Procedure to Recover Subversion Sync in CPS

Available Languages

Download Options

  • PDF     (44.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (119.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (80.2 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 14, 2022
Document ID:218322

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the procedure to recover subversion (SVN) sync in Cisco Policy Suite (CPS).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Linux
    • CPS

    Note: Cisco recommends that you must have privilege root access to CPS CLI.

    Components Used

    The information in this document is based on these software and hardware versions:

    • CPS 20.2
    • Unified Computing System (UCS)-B

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Apache SVN is the version creation and revision control system used within CPS. It maintains all the CPS policy configurations and has repositories in which files can be created, updated, and deleted. SVN maintains the file difference each time any change is made to a file on the server and for each change it generates a revision number.

    In general, most interactions with SVN are performed via Policy Builder (PB).

    In other words, CPS stores the policy configuration data by the use of SVN, or subversion, in an SVN database. That provides a Graphical User Interface (GUI) to view and edit the SVN database (DB) called Policy Builder (PB) that connects to the pcrfclient/Operation and Maintenance (OAM) virtual machine via an external interface, the Virtual IP (VIP), and the Policy Director (PD).

    The configuration data in the SVN DB of both the pcrfclients must be in sync at any point in time.

    CPS consists of active and standby high availability (HA) model deployment of pcrfclient nodes, where one node runs as active and the other node runs as standby.

    Problem

    It is possible that in some situations, the SVN between pcrfclient nodes in a CPS goes out of sync and then it is required to make them in sync.

    In some cases, mostly post policy publish, at the time of arbitervip switchover or even if the SVN server is not reachable, then SVN locks get created on the destination repository.

    Then SVN sync goes out of date and these can be seen in /var/log/httpd/svnsync.log in impacted pcrfclient. When these locks are created, the CPS diagnostic output shows you the SVN sync error. Run this command from either Cluster Manager or pcrfclient in order to check the SVN sync status.

    [root@installer ~]# diagnostics.sh --svn
    CPS Diagnostics HA Multi-Node Environment
    ----------------------------
    Checking svn sync status between pcrfclient01 & 02...
    svn is not sync between pcrfclient01 & pcrfclient02...[FAIL]
    Corrective Action(s): Run ssh pcrfclient01 /var/qps/bin/support/recover_svn_sync.sh

    Procedure to Recover SVN Sync between pcrfclient Nodes

    Approach 1

    This approach is used when there is no SVN lock created.


    Step 1. Log in to the respective pcrfclient node as shown in diagnostics and run this command to sync SVN between active and standby pcrfclient nodes.

    /var/qps/bin/support/recover_svn_sync.sh

    Command output if SVN sync is successful:

    [root@dc1-pcrfclient01 ~]# /var/qps/bin/support/recover_svn_sync.sh
    =================================================================
    [Thu Aug 25 09:10:44 UTC 2022] [INFO] /var/qps/bin/support/recover_svn_sync.sh script is running from console
    -----sync betweeen pcrfclient01 & pcrfclient02 --------------------
    [Thu Aug 25 09:10:47 UTC 2022] [INFO] Doing SVN sync between pcrfclient01 and pcrfclient02...
    [Thu Aug 25 09:11:06 UTC 2022] [INFO] SVN are already in sync between pcrfclient01 and pcrfclient02
    [Thu Aug 25 09:11:07 UTC 2022] [INFO] SVN UUID are matched between pcrfclient01 and pcrfclient02
    [Thu Aug 25 09:11:07 UTC 2022] [INFO] SVN sync completed successfully for pcrfclient01 & pcrfclient02
    [root@dc1-pcrfclient01 ~]#

    If this command cannot sync SVN and throws this error related to the SVN lock in the destination or mirror repository, then go for Approach 2. which involves SVN steal lock.

    SVN Steal Lock

    Step 2. Run this command from either Cluster Manager or pcrfclient, in order to verify the SVN sync status.

    [root@installer ~]# diagnostics.sh --svn
    CPS Diagnostics HA Multi-Node Environment
    ---------------------------
    Checking svn sync status between pcrfclient01 & pcrfclient02...[PASS]
    [root@installer ~]#

    Approach 2

    You can use this approach if the SVN lock is created in the destination or mirror repository.


    Step 1. Log in to the respective pcrfclient node as shown in diagnostics and run this command.

    Command syntax:
    svnsync synchronize file:///var/svn/repos-mirror http://svn.example.com/repos

    Sample command:
    /usr/bin/ssh -k qns@pcrfclient01 -t '' '/usr/bin/svnsync info http://pcrfclient02/repos-proxy-sync'

    [root@dc1-pcrfclient01 ~]# /usr/bin/ssh -k qns@pcrfclient01 -t '' '/usr/bin/svnsync info http://pcrfclient02/repos-proxy-sync'
    Source URL: http://pcrfclient01/repos-proxy-sync
    Source Repository UUID: f1937c9d-1688-463a-9d4e-db944d9aafb1
    Last Merged Revision: 170
    [root@dc1-pcrfclient01 ~]#

    2. Run this command to steal the SVN lock on the destination or mirror repository.

    /usr/bin/ssh -k qns@pcrfclient01 -t '' '/usr/bin/svnsync sync --steal-lock http://pcrfclient02/repos-proxy-sync'

    Note: This command causes svnsync to steal, as necessary, the lock which it uses on the destination or mirror repository to ensure exclusive repository access. This option must only be used when a lock exists in the destination or mirror repository and is known to be stale—that is, when you are certain that there are no other svnsync processes that access the repository.

    3. Run this command to sync SVN between active and standby pcrfclient nodes.

    [root@dc1-pcrfclient01 ~]# /var/qps/bin/support/recover_svn_sync.sh
    =================================================================
    [Thu Aug 25 09:10:44 UTC 2022] [INFO] /var/qps/bin/support/recover_svn_sync.sh script is running from console
    -----sync betweeen pcrfclient01 & pcrfclient02 --------------------
    [Thu Aug 25 09:10:47 UTC 2022] [INFO] Doing SVN sync between pcrfclient01 and pcrfclient02...
    [Thu Aug 25 09:11:06 UTC 2022] [INFO] SVN are already in sync between pcrfclient01 and pcrfclient02
    [Thu Aug 25 09:11:07 UTC 2022] [INFO] SVN UUID are matched between pcrfclient01 and pcrfclient02
    [Thu Aug 25 09:11:07 UTC 2022] [INFO] SVN sync completed successfully for pcrfclient01 & pcrfclient02
    [root@dc1-pcrfclient01 ~]#

    2. Run this command from either Cluster Manager or pcrfclient, to verify the SVN sync status.

    [root@installer ~]# diagnostics.sh --svn
    CPS Diagnostics HA Multi-Node Environment
    ---------------------------
    Checking svn sync status between pcrfclient01 & pcrfclient02...[PASS]
    [root@installer ~]#

    Revision History

    Revision Publish Date Comments
    1.0
    14-Oct-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Midhun P
      Cisco TAC Engineer
    • Krishna Kishore D V
      Cisco Technical Lead

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products