I'm reposting this information to preserve the thread
[root@pkfn pf]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a5:98:cf brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:fea5:98cf/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a5:c2:1a brd ff:ff:ff:ff:ff:ff
inet 10.50.156.54/23 brd 10.50.157.255 scope global eth1
inet6 fe80::250:56ff:fea5:c21a/64 scope link
valid_lft forever preferred_lft forever
4: eth0.110@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:50:56:a5:98:cf brd ff:ff:ff:ff:ff:ff
inet 10.67.248.2/24 brd 10.67.248.255 scope global eth0.110
inet6 fe80::250:56ff:fea5:98cf/64 scope link
valid_lft forever preferred_lft forever
5: eth0.111@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:50:56:a5:98:cf brd ff:ff:ff:ff:ff:ff
inet 10.67.252.2/24 brd 10.67.252.255 scope global eth0.111
inet6 fe80::250:56ff:fea5:98cf/64 scope link
valid_lft forever preferred_lft forever
[root@pkfn pf]# cat conf/pf.conf |sed 's/pass\=.*$/pass=top_secret/'
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=wadsworth.org
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=pkfn
#
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow
queries to these servers from even "trapped" nodes.
dnsservers=199.184.30.42,199.184.28.129
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP
transactions from even "trapped" nodes.
dhcpservers=199.184.30.27,10.50.156.21,10.49.66.7,10.57.48.14,199.184.28.130
#
# general.maintenance_interval
#
# Interval at which Packetfence runs its maintenance tasks.
#maintenance_interval=1200s
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=10.67.248.0/24,10.67.252.0/24
#
# trapping.passthrough
#
# When enabled, pfdns will resolve the real IP addresses of passthroughs and
add them in the ipset session to give access
# to trapped devices. DonĀ“t forget to enable ip_forward on your server.
passthrough=enabled
#
# trapping.proxy_passthroughs
#
# Comma-delimited list of domains to be use for apache passthrough
proxy_passthroughs=inside.wadsworth.org,admin.wadsworth.org,loki.wadsworth.org,info.wadsworth.org
#
# trapping.interception_proxy
#
# When enabled, packetfence will intercept proxy request to somes specified port
interception_proxy=enabled
#
# trapping.interception_proxy_port
#
# Comma-delimited list of port used to intercept proxy traffic
interception_proxy_port=3128,8080
#
# registration.range
#
#
#range=10.67.248.0/24
[guests_admin_registration]
#
# guests_admin_registration.access_duration_choices
#
# These are all the choices offered in the guest management interface as
# possible access duration values for a given registration.
access_duration_choices=1DF+0D,1WF+0D,3MF+0D,1YF+1D,3YF
#
# guests_admin_registration.default_access_duration
#
# This is the default access duration value selected in the dropdown on the
# guest management interface.
default_access_duration=3MF+0D
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
[email protected]
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr. The default is
localhost - be sure you're running an SMTP
# host locally if you don't change it!
smtpserver=smtp.wadsworth.org
#
# alerting.subjectprefix
#
#Subject prefix for email notifications of rogue DHCP servers, violations with
an action of "email", or any other
#PacketFence-related message.
subjectprefix=PKFN ALERT:
[scan]
#
# scan.engine
#
# Which scan engine to use to perform client-side policy compliance.
engine=nessus
#
# scan.duration
#
# Approximate duration of a scan. User being scanned on registration are
presented a progress bar
# for this duration, afterwards the browser refreshes until scan is complete.
duration=10m
#
# scan.host
#
# Host the scanning engine is running on. For performance reasons, we
# recommend running the scanning engine on a remote server. A passthrough will
# be automagically created.
host=vnix.wadsworth.org
#
# scan.user
#
# Username to log into scanning engine with.
user=pkfn
#
# scan.pass
#
# Password to log into scanning engine with.
pass=top_secret
#
# scan.nessus_clientpolicy
#
# Name of the remote policy on the nessus server
nessus_clientpolicy=basic-policy
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=top_secret
#
# database.user
#
# Username of the account with access to the mysql database used by PacketFence.
user=pkfn
[expire]
#
# expire.node
#
# Time before a node is removed due to inactivity.
# A value of 0D disables expiration.
# example:
# node=90D
node=120D
#
# expire.iplog
#
# Time which you would like to keep logs on IP/MAC information.
# A value of 0D disables expiration.
# example:
# iplog=180D
iplog=120D
#
# expire.traplog
#
# Time which you would like to keep logs on trap information.
# A value of 0D disables expiration.
# example:
# traplog=180D
traplog=60D
#
# expire.locationlog
#
# Time which you would like to keep logs on location information
# Please note that this table should not become too big since it
# could degrade pfsetvlan performance.
# A value of 0D disables expiration.
# example:
# locationlog=180D
locationlog=60D
[services]
#
# services.iptables
#
# Should iptables be managed by PacketFence?
iptables=disabled
[captive_portal]
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the
common/network-access-detection.gif which is used to detect if network
# access was enabled.
# It cannot be a domain name since it is used in registration or quarantine
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence server
and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy solution.
#
network_detection_ip=199.184.30.46
#
# captive_portal.secure_redirect
#
# If secure_redirect is enabled, the captive portal uses HTTPS when redirecting
# captured clients. This is the default behavior.
secure_redirect=disabled
[interface eth0.111]
enforcement=vlan
ip=10.67.252.2
type=internal
mask=255.255.255.0
[interface eth0.110]
enforcement=vlan
ip=10.67.248.2
type=internal
mask=255.255.255.0
[interface eth1]
ip=10.50.156.54
type=management
mask=255.255.254.0
[root@pkfn pf]# cat conf/networks.conf
[10.67.252.0]
dns=10.67.252.2
dhcp_start=10.67.252.10
gateway=10.67.252.2
domain-name=pkfn-isolation.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=10.67.252.246
dhcp_default_lease_time=300
[10.67.248.0]
dns=10.67.248.2
dhcp_start=10.67.248.10
gateway=10.67.248.2
domain-name=pkfn-registration.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=10.67.248.254
dhcp_default_lease_time=300
[10.67.249.0]
dns=10.67.248.2
next_hop=10.67.248.1
gateway=10.67.249.1
dhcp_start=10.67.249.10
domain-name=vlan-registration.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-registration
dhcp_end=10.67.249.254
dhcp_default_lease_time=300
[10.67.253.0]
dns=10.67.252.2
next_hop=10.67.252.1
gateway=10.67.253.1
dhcp_start=10.67.253.10
domain-name=vlan-isolation.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-isolation
dhcp_end=10.67.253.254
dhcp_default_lease_time=300
[10.67.250.0]
dns=10.67.248.2
next_hop=10.67.248.1
gateway=10.67.250.1
dhcp_start=10.67.250.10
domain-name=vlan-registration.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-registration
dhcp_end=10.67.250.254
dhcp_default_lease_time=300
[10.67.254.0]
dns=10.67.252.2
next_hop=10.67.252.1
gateway=10.67.254.1
dhcp_start=10.67.254.10
domain-name=vlan-isolation.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-isolation
dhcp_end=10.67.254.254
dhcp_default_lease_time=300
[10.67.251.0]
dns=10.67.248.2
next_hop=10.67.248.1
gateway=10.67.251.1
dhcp_start=10.67.251.10
domain-name=vlan-registration.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-registration
dhcp_end=10.67.251.254
dhcp_default_lease_time=300
[10.67.255.0]
dns=10.67.252.2
next_hop=10.67.252.1
gateway=10.67.255.1
dhcp_start=10.67.255.10
domain-name=vlan-isolation.wadsworth.org
named=enabled
dhcp_max_lease_time=3600
dhcpd=enabled
netmask=255.255.255.0
type=vlan-isolation
dhcp_end=10.67.255.254
dhcp_default_lease_time=300
[root@pkfn pf]#
-----Original Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Friday, April 24, 2015 12:28 PM
To: [email protected]
Subject: PacketFence-users Digest, Vol 84, Issue 86
Send PacketFence-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/packetfence-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific than "Re:
Contents of PacketFence-users digest..."
Today's Topics:
1. pfsetvlan high cpu, innodb deadlocks no outgoing switch
management evident (Muller, Daniel (HEALTH))
2. Re: pfsetvlan high cpu, innodb deadlocks no outgoing switch
management evident (Louis Munro)
----------------------------------------------------------------------
Message: 1
Date: Fri, 24 Apr 2015 15:11:22 +0000
From: "Muller, Daniel (HEALTH)" <[email protected]>
Subject: [PacketFence-users] pfsetvlan high cpu, innodb deadlocks no
outgoing switch management evident
To: "[email protected]"
<[email protected]>
Cc: "Cuttler, Brian \(HEALTH\)" <[email protected]>, "Auger,
Ivan \(ITS\)" <[email protected]>
Message-ID:
<sn1pr09mb0894c5e7a1a743603f91fd28a5...@sn1pr09mb0894.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
This is PacketFence 4.5.1, centos-release-6-6.el6.centos.12.2.x86_64 (perl
5.10, mysql 5.1) VMware ESX.
I had a working out-of-band installation with 213 switches, mix of HP Procurve
& Cisco Catalyst.
I attempted an upgrade to 5.0 last week and then attempted to abandon this
effort by rolling back to a VMware snapshot.
To my unhappy surprise the installation is very broken now and I am at a loss.
What I'm seeing essentially is my SNMP traps are received however pfsetvlan is
not taking any action.
I set the log level in conf/log.conf to DEBUG and still the only relevant line
seen in packetfence.log is the start lines.
I tried stepping through pfsetvlan in the perl debugger and I basically saw it
load the switch configuration and start the tail on snmptrapd.log but there are
never any actions on the switches.
All the time, even in the debug session I see pfsetvlan using 100% CPU and
InnoDB deadlocks are seen in mysql.
One thing I can note and I'm unclear what this means; in the web interface I
see no management interface, actually only see a button to configure routed
networks.
In pf.conf and networks.conf my network is correctly described.
I tried running the web configurator and it did not offer a way to configure
the physical network; ( as if it was not detected).
I'm using VMXNET3 drivers and vmware-tools-core-9.0.0-2
Any guidance would be greatly appreciated.
[root@pkfn pf]# tail logs/snmptrapd.log
(6 redundant lines removed)
2015-04-24|15:01:47|UDP:
2015-04-24|[10.56.105.202]:1028->[10.50.156.54]|0.0.0.0|BEGIN TYPE 0 END
2015-04-24|TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
2015-04-24|.1.3.6.1.2.1.1.3.0 = Timeticks: (8155487)
2015-04-24|22:39:14.87|.1.3.6.1.6.3.1.1.4.1.0 = OID:
2015-04-24|.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.7 = Wrong
2015-04-24|Type (should be INTEGER): Gauge32:
2015-04-24|7|.1.3.6.1.2.1.31.1.1.1.1.7 = STRING:
2015-04-24|GigabitEthernet1/0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.7 =
2015-04-24|Hex-STRING: 00 01 E6 35 0F 89 END VARIABLEBINDINGS
2015-04-24|15:01:48|UDP:
2015-04-24|[10.56.105.215]:54976->[10.50.156.54]|0.0.0.0|BEGIN TYPE 0
2015-04-24|END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
2015-04-24|.1.3.6.1.2.1.1.3.0 = Timeticks: (1077737866) 124 days,
2015-04-24|17:42:58.66|.1.3.6.1.6.3.1.1.4.1.0 = OID:
2015-04-24|.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10129 = Wrong
2015-04-24|Type (should be INTEGER): Gauge32:
2015-04-24|10129|.1.3.6.1.2.1.31.1.1.1.1.10129 = STRING:
2015-04-24|GigabitEthernet0/29|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10129 =
2015-04-24|Hex-STRING: 5C 26 0A 36 81 73 END VARIABLEBINDINGS
2015-04-24|15:01:49|UDP:
2015-04-24|[10.56.105.202]:1028->[10.50.156.54]|0.0.0.0|BEGIN TYPE 0 END
2015-04-24|TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
2015-04-24|.1.3.6.1.2.1.1.3.0 = Timeticks: (8155669)
2015-04-24|22:39:16.69|.1.3.6.1.6.3.1.1.4.1.0 = OID:
2015-04-24|.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.7 = Wrong
2015-04-24|Type (should be INTEGER): Gauge32:
2015-04-24|7|.1.3.6.1.2.1.31.1.1.1.1.7 = STRING:
2015-04-24|GigabitEthernet1/0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.7 =
2015-04-24|Hex-STRING: 00 01 E6 35 0F 89 END VARIABLEBINDINGS
2015-04-24|15:01:49|UDP:
2015-04-24|[10.56.105.215]:54976->[10.50.156.54]|0.0.0.0|BEGIN TYPE 0
2015-04-24|END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
2015-04-24|.1.3.6.1.2.1.1.3.0 = Timeticks: (1077738019) 124 days,
2015-04-24|17:43:00.19|.1.3.6.1.6.3.1.1.4.1.0 = OID:
2015-04-24|.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10129 = Wrong
2015-04-24|Type (should be INTEGER): Gauge32:
2015-04-24|10129|.1.3.6.1.2.1.31.1.1.1.1.10129 = STRING:
2015-04-24|GigabitEthernet0/29|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10129 =
2015-04-24|Hex-STRING: 5C 26 0A 36 81 73 END VARIABLEBINDINGS
[root@pkfn pf]# tail logs/packetfence.log Apr 24 11:01:19 pfcmd.pl(3105) DEBUG:
cache get for namespace='configfiles', key='/usr/local/pf/conf/switches.conf',
cache='File:l1_cache:l1_cache', time='0ms': HIT (CHI::Driver::_log_get_result)
Apr 24 11:01:19 pfcmd.pl(3105) DEBUG: cache get for
namespace='configfilesdata', key='SwitchConfig', cache='File:l1_cache',
time='0ms': HIT (CHI::Driver::_log_get_result) Apr 24 11:01:19 pfcmd.pl(3105)
INFO: pidof -x snmptrapd returned 2700 (pf::services::manager::pidFromFile)
Apr 24 11:01:19 pfcmd.pl(3105) INFO: verifying process 2700
(pf::services::manager::removeStalePid)
Apr 24 11:01:19 pfcmd.pl(3105) INFO: pidof -x snmptrapd returned 2700
(pf::services::manager::pidFromFile)
Apr 24 11:01:19 pfcmd.pl(3105) INFO: pidof -x snmptrapd returned 2700
(pf::services::manager::pidFromFile)
Apr 24 11:01:19 pfcmd.pl(3105) DEBUG: Starting Daemon pfsetvlan with command
/usr/local/pf/sbin/pfsetvlan -d (pf::services::manager::launchService)
Apr 24 11:01:21 pfcmd.pl(3105) INFO: Daemon pfsetvlan took 1.563 seconds to
start. (pf::services::manager::launchService)
Apr 24 11:01:21 pfsetvlan(3115) INFO: pfsetvlan starting and writing 3118 to
/usr/local/pf/var/run/pfsetvlan.pid (pf::services::util::createpid) Apr 24
11:01:21 pfsetvlan(3115) INFO: Process started (main::)
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Fri, 24 Apr 2015 12:27:22 -0400
From: Louis Munro <[email protected]>
Subject: Re: [PacketFence-users] pfsetvlan high cpu, innodb deadlocks
no outgoing switch management evident
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset="windows-1252"
On Apr 24, 2015, at 11:11 , Muller, Daniel (HEALTH)
<[email protected]> wrote:
> This is PacketFence 4.5.1, centos-release-6-6.el6.centos.12.2.x86_64 (perl
> 5.10, mysql 5.1) VMware ESX.
>
> I had a working out-of-band installation with 213 switches, mix of HP
> Procurve & Cisco Catalyst.
>
> I attempted an upgrade to 5.0 last week and then attempted to abandon this
> effort by rolling back to a VMware snapshot.
>
> To my unhappy surprise the installation is very broken now and I am at a loss.
>
> What I?m seeing essentially is my SNMP traps are received however pfsetvlan
> is not taking any action.
>
> I set the log level in conf/log.conf to DEBUG and still the only relevant
> line seen in packetfence.log is the start lines.
>
> I tried stepping through pfsetvlan in the perl debugger and I basically saw
> it load the switch configuration and start the tail on snmptrapd.log but
> there are never any actions on the switches.
>
> All the time, even in the debug session I see pfsetvlan using 100% CPU and
> InnoDB deadlocks are seen in mysql.
>
> One thing I can note and I?m unclear what this means; in the web interface I
> see no management interface, actually only see a button to configure routed
> networks.
>
> In pf.conf and networks.conf my network is correctly described.
>
> I tried running the web configurator and it did not offer a way to configure
> the physical network; ( as if it was not detected).
>
> I?m using VMXNET3 drivers and vmware-tools-core-9.0.0-2
>
> Any guidance would be greatly appreciated.
>
Hi Daniel,
Did you roll back the database at the same time as the rest of PF?
I.e. does the current db schema match what is expected of a 4.5.1 install?
Which queries are deadlocking in mysql?
You could also do worse than posting your pf.conf, network.conf and output from
# ip a
Stripped of passwords etc.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest
out-of-the-box monitoring support with 50+ applications Performance metrics,
stats and reports that give you Actionable Insights Deep dive visibility with
transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
End of PacketFence-users Digest, Vol 84, Issue 86
*************************************************
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
