SQUID + SQUIDPROXY: How to setup primary and secundary nodes with XMLRPC Sync?
-
Hello everyone,
I've two pfsense boxes working on high availability, and I am struggling on how to setup both primary and secundary boxes in orders to replicate squid config, and use it on high availability.
Regarding SQUID:
On primary node, I've enabled cache, and setup a user (squid_sync) with password on system users, with previleges for:
On secundary node, I've set https auth:
I've tried to add ACLs on primary node but nothing was passed to secundary node. How do I check if squid is synching? On logs there is nothing related with squid.
Regarding SQUIDGUARD, I've:
On primary node nothing.
On secundary node, I've the following option but dont know what should I add:
From secundary node, I got continues:
15:58:01 Exception calling XMLRPC method merge_installedpackages_section #-2 : Authentication failed: not enough privileges
15:58:01 Exception calling XMLRPC method exec_php #-2 : Authentication failed: not enough privilegesBut this account has admin privileges to all webgui.
From internet I dont find any documentation or tutorials on how to perform this. If you have any useful likes, feel free to post.
Any of you, that has already setup this, can share your knowledge on how to perform it?
Thanks in advance!
-
Seems like its working, but it was not supposed to update squid ACLs?
-
CARP Status VIP on Squid, doesnt seem to be working, when choosing the same interface in both units (I think that both services are stopped on secundary boxes till secundary box choosen CARP is set to master):
Scenarios:
- If I disable CARP on primary node, both squid and squidproxy services continues running, but on secundary node those services continues stopped.
- If I enable CARP on primary node, all services remain the same, on primary node all running, on secundary node, nothing.
If I try to enable those services on secundary box, and enable CARP on primary node, those services on secundary box, stop working.
-
Pfsense versions: 21.05.2
Squid versions: 0.4.45_8
Squidproxy versions: 1.16.18_20 -
I was finally able to sync both services settings, but only notice now that those XMLRPC Sync's must be done on primary node, after setting in both, all settings have been passed.
To pass all settings I had to switch from stopped to run, both services. Seems like while those are not running, there is no sync being done.
My question is, with CARP Status sync setup in both services, it is expected that those services to be turn off when that CARP VIP interafce on secundary node is on backup mode?
-
After several tests, enabling CARP Status VIP on squid of primary node, it changes on secundary node.
But If I disable primary CARP temporary (or even disconnect the cable of that interface), and secundary node, changes to master, there is no changes on squid and squidguard services in both nodes. In other words it doenst change anything.
If I leave CARP Status VIP disabled, all services work in both sides. When I set to none on CARP Status VIP, those services on secundary node, come back to life.
There is any impact on both enduser and backoffice sides, on leaving CARP Status VIP disabled on a high availability system?
