Fabrice, ps -fe | grep keepalive root 98543 1 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f /usr/local/pf/var/conf/keepalived.conf --pid=/usr/local/pf/var/run/keepalived.pid root 98549 98543 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f /usr/local/pf/var/conf/keepalived.conf --pid=/usr/local/pf/var/run/keepalived.pid root 98550 98543 0 13:56 ? 00:00:00 /usr/sbin/keepalived -f /usr/local/pf/var/conf/keepalived.conf --pid=/usr/local/pf/var/run/keepalived.pid root 115221 111126 0 14:45 pts/0 00:00:00 grep keepalive
Keep alive is running fine. I didn’t mention it before, but I can see those log entries presented below from haproxy.log are repeating over and over. And, as I run the systemctl status command I can see the PID change and the time since it started activating updates as well. In the web interface, when I tell the service to stop, it immediately restarts in the same state I describe below. Managed, Active, but not Alive. Additionally, there is a log entry in packetfence.log that is repeating each time the haproxy-portal service tries to start. It says “packetfence: -e(82711) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)”. Jeff Linden | Corporate Infrastructure Specialist DAIFUKU NORTH AMERICA 30100 Cabot Drive, Novi MI 48377 (248) 553-1234 x1013 DAIFUKU <http://www.daifukuna.com/> Always an Edge Ahead From: Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Friday, October 9, 2020 2:18 PM To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <fdur...@inverse.ca> Subject: Re: [PacketFence-users] captive_portal.ip_address in pf.conf.defaults Hello Jeff, your issue is because keepalived is not running. let's try: /usr/local/pf/bin/pfcmd service pf updatesystemd systemctl restart packetfence-keepalived.service Regards Fabrice Le 20-10-09 à 14 h 11, Jeff Linden via PacketFence-users a écrit : Hello, I’ve upgraded PacketFence from 9.2 to 10.1. Since then, I’ve had trouble getting the Captive Portal to function. Since I noticed a newer version is available, I have now upgraded to 10.2 before writing this. In the web interface, under Status -> Services, the haproxy-portal is enabled and running. All green. Except, the pid is 0. Also in the web interface, under Advanced Access Configuration -> Captive Portal, the haproxy-portal dropdown is showing green. But, looking further by clicking the dropdown, I notice Enabled and Managed are green, but Alive is red. Systemctl status packetfence-haproxy-portal returns the following result: ● packetfence-haproxy-portal.service - PacketFence HAProxy Load Balancer for the captive portal Loaded: loaded (/lib/systemd/system/packetfence-haproxy-portal.service; enabled; vendor preset: enabled) Active: activating (start-pre) since Fri 2020-10-09 10:57:14 EDT; 2s ago Process: 230643 ExecStart=/usr/sbin/haproxy -Ws -f /usr/local/pf/var/conf/haproxy-portal.conf -p /usr/local/pf/var/run/haproxy-portal.pid (code=exited, status=1/FAILU Main PID: 230643 (code=exited, status=1/FAILURE); Control PID: 230652 (perl) Tasks: 1 (limit: 36864) CGroup: /packetfence.slice/packetfence-haproxy-portal.service └─control └─230652 /usr/bin/perl -I/usr/local/pf/lib -Mpf::services::manager::haproxy_portal -e pf::services::manager::haproxy_portal->new()->generateConfig() Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT] 282/105714 (230643) : Starting frontend portal-http-66.70.255.147: cannot bind socket [66.70.255.147:80] Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT] 282/105714 (230643) : Starting frontend portal-https-66.70.255.147: cannot bind socket [66.60.255.147:443] Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Main process exited, code=exited, status=1/FAILURE Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Failed to start PacketFence HAProxy Load Balancer for the captive portal. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Unit entered failed state. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Failed with result 'exit-code'. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Service hold-off time over, scheduling restart. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Stopped PacketFence HAProxy Load Balancer for the captive portal. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Starting PacketFence HAProxy Load Balancer for the captive portal... In /var/log/haproxy.log, I find the following: Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy proxy started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy static started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: [ALERT] 282/114838 (17789) : Starting frontend portal-http-66.70.255.147: cannot bind socket [66.70.255.147:80] Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: [ALERT] 282/114838 (17789) : Starting frontend portal-https-66.70.255.147: cannot bind socket [66.70.255.147:443] Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-http-10.30.247.1 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-https-10.30.247.1 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy 10.30.247.1-backend started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-http-10.30.3.162 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-https-10.30.3.162 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy 10.30.3.162-backend started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-http-10.30.248.1 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy portal-https-10.30.248.1 started. Oct 9 11:48:38 nadc1-pfence-01 haproxy[17789]: Proxy 10.30.248.1-backend started. I notice the error about binding to 66.70.255.147. That is not an IP I recognize, it is certainly not assigned to any of the interfaces on my system. I find the address 66.70.255.147 in the pf.conf.defaults file with the header # The IP address the portal uses in the registration and isolation networks. # This IP address should point to an IP outside the registration and isolation networks. # Do not change unless you know what you are doing. ip_address=66.70.255.147 I found a github entry that discusses the captive portal IP here https://github.com/inverse-inc/packetfence/pull/5682 . It says the previous hardcoded address of 192.0.2.1 is removed and an Inverse owned IP is put in its place. I see that 66.70.255.147 is owned by Ovh Hosting in Montreal, not Inverse specifically, but I believe this github entry is talking about the captive portal section of pf.conf.defaults. So, I set the address in the Captive Portal web page to 192.0.2.1 and experience the same results. No captive portal and the error with the haproxy-portal service still exists. Systemctl status packetfence-haproxy-portal now returns the following result: ● packetfence-haproxy-portal.service - PacketFence HAProxy Load Balancer for the captive portal Loaded: loaded (/lib/systemd/system/packetfence-haproxy-portal.service; enabled; vendor preset: enabled) Active: activating (start-pre) since Fri 2020-10-09 10:57:14 EDT; 2s ago Process: 230643 ExecStart=/usr/sbin/haproxy -Ws -f /usr/local/pf/var/conf/haproxy-portal.conf -p /usr/local/pf/var/run/haproxy-portal.pid (code=exited, status=1/FAILU Main PID: 230643 (code=exited, status=1/FAILURE); Control PID: 230652 (perl) Tasks: 1 (limit: 36864) CGroup: /packetfence.slice/packetfence-haproxy-portal.service └─control └─230652 /usr/bin/perl -I/usr/local/pf/lib -Mpf::services::manager::haproxy_portal -e pf::services::manager::haproxy_portal->new()->generateConfig() Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT] 282/105714 (230643) : Starting frontend portal-http-192.0.2.1: cannot bind socket [192.0.2.1:80] Oct 09 10:57:16 nadc1-pfence-01 haproxy[230643]: [ALERT] 282/105714 (230643) : Starting frontend portal-https-192.0.2.1: cannot bind socket [192.0.2.1:443] Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Main process exited, code=exited, status=1/FAILURE Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Failed to start PacketFence HAProxy Load Balancer for the captive portal. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Unit entered failed state. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Failed with result 'exit-code'. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: packetfence-haproxy-portal.service: Service hold-off time over, scheduling restart. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Stopped PacketFence HAProxy Load Balancer for the captive portal. Oct 09 10:57:14 nadc1-pfence-01 systemd[1]: Starting PacketFence HAProxy Load Balancer for the captive portal... /var/log/haproxy.log now shows: Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy proxy started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: [ALERT] 282/104756 (223396) : Starting frontend portal-http-192.0.2.1: cannot bind socket [192.0.2.1:80] Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: [ALERT] 282/104756 (223396) : Starting frontend portal-https-192.0.2.1: cannot bind socket [192.0.2.1:443] Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy static started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-http-10.30.247.1 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-https-10.30.247.1 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy 10.30.247.1-backend started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-http-10.30.3.162 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-https-10.30.3.162 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy 10.30.3.162-backend started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-http-10.30.248.1 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy portal-https-10.30.248.1 started. Oct 9 10:47:56 nadc1-pfence-01 haproxy[223396]: Proxy 10.30.248.1-backend started. In the pf.conf.defaults file, I commented out the IP. This produces a warning when restarting the services “pf.conf value captive_portal.ip_address is not defined!”. The haproxy-portal service is now started and I successfully performed guest registration. Sorry to trouble you with all of this, but the first time I performed these steps, I was still experiencing trouble with the captive portal. It’s not until I went through it all again to collect the information to include with my question that I found the captive portal to be working. It is working with the captive_portal.ip_address section of pf.conf.defaults commented out. I’m not certain commenting this line is the correct solution. It must be there for a reason, no? I will leave these questions for the group then… Why is the haproxy-portal showing green in the web interface when, in fact, it is not successfully started? What is the story with the captive_portal.ip_address section of pf.conf.defaults? Is it a mistake to leave it commented? Thank you, Jeff PRIVACY NOTICE: The information contained in this e-mail, including any attachments, is confidential and intended only for the named recipient(s). Unauthorized use, disclosure, forwarding, or copying is strictly prohibited and may be unlawful. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately by return e-mail. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
