ConfigSync Does not work - solved again

cmb

You don't seem to have config sync enabled at all, no logs there attempting anything.

neuernick

hi

i have it enabled

Config snippet from Slave
<hasync><pfsyncpeerip><pfsyncinterface>opt1</pfsyncinterface>
<synchronizetoip><username><password></password>
<pfsyncenabled>on</pfsyncenabled></username></synchronizetoip></pfsyncpeerip></hasync>

config snippet master

<hasync><pfsyncpeerip>10.x.x.2</pfsyncpeerip>
<pfsyncinterface>opt1</pfsyncinterface>
<synchronizetoip>10.x.x.2</synchronizetoip>
<username>admin</username>
<password>[prefer to keep it in my place ;)</password>
<synchronizeusers>on</synchronizeusers>
<synchronizerules>on</synchronizerules>
<synchronizecerts>on</synchronizecerts>
<synchronizeschedules>on</synchronizeschedules>
<synchronizealiases>on</synchronizealiases>
<synchronizevirtualip>on</synchronizevirtualip>
<synchronizecaptiveportal>on</synchronizecaptiveportal>
<synchronizednsforwarder>on</synchronizednsforwarder>
<synchronizeauthservers>on</synchronizeauthservers>
<synchronizedhcpd>on</synchronizedhcpd>
<synchronizewol>on</synchronizewol>
<synchronizestaticroutes>on</synchronizestaticroutes>
<synchronizelb>on</synchronizelb>
<synchronizenat>on</synchronizenat>
<synchronizeipsec>on</synchronizeipsec>
<synchronizeopenvpn>on</synchronizeopenvpn>
<pfsyncenabled>on</pfsyncenabled></hasync>
[/tt]

just for reference, here is the ps output

[2.2-BETA][root@c3po.wks20.de]/root: ps auxx
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11 199.0 0.0 0 32 - RL 9:40AM 1705:58.19 [idle]
root 0 0.0 0.0 0 144 - DLs 9:40AM 0:00.15 [kernel]
root 1 0.0 0.1 9472 760 - ILs 9:40AM 0:00.03 /sbin/init –
root 2 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [crypto]
root 3 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [crypto returns]
root 4 0.0 0.0 0 32 - DL 9:40AM 0:00.29 [cam]
root 5 0.0 0.0 0 16 - DL 9:40AM 0:18.22 [pf purge]
root 6 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [balloon]
root 7 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [sctp_iterator]
root 8 0.0 0.0 0 16 - DL 9:40AM 0:00.82 [pagedaemon]
root 9 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [vmdaemon]
root 10 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [audit]
root 12 0.0 0.0 0 352 - WL 9:40AM 2:53.23 [intr]
root 13 0.0 0.0 0 32 - DL 9:40AM 0:00.00 [ng_queue]
root 14 0.0 0.0 0 48 - DL 9:40AM 0:02.20 [geom]
root 15 0.0 0.0 0 16 - DL 9:40AM 0:18.52 [rand_harvestq]
root 16 0.0 0.0 0 64 - DL 9:40AM 0:03.55 [usb]
root 17 0.0 0.0 0 16 - SL 9:40AM 0:03.90 [xenwatch]
root 18 0.0 0.0 0 16 - IL 9:40AM 0:00.08 [xenstore_rcv]
root 19 0.0 0.0 0 16 - DL 9:40AM 0:00.10 [idlepoll]
root 20 0.0 0.0 0 16 - DL 9:40AM 0:00.00 [pagezero]
root 21 0.0 0.0 0 16 - DL 9:40AM 0:00.40 [bufdaemon]
root 22 0.0 0.0 0 16 - DL 9:40AM 0:06.70 [syncer]
root 23 0.0 0.0 0 16 - DL 9:40AM 0:00.41 [vnlru]
root 59 0.0 0.0 0 16 - DL 9:40AM 0:00.85 [md0]
root 248 0.0 2.3 222072 23468 - Ss 9:40AM 0:03.12 php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
root 264 0.0 0.3 19024 2560 - INs 9:40AM 0:00.03 /usr/local/sbin/check_reload_status
root 266 0.0 0.2 19024 2408 - IN 9:40AM 0:00.00 check_reload_status: Monitoring daemon of check_reload_status
root 276 0.0 0.4 13164 4424 - Is 9:40AM 0:00.05 /sbin/devd
root 1823 0.0 0.7 46668 6612 - S 5:21PM 0:01.29 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
root 4613 0.0 0.2 14664 2300 - Is 9:40AM 0:00.27 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /var/etc/syslog.conf
root 9280 0.0 0.5 32428 5228 - Is 9:40AM 0:00.00 /usr/sbin/sshd
root 9298 0.0 0.2 14756 2224 - Is 9:40AM 0:00.01 /usr/local/sbin/sshlockout_pf 15
root 13706 0.0 0.2 16812 2340 - Ss 9:40AM 0:01.66 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
root 14640 0.0 0.2 18788 2348 - Is 9:40AM 0:00.01 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf
root 15405 0.0 0.5 21720 5264 - Ss 9:40AM 0:00.48 /usr/local/sbin/openvpn –config /var/etc/openvpn/server1.conf
root 18624 0.0 0.2 12460 2180 - Ss 9:40AM 0:12.62 /usr/local/sbin/apinger -c /var/etc/apinger.conf
root 18650 0.0 0.3 28316 3004 - I 9:40AM 0:00.51 rrdtool -
root 27651 0.0 3.9 222072 39704 - I 11:45PM 0:00.05 php-fpm: pool lighty (php-fpm)
root 47414 0.0 1.8 28168 18052 - Ss 9:42AM 0:04.87 /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
root 49311 0.0 0.2 8312 1960 - SN 11:58PM 0:00.00 sleep 60
root 49983 0.0 0.6 55632 6124 - Ss 11:00PM 0:00.16 sshd: root@pts/0 (sshd)
root 51653 0.0 0.2 8312 1960 - S 11:58PM 0:00.00 sleep 55
root 55975 0.0 0.2 17144 2488 - S 9:46AM 0:00.74 /bin/sh /usr/local/pkg/sqpmon.sh
root 60436 0.0 0.6 32240 6472 - Is 9:46AM 0:00.00 /usr/local/sbin/squid -D
proxy 60942 0.0 0.9 44528 9464 - S 9:46AM 0:04.90 (squid) -D (squid)
proxy 60997 0.0 0.2 10416 2016 - I 9:46AM 0:00.00 (unlinkd) (unlinkd)
unbound 62716 0.0 1.1 41400 10768 - Is 6:58PM 0:00.40 /usr/sbin/unbound -c /var/unbound/unbound.conf
root 67843 0.0 0.3 17144 2700 - SN 6:58PM 0:02.40 /bin/sh /var/db/rrd/updaterrd.sh
root 24 0.0 0.2 17144 2180 v0 Is+ 9:40AM 0:00.03 sh /etc/rc autoboot
root 269 0.0 4.7 230164 47436 v0 I+ 9:40AM 0:00.56 /usr/local/bin/php -f /etc/rc.bootup
root 28423 0.0 0.2 8312 1960 v0 I+ 11:58PM 0:00.00 sleep 60
root 91693 0.0 0.0 0 0 v0 Z+ 9:40AM 0:00.01 <defunct>root 92287 0.0 0.2 17144 2400 v0 I+ 9:40AM 0:00.17 /bin/sh /usr/local/sbin/xe-daemon -p /var/run/xe-daemon.pid
root 50834 0.0 0.3 17144 2784 0 Is 11:00PM 0:00.01 -sh (sh)
root 51156 0.0 0.3 17144 2672 0 I 11:00PM 0:00.00 /bin/sh /etc/rc.initial
root 52860 0.0 0.2 18816 2384 0 R+ 11:58PM 0:00.00 ps auxx
root 74437 0.0 0.4 17484 3708 0 S 11:00PM 0:00.06 /bin/tcsh
[2.2-BETA][root@c3po.wks20.de]/root:

If i read the XML config correctly, the ha sync should be enabled

thanks a million for your help

cheers
volki</defunct>

cmb

yeah that seems fine. How'd you get Xen tools on there? Anything else you've manually installed? Can you ping the secondary's 10.x.x.x IP from the primary?

neuernick

pkg install xe-guest-utilty

ping works fine
telnet 10.10.1.2 80 GET give a valid HTML output
installed anc configured so far is squid and openvpn

i will reinstall out of the box again, and try to accomplish pfsunc/configsync before i do all the fancy stuff, it might be a sequenze issue

eri--

Normally you should have some output on the system logs containing sync or XMLRPC on it.
Can you show that?

Or even run /etc/rc.filter_synchronize manually and see how it goes.

neuernick

Hi

i run /etc/rc.filter_synchronize manually and it did no change at all

i reinstalled both instances and now the config sync is working fine

i did not reinstall the xe utills
i did not reinstall squid and the openvpnclientpack

keep you postet

neuernick

Hi is reinstaleld, setup the Config/pfsync, and startet with the Config afterwards

this it works… ish

and after playing with squid, i checked the slave , and all of a sudden, it was not syncing any more ..

i used the squid 2 package

neuernick

and it is not working agai :/

i updated via webgui to the latest version, and reinstalled shellcmd + openvpnClientExport package

invoking
/etc/rc.filter_synchronize
does not help

neuernick

just a bump. to highlight that i am back in proplem land :)

neuernick

hi

i dump the log files and went over every sungli entry

this one got my attention

php-fpm[70539]: /xmlrpc.php: The command '/usr/sbin/pw groupadd -g -M 2001 2>&1' returned exit code '65', the output was 'pw: group name required'

there is one user without a group, i fixed this and all of a suden the PFsync is working again

cmb

Thanks, pretty sure Ermal fixed that one earlier today.