Update:
I decided to start over from scratch and use two new PF servers and went
through the clustering process all over again. I now have a fully working PF
cluster between two servers but I still have one minor issue to resolve if
possible. When I plug a host into a PF configured switch I can no longer see
needed information from that host. All I can see in the nodes section is the
MAC address of this host and not the Computer Name or IP address information.
This is not ideal for our setup because the company I intern for wants to
manually manage the VLAN switching. It would be hard to do so going off just
the MAC address information. Is there any reason why the Computer Name field
would be empty after PF being clustered?
My cluster.conf:
[CLUSTER interface ens32]
ip=10.100.10.57
type=management,high-availability
[CLUSTER interface ens33.2]
ip=10.2.10.9
type=internal
[CLUSTER interface 33.50]
ip=10.50.10.9
type=internal
[packetfence]
management_ip=10.100.10.54
[packetfence interface ens32]
ip=10.100.10.54
type=management,high-availability
mask=255.255.0.0
[packetfence interface ens33.2]
enforcement=vlan
ip=10.2.10.10
type=internal
mask=255.255.255.0
[packetfence interface ens33.50]
enforcement=vlan
ip=10.50.10.10
type=internal
mask=255.255.255.0
[packetfence2]
management_ip=10.100.100.90
[packetfence2 interface ens32]
ip=10.100.100.90
type=management,high-availability
mask=255.255.0.0
[packetfence2 interface ens33.2]
enforcement=vlan
ip=10.2.10.5
type=internal
mask=255.255.255.0
[packetfence2 interface ens33.50]
enforcement=vlan
ip=10.50.10.5
type=internal
mask=255.255.255.0
Thanks,
Mike.
________________________________
From: Thierry Laurion <[email protected]>
Sent: Thursday, January 26, 2017 4:48 PM
To: [email protected]
Subject: Re: [PacketFence-users] Cluster help
Hi Michael,
Please share your cluster.conf.
On 01/26/2017 01:33 PM, Campanaro, Michael wrote:
So I just ran the command 'service packetfence-config restart' and then
restarted the packetfence services on both servers. They started and I'm able
to access the admin gui from the cluster's virtual management IP. But the
radiusd service, p0f service and now dhcpd service won't start and PF won't
function as intended. I'm getting a lot of errors like this in packetfence.log:
Jan 26 13:26:03 pfcmd.pl(29925) ERROR: Couldn't connect to MySQL database to
access L2. This is a major problem ! Check the MySQL section in
/usr/local/pf/conf/pfconfig.conf and make sure your database schema is up to
date ! (pfconfig::backend::mysql::_db_error)
Jan 26 13:26:04 pfcmd.pl(29925) ERROR: Caught error DBI
connect('database=pf;host=127.0.0.1;port=3306','pf',...) failed: Can't connect
to MySQL server on '127.0.0.1' (111) at
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 45.
Jan 26 13:26:04 pfcmd.pl(29925) ERROR: Couldn't connect to MySQL database to
access L2. This is a major problem ! Check the MySQL section in
/usr/local/pf/conf/pfconfig.conf and make sure your database schema is up to
date ! (pfconfig::backend::mysql::_db_error)
Jan 26 13:26:04 pfcmd.pl(29925) ERROR: Caught error DBI
connect('database=pf;host=127.0.0.1;port=3306','pf',...) failed: Can't connect
to MySQL server on '127.0.0.1' (111) at
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 45.
Jan 26 13:26:04 pfcmd.pl(29925) ERROR: Couldn't connect to MySQL database to
access L2. This is a major problem ! Check the MySQL section in
/usr/local/pf/conf/pfconfig.conf and make sure your database schema is up to
date ! (pfconfig::backend::mysql::_db_error)
[root@packetfence usr]#
Here we see that haproxy is still not functioning properly by not providing
mysql access.
I'm also getting this error in my radius log:
Thu Jan 26 13:27:22 2017 : Error: Errors reading
raddb//mods-config/attr_filter/access_reject
Thu Jan 26 13:27:22 2017 : Error: raddb//mods-enabled/attr_filter[28]:
Instantiation failed for module "attr_filter.access_reject"
Thank you,
-Mike
________________________________
From: Campanaro, Michael
<[email protected]><mailto:[email protected]>
Sent: Thursday, January 26, 2017 1:15 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] Cluster help
Hey Thierry,
This is what happens when I run that command:
[root@packetfence usr]# /usr/local/pf/bin/pfcmd service haproxy restart
service|command
haproxy|already stopped
Can't use an undefined value as a HASH reference at
/usr/local/pf/lib/pf/services/manager/httpd_admin.pm line 48.
Have haproxy started? ("netstat -laputen|grep 3306" shows haproxy running and
accepting requests?)
Then you should restart packetfence-redis-cache, packetfence-config and then
packetfence.
The admin tries to access management IP of the cluster (line 48) but it can't;
Normal if there is no config cache and no DB access.
I tried restarting both packetfence server earlier and now PF on both servers
refuses to start. These are some of the errors I'm seeing in packetfence.log:
[root@packetfence usr]# tail /usr/local/pf/logs/packetfence.log
Jan 26 13:08:59 pfcmd.pl(26100) ERROR: Could not write namespace
resource::switches_list to L2 cache ! (pfconfig::manager::cache_resource)
Jan 26 13:08:59 pfcmd.pl(26100) ERROR: Caught error DBI
connect('database=pf;host=127.0.0.1;port=3306','pf',...) failed: Can't connect
to MySQL server on '127.0.0.1' (111) at
/usr/local/pf/lib/pfconfig/backend/mysql.pm line 45.
while connecting to database. (pfconfig::backend::mysql::_get_db)
Jan 26 13:08:59 pfcmd.pl(26100) ERROR: Couldn't connect to MySQL database to
access L2. This is a major problem ! Check the MySQL section in
/usr/local/pf/conf/pfconfig.conf and make sure your database schema is up to
date ! (pfconfig::backend::mysql::_db_error)
Jan 26 13:09:00 pfcmd.pl(26100) INFO: Memory configuration is not valid anymore
for key interfaces::management_network(packetfence) in local cached_hash
(pfconfig::cached::is_valid)
Jan 26 13:09:00 pfcmd.pl(26100) INFO: Memory configuration is not valid anymore
for key resource::cluster_hosts in local cached_hash
(pfconfig::cached::is_valid)
Jan 26 13:09:00 pfcmd.pl(26100) FATAL: Can't use an undefined value as a HASH
reference at /usr/local/pf/lib/pf/services/manager/httpd_admin.pm line 48.
(pf::services::manager::httpd_admin::vhosts)
Jan 26 13:11:37 pfcmd.pl(26571) FATAL: Can't use an undefined value as a HASH
reference at /usr/local/pf/lib/pf/services/manager/httpd_admin.pm line 48.
(pf::services::manager::httpd_admin::vhosts)
Thank you,
-Mike
________________________________
From: Thierry Laurion <[email protected]><mailto:[email protected]>
Sent: Thursday, January 26, 2017 12:21 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] Cluster help
Hi Michael,
On 01/26/2017 10:51 AM, Campanaro, Michael wrote:
Fabrice,
I have made some progress and at this point the drives are formatted as ext3,
the PCS corosync cluster settings are all set and I've tested a failover and it
works. I'm no longer locked out of my PF admin gui but I'm still getting mysql
errors. I've noticed on the services tab in the admin interface that my radiusd
and p0f services are no longer starting.
The following is output from my master server:
Netstat output:
[root@packetfence lib]# netstat -nlp|grep 3306
tcp 0 0 10.100.10.54:3306 0.0.0.0:* LISTEN
26674/mysqld
haproxy shoulkd be running and listening here on 127.0.0.1. Restart it.
cd /usr/local/pf
bin/pfcmd service haproxy restart
/etc/my/cnf:
[root@packetfence lib]# cat /etc/my.cnf
[mysqld]
bind_address=10.100.10.54
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
pf.conf:
[root@packetfence lib]# cat /usr/local/pf/conf/pf.conf
[general]
domain=mydomain.local
dnsservers=10.100.10.30,10.100.10.31,127.0.0.1
dhcpservers=10.100.10.30,127.0.0.1
timezone=America/New_York
[guests_admin_registration]
access_duration_choices=1h,3h,12h,1D,2D,3D,5D,10D,30D,1Y
[alerting]
[email protected]<mailto:[email protected]>
[database]
host=127.0.0.1
pass=mypassword
[monitoring]
db_host=127.0.0.1
[services]
pfsetvlan=enabled
snmptrapd=enabled
[captive_portal]
network_detection_ip=10.100.10.54
secure_redirect=disabled
[omapi]
key_base64=JQtM8Oy/gDgXIdiuqyxuSw==
[interface ens32]
ip=10.100.10.54
type=management,high-availibility
mask=255.255.0.0
[interface ens33.2]
enforcement=vlan
ip=10.2.10.10
type=internal
mask=255.255.255.0
gateway=10.2.10.10
pfconfig.conf:
[root@packetfence lib]# cat /usr/local/pf/conf/pfconfig.conf
[general]
backend=mysql
[mysql]
host=127.0.0.1
user=pf
pass=mypassword
db=pf
port=3306
-Mike
________________________________
From: Fabrice Durand <[email protected]><mailto:[email protected]>
Sent: Thursday, January 26, 2017 8:56 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] Cluster help
Hello Michael,
it depend how you format the partition, so if it's ext3 then mount it as an
ext3.
Also when you start the database can you check where it listen ? (netstat -nlp|
grep 3306)
Also can you paste my.cnf and pf.conf, pfconfig.conf ?
Regards
Fabrice
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Thierry Laurion
[email protected]<mailto:[email protected]> :: +1.514.447.4918 *120 ::
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu) and PacketFence
(https://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Thierry Laurion
[email protected]<mailto:[email protected]> :: +1.514.447.4918 *120 ::
https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu) and PacketFence
(https://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
