Redundant Oracle instances
Alan DeKok
aland at deployingradius.com
Tue Mar 3 18:32:24 CET 2009
Anders Holm wrote:
> I've got FR 2.1.3 running hooked up to an Oracle instance. While testing
> failure scenarios I'm finding that the module never fails. I'm testing
> failures where the server has initially been able to connect to the
> database and then subsequently the database goes away. I'm testing by
> doing a nasty ifdown on the interface to simulate dropping network
> connectivity. Hence, this is for disaster type situations where
> something suddenly severs our connectivity.
FreeRADIUS calls rlm_sql_oracle, which calls the Oracle client API...
which hangs.
> What I see when running a radtest to localhost is that FR tries the
> initial SELECT query we have defined and then sits doing nothing until
> something eventually times out about 18 minutes later and then it
> proceeds to process whatever else has been sent to it.
If there's an Oracle API to set timeouts on sockets, I don't know
anything about it. (Not that I've looked... I don't have an Oracle
license to debug these kinds of problems).
> I'd be curious in knowing how this timeout can be tweaked as 18 minutes
> is way too long for us, though I've been unable to find any
> documentation leading me to an answer. Seems this may be somewhere in
> the Oracle side of things, but I'm really not sure to be honest.
Yes. It's an Oracle thing.
> I'd also be highly curious to know how one may return an Access-Accept
> even though we have not been able to actually authenticate the account,
> seeing as our DB is down which holds all the credentials. It seems the
> Fail-Over Wiki has a section on if-else branching which may be useful
> here, as I'd really only want to send Access-Accept when the DB truly
> has failed. though the wiki states "Documentation will be updated
> later..." and doesn't go into any details on how this could be achieved.
You could read "man unlang", which is included with the latest version
of the server.
> Of course, tweaking this timeout value somehow to rather be in the
> seconds than minutes if not even sub-seconds would be preferable. Has
> anyone done this before and if so could I get a snippet of your
> configuration showing me how to achieve this?
Patch the rlm_sql_oracle module to use some magic Oracle API, which
tells the client code "don't keep fscking waiting forever on blocked
connections".
Alan DeKok.
More information about the Freeradius-Users
mailing list