Re: [PacketFence-users] Setup Up a cluster and tearing my hair out :)

[Matthew Knott via PacketFence-users]

Sorry All,  My Bad..


The SQL Server wasn't started:(

Matthew


Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au<mailto:matthew.kn...@jbssa.com.au>

[JBS Australia]<http://www.jbssa.com.au/>
T.      07 3810 2269
M.      0477733185
F.      07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au<http://www.jbssa.com.au/>  .  
LinkedIn<https://www.linkedin.com/company/jbs-australia>

From: Matthew Knott
Sent: Wednesday, 27 June 2018 2:46 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Subject: RE: [PacketFence-users] Setup Up a cluster and tearing my hair out :)

Thanks Fabrice,

              I'm a little further forward :)


Now The Webservices wont Start.

I've made the changes to pf.conf (removed the VIPS) and cluster.conf (removed 
the FQDN and replaced with the single name)

The /etc/hosts file only has the Single name in it and the Hostname command is 
only returning the single name aswell.


Now I get the Following.

[root@auqldrv00nac1ai conf]# /usr/local/pf/bin/pfcmd service haproxy-db restart
service|command
haproxy-db|stop
haproxy-db|start
[root@auqldrv00nac1ai conf]# /usr/local/pf/bin/pfcmd service httpd.webservices 
restart
service|command
httpd.webservices|stop


and that's where it hangs.  I've left it for about an hour but no response.

Looking at the httpd.webservices.error  log, I see the Following

  Jun 27 13:28:16 auqldrv00nac1ai httpd_webservices_err: AH00558: httpd: Could 
not reliably determine the server's fully qualified domain name, using 
10.207.230.201. Set the 'ServerName' directive globally to suppress this message
Jun 27 13:28:17 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:28:17.389477 2018] [mpm_prefork:notice] [pid 21339] AH00163: Apache/2.4.6 
(CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.9 Perl/v5.16.3 configured -- resuming 
normal operations
Jun 27 13:28:17 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:28:17.389561 2018] [core:notice] [pid 21339] AH00094: Command line: 
'/usr/sbin/httpd -f /usr/local/pf/var/conf/httpd.conf.d/httpd.webservices -D 
FOREGROUND -D rhel'
Jun 27 13:32:34 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:32:34.976950 2018] [mpm_prefork:emerg] [pid 21431] (4)Interrupted system 
call: AH00144: couldn't grab the accept mutex
Jun 27 13:32:34 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:32:34.976950 2018] [mpm_prefork:emerg] [pid 21432] (4)Interrupted system 
call: AH00144: couldn't grab the accept mutex
Jun 27 13:32:34 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:32:34.977063 2018] [mpm_prefork:notice] [pid 21339] AH00170: caught 
SIGWINCH, shutting down gracefully
Jun 27 13:32:34 auqldrv00nac1ai httpd_webservices_err: [Wed Jun 27 
13:32:34.977115 2018] [mpm_prefork:emerg] [pid 21428] (4)Interrupted system 
call: AH00144: couldn't grab the accept mutex


The Only thing I could find about this Error message

https://help.directadmin.com/item.php?id=411

but looking at the /usr/local/pf/conf/httpd.conf.d/ httpd.proxy.tt  file,  I 
can see something like this is present

[% IF apache_version == "2.4" %]
SSLSessionCache shmcb:[% install_dir %]/var/ssl_acache(512000)
Mutex file:[% install_dir %]/var/ssl_mutex ssl-cache

And this error desont seem to coincide with the attempted Service start.

Once again, Thanks for you help.

Matthew









Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au<mailto:matthew.kn...@jbssa.com.au>



[JBS Australia]<http://www.jbssa.com.au/>



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au<http://www.jbssa.com.au/>  .  
LinkedIn<https://www.linkedin.com/company/jbs-australia>


From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, 27 June 2018 11:41 AM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Subject: Re: [PacketFence-users] Setup Up a cluster and tearing my hair out :)


Hello Matthew,

you have to define auqldrv00nac1ai instead of auqldrv00nac1ai.amh.com.au in 
cluster.conf (same for each servers)

In fact use exactly what hostname command return on each servers and fill the 
file /etc/hosts with exactly the same syntax.

Last thing, remove all the vip configuration parameters in pf.conf (this 
parameter is use for active/passive cluster).

Once done with these modification, do a "pfcmd configreload hard" on each 
server and retry to sync the cluster.

Regards

Fabrice



Le 2018-06-26 à 21:26, Matthew Knott via PacketFence-users a écrit :
Ok Guys,  I've been at this for a few days now and am obviously missing 
something obvious :(

I have setup a Single Packetfence Server using ZEN 8 and it is working Fine.  
However, before using this in anger, I want to set it up into a Cluster so I 
have some redundancy.

I'm following the Instructions at 
https://packetfence.org/doc/PacketFence_Clustering_Guide.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org_doc_PacketFence-5FClustering-5FGuide.html&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=mEB9oqG9JUXz8PaTIKHmWfqIh9FSlJkpZTFsFdcs9A0&s=u0dj8uXlDD_bzPinjY4uveGh3Zweb0eBIJHRKIseoVo&e=>

I seem to be failing somewhere at the Cluster.conf  configuration.

The First Server is up and running and Shows the VRRP IP's OK.

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether 00:50:56:8c:55:35 brd ff:ff:ff:ff:ff:ff
    inet 10.207.230.201/24 brd 10.207.230.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.207.230.200/32 scope global eth0   <--------  Management
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe8c:5535/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether 00:50:56:8c:e1:c3 brd ff:ff:ff:ff:ff:ff
    inet 10.207.236.139/28 brd 10.207.236.143 scope global eth1
       valid_lft forever preferred_lft forever
    inet 10.207.236.138/32 scope global eth1 <--------  Isolation
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe8c:e1c3/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether 00:50:56:8c:6d:e4 brd ff:ff:ff:ff:ff:ff
    inet 10.207.236.155/28 brd 10.207.236.159 scope global eth2
       valid_lft forever preferred_lft forever
    inet 10.207.230.154/32 scope global eth2 <--------  Registration
      valid_lft forever preferred_lft forever


When typing hostname on the CLI, it returns a single name

[root@auqldrv00nac1ai conf]# hostname
auqldrv00nac1ai

when pinging the name, it returns the FQDN

[root@auqldrv00nac1ai conf]# ping auqldrv00nac1ai
PING auqldrv00nac1ai.amh.com.au (10.207.230.201) 56(84) bytes of data.
64 bytes from auqldrv00nac1ai.amh.com.au (10.207.230.201): icmp_seq=1 ttl=64 
time=0.068 ms


My cluster.conf looks like the following


# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster section
# Before doing any changes to this file, read the documentation
[CLUSTER]
management_ip=10.207.230.200

[CLUSTER interface eth0]
ip=10.207.230.200

[CLUSTER interface eth1]
ip=10.207.236.138

[CLUSTER interface eth2]
ip=10.207.230.154

[auqldrv00nac1ai.amh.com.au]
management_ip=10.207.230.201

[auqldrv00nac1ai.amh.com.au interface eth0]
ip=10.207.230.201

[auqldrv00nac1ai.amh.com.au interface eth1]
ip=10.207.236.139

[auqldrv00nac1ai.amh.com.au interface eth2]
ip=10.207.236.155

[auqldrv00nac1bi.amh.com.au]
management_ip=10.207.230.202

[auqldrv00nac1bi.amh.com.au interface eth0]
ip=10.207.230.202

[auqldrv00nac1bi.amh.com.au interface eth1]
ip=10.207.236.140

[auqldrv00nac1bi.amh.com.au interface eth2]
ip=10.207.236.156

[auqldrv00nac1ci.amh.com.au]
management_ip=10.207.230.203

[auqldrv00nac1ci.amh.com.au interface eth0]
ip=10.207.230.203

[auqldrv00nac1ci.amh.com.au interface eth1]
ip=10.207.236.141

[auqldrv00nac1ci.amh.com.au interface eth2]
ip=10.207.236.157

[auqldrv00nac1di.amh.com.au]
management_ip=10.207.230.204

[auqldrv00nac1di.amh.com.au interface eth0]
ip=10.207.230.204

[auqldrv00nac1di.amh.com.au interface eth1]
ip=10.207.236.142

[auqldrv00nac1di.amh.com.au interface eth2]
ip=10.207.236.158


auqldrv00nac1ai  is my primary Server.

I get to the stage where the Primary server is running with the SQL Database in 
New Newcluster mode

[root@auqldrv00nac1ai conf]# /usr/local/pf/sbin/pf-mariadb --force-new-cluster
Starting MySQL with command: mysqld_safe 
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-recover
Starting MySQL with command: mysqld_safe 
--defaults-file=/usr/local/pf/var/conf/mariadb.conf --wsrep-new-cluster
180627 10:25:26 mysqld_safe Logging to syslog.
180627 10:25:27 mysqld_safe Starting mysqld daemon with databases from 
/var/lib/mysql


And it seems to be binding to the management ip ok.

[root@auqldrv00nac1ai conf]# netstat -nlp | grep 9090
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      
32437/httpd
tcp        0      0 10.207.230.200:9090     0.0.0.0:*               LISTEN      
32437/httpd

And then move on to joining the second server.

It performs the Config Sync Fine

[root@auqldrv00nac1bi logs]# /usr/local/pf/bin/cluster/sync 
--from=10.207.230.200 --api-user=xxxxx --api-password=xxxxxx
INFO : Synching this server from node 10.207.230.200


But the Second server cannot start all the Services
The haproxy-db service wont start.

Looking in the syslog I see the following

Jun 27 01:16:00 auqldrv00nac1bi pfcmd: haproxy-db|config generated
Jun 27 01:16:00 auqldrv00nac1bi systemd: Started PacketFence HAProxy Load 
Balancer for connecting to clustered databases.
Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper: [ALERT] 177/011600 
(15153) : Starting proxy stats: cannot bind socket [10.207.230.200:1026]
Jun 27 01:16:00 auqldrv00nac1bi haproxy-systemd-wrapper: 
haproxy-systemd-wrapper: exit, haproxy RC=1
Jun 27 01:16:00 auqldrv00nac1bi systemd: packetfence-haproxy-db.service: main 
process exited, code=exited, status=1/FAILURE
Jun 27 01:16:00 auqldrv00nac1bi systemd: Unit packetfence-haproxy-db.service 
entered failed state.
Jun 27 01:16:00 auqldrv00nac1bi systemd: packetfence-haproxy-db.service failed.
Jun 27 01:16:01 auqldrv00nac1bi systemd: packetfence-haproxy-db.service holdoff 
time over, scheduling restart.

The ha proxy is trying to bind to 10.207.230.200.  This IP doesn't exists on 
this server yet as I understand it

Here is my config on the Primary Server

[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=network.XXXX.com.au
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in 
Apache rewriting rules and therefore must be resolvable by clients.
hostname=auqldrv00nac1ai
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers.  Passthroughs are created to allow DHCP 
transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,10.192.3.156,10.207.224.156,10.207.224.157
#
# general.timezone
#
# System's timezone in string format. List generated from Perl library 
DateTime::TimeZone
# When left empty, it will use the timezone of the server
timezone=Australia/Brisbane

[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with 
an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=xx...@xxxxx.com.au<mailto:emailaddr=xx...@xxxxx.com.au>
#
# alerting.smtpserver
#
# Server through which to send messages to the above emailaddr.  The default is 
localhost - be sure you're running an SMTP
# host locally if you don't change it!
smtpserver=email.xxxxxx.com.au

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this parameter 
after the initial configuration will *not* change it in the database it self, 
only in the configuration.
pass=xxxxxxxx
host=127.0.0.1

[webservices]
#
# webservices.user
#
# username to use to connect to the webAPI
user=packet
#
# webservices.pass
#
# password of the username
pass=xxxxxx

[interface eth0]
ip=10.207.230.201
type=management,high-availability
mask=255.255.255.0
vip=10.207.230.200

[interface eth1]
enforcement=vlan
ip=10.207.236.139
type=internal
mask=255.255.255.240
vip=10.207.236.138

[interface eth2]
enforcement=vlan
ip=10.207.236.155
type=internal
mask=255.255.255.240
vip=10.207.236.154

[active_active]
# Change these 2 values by the credentials you've set when configuring MariaDB 
above
galera_replication_username=pfcluster
galera_replication_password=xxxxxxxxxxx


I have also tried to use the single name in the Cluster.conf


Anyone got any idea's or know where to look to sort this?

I'm stumped.

Thanks

Matthew





Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au<mailto:matthew.kn...@jbssa.com.au>



[JBS Australia]<http://www.jbssa.com.au/>



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au<http://www.jbssa.com.au/>  .  
LinkedIn<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_jbs-2Daustralia&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=mEB9oqG9JUXz8PaTIKHmWfqIh9FSlJkpZTFsFdcs9A0&s=diAKsMMYNaT-uwemu6X_13eClsZig4JclCjrHIontG8&e=>


________________________________

Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.



------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! 
http://sdm.link/slashdot<https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=mEB9oqG9JUXz8PaTIKHmWfqIh9FSlJkpZTFsFdcs9A0&s=FkBI_9PP6jVIcumTyWdVPz_GBad5WqN-eoBn4oYSfaA&e=>



_______________________________________________

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwMD-g&c=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho&r=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY&m=mEB9oqG9JUXz8PaTIKHmWfqIh9FSlJkpZTFsFdcs9A0&s=DkFBdvZXAsSsvIMt2DMr8HjGL6yPTgMglSgTjfSNhiE&e=>

________________________________

Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.

________________________________

Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users