---
canonical: https://safekit.evidian.com/products/high-availability-software-for-application-clustering/safekit-release-notes-8-2/
SafeKit 8.2 Release Notes — Part 5 of 7 — Major Changes: 7.5.2 vs 7.5.1 and 7.5.1 vs 7.4.0 (sections 2.2–2.4)
---

## 2.2      Major changes between SafeKit 7.5.2 and SafeKit 7.5.1

Version 7.5.2 is a consolidation of version
7.5.1 and includes the following changes.

### 2.2.1          Virtual IP

In Linux, load-balancing for farm module is
now based on two kernel modules, instead of one in preceding releases (vip and tcpseq).
The two kernels’ modules must be signed when used with SecureBoot (see [Q009176](https://support.evidian.com/knowledge_base/index.php?path=Global_Area/Q009176.htm%20)).

Re-introduction of the possibility to
designate the interface, on which to configure the virtual IP, by its name
(necessary in some use cases). The interface name must be identical on all
nodes. Supported in Linux **and** Windows.

Add the netmask definition for the virtual
IP in Windows, in addition to Linux.

<vip
[tcpreset="off"|"on"]>

 <interface\_list>

  <interface

    [**name**="interface
name"]

  >

  …

  <virtual\_addr

     
addr="virtual\_IP\_name"|"virtual\_IP\_address"

     

     
[netmask="netmask for the virtual address"]

  …

 

 

|  |  |
| --- | --- |
| <vip |  |
| <interface\_list> |  |
| <interface |  |
| [name="interface name"] | You can specify the name of the network interface on which the virtual IP addresses will be set.   Ex.: name="bond0" on Linux.  Default: no value, SafeKit detects the network interface with virtual IP addresses set on it. |
| … |  |
| <virtual\_interface | Definition of virtual IP addresses configured on an Ethernet interface. |
| netmask="defaultnetmask" | IPV4 only. By default, the netmask of the network interface on which the virtual IP address is set.  Set a netmask if there are several netmasks on the interface. |

 

### 2.2.2          SafeKit web console

The module configuration wizard with the
SafeKit console now allows you to select the type of monitoring to be performed
(process or service) when configuring the process checker.

![](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20369%20114'%3E%3C/svg%3E)![](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image011.jpg)

### 2.2.3          Japanese language support

The Japanese translation has been updated.

### 2.2.4          Miscellaneous

In Windows, add printcert utility to
display the module certificate subject and expiration date. Usage: safekit.exe -r printcert -m AM, where AM is the name of a configured module.

## 2.3      Major changes between SafeKit 7.5.1 and SafeKit 7.4.0

SafeKit 7.5 comes with major changes for
storing internal data and for authenticating users of the web console and safekit
distributed command (safekit
-H …). For migrating to SafeKit 7.5, you must follow
the procedure described in [section](#_Migrating_from_SafeKit_14) 4.3.

### 2.3.1          SafeKit install procedure

Since SafeKit 7.5, by default, the web
service requires user authentication to access the service to improve security
when using the SafeKit web console and safekit distributed
command (safekit -H …). To make the web console and the distributed command operational
quickly and easily, now the install procedure requires a new step for
initializing the web service with an admin user.

For details, see “SafeKit install” in the *SafeKit
User’s Guide*. Below is the quick install and setup procedure:

|  |  |
| --- | --- |
| **Windows** | **Linux** |
| a.    Log as administrator  b.    Double click on the package  safekitwindows\_7\_5\_y\_z.msi  c.    Open a PowerShell console  d.    To setup the Windows firewall, run:  cd SAFE\private\bin\  .\firewallcfg add  e.    To initialize the web service with the admin user and its password, for instance, pwd, run  cd SAFE\private\bin\  .\webservercfg.ps1 -passwd pwd | a.    Log as root  b.    Open a system console  c.    Run chmod +x safekitlinux\_7\_x\_y\_z.bin  d.    Run ./safekitlinux\_7\_x\_y\_z.bin  It extracts the package and the safekitinstall script  e.  Run ./safekitinstall  ·         Reply yes for firewall automatic configuration (with firewalld or iptables)  ·         Reply with the password, for instance, pwd to initialize the web service with the admin user |

 

|  |  |
| --- | --- |
| Commentaire important contourCommentaire important contour | The password assigned during initialization must be identical on all nodes that belong to the same SafeKit cluster. Otherwise, web console and distributed commands will fail with authentication errors. |

 

Once this initialization is done:

·        
you can authenticate in the web console with the
name admin and the password you provided.  The role is Admin by default.

·        
you can run distributed command safekit -H …

 

This default configuration can be extended:

·        
to add users and assign them a role

·        
to switch to HTTPS

The default configuration can still be
replaced by another predefined setup with HTTP/HTTPS; no authentication;
authentication based on LDAP/AD server or client certificates.

For details on the default setup and all
predefined setups, see section “Securing the SafeKit web service” in the *SafeKit
User’s Guide*.

### 2.3.2          Module resources and web console enhancement

Since SafeKit 7.5, text files storage for
internal data has been replaced by SQLite database. This evolution offers
increased resiliency, protections against corruption while providing
scalability and performance. It has also permitted to add new module resources
for:

* making visible the internal state of the
  module (such as failover rules...)
* provide performance/usage indicators
  (such as synchronization indicators...)

And finally, it allowed to keep a history
of the state of the resources to be able to make an analysis of the evolution
of the states over time.

 

The web console has been revised to provide
a lighter and more ergonomic layout. Resource display has been improved to
better represent new resources and their history. For details, see section “The
SafeKit web console” in the *SafeKit User’s Guide*.

#### 2.3.2.1       Mirror module resources

·        
In ![control16](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2010%2010'%3E%3C/svg%3E)![control16](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image013.png) Control tab

·        
Click on the node to display the detailed status
of the module on this node

·        
Select the Resources tab
to view the status of resources

|  |  |
| --- | --- |
| Commentaire, ajouter contourCommentaire, ajouter contour | Since SafeKit 7.5, the date displayed is the last date the resource was assigned. Before SafeKit 7.5, this is the first time the resource has been assigned to the current value. |

·        
Module state

Local and remote
state; replication state ; boot and encryption configured or not ; checkers,
errd, failover active/inactive (result of commands in the Admin submenu of a
node)

·        
Checkers

heartbeats,
errd, intf, ip, ping, tcp, custom, …

·        
File replication (since SafeKit 7.5)

o        
Incoming and outgoing bandwidth

There are 2 new
resources that reflect the network bandwidth (in KBytes/sec) used between
nfsbox processes:

·        
rfs.netout\_bandwidth is the network output bandwidth

·        
rfs.netin\_bandwidth is the network input bandwidth

You can observe
the value of rfs.netout\_bandwidth on the primary or rfs.netin\_bandwidth on the secondary to know the modification rate at the time of
observation (write, create, delete, …). The history of the resource values
gives an overview of its evolution over time.

The value of the
bandwidth depends on the application, system, and network activity. Its
measurement is available for information purposes only.

o        
Data synchronization metrics

New resources have
been added to have metrics on the synchronization (number of files, copied size
and time, …). These measurements are for information purposes only and may be
inaccurate in some cases. In addition, some are not updated in real time.

·        
Others

Failover rules
(including the active one) ; internal resources

|  |  |
| --- | --- |
| Commentaire, ajouter contourCommentaire, ajouter contour | Resources named rfs\_bandwidth.replication and rfs\_bandwidth.reintegration have been renamed rfs.rep\_bandwidth and rfs.rei\_bandwidth. |

 

![](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20523%20411'%3E%3C/svg%3E)![](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image016.jpg)

#### 2.3.2.2       Farm module resources

·        
In ![control16](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2010%2010'%3E%3C/svg%3E)![control16](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image013.png) Control tab

·        
Click on the node to display the detailed status
of the module on this node

·        
Select the Resources tab
to view the status of resources

|  |  |
| --- | --- |
| Commentaire, ajouter contourCommentaire, ajouter contour | Since SafeKit 7.5, the date displayed is the last date the resource was assigned. Before SafeKit 7.5, this is the first time the resource has been assigned to the current value. |

·        
Module state

Local state;
network load share for the node; boot and encryption configured or not; checkers,
errd (result of commands in the Admin submenu of a node)

·        
Checkers

heartbeats,
errd, intf, ip, ping, tcp, custom, …

·        
Others

Failover rules
(including the active one), internal resources

![](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20533%20361'%3E%3C/svg%3E)![](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image017.jpg)

### 2.3.3          Module templates

#### 2.3.3.1       Lightweight Kubernetes

Evidian SafeKit brings high availability to
Kubernetes between two redundant servers. For details see [Kubernetes: The Simplest High Availability Cluster with Synchronous
Replication and Failover between Two Redundant Servers – Evidian](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/kubernetes-the-simplest-high-availability-cluster-with-synchronous-replication-and-failover-between-two-redundant-servers/)

#### 2.3.3.2       Custom checker module template

SafeKit 7.5 delivers a new module template,
customchecker.safe,  that is a basic example of a custom checker in a mirror module.  Install
it with the web console (in Advanced modules) or with the safekit
command. For details, see section “Custom checker example with
customchecker.safe” in the *SafeKit User’s Guide*.

### 2.3.4          New attributes for the module configuration

#### 2.3.4.1       Module boot configuration

A new attribute permits to integrate the
boot configuration of the module into its configuration. It can be set with the
web console into the configuration wizard or in the XML configuration file of
the module:

<service mode=”mirror”|”farm”|”light”

[boot="off"|"on"|"auto"|"ignore"]  

[boot\_delay="0"]

 

|  |  |
| --- | --- |
| <service | Top level section of userconfig.xml |
| [boot=  "on"|  "off"|  "auto"|  "ignore"] | If set to on, the module is automatically started at boot time.  If set to off, the module is not started at boot time.  If set to auto, the module is automatically started at boot time, if it was started before the reboot.  Before SafeKit 7.5, the configuration to start the module at boot was done with the command safekit boot -m AM on | off (which had to be executed on each node). If you prefer to continue using this command, remove the boot attribute or set it to ignore (the default). The module will not be started at boot time unless the safekit boot -m AM on command is executed.  The state of the boot configuration is visible in the usersetting.boot resource. The status of resources is visible in web console/control16control16 Control/Select the node/Resources tab/; with the command safekit state -m AM -v  Default value: ignore |
| [boot\_delay="0"] | The delay, in seconds, before starting the module at boot.  Default value: 0 (no delay) |

#### 2.3.4.2       Counter of active connections on the virtual IP

The connections attribute
enable metric on the virtual IP. It must be set in the XML configuration file
of the module:

<virtual\_addr
addr=”virtual\_IP\_name”|”virtual\_IP\_address” [connections=”off”|”on”]

 

|  |  |
| --- | --- |
| <virtual\_addr | Definition of one Virtual IP address |
| [connections="off"|"on"] | Enables counting of the number of active connections on the virtual address. This count is stored in the resource named connections.<virtual addr value> (for example: connections.192.168.1.99) which is assigned every 10 seconds. This value is provided as a guideline only.  Default value: off |

### 2.3.5          Scripts for the test, debug, or support

Since SafeKit 7.5, when configuring the
module, 2 scripts are generated under SAFE/private/modules/AM/bin (where AM is the
name of the module):

* AM\_start\_wrapper (.ps1 in Windows, .sh in Linux)

It configures
the virtual IP address if one is defined into the module’s configuration and
runs the script start\_prim or start\_both
with all required environment variables

* AM\_stop\_wrapper (.ps1 in Windows, .sh in Linux)

It runs the
script stop\_prim or stop\_both, with all required environment variables, and deconfigures the virtual IP address if one is defined into the
module’s configuration

These scripts can be executed, as
administrator/root, when the module is stopped:

* to test or debug the application
  start/stop scripts in the module (start\_prim/stop\_prim, start\_both/stop\_both)
* to run the application for support or
  maintenance purpose

If the start/stop scripts execute a SafeKit
command, it may have a different behavior when executed while the module is
stopped.

Be aware that starting the application
outside of the module may cause application files on that node to change. If
these files are replicated by a mirror module, the next time you start the
module, please start as primary, the node that has the most up-to-date data
from your point of view.

### 2.3.6          Miscellaneous

·        
Commands log of the SafeKit node

Since SafeKit
7.5, this log is stored in SQLite3 format. For viewing the commands log, run
the command safekit
cmdlog or click on the commands log tab into the web
console.

For more
details, refer to section “Commands log of the SafeKit server” in the *SafeKit
User’s Guide*.

·        
Module snapshot

The structure
and content of the snapshot has changed in SafeKit 7.5. For a full description,
see section “Analysis from snapshots of the module” in the *SafeKit User’s
Guide*. See also the new SafeKit training resources “[Support tools](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/safekit-training-support-tools/)”.

·        
Proxy mode for the web console

In previous
versions of the SafeKit web console, it connected to each cluster node to
retrieve their state and run commands. In this new version, the console
connects only to the node specified in the URL, which acts as a proxy for the
other nodes. This implementation is called proxy mode (set the
query ?proxy=false on the URL, to revert to the previous implementation).

The proxy mode
means that the console becomes inaccessible if the connecting node is
unreachable. It is then necessary to change the URL to get the cluster state
from another cluster node.

·        
Command to clean the HTTPS setup

If necessary,
you can use the new command rmcerts under SAFEBIN to clean your HTTPS setup. It removes all certificates and switch
to HTTP mode for the web service

·        
SafeMonitor

SafeMonitor, the
legacy java console for SafeKit, is no more delivered with the SafeKit package
and no more supported.

## 2.4      Major changes between SafeKit 7.4.0 and SafeKit 7.3.0

### 2.4.1          SafeKit cluster in Microsoft Azure, Amazon Aws, and Google GCP clouds

SafeKit 7.4 core and console have been
improved for providing the simplest solution for a high availability cluster in
the Microsoft Azure, Amazon AWS and Google GCP clouds.  It can be implemented
on existing virtual machines or on a new virtual infrastructure.

For a full description, see in section 17 “SafeKit
Cluster in the Cloud” in the *SafeKit User’s Guide*.

·        
high availability cluster with real-time
replication and failover (mirror cluster)

For a quick
start, refer to [mirror cluster in Azure](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/azure-high-availability-cluster-synchronous-replication-failover/), [mirror cluster in AWS](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/aws-high-availability-cluster-synchronous-replication-failover/) or [mirror cluster in GCP](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/gcp-high-availability-cluster-synchronous-replication-failover/).

![](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20477%20350'%3E%3C/svg%3E)![](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image018.jpg)

·        
high availability cluster with load balancing
and failover (farm cluster)

For a quick
start, refer to [farm cluster in Azure](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/azure-load-balancing-cluster-failover/), [farm cluster in AWS](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/aws-load-balancing-cluster-failover/) or [farm cluster in GCP](https://safekit.evidian.com/products/high-availability-software-for-application-clustering/gcp-load-balancing-cluster-failover/).

![](data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20477%20334'%3E%3C/svg%3E)![](https://safekit.evidian.com/wp-content/uploads/downloads_safekit/version-82/safekit82releasenotes_fichiers/image019.jpg)

### 2.4.2          File replication

File replication offers 3 new configuration
attributes.

|  |  |
| --- | --- |
| <rfs |  |
| [allocthreshold=  "0"] | Windows only.  Size in Gb to apply the allocation policy before reintegration.  When allocthreshold> 0, enable fast allocation of disk space for files to be synchronized on the secondary node. This feature avoids a timeout when the primary writes at the end of the file, when the file is very large (> 200 Gb) and not yet completely copied. The allocation is applied only:  ·         for new files (files that do not exist on the secondary when reintegration starts)  ·         for a full synchronization (for example, during the first reintegration or when the secondary is started with safekit second fullsync)  ·         when the file size on the primary is >= allocthreshold (size in Gb)  Default value: 0 (that disables the feature) |
| [nbremconn="1"] | Number of TCP connections between the primary and the secondary nodes.  This value may be increased to improve the replication and synchronization throughput when the network has high latency (in cloud for instance).  Default value: 1 |
| [sendtimeout="30"] | For SafeKit > 7.4.0.13  Timeout, in seconds, for sending packets to the remote node.  This value may be increased when replication or reintegration fails on low latency networks.  Default value: 30 |

 

Moreover, the file replication component:

* now uses only one port for communication
  between mirror nodes
* data synchronization has been improved for
  low latency networks:

o   
automatic reconnection on communication failure

o   
optimisation for the first synchronization
retries (with namespacepolicy=”4” that is the default value since SafeKit 7.4.0.13)

* has been improved and fixed for hard
  links managements. But some operations are still not supported
* checks on the secondary node that files
  are not opened before starting the synchronization
* since SafeKit 7.4.0.31, in Windows, it
  now supports a new value for roflags=0x10000 attribute; when
  set, the secondary is stopped if a process other than system tries to
  modify a replicated file

### 2.4.3          Process death detection

Process death detection now offers a new
monitoring class, class="pre" for monitoring processes started/stopped into user scripts prestart/poststop.

Since SafeKit > 7.4.0.19, in Linux,
process death detection can monitor a Linux system service in addition to
processes.

### 2.4.4          SafeKit web console and web server

Since SafeKit 7.4.0.13:

* The web server configuration provides
  built-in configuration files for login to the web console with roles based
  on basic authentication (ldap or file)
* On the first start of the web console,
  automatic insertion of the connected server as the cluster named cluster1, into the cluster inventory

### 2.4.5          DNS name resolution

Some fixes and changes have been made for a
better management of the DNS resolution of names contained into the cluster
configuration.

These changes also impact the way to force
a DNS resolution when a DNS entry is modified. Since SafeKit 7.4.0.58, to
consider the new IP address (by SafeKit services and modules), you must
re-apply the cluster configuration on all nodes with the web console or the
commands:

safekit
cluster config ; safekit -H “\*” -G

The new name resolution is not
automatically considered by the running modules. To do this, you must either:

* Stop and start the module
* Run the command safekit update -m AM

This is allowed
only if the module is in the states UP (farm module) or ALONE (mirror module)

### 2.4.6          Miscellaneous

·        
Since SafeKit 7.4.0.19, the extension for the
application log file has changed. The file name is now userlog.ulog and it was userlog.AM (where AM is the module
name)

·        
Since 7.4.0.20, module log display (safekit
logview –m AM) and save (safekit logsave –m AM)
has been changed to display/save only E(vent) messages. Use   -I option
for displaying/save also I(nformation) messages, or -A for displaying all
messages (including debug ones)

·        
Since SafeKit 7.4.0.27 in Linux, modification of
firewall rules management

·        
Since SafeKit 7.4.0.27, improvement of the
section “Securing the SafeKit web console” into the SafeKit User’s Guide