Good morning, I have a new cluster installed and everything appears to be operating correctly except for an error on login to the Admin Interface which states: PacketFence1.fqdn haproxy haproxy-portal - health Haproxy_haproxy-portal.health_sdown.haproxy_backend_server_status
When I look at the Status>Cluster>Services area, I do see that HAProxy-Portal is checked as enabled and managed on all server, but is not running on PacketFence2.fqdn and PacketFence3.fqdn. *** Here is my cluster.conf: # Copyright (C) Inverse inc. # Cluster configuration file for active/active # This file will have it deactivated by default # To activate the active/active mode, set a management IP in the cluster section # Before doing any changes to this file, read the documentation [CLUSTER] management_ip=10.10.10.30 [CLUSTER interface ens160] ip=10.10.10.30 [CLUSTER interface ens192] ip=10.45.1.1 [CLUSTER interface ens224] ip=10.45.2.1 [packetfence1.fqdn] management_ip=10.10.10.31 [packetfence1.fqdn interface ens160] ip=10.10.10.31 [packetfence1.fqdn interface ens192] ip=10.45.1.2 [packetfence1.fqdn interface ens224] ip=10.45.2.2 [packetfence2.fqdn] management_ip=10.10.10.32 [packetfence2.fqdn interface ens160] ip=10.10.10.32 [packetfence2.fqdn interface ens192] ip=10.45.1.3 [packetfence2.fqdn interface ens224] ip=10.45.2.3 [packetfence3.fqdn] management_ip=10.10.10.33 [packetfence3.fqdn interface ens160] ip=10.10.10.33 [packetfence3.fqdn interface ens192] ip=10.45.1.4 [packetfence3.fqdn interface ens224] ip=10.45.2.4 *** Here is my HAProxy-Portal.conf # Copyright (C) Inverse inc. global external-check user haproxy group haproxy daemon pidfile %%var_dir%%/run/haproxy-portal.pid log /dev/log local0 stats socket %%var_dir%%/run/haproxy-portal.stats level admin process 1 maxconn 4000 #Followup of https://github.com/inverse-inc/packetfence/pull/893 #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers <cert> ssl-default-bind-options no-sslv3 no-tls-tickets ssl-default-server-ciphers <cert> ssl-default-server-options no-sslv3 no-tls-tickets #OLD SSL CONFIGURATION. IF RC4 is required or if you must support clients older then the precendent list, comment all the block between this comment and the precedent and uncomment the following line #ssl-default-bind-ciphers <cert> lua-load %%conf_dir%%/passthrough.lua listen stats bind %%management_ip%%:1025 mode http timeout connect 10s timeout client 1m timeout server 1m stats enable stats uri /stats stats realm HAProxy\ Statistics stats auth admin:packetfence defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 403 %%captiveportal_templates_path%%/rate-limiting.http backend proxy option httpclose option http_proxy option forwardfor # Need to have a proxy listening on localhost port 8888 acl paramsquery query -m found http-request set-uri http://127.0.0.1:8888%[path]?%[query] if paramsquery http-request set-uri http://127.0.0.1:8888%[path] unless paramsquery backend static option httpclose option http_proxy option forwardfor http-request set-uri http://127.0.0.1:8889%[path]?%[query] %%http%% *** Here is the error message in the haproxy-portal.log Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.1.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.1.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.2.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.2.1 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-66.70.255.147 started. Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-66.70.255.147 started. Mar 31 11:11:31 packetfence1 haproxy[6242]: backend 10.25.1.1-backend has no server available! Mar 31 11:11:46 packetfence1 haproxy[6242]: backend 10.25.2.1-backend has no server available! I get this error every time I login, and every so often when it does a check. I have not tried the captive portal yet from a device yet. But, it does work through the admin interface using the Portal_Preview. I suspect that I'm missing a section from the Load Balancers IP in the Configuration>Advanced Access Configuration>Captive Portal section. But, I can't find anything in the cluster documentation that would indicate that's how it works. Cheers, CHRIS _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users