Setting up ClamAV with CTDB
Prereqs
Configure CTDB as above and set it up to use public ipaddresses.
Verify that the CTDB cluster works.
Configuration
Configure clamd on each node on the cluster.
For details how to configure clamd check its documentation.
/etc/sysconfig/ctdb
Add the following lines to the /etc/sysconfig/ctdb configuration file.
CTDB_MANAGES_CLAMD=yes
CTDB_CLAMD_SOCKET="/path/to/clamd.sock"
Disable clamd in chkconfig so that it does not start by default. Instead CTDB will start/stop clamd as required.
chkconfig clamd off
Events script
The CTDB distribution already comes with an events script for clamd in the file /etc/ctdb/events.d/31.clamd
There should not be any need to edit this file.
What you need is to set it as executable, with command like this:
chmod +x /etc/ctdb/events.d/31.clamd
To check if ctdb monitoring and handling with clamd, you can check outpout of command:
ctdb scriptstatus
Restart your cluster
Next time your cluster restarts, CTDB will start managing the clamd service.
If the cluster is already in production you may not want to restart the entire cluster since this would disrupt services.
Insted you can just disable/enable the nodes one by one. Once a node becomes enabled again it will start the clamd service.
Follow the procedure below for each node, one node at a time :
1 Disable the node
Use the ctdb command to disable the node :
ctdb -n NODE disable
2 Wait until the cluster has recovered
Use the ctdb tool to monitor until the cluster has recovered, i.e. Recovery mode is NORMAL. This should happen within seconds of when you disabled the node.
ctdb status
3 Enable the node again
Re-enable the node again which will start the newly configured vsftp service.
ctdb -n NODE enable
See also
The CLAMAV section in the ctdbd manpage.
man ctdbd