[SOLVED] Still problems with pfsense CARP trigger

DeFix

@jimp:

Sure, the devd hooks have nothing to do with the actual master/backup transition. Those were just added in case any user actions needed to happen during the transition.

Currently all those etc/rc.carpbackup and etc/rc.carpmaster scripts do is issue notifications that the transition happened. Just add your own actions at the end of those files.

I have now

CARP notify hooks. This will call carpup/carpdown with the

interface (carp0, carp1) as the first parameter.

notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_UP";
    match "subsystem"          "carp";
    action "/usr/local/bin/carpup $subsystem";
};

notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_DOWN";
    match "subsystem"          "carp";
    action "/usr/local/bin/carpdown $subsystem";
};

But still when my MASTER is going offline and my other pfsense-server become MASTER (from BACKUP) it doesn't trigger my "carpup"-file.

Do i see something wrong here?

jimp

Does the carpup and carpdown script run if you run it by hand?

It could be a problem with the script (wrong interpreter path, no exec bit, etc)

DeFix

@jimp:

Does the carpup and carpdown script run if you run it by hand?

It could be a problem with the script (wrong interpreter path, no exec bit, etc)

Yes it works when i run it by hand.

Text in carpup

#!/bin/sh
/sbin/ifconfig bridge0 up
logger -t $1 "Set the bridge port to [UP]"

The rights of the file's

[2.0.1-RELEASE][root@fw-tw-main.itnm]/usr/local/bin(4): ls -al | grep carp
-rwxr-xr-x   1 root  wheel       83 Feb  7 12:26 carpdown
-rwxr-xr-x   1 root  wheel       80 Feb  7 12:27 carpup

Must i first enable something in pfsense to activate the triggering or so?

jimp

No, if devd is running they should get triggered.

Try using the full path to the logger command, too. I'm not sure it would have a PATH set when run from devd.

DeFix

@jimp:

No, if devd is running they should get triggered.

Try using the full path to the logger command, too. I'm not sure it would have a PATH set when run from devd.

Yes devd is running.

Also tried to add the full path to the logger. (also had it fully disabled) but no changes.

Seems like there is no trigger at all. Can you tell me how i can trace that there is a trigger fired at all?

jimp

Not sure off the top of my head. Look at FreeBSD's man page for devd/devd.conf and you'll probably find more answers there.

DeFix

@jimp:

Not sure off the top of my head. Look at FreeBSD's man page for devd/devd.conf and you'll probably find more answers there.

Hold on!! i have the solution!!  ;D

Solution:
In the devd.conf file is the subsystem carp. That is the name of the Virtual IP for CARP. On our system the name is vip1.

So it won't match with the name carp.

With that knowledge i changed my devd.conf to:

CARP notify hooks. This will call carpup/carpdown with the

interface (carp0, carp1) as the first parameter.

notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_UP";
    match "subsystem"          "vip1";
    action "/usr/local/bin/carpup $subsystem";
};

notify 100 {
    match "system"          "IFNET";
    match "type"            "LINK_DOWN";
    match "subsystem"          "vip1";
    action "/usr/local/bin/carpdown $subsystem";
};

So i changed the carp to vip1. This is now a match for the trigger and it was the solution to our problem.

Thanks for the good support and thinking.

Supermule

But is it implemented by default in PFSense that way? Or can it be changed via the webgui so the trigger wont happen ?

DeFix

@Supermule:

But is it implemented by default in PFSense that way? Or can it be changed via the webgui so the trigger wont happen ?

For me it was a default name of PFSense. Did search to rename it to carp (after i knew what the problem was), but did not found it in the WebGUI.

jimp

Ah, the 'carp' bit was probably left over from 1.2.3 and not updated. If you just use "vip" it may work also.

That file isn't written from the GUI, it's just there on the install. It would be overwritten during an upgrade, but it's left alone otherwise.

DeFix

@jimp:

Ah, the 'carp' bit was probably left over from 1.2.3 and not updated. If you just use "vip" it may work also.

That file isn't written from the GUI, it's just there on the install. It would be overwritten during an upgrade, but it's left alone otherwise.

That explains a lot.

I use explecit vip1 because we also have a vip2 and that may not trigger the bridge port to UP or DOWN.