Page 1 of 1

Isilon Sync (fix broken sync jobs)

Posted: Wed Mar 22, 2023 11:26 am
by chris
Diagnose:

Cause for policy errors are recorded in /var/log/isi_migrate log.

For example, once we were pointing to the correct DNS/Smartconnect target name, the next error indicating why the policy failed was:

"Primary authentication fails"

Here is the link to the KB for resolving that policy failure cause:


KB 212644: SyncIQ job fails with error Primary authentication fails


Impact: SyncIQ policies will fail to replicate data without the password on the policy if a SyncIQ pre-shared secret (PSK) is configured on the target cluster

Issue: Clusters can be configured with a SyncIQ pre-shared secret key (PSK) to prevent unauthorized replication of data to the target cluster.
When a target cluster is configured with the PSK, any attempt to run a replication job without the PSK specified in the Sync Policy will fail.

Cause: Target clusters can be configured with a SyncIQ PSK to prevent unauthorized data replication to the cluster. The cause of failure will be identified in the isi_migrate.log with message similar to "Primary authentication fails"
The target PSK must be added to each Sync policy to successfully replicate data to that target cluster.

Resolution:

1) Read the Sync pre-shared secret key (PSK) from the target cluster (requires admin access to the target cluster):
Target# cat /ifs/.ifsvar/modules/tsm/passwd
2) Apply the PSK to the policy with
Syntax for 7.1.x and 7.2.x
isi sync policies modify <policy> --password <PSK>
or for interactive query:
isi sync policies modify <policy> --set-password {respond to interactive prompts}

For earlier OneFS versions (7.0.x)
isi sync policy modify <policy> --passwd=<PSK>

3) Validating the password is set on the policy can be confirmed by viewing the policy
Syntax for 7.1.x and 7.2.x
isi sync policies view <policy>

For earlier OneFS versions (7.0.x)
isi sync policy view <policy>
(If a password is set, output includes Password = Yes)

4) (Optional) To remove the Sync PSK password,
a) remove the PSK file on the target (rm /ifs/.ifsvar/modules/tsm/passwd) and
b) replace the PSK string in above commands with ENTR (enter a null) on all policies replicating data to that target.