rules i should use?

Appreciate any help!

//Kristoffer

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ciscocsoc Wed, 11/26/2008 - 07:57

Hi Kristoffer,

The minimum required access is modify to real-inservice.

ace1/Test(config)# role SCOPED1

ace1/Test(config-role)# description Allow control of servers

ace1/Test(config-role)# rule 1 permit modify feature real-inservice

ace1/Test(config-role)# rule 2 permit create feature config-copy

ace1/Test(config-role)# exit

ace1/Test(config)# exit

Then create a user and associate it with the scope.

ace1/Test(config)# username adminScoped password ReallySecret role SCOPED1 domain default-domain

Roles are documented in the Virtualisation Guide and in the Command Reference.

HTH

Cathy

krilleorg Wed, 11/26/2008 - 23:40

doesn't seem to have that command:

rule 1 permit modify feature real-inservice

do you know what relese it is supported in?

or any other useful page a can look at the software releses or development train?

//Kristoffer

Actions

This Discussion