Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Programtically failover or disable CARP?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 3 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Briantist
      last edited by

      On the CARP status screen, there's a button where you can disable CARP. Doing this on the master with a working backup server seems to make the backup become the master just fine. I'm wondering if there's a way I can trigger this from a script.

      For some background, I'm going to be running a pfSense cluster with HAProxy running on the VIP. What I'm concerned about is if HAProxy crashes, or repeatedly crashes without affecting the rest of the firewall. CARP won't fail over, and everyone connecting to the load balancer will be dead in the water. So I want to write a script that will monitor HAProxy, maybe try to restart it a few times, and if it keeps failing then I want it to disable CARP so that the cluster fails over to the next node.

      Any advice is appreciated!

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        well … if you get the monitoring down, you can then ifconfig <wan interface="">to fail the carp over.</wan>

        1 Reply Last reply Reply Quote 0
        • B
          Briantist
          last edited by

          ifconfig <wan>just shows me that interface. How would that force it to failover?</wan>

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            I think he means the script could issue an 'ifconfig em1 down' (where em1 is the wan interface) when it detects failure. Marking the interface down should trigger failover although I have not tested.

            1 Reply Last reply Reply Quote 0
            • B
              Briantist
              last edited by

              Ah I see; that should work, but it would also lock me out of management and that's definitely not what I want. I'll have to keep looking.

              1 Reply Last reply Reply Quote 0
              • B
                Briantist
                last edited by

                Okay from my testing, it seems that this works just fine:

                /sbin/sysctl net.inet.carp.allow=0
                

                or set to 1 to re-enable.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.