Does the ip is assigned to lo ? (ip a)
Check the keepalived.conf file if it contain the ip 66.70.255.147
(var/conf/keepalived.conf).
Also check if there is not a keepalived.conf.rpmnew somewhere.
Regards
Fabrice
Le 20-10-09 à 14 h 52, Jeff Linden a écrit :
Fabrice,
ps -fe | grep keepalive
root 98543 1 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f
/usr/local/pf/var/conf/keepalived.conf
--pid=/usr/local/pf/var/run/keepalived.pid
root 98549 98543 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f
/usr/local/pf/var/conf/keepalived.conf
--pid=/usr/local/pf/var/run/keepalived.pid
root 98550 98543 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f
/usr/local/pf/var/conf/keepalived.conf
--pid=/usr/local/pf/var/run/keepalived.pid
root 115221 111126 0 14:45 pts/0 00:00:00 grep keepalive
Keep alive is running fine. I didn’t mention it before, but I can see
those log entries presented below from haproxy.log are repeating over
and over.
And, as I run the systemctl status command I can see the PID change
and the time since it started activating updates as well.
In the web interface, when I tell the service to stop, it immediately
restarts in the same state I describe below. Managed, Active, but not
Alive.
Additionally, there is a log entry in packetfence.log that is
repeating each time the haproxy-portal service tries to start. It
says “packetfence: -e(82711) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)”.
Jeff Linden | Corporate Infrastructure Specialist
*DAIFUKU NORTH AMERICA*
30100 Cabot Drive, Novi MI 48377
(248) 553-1234 x1013
*DAIFUKU * <http://www.daifukuna.com/>**
*Always an Edge Ahead*
*From:* Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>
*Sent:* Friday, October 9, 2020 2:18 PM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand <fdur...@inverse.ca>
*Subject:* Re: [PacketFence-users] captive_portal.ip_address in
pf.conf.defaults
Hello Jeff,
your issue is because keepalived is not running.
let's try:
/usr/local/pf/bin/pfcmd service pf updatesystemd
systemctl restart packetfence-keepalived.service
Regards
Fabrice
Le 20-10-09 à 14 h 11, Jeff Linden via PacketFence-users a écrit :
Hello,
I’ve upgraded PacketFence from 9.2 to 10.1. Since then, I’ve had
trouble getting the Captive Portal to function. Since I noticed a
newer version is available, I have now upgraded to 10.2 before
writing this.
In the web interface, under Status -> Services, the haproxy-portal
is enabled and running. All green. Except, the pid is 0.
Also in the web interface, under Advanced Access Configuration ->
Captive Portal, the haproxy-portal dropdown is showing green.
But, looking further by clicking the dropdown, I notice Enabled
and Managed are green, but Alive is red.
Systemctl status packetfence-haproxy-portal returns the following
result:
● packetfence-haproxy-portal.service - PacketFence HAProxy Load
Balancer for the captive portal
Loaded: loaded
(/lib/systemd/system/packetfence-haproxy-portal.service; enabled;
vendor preset: enabled)
Active: activating (start-pre) since Fri 2020-10-09 10:57:14
EDT; 2s ago
Process: 230643 ExecStart=/usr/sbin/haproxy -Ws -f
/usr/local/pf/var/conf/haproxy-portal.conf -p
/usr/local/pf/var/run/haproxy-portal.pid (code=exited, status=1/FAILU
Main PID: 230643 (code=exited, status=1/FAILURE); Control PID:
230652 (perl)
Tasks: 1 (limit: 36864)
CGroup: /packetfence.slice/packetfence-haproxy-portal.service
└─control
└─230652 /usr/bin/perl -I/usr/local/pf/lib
-Mpf::services::manager::haproxy_portal -e
pf::services::manager::haproxy_portal->new()->generateConfig()
Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT]
282/105714 (230643) : Starting frontend portal-http-66.70.255.147:
cannot bind socket [66.70.255.147:80]
Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT]
282/105714 (230643) : Starting frontend
portal-https-66.70.255.147: cannot bind socket [66.60.255.147:443]
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Main process exited,
code=exited, status=1/FAILURE
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Failed to start
PacketFence HAProxy Load Balancer for the captive portal.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Unit entered failed state.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Failed with result 'exit-code'.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Service hold-off time over,
scheduling restart.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Stopped PacketFence
HAProxy Load Balancer for the captive portal.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Starting PacketFence
HAProxy Load Balancer for the captive portal...
In /var/log/haproxy.log, I find the following:
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy proxy started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy static started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: [ALERT] 282/114838
(17789) : Starting frontend portal-http-66.70.255.147: cannot bind
socket [66.70.255.147:80]
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: [ALERT] 282/114838
(17789) : Starting frontend portal-https-66.70.255.147: cannot
bind socket [66.70.255.147:443]
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-http-10.30.247.1 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-https-10.30.247.1 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
10.30.247.1-backend started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-http-10.30.3.162 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-https-10.30.3.162 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
10.30.3.162-backend started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-http-10.30.248.1 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
portal-https-10.30.248.1 started.
Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy
10.30.248.1-backend started.
I notice the error about binding to 66.70.255.147. That is not an
IP I recognize, it is certainly not assigned to any of the
interfaces on my system.
I find the address 66.70.255.147 in the pf.conf.defaults file with
the header
# The IP address the portal uses in the registration and isolation
networks.
# This IP address should point to an IP outside the registration
and isolation networks.
# Do not change unless you know what you are doing.
ip_address=66.70.255.147
I found a github entry that discusses the captive portal IP here
https://github.com/inverse-inc/packetfence/pull/5682 . It says
the previous hardcoded address of 192.0.2.1 is removed and an
Inverse owned IP is put in its place. I see that 66.70.255.147 is
owned by Ovh Hosting in Montreal, not Inverse specifically, but I
believe this github entry is talking about the captive portal
section of pf.conf.defaults.
So, I set the address in the Captive Portal web page to 192.0.2.1
and experience the same results. No captive portal and the error
with the haproxy-portal service still exists.
Systemctl status packetfence-haproxy-portal now returns the
following result:
● packetfence-haproxy-portal.service - PacketFence HAProxy Load
Balancer for the captive portal
Loaded: loaded
(/lib/systemd/system/packetfence-haproxy-portal.service; enabled;
vendor preset: enabled)
Active: activating (start-pre) since Fri 2020-10-09 10:57:14
EDT; 2s ago
Process: 230643 ExecStart=/usr/sbin/haproxy -Ws -f
/usr/local/pf/var/conf/haproxy-portal.conf -p
/usr/local/pf/var/run/haproxy-portal.pid (code=exited, status=1/FAILU
Main PID: 230643 (code=exited, status=1/FAILURE); Control PID:
230652 (perl)
Tasks: 1 (limit: 36864)
CGroup: /packetfence.slice/packetfence-haproxy-portal.service
└─control
└─230652 /usr/bin/perl -I/usr/local/pf/lib
-Mpf::services::manager::haproxy_portal -e
pf::services::manager::haproxy_portal->new()->generateConfig()
Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT]
282/105714 (230643) : Starting frontend portal-http-192.0.2.1:
cannot bind socket [192.0.2.1:80]
Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT]
282/105714 (230643) : Starting frontend portal-https-192.0.2.1:
cannot bind socket [192.0.2.1:443]
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Main process exited,
code=exited, status=1/FAILURE
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Failed to start
PacketFence HAProxy Load Balancer for the captive portal.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Unit entered failed state.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Failed with result 'exit-code'.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]:
packetfence-haproxy-portal.service: Service hold-off time over,
scheduling restart.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Stopped PacketFence
HAProxy Load Balancer for the captive portal.
Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Starting PacketFence
HAProxy Load Balancer for the captive portal...
/var/log/haproxy.log now shows:
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy proxy started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: [ALERT]
282/104756 (223396) : Starting frontend portal-http-192.0.2.1:
cannot bind socket [192.0.2.1:80]
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: [ALERT]
282/104756 (223396) : Starting frontend portal-https-192.0.2.1:
cannot bind socket [192.0.2.1:443]
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy static started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-http-10.30.247.1 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-https-10.30.247.1 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
10.30.247.1-backend started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-http-10.30.3.162 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-https-10.30.3.162 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
10.30.3.162-backend started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-http-10.30.248.1 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
portal-https-10.30.248.1 started.
Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy
10.30.248.1-backend started.
In the pf.conf.defaults file, I commented out the IP. This
produces a warning when restarting the services “pf.conf value
captive_portal.ip_address is not defined!”.
The haproxy-portal service is now started and I successfully
performed guest registration.
Sorry to trouble you with all of this, but the first time I
performed these steps, I was still experiencing trouble with the
captive portal. It’s not until I went through it all again to
collect the information to include with my question that I found
the captive portal to be working. It is working with the
captive_portal.ip_address section of pf.conf.defaults commented
out. I’m not certain commenting this line is the correct
solution. It must be there for a reason, no?
I will leave these questions for the group then…
Why is the haproxy-portal showing green in the web interface when,
in fact, it is not successfully started?
What is the story with the captive_portal.ip_address section of
pf.conf.defaults? Is it a mistake to leave it commented?
Thank you,
Jeff
PRIVACY NOTICE: The information contained in this e-mail,
including any attachments, is confidential and intended only for
the named recipient(s). Unauthorized use, disclosure, forwarding,
or copying is strictly prohibited and may be unlawful. If you are
not the intended recipient, please delete the e-mail and any
attachments and notify us immediately by return e-mail.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
