Here is my setup: 1. 3 x CentOS 7 (fully up-to-date) w/ SELinux *disabled *+ firewalld *disabled *and *masked *+ IPv6 *disabled *(via sysctl.conf and /etc/defaults/grub ipv6.disable=1). I also have net.ipv4.ip_nonlocal_bind = 1 in sysctl.conf. Xtrabackup is also installed. Each box is a VM on ESXi with only one vNIC (ens192...vmxnet3 based). This interface has all port group security OFF which is a requirement for VRRP. My management VLAN is VLAN10, so my management interface is "ens192.10." I can dedicate a vNIC to management if necessary, I just like to keep my vNIC count to a minimum. 2. PacketFence is installed on all three VMs...named pf1.ad.mydomain.com, pf2.ad.mydomain.com, pf3.ad.mydomain.com. I use nmtui on all three nodes to set the hostname (pf1.ad.mydomain.com, etc....) 3. On the first node, pf1.ad.mydomain.com, I start packetfence-mariadb and secure the installation. I set the root password and then press Y for everything else. 4. I then login to mariadb console to create the pfcluster user for replication. 'mysql -u root -p' ... type in password defined in step 3. I then create both users and grant process *as per the clustering guide*...replacing only the pfcluster password with a secure password of my choosing....flush privileges; and exit the mariadb console. 5. On all the nodes, I use the configurator to set the management VLAN/IP ens192.10 on all three nodes. 192.168.10.51-53, 192.168.10.50 is used as the cluster VRRP management IP. 6. On the first node only, I proceed through the configurator only to the screen that shows the database password, admin password, etc. I DO NOT press Start Packetfence. 7. I add a new line 'host=127.0.0.1' to '[database]' in pf.conf I also add the [active_active] section with the galera username 'pfcluster' and the secure password I defined in step 4. In pfconfig.conf I replace host=localhost with host=127.0.0.1. Save both confs. 8. When I restart packetfence config and configreload hard, I get a ton of L2 cache errors...I'm guessing because the DB is unavailable? It would be really nice if the documentation was very clear on what errors are expected and what are not. This is really ambiguous as written. 9. Next I build my cluster.conf which is pretty basic: ( https://pastebin.com/Xm2wYXJt ) 10. Again, when I configreload hard, I get the same L2 cache errors that I'm assuming are DB related and expected. 11. On all nodes, I 'systemctl set-default packetfence-cluster' 12. On the first node, stop packetfence-mariadb, generatemariadbconfig and bootstrap the first node with --force-new-cluster. 13. In a new SSH session, I attempt to service pf restart and I still get L2 cache errors indicating that something is wrong with the DB (?)
On Mon, Jul 6, 2020 at 9:11 PM Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Christian, > > in which step do you have an issue ? > > Regards > > Fabrice > > > > Le 20-07-06 à 18 h 49, Christian McDonald via PacketFence-users a écrit : > > Greetings, > > I've been pulling my hair out trying to get a 3-node PF Cluster running. > > Has anyone recently followed the clustering guide running the latest PF > version? > > I'm usually pretty good at following instructions, but there is something > very broken about the clustering guide. > > Anybody have any suggestions? > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- R. Christian McDonald *Director of Technology* Grand Rapids Adventist Acadmey T: (888) 791-3108 (x1105) O: (616) 791-9797 (x1105) C: (616) 856-9291 1151 Oakeigh Road NW Grand Rapids, MI 49504
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
