Custom CARP failover script

cjohn · Oct 25, 2023, 4:47 PM

Hello together,
I am currently trying to execute a failover script when a pfSense instance becomes Master. I have found several discussions here in the forum which essentially say
edit /etc/devd.conf to trigger a script. However, my script does never get called. I tried the following configuration in 2 variants with subsystem= vip and carp
like described here https://forum.netgate.com/topic/41756/solved-still-problems-with-pfsense-carp-trigger.

notify 100 {
match "system" "IFNET";
match "type" "LINK_UP";
match "subsystem" "vip";
action "/etc/rc.hetzner-failover $subsystem";
};

The man pages unfortunately also do not provide further help
https://man.freebsd.org/cgi/man.cgi?query=carp&sektion=4&apropos=0&manpath=FreeBSD+13.2-RELEASE+and+Ports

Would be great if someone could give me directions. Thanks

jimp · Oct 25, 2023, 7:52 PM

First, make sure you are editing /etc/pfSense-devd.conf which is the copy used by pfSense. There are already CARP events in this one you can look at near the top. The thread you linked to is over 10 years old and CARP changed substantially since then. Currently a devd event for CARP looks like:

notify 100 {
    match "system"          "CARP";
    match "type"            "MASTER";
    action "/usr/local/sbin/pfSctl -c 'interface carpmaster '$subsystem";
};

Second, make sure you are restarting devd after each change, which may mean a reboot if you don't know how to kill it and start it manually.

Alternately, edit your code or a call to your script in /etc/rc.carpmaster which devd already triggers when a VIP becomes master.

cjohn · Oct 25, 2023, 8:21 PM

Hello @jimp,
thank you very much for the directions. Indeed I now modified rc.carpmaster to call my script. However, as I assume this file might be overwritten from updates, I would prefer to have a cleaner solution. Do you know of configuration in pfSense-devd.conf would survive updates? I have red that in notfiy 100, the 100 is a priority and that for a certain event the one with the higher priority is taken only, is this correct? I assume I than will have to do a action ""script A && script B"

jimp · Oct 26, 2023, 12:47 PM

Changes to the devd configuration would be lost as well.

You could create a patch against the stock rc.carpmaster script and then auto-apply that patch using the system patches package.

Alternately, there is a plugin system which could be used to register and run custom CARP-related functions but that would involve writing (parts of) a package to contain it, though that would persist without patching.

cjohn · Oct 27, 2023, 10:50 AM

@jimp , thanks for the directions.