Ok Guys, I've been at this for a few days now and am obviously missing
something obvious :(
I have setup a Single Packetfence Server using ZEN 8 and it is working Fine.
However, before using this in anger, I want to set it up into a Cluster so I
have some redundancy.
I'm following the Instructions at
https://packetfence.org/doc/PacketFence_Clustering_Guide.html
I seem to be failing somewhere at the Cluster.conf configuration.
The First Server is up and running and Shows the VRRP IP's OK.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 00:50:56:8c:55:35 brd ff:ff:ff:ff:ff:ff
inet 10.207.230.201/24 brd 10.207.230.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.207.230.200/32 scope global eth0 <-------- Management
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe8c:5535/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 00:50:56:8c:e1:c3 brd ff:ff:ff:ff:ff:ff
inet 10.207.236.139/28 brd 10.207.236.143 scope global eth1
valid_lft forever preferred_lft forever
inet 10.207.236.138/32 scope global eth1 <-------- Isolation
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe8c:e1c3/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 00:50:56:8c:6d:e4 brd ff:ff:ff:ff:ff:ff
inet 10.207.236.155/28 brd 10.207.236.159 scope global eth2
valid_lft forever preferred_lft forever
inet 10.207.230.154/32 scope global eth2 <-------- Registration
valid_lft forever preferred_lft forever
When typing hostname on the CLI, it returns a single name
[root@auqldrv00nac1ai conf]# hostname
auqldrv00nac1ai
when pinging the name, it returns the FQDN
[root@auqldrv00nac1ai conf]# ping auqldrv00nac1ai
PING auqldrv00nac1ai.amh.com.au (10.207.230.201) 56(84) bytes of data.
64 bytes from auqldrv00nac1ai.amh.com.au (10.207.230.201): icmp_seq=1 ttl=64
time=0.068 ms
My cluster.conf looks like the following
# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster section
# Before doing any changes to this file, read the documentation
[CLUSTER]
management_ip=10.207.230.200
[CLUSTER interface eth0]
ip=10.207.230.200
[CLUSTER interface eth1]
ip=10.207.236.138
[CLUSTER interface eth2]
ip=10.207.230.154
[auqldrv00nac1ai.amh.com.au]
management_ip=10.207.230.201
[auqldrv00nac1ai.amh.com.au interface eth0]
ip=10.207.230.201
[auqldrv00nac1ai.amh.com.au interface eth1]
ip=10.207.236.139
[auqldrv00nac1ai.amh.com.au interface eth2]
ip=10.207.236.155
[auqldrv00nac1bi.amh.com.au]
management_ip=10.207.230.202
[auqldrv00nac1bi.amh.com.au interface eth0]
ip=10.207.230.202
[auqldrv00nac1bi.amh.com.au interface eth1]
ip=10.207.236.140
[auqldrv00nac1bi.amh.com.au interface eth2]
ip=10.207.236.156
[auqldrv00nac1ci.amh.com.au]
management_ip=10.207.230.203
[auqldrv00nac1ci.amh.com.au interface eth0]
ip=10.207.230.203
[auqldrv00nac1ci.amh.com.au interface eth1]
ip=10.207.236.141
[auqldrv00nac1ci.amh.com.au interface eth2]
ip=10.207.236.157
[auqldrv00nac1di.amh.com.au]
management_ip=10.207.230.204
[auqldrv00nac1di.amh.com.au interface eth0]
ip=10.207.230.204
[auqldrv00nac1di.amh.com.au interface eth1]
ip=10.207.236.142
[auqldrv00nac1di.amh.com.au interface eth2]
ip=10.207.236.158
auqldrv00nac1ai is my primary Server.
I get to the stage where the Primary server is running with the SQL Database in
New Newcluster mode
[root@auqldrv00nac1ai conf]# /usr/local/pf/sbin/pf-mariadb --force-new-cluster
Starting MySQL with command: mysqld_safe
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-recover
Starting MySQL with command: mysqld_safe
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-new-cluster
180627 10:25:26 mysqld_safe Logging to syslog.
180627 10:25:27 mysqld_safe Starting mysqld daemon with databases from
/var/lib/mysql
And it seems to be binding to the management ip ok.
[root@auqldrv00nac1ai conf]# netstat -nlp | grep 9090
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN
32437/httpd
tcp 0 0 10.207.230.200:9090 0.0.0.0:* LISTEN
32437/httpd
And then move on to joining the second server.
It performs the Config Sync Fine
[root@auqldrv00nac1bi logs]# /usr/local/pf/bin/cluster/sync
--from=10.207.230.200 --api-user=xxxxx --api-password=xxxxxx
INFO : Synching this server from node 10.207.230.200
But the Second server cannot start all the Services
The haproxy-db service wont start.
Looking in the syslog I see the following
Jun 27 01:16:00 auqldrv00nac1bi pfcmd: haproxy-db|config generated
Jun 27 01:16:00 auqldrv00nac1bi systemd: Started PacketFence HAProxy Load
Balancer for connecting to clustered databases.
Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper: [ALERT] 177/011600
(15153) : Starting proxy stats: cannot bind socket [10.207.230.200:1026]
Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper:
haproxy-systemd-wrapper: exit, haproxy RC=1
Jun 27 01:16:00 auqldrv00nac1bi systemd: packetfence-haproxy-db.service: main
process exited, code=exited, status=1/FAILURE
Jun 27 01:16:00 auqldrv00nac1bi systemd: Unit packetfence-haproxy-db.service
entered failed state.
Jun 27 01:16:00 auqldrv00nac1bi systemd: packetfence-haproxy-db.service failed.
Jun 27 01:16:01 auqldrv00nac1bi systemd: packetfence-haproxy-db.service holdoff
time over, scheduling restart.
The ha proxy is trying to bind to 10.207.230.200. This IP doesn't exists on
this server yet as I understand it
Here is my config on the Primary Server
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=network.XXXX.com.au
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=auqldrv00nac1ai
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP
transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,10.192.3.156,10.207.224.156,10.207.224.157
#
# general.timezone
#
# System's timezone in string format. List generated from Perl library
DateTime::TimeZone
# When left empty, it will use the timezone of the server
timezone=Australia/Brisbane
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
[email protected]
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr. The default is
localhost - be sure you're running an SMTP
# host locally if you don't change it!
smtpserver=email.xxxxxx.com.au
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this parameter
after the initial configuration will *not* change it in the database it self,
only in the configuration.
pass=xxxxxxxx
host=127.0.0.1
[webservices]
#
# webservices.user
#
# username to use to connect to the webAPI
user=packet
#
# webservices.pass
#
# password of the username
pass=xxxxxx
[interface eth0]
ip=10.207.230.201
type=management,high-availability
mask=255.255.255.0
vip=10.207.230.200
[interface eth1]
enforcement=vlan
ip=10.207.236.139
type=internal
mask=255.255.255.240
vip=10.207.236.138
[interface eth2]
enforcement=vlan
ip=10.207.236.155
type=internal
mask=255.255.255.240
vip=10.207.236.154
[active_active]
# Change these 2 values by the credentials you've set when configuring MariaDB
above
galera_replication_username=pfcluster
galera_replication_password=xxxxxxxxxxx
I have also tried to use the single name in the Cluster.conf
Anyone got any idea's or know where to look to sort this?
I'm stumped.
Thanks
Matthew
Matthew Knott
IT Network & Security Administrator
E. [email protected]<mailto:[email protected]>
[JBS Australia]<http://www.jbssa.com.au/>
T. 07 3810 2269
M. 0477733185
F. 07 3816 0535
JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au<http://www.jbssa.com.au/> .
LinkedIn<https://www.linkedin.com/company/jbs-australia>
________________________________
Important Notice:
The contents of this electronic message and any attachments are intended only
for the addressee and may contain legally privileged or confidential
information. They may be only used for the purposes for which they were
supplied. If you are not the addressee, you are notified that any transmission,
distribution, downloading, printing or photocopying of the contents of this
message or attachments is strictly prohibited. Any privilege and/or
confidentiality attached to this message and attachments is not waived, lost or
destroyed by reason of mistaken delivery to you. If you have received this
message in error you should notify the sender by return e-mail or telephone +61
7 3810 2100, and destroy all copies of the message and any attachments.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
