I have two sites, currently in a distributed configuration. Everything is working swimmingly: updates from the remote come in correctly, we get notifications in a timely manner regardless of site. If the secondary goes down, the primary actively checks the remote hosts and services.
However, I would like to put them in a combined distributed and failover configuration. That is, if the primary server goes down (or becomes general noncontactable), the secondary becomes a fully active server (including attempting to monitor the primary site). The problem I’m having is that to maintain continuity I would have to have passive checks going from the primary to the secondary. I’m worried that doing so could result in a “passive check loop”: check_whatever on either server triggers, and the updated information goes to the other server, which triggers OCSP and sends the information back, and so on.
Is this actually a concern? If so, can someone think of a reliable (and hopefully simple ) way to stop such a loop from forming?