Hello Chris,

It means that your interfaces does not communicate properly.

Make sure to check the connectivity between your server interface like this:

From PF1:

ping -I ens160 PF2-MGNT
ping -I ens160 PF3-MGNT

ping -I ens192 PF2-REG
ping -I ens192 PF3-REG

ping -I ens224 PF2-REG
ping -I ens224 PF3-REG

From PF2:

ping -I ens160 PF1-MGNT
ping -I ens160 PF3-MGNT

ping -I ens192 PF1-REG
ping -I ens192 PF3-REG

ping -I ens224 PF1-REG
ping -I ens224 PF3-REG

From PF3:

ping -I ens160 PF2-MGNT
ping -I ens160 PF1-MGNT

ping -I ens192 PF2-REG
ping -I ens192 PF1-REG

ping -I ens224 PF2-REG
ping -I ens224 PF1-REG

You will find one or two that does not work, fix it and you will have no more 
that error message.

My guess: You have deployed that in VMware and the interfaces that you think 
are Registration or Isolation on the VM does not match the order of the VM 
system.

Check the MAC address with “ip a” command and check if all the MAC address are 
the one assigned to the correct VM network. “arp -a” help as well.

Been there, done that.

Have a nice day,

Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>)







> On Mar 31, 2021, at 11:03 AM, Chris Crawford via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> Good morning,
> 
> I have a new cluster installed and everything appears to be operating 
> correctly except for an error on login to the Admin Interface which states:
> PacketFence1.fqdn haproxy haproxy-portal - health
> Haproxy_haproxy-portal.health_sdown.haproxy_backend_server_status
> 
> When I look at the Status>Cluster>Services area, I do see that HAProxy-Portal 
> is checked as enabled and managed on all server, but is not running on 
> PacketFence2.fqdn and PacketFence3.fqdn.
> 
> ***
> Here is my cluster.conf:
> # Copyright (C) Inverse inc.
> # Cluster configuration file for active/active
> # This file will have it deactivated by default
> # To activate the active/active mode, set a management IP in the cluster 
> section
> # Before doing any changes to this file, read the documentation
> [CLUSTER]
> management_ip=10.10.10.30
> 
> [CLUSTER interface ens160]
> ip=10.10.10.30
> 
> [CLUSTER interface ens192]
> ip=10.45.1.1
> 
> [CLUSTER interface ens224]
> ip=10.45.2.1
> 
> [packetfence1.fqdn]
> management_ip=10.10.10.31
> 
> [packetfence1.fqdn interface ens160]
> ip=10.10.10.31
> 
> [packetfence1.fqdn interface ens192]
> ip=10.45.1.2
> 
> [packetfence1.fqdn interface ens224]
> ip=10.45.2.2
> 
> [packetfence2.fqdn]
> management_ip=10.10.10.32
> 
> [packetfence2.fqdn interface ens160]
> ip=10.10.10.32
> 
> [packetfence2.fqdn interface ens192]
> ip=10.45.1.3
> 
> [packetfence2.fqdn interface ens224]
> ip=10.45.2.3
> 
> [packetfence3.fqdn]
> management_ip=10.10.10.33
> 
> [packetfence3.fqdn interface ens160]
> ip=10.10.10.33
> 
> [packetfence3.fqdn interface ens192]
> ip=10.45.1.4
> 
> [packetfence3.fqdn interface ens224]
> ip=10.45.2.4
> 
> ***
> Here is my HAProxy-Portal.conf
> # Copyright (C) Inverse inc.
> global
>  external-check
>  user haproxy
>        group haproxy
>        daemon
>        pidfile %%var_dir%%/run/haproxy-portal.pid
>        log /dev/log local0
>        stats socket %%var_dir%%/run/haproxy-portal.stats level admin process 1
>        maxconn 4000
>        #Followup of https://github.com/inverse-inc/packetfence/pull/893
>        #haproxy 1.6.11 | intermediate profile | OpenSSL 1.0.1e | SRC: 
> https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy-1.6.11&openssl=1.0.1e&hsts=yes&profile=intermediate
>        #Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 
> 1, Windows XP IE8, Android 2.3, Java 7
>        tune.ssl.default-dh-param 2048
>        ssl-default-bind-ciphers <cert>
>        ssl-default-bind-options no-sslv3 no-tls-tickets
>        ssl-default-server-ciphers <cert>
>        ssl-default-server-options no-sslv3 no-tls-tickets
>        #OLD SSL CONFIGURATION. IF RC4 is required or if you must support 
> clients older then the precendent list, comment all the block between this 
> comment and the precedent and uncomment the following line
>        #ssl-default-bind-ciphers <cert>
>        lua-load %%conf_dir%%/passthrough.lua
> 
> listen stats
>  bind  %%management_ip%%:1025
>  mode http
>  timeout connect 10s
>  timeout client 1m
>  timeout server 1m
>  stats enable
>  stats uri /stats
>  stats realm HAProxy\ Statistics
>  stats auth admin:packetfence
> 
> 
> defaults
>        log     global
>        mode    http
>        option  httplog
>        option  dontlognull
>        timeout connect 5000
>        timeout client 50000
>        timeout server 50000
>        errorfile 403 %%captiveportal_templates_path%%/rate-limiting.http
> 
> backend proxy
>    option httpclose
>    option http_proxy
>    option forwardfor
>    # Need to have a proxy listening on localhost port 8888
>    acl paramsquery query -m found
>    http-request set-uri http://127.0.0.1:8888%[path]?%[query] if paramsquery
>    http-request set-uri http://127.0.0.1:8888%[path] unless paramsquery
> 
> backend static
>    option httpclose
>    option http_proxy
>    option forwardfor
>    http-request set-uri http://127.0.0.1:8889%[path]?%[query]
> 
> %%http%%
> 
> ***
> Here is the error message in the haproxy-portal.log
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.1.1 
> started.
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.1.1 
> started.
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-10.25.2.1 
> started.
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-10.25.2.1 
> started.
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-http-66.70.255.147 
> started.
> Mar 31 11:11:21 packetfence1 haproxy[6238]: Proxy portal-https-66.70.255.147 
> started.
> Mar 31 11:11:31 packetfence1 haproxy[6242]: backend 10.25.1.1-backend has no 
> server available!
> Mar 31 11:11:46 packetfence1 haproxy[6242]: backend 10.25.2.1-backend has no 
> server available!
> 
> I get this error every time I login, and every so often when it does a check. 
> I have not tried the captive portal yet from a device yet. But, it does work 
> through the admin interface using the Portal_Preview.
> 
> I suspect that I'm missing a section from the Load Balancers IP in the 
> Configuration>Advanced Access Configuration>Captive Portal section. But, I 
> can't find anything in the cluster documentation that would indicate that's 
> how it works.
> 
> Cheers,
> CHRIS
> 
> 
> 
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to