[SOLVED] Still problems with pfsense CARP trigger

jimp · Feb 7, 2012, 2:41 PM

Does the carpup and carpdown script run if you run it by hand?

It could be a problem with the script (wrong interpreter path, no exec bit, etc)

DeFix · Feb 7, 2012, 3:20 PM

Does the carpup and carpdown script run if you run it by hand?

It could be a problem with the script (wrong interpreter path, no exec bit, etc)

Yes it works when i run it by hand.

Text in carpup

#!/bin/sh
/sbin/ifconfig bridge0 up
logger -t $1 "Set the bridge port to [UP]"

The rights of the file's

[2.0.1-RELEASE][root@fw-tw-main.itnm]/usr/local/bin(4): ls -al | grep carp
-rwxr-xr-x 1 root wheel 83 Feb 7 12:26 carpdown
-rwxr-xr-x 1 root wheel 80 Feb 7 12:27 carpup

Must i first enable something in pfsense to activate the triggering or so?

jimp · Feb 7, 2012, 3:33 PM

No, if devd is running they should get triggered.

Try using the full path to the logger command, too. I'm not sure it would have a PATH set when run from devd.

DeFix · Feb 7, 2012, 3:40 PM

@jimp:

No, if devd is running they should get triggered.

Try using the full path to the logger command, too. I'm not sure it would have a PATH set when run from devd.

Yes devd is running.

Also tried to add the full path to the logger. (also had it fully disabled) but no changes.

Seems like there is no trigger at all. Can you tell me how i can trace that there is a trigger fired at all?

jimp · Feb 7, 2012, 3:59 PM

Not sure off the top of my head. Look at FreeBSD's man page for devd/devd.conf and you'll probably find more answers there.

DeFix · Feb 7, 2012, 4:11 PM

@jimp:

Not sure off the top of my head. Look at FreeBSD's man page for devd/devd.conf and you'll probably find more answers there.

Hold on!! i have the solution!! ;D

Solution:
In the devd.conf file is the subsystem carp. That is the name of the Virtual IP for CARP. On our system the name is vip1.

So it won't match with the name carp.

With that knowledge i changed my devd.conf to:

CARP notify hooks. This will call carpup/carpdown with the

interface (carp0, carp1) as the first parameter.

notify 100 {
match "system" "IFNET";
match "type" "LINK_UP";
match "subsystem" "vip1";
action "/usr/local/bin/carpup $subsystem";
};

notify 100 {
match "system" "IFNET";
match "type" "LINK_DOWN";
match "subsystem" "vip1";
action "/usr/local/bin/carpdown $subsystem";
};

So i changed the carp to vip1. This is now a match for the trigger and it was the solution to our problem.

Thanks for the good support and thinking.

Supermule · Feb 7, 2012, 4:16 PM

But is it implemented by default in PFSense that way? Or can it be changed via the webgui so the trigger wont happen ?

DeFix · Feb 7, 2012, 4:19 PM

@Supermule:

But is it implemented by default in PFSense that way? Or can it be changed via the webgui so the trigger wont happen ?

For me it was a default name of PFSense. Did search to rename it to carp (after i knew what the problem was), but did not found it in the WebGUI.

jimp · Feb 7, 2012, 4:20 PM

Ah, the 'carp' bit was probably left over from 1.2.3 and not updated. If you just use "vip" it may work also.

That file isn't written from the GUI, it's just there on the install. It would be overwritten during an upgrade, but it's left alone otherwise.

DeFix · Feb 7, 2012, 4:22 PM

@jimp:

Ah, the 'carp' bit was probably left over from 1.2.3 and not updated. If you just use "vip" it may work also.

That file isn't written from the GUI, it's just there on the install. It would be overwritten during an upgrade, but it's left alone otherwise.

That explains a lot.

I use explecit vip1 because we also have a vip2 and that may not trigger the bridge port to UP or DOWN.