That was it. During the cluster install process we appear to have missed a step where we configure the interfaces on PF2 and PF3. Once this was done, the HAProxy stopped complaining.
Basically, we did exactly what was in this email to resolve the issue. But I didn’t have this email as our spam filter figured it was spam. Thanks for the help! It’s very appreciated! Cheers, Chris From: Ludovic Zammit <[email protected]> Sent: April 5, 2021 9:31 AM To: [email protected] Cc: Chris Crawford <[email protected]> Subject: Re: [PacketFence-users] HAProxy-Portal Errors ✉ External message: Use caution. Hello Chris, It means that your interfaces does not communicate properly. Make sure to check the connectivity between your server interface like this: From PF1: ping -I ens160 PF2-MGNT ping -I ens160 PF3-MGNT ping -I ens192 PF2-REG ping -I ens192 PF3-REG ping -I ens224 PF2-REG ping -I ens224 PF3-REG From PF2: ping -I ens160 PF1-MGNT ping -I ens160 PF3-MGNT ping -I ens192 PF1-REG ping -I ens192 PF3-REG ping -I ens224 PF1-REG ping -I ens224 PF3-REG From PF3: ping -I ens160 PF2-MGNT ping -I ens160 PF1-MGNT ping -I ens192 PF2-REG ping -I ens192 PF1-REG ping -I ens224 PF2-REG ping -I ens224 PF1-REG You will find one or two that does not work, fix it and you will have no more that error message. My guess: You have deployed that in VMware and the interfaces that you think are Registration or Isolation on the VM does not match the order of the VM system. Check the MAC address with “ip a” command and check if all the MAC address are the one assigned to the correct VM network. “arp -a” help as well. Been there, done that. Have a nice day, Ludovic Zammit [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca<https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Mar 31, 2021, at 11:03 AM, Chris Crawford via PacketFence-users <[email protected]<mailto:[email protected]>> wrote: Good morning, I have a new cluster installed and everything appears to be operating correctly except for an error on login to the Admin Interface which states: PacketFence1.fqdn haproxy haproxy-portal - health Haproxy_haproxy-portal.health_sdown.haproxy_backend_server_status When I look at the Status>Cluster>Services area, I do see that HAProxy-Portal is checked as enabled and managed on all server, but is not running on PacketFence2.fqdn and PacketFence3.fqdn. *** Here is my cluster.conf: # Copyright (C) Inverse inc. # Cluster configuration file for active/active # This file will have it deactivated by default # To activate the active/active mode, set a management IP in the cluster section # Before doing any changes to this file, read the documentation [CLUSTER] management_ip=10.10.10.30 [CLUSTER interface ens160] ip=10.10.10.30 [CLUSTER interface ens192] ip=10.45.1.1 [CLUSTER interface ens224] ip=10.45.2.1 [packetfence1.fqdn] management_ip=10.10.10.31 [packetfence1.fqdn interface ens160] ip=10.10.10.31 [packetfence1.fqdn interface ens192] ip=10.45.1.2 [packetfence1.fqdn interface ens224] ip=10.45.2.2 [packetfence2.fqdn] management_ip=10.10.10.32 [packetfence2.fqdn interface ens160] ip=10.10.10.32 [packetfence2.fqdn interface ens192] ip=10.45.1.3 [packetfence2.fqdn interface ens224] ip=10.45.2.3 [packetfence3.fqdn] management_ip=10.10.10.33 [packetfence3.fqdn interface ens160] ip=10.10.10.33 [packetfence3.fqdn interface ens192] ip=10.45.1.4 [packetfence3.fqdn interface ens224] ip=10.45.2.4 *** Here is my HAProxy-Portal.conf # Copyright (C) Inverse inc. global external-check user haproxy group haproxy daemon pidfile %%var_dir%%/run/haproxy-portal.pid log /dev/log local0 stats socket %%var_dir%%/run/haproxy-portal.stats level admin process 1 maxconn 4000 #Followup of https://github.com/inverse-inc/packetfence/pull/893 #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers <cert> ssl-default-bind-options no-sslv3 no-tls-tickets ssl-default-server-ciphers <cert> ssl-default-server-options no-sslv3 no-tls-tickets #OLD SSL CONFIGURATION. IF RC4 is required or if you must support clients older then the precendent list, comment all the block between this comment and the precedent and uncomment the following line #ssl-default-bind-ciphers <cert> lua-load %%conf_dir%%/passthrough.lua listen stats bind %%management_ip%%:1025 mode http timeout connect 10s timeout client 1m timeout server 1m stats enable stats uri /stats stats realm HAProxy\ Statistics stats auth admin:packetfence defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 403 %%captiveportal_templates_path%%/rate-limiting.http backend proxy option httpclose option http_proxy option forwardfor # Need to have a proxy listening on localhost port 8888 acl paramsquery query -m found http-request set-uri http://127.0.0.1:8888%[path]?%[query<http://127.0.0.1:8888%25[path]?%25[query>] if paramsquery http-request set-uri http://127.0.0.1:8888%[path<http://127.0.0.1:8888%25[path>] unless paramsquery backend static option httpclose option http_proxy option forwardfor http-request set-uri http://127.0.0.1:8889%[path]?%[query<http://127.0.0.1:8889%25[path]?%25[query>] %%http%% *** Here is the error message in the haproxy-portal.log Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.1.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.1.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.2.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.2.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-66.70.255.147 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-66.70.255.147 started. Mar 31 11:11:31 packetfence1 haproxy[6242]: backend 10.25.1.1-backend has no server available! Mar 31 11:11:46 packetfence1 haproxy[6242]: backend 10.25.2.1-backend has no server available! I get this error every time I login, and every so often when it does a check. I have not tried the captive portal yet from a device yet. But, it does work through the admin interface using the Portal_Preview. I suspect that I'm missing a section from the Load Balancers IP in the Configuration>Advanced Access Configuration>Captive Portal section. But, I can't find anything in the cluster documentation that would indicate that's how it works. Cheers, CHRIS _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
