Programtically failover or disable CARP?

  • On the CARP status screen, there's a button where you can disable CARP. Doing this on the master with a working backup server seems to make the backup become the master just fine. I'm wondering if there's a way I can trigger this from a script.

    For some background, I'm going to be running a pfSense cluster with HAProxy running on the VIP. What I'm concerned about is if HAProxy crashes, or repeatedly crashes without affecting the rest of the firewall. CARP won't fail over, and everyone connecting to the load balancer will be dead in the water. So I want to write a script that will monitor HAProxy, maybe try to restart it a few times, and if it keeps failing then I want it to disable CARP so that the cluster fails over to the next node.

    Any advice is appreciated!

  • well … if you get the monitoring down, you can then ifconfig <wan interface="">to fail the carp over.</wan>

  • ifconfig <wan>just shows me that interface. How would that force it to failover?</wan>

  • I think he means the script could issue an 'ifconfig em1 down' (where em1 is the wan interface) when it detects failure. Marking the interface down should trigger failover although I have not tested.

  • Ah I see; that should work, but it would also lock me out of management and that's definitely not what I want. I'll have to keep looking.

  • Okay from my testing, it seems that this works just fine:

    /sbin/sysctl net.inet.carp.allow=0

    or set to 1 to re-enable.

Log in to reply