CARP & HAProxy optimal settings for failover
-
I am hoping somebody can point me in the right direction with regards to optimal settings for failover with CARP and HAProxy.
When I force a failover or even shutdown the primary node failover is nearly immediate and nearly invisible.
However when the master node returns from a complete reboot it seems that CARP fails over the VIP's much quicker than the Haproxy daemon can start up. The result of this is around 10 to 30 seconds of no response when hitting the URL's hosted on the VIP's.I have worked around this issue by disabling the NIC on the switch and wait for pfsense to completely start up and settle. Then enable the port on the switch again and like with the failover from master to slave its almost invisible when the master takes back ownership again.
Is there any way to delay carp from taking over the IP's until HAproxy has completely started up or is there a specific setting I can use to fix this?
-
Imho, this is a problem not only for haproxy but for all services running on pfSense..
Issue present, but not sure if/when it will be resolved.. https://redmine.pfsense.org/issues/2218
For 'scheduled maintenance' you can set the CARP to 'maintenance mode' under status/carp but that doesn't account for a master failing and then later getting booted up..
-
This looks like a solved problem. Wouldn't restoring the master offline and enabling persistent maintenance mode solve this?
Restore offline
Enable maintenance mode
shutdown
Put back in line
start
Let everything settle, all CARP should be BACKUP
Check all your packages/services
Disable maintenance modeOr just add this to the bottom of your config and restore inline:
<virtualip_carp_maintenancemode></virtualip_carp_maintenancemode>
