Ok Guys, I’ve been at this for a few days now and am obviously
missing something obvious L
I have setup a Single Packetfence Server using ZEN 8 and it is working
Fine. However, before using this in anger, I want to set it up into a
Cluster so I have some redundancy.
I’m following the Instructions at
https://packetfence.org/doc/PacketFence_Clustering_Guide.html
I seem to be failing somewhere at the Cluster.conf configuration.
The First Server is up and running and Shows the VRRP IP’s OK.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:50:56:8c:55:35 brd ff:ff:ff:ff:ff:ff
inet 10.207.230.201/24 brd 10.207.230.255 scope global eth0
valid_lft forever preferred_lft forever
* inet 10.207.230.200/32 scope global eth0 **ß------ Management*
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe8c:5535/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:50:56:8c:e1:c3 brd ff:ff:ff:ff:ff:ff
inet 10.207.236.139/28 brd 10.207.236.143 scope global eth1
valid_lft forever preferred_lft forever
* inet 10.207.236.138/32 scope global eth1* *ß------ Isolation*
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe8c:e1c3/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:50:56:8c:6d:e4 brd ff:ff:ff:ff:ff:ff
inet 10.207.236.155/28 brd 10.207.236.159 scope global eth2
valid_lft forever preferred_lft forever
inet 10.207.230.154/32 scope global eth2 *ß------ Registration*
valid_lft forever preferred_lft forever
When typing hostname on the CLI, it returns a single name
/[root@auqldrv00nac1ai conf]# hostname/
/auqldrv00nac1ai/
when pinging the name, it returns the FQDN
/[root@auqldrv00nac1ai conf]# ping auqldrv00nac1ai/
/PING auqldrv00nac1ai.amh.com.au (10.207.230.201) 56(84) bytes of data./
/64 bytes from auqldrv00nac1ai.amh.com.au (10.207.230.201): icmp_seq=1
ttl=64 time=0.068 ms/
My cluster.conf looks like the following
/# Cluster configuration file for active/active/
/# This file will have it deactivated by default/
/# To activate the active/active mode, set a management IP in the
cluster section/
/# Before doing any changes to this file, read the documentation/
/[CLUSTER]/
/management_ip=10.207.230.200/
//
/[CLUSTER interface eth0]/
/ip=10.207.230.200/
//
/[CLUSTER interface eth1]/
/ip=10.207.236.138/
//
/[CLUSTER interface eth2]/
/ip=10.207.230.154/
//
/[auqldrv00nac1ai.amh.com.au]/
/management_ip=10.207.230.201/
//
/[auqldrv00nac1ai.amh.com.au interface eth0]/
/ip=10.207.230.201/
//
/[auqldrv00nac1ai.amh.com.au interface eth1]/
/ip=10.207.236.139/
//
/[auqldrv00nac1ai.amh.com.au interface eth2]/
/ip=10.207.236.155/
//
/[auqldrv00nac1bi.amh.com.au]/
/management_ip=10.207.230.202/
//
/[auqldrv00nac1bi.amh.com.au interface eth0]/
/ip=10.207.230.202/
//
/[auqldrv00nac1bi.amh.com.au interface eth1]/
/ip=10.207.236.140/
//
/[auqldrv00nac1bi.amh.com.au interface eth2]/
/ip=10.207.236.156/
//
/[auqldrv00nac1ci.amh.com.au]/
/management_ip=10.207.230.203/
//
/[auqldrv00nac1ci.amh.com.au interface eth0]/
/ip=10.207.230.203/
//
/[auqldrv00nac1ci.amh.com.au interface eth1]/
/ip=10.207.236.141/
//
/[auqldrv00nac1ci.amh.com.au interface eth2]/
/ip=10.207.236.157/
//
/[auqldrv00nac1di.amh.com.au]/
/management_ip=10.207.230.204/
//
/[auqldrv00nac1di.amh.com.au interface eth0]/
/ip=10.207.230.204/
//
/[auqldrv00nac1di.amh.com.au interface eth1]/
/ip=10.207.236.142/
//
/[auqldrv00nac1di.amh.com.au interface eth2]/
/ip=10.207.236.158/
//
auqldrv00nac1ai is my primary Server.
I get to the stage where the Primary server is running with the SQL
Database in New Newcluster mode
/[root@auqldrv00nac1ai conf]# /usr/local/pf/sbin/pf-mariadb
--force-new-cluster/
/Starting MySQL with command: mysqld_safe
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-recover/
/Starting MySQL with command: mysqld_safe
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-new-cluster/
/180627 10:25:26 mysqld_safe Logging to syslog./
/180627 10:25:27 mysqld_safe Starting mysqld daemon with databases
from /var/lib/mysql/
//
And it seems to be binding to the management ip ok.
//
/[root@auqldrv00nac1ai conf]# netstat -nlp | grep 9090/
/tcp 0 0 127.0.0.1:9090 0.0.0.0:*
LISTEN 32437/httpd/
/tcp 0 0 10.207.230.200:9090 0.0.0.0:*
LISTEN 32437/httpd/
And then move on to joining the second server.
It performs the Config Sync Fine
/[root@auqldrv00nac1bi logs]# /usr/local/pf/bin/cluster/sync
--from=10.207.230.200 --api-user=xxxxx --api-password=xxxxxx/
/INFO : Synching this server from node 10.207.230.200/
But the Second server cannot start all the Services
The haproxy-db service wont start.
Looking in the syslog I see the following
/Jun 27 01:16:00 auqldrv00nac1bi pfcmd: haproxy-db|config generated/
/Jun 27 01:16:00 auqldrv00nac1bi systemd: Started PacketFence HAProxy
Load Balancer for connecting to clustered databases./
/Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper: [ALERT]
177/011600 (15153) : Starting proxy stats: cannot bind socket
[10.207.230.200:1026]/
/Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper:
haproxy-systemd-wrapper: exit, haproxy RC=1/
/Jun 27 01:16:00 auqldrv00nac1bi systemd:
packetfence-haproxy-db.service: main process exited, code=exited,
status=1/FAILURE/
/Jun 27 01:16:00 auqldrv00nac1bi systemd: Unit
packetfence-haproxy-db.service entered failed state./
/Jun 27 01:16:00 auqldrv00nac1bi systemd:
packetfence-haproxy-db.service failed./
/Jun 27 01:16:01 auqldrv00nac1bi systemd:
packetfence-haproxy-db.service holdoff time over, scheduling restart./
//
The ha proxy is trying to bind to 10.207.230.200. This IP doesn’t
exists on this server yet as I understand it
Here is my config on the Primary Server
//
/[general]/
/#/
/# general.domain/
/#/
/# Domain name of PacketFence system./
/domain=network.XXXX.com.au/
/#/
/# general.hostname/
/#/
/# Hostname of PacketFence system. This is concatenated with the
domain in Apache rewriting rules and therefore must be resolvable by
clients./
/hostname=auqldrv00nac1ai/
/#/
/# general.dhcpservers/
/#/
/# Comma-delimited list of DHCP servers. Passthroughs are created to
allow DHCP transactions from even "trapped" nodes./
/dhcpservers=127.0.0.1,10.192.3.156,10.207.224.156,10.207.224.157/
/#/
/# general.timezone/
/#/
/# System's timezone in string format. List generated from Perl
library DateTime::TimeZone/
/# When left empty, it will use the timezone of the server/
/timezone=Australia/Brisbane/
//
/[alerting]/
/#/
/# alerting.emailaddr/
/#/
/# Email address to which notifications of rogue DHCP servers,
violations with an action of "email", or any other /
/# PacketFence-related message goes to./
/[email protected]/
/#/
/# alerting.smtpserver/
/#/
/# Server through which to send messages to the above emailaddr. The
default is localhost - be sure you're running an SMTP /
/# host locally if you don't change it!/
/smtpserver=email.xxxxxx.com.au/
//
/[database]/
/#/
/# database.pass/
/#/
/# Password for the mysql database used by PacketFence. Changing this
parameter after the initial configuration will *not* change it in the
database it self, only in the configuration./
/pass=xxxxxxxx/
/host=127.0.0.1/
//
/[webservices]/
/#/
/# webservices.user/
/#/
/# username to use to connect to the webAPI/
/user=packet/
/#/
/# webservices.pass/
/#/
/# password of the username/
/pass=xxxxxx/
//
/[interface eth0]/
/ip=10.207.230.201/
/type=management,high-availability/
/mask=255.255.255.0/
/vip=10.207.230.200/
//
/[interface eth1]/
/enforcement=vlan/
/ip=10.207.236.139/
/type=internal/
/mask=255.255.255.240/
/vip=10.207.236.138/
//
/[interface eth2]/
/enforcement=vlan/
/ip=10.207.236.155/
/type=internal/
/mask=255.255.255.240/
/vip=10.207.236.154/
//
/[active_active]/
/# Change these 2 values by the credentials you've set when
configuring MariaDB above/
/galera_replication_username=pfcluster/
/galera_replication_password=xxxxxxxxxxx/
//
I have also tried to use the single name in the Cluster.conf
Anyone got any idea’s or know where to look to sort this?
I’m stumped.
Thanks
Matthew
Matthew Knott
IT Network & Security Administrator
E. [email protected] <mailto:[email protected]>
JBS Australia <http://www.jbssa.com.au/>
T. 07 3810 2269
M. 0477733185
F. 07 3816 0535
JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au <http://www.jbssa.com.au/> . LinkedIn
<https://www.linkedin.com/company/jbs-australia>
------------------------------------------------------------------------
Important Notice:
The contents of this electronic message and any attachments are
intended only for the addressee and may contain legally privileged or
confidential information. They may be only used for the purposes for
which they were supplied. If you are not the addressee, you are
notified that any transmission, distribution, downloading, printing or
photocopying of the contents of this message or attachments is
strictly prohibited. Any privilege and/or confidentiality attached to
this message and attachments is not waived, lost or destroyed by
reason of mistaken delivery to you. If you have received this message
in error you should notify the sender by return e-mail or telephone
+61 7 3810 2100, and destroy all copies of the message and any
attachments.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
