Good morning,
I have a new cluster installed and everything appears to be operating correctly
except for an error on login to the Admin Interface which states:
PacketFence1.fqdn haproxy haproxy-portal - health
Haproxy_haproxy-portal.health_sdown.haproxy_backend_server_status
When I look at the Status>Cluster>Services area, I do see that HAProxy-Portal
is checked as enabled and managed on all server, but is not running on
PacketFence2.fqdn and PacketFence3.fqdn.
***
Here is my cluster.conf:
# Copyright (C) Inverse inc.
# Cluster configuration file for active/active
# This file will have it deactivated by default
# To activate the active/active mode, set a management IP in the cluster section
# Before doing any changes to this file, read the documentation
[CLUSTER]
management_ip=10.10.10.30
[CLUSTER interface ens160]
ip=10.10.10.30
[CLUSTER interface ens192]
ip=10.45.1.1
[CLUSTER interface ens224]
ip=10.45.2.1
[packetfence1.fqdn]
management_ip=10.10.10.31
[packetfence1.fqdn interface ens160]
ip=10.10.10.31
[packetfence1.fqdn interface ens192]
ip=10.45.1.2
[packetfence1.fqdn interface ens224]
ip=10.45.2.2
[packetfence2.fqdn]
management_ip=10.10.10.32
[packetfence2.fqdn interface ens160]
ip=10.10.10.32
[packetfence2.fqdn interface ens192]
ip=10.45.1.3
[packetfence2.fqdn interface ens224]
ip=10.45.2.3
[packetfence3.fqdn]
management_ip=10.10.10.33
[packetfence3.fqdn interface ens160]
ip=10.10.10.33
[packetfence3.fqdn interface ens192]
ip=10.45.1.4
[packetfence3.fqdn interface ens224]
ip=10.45.2.4
***
Here is my HAProxy-Portal.conf
# Copyright (C) Inverse inc.
global
external-check
user haproxy
group haproxy
daemon
pidfile %%var_dir%%/run/haproxy-portal.pid
log /dev/log local0
stats socket %%var_dir%%/run/haproxy-portal.stats level admin process 1
maxconn 4000
#Followup of https://github.com/inverse-inc/packetfence/pull/893
#haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC:
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate
#Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari
1, Windows XP IE8, Android 2.3, Java 7
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers <cert>
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers <cert>
ssl-default-server-options no-sslv3 no-tls-tickets
#OLD SSL CONFIGURATION. IF RC4 is required or if you must support
clients older then the precendent list, comment all the block between this
comment and the precedent and uncomment the following line
#ssl-default-bind-ciphers <cert>
lua-load %%conf_dir%%/passthrough.lua
listen stats
bind %%management_ip%%:1025
mode http
timeout connect 10s
timeout client 1m
timeout server 1m
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:packetfence
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 403 %%captiveportal_templates_path%%/rate-limiting.http
backend proxy
option httpclose
option http_proxy
option forwardfor
# Need to have a proxy listening on localhost port 8888
acl paramsquery query -m found
http-request set-uri http://127.0.0.1:8888%[path]?%[query] if paramsquery
http-request set-uri http://127.0.0.1:8888%[path] unless paramsquery
backend static
option httpclose
option http_proxy
option forwardfor
http-request set-uri http://127.0.0.1:8889%[path]?%[query]
%%http%%
***
Here is the error message in the haproxy-portal.log
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.1.1 started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.1.1
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.2.1 started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.2.1
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-66.70.255.147
started.
Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-66.70.255.147
started.
Mar 31 11:11:31 packetfence1 haproxy[6242]: backend 10.25.1.1-backend has no
server available!
Mar 31 11:11:46 packetfence1 haproxy[6242]: backend 10.25.2.1-backend has no
server available!
I get this error every time I login, and every so often when it does a check. I
have not tried the captive portal yet from a device yet. But, it does work
through the admin interface using the Portal_Preview.
I suspect that I'm missing a section from the Load Balancers IP in the
Configuration>Advanced Access Configuration>Captive Portal section. But, I
can't find anything in the cluster documentation that would indicate that's how
it works.
Cheers,
CHRIS
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
