Feature #16598
open
Prevent master takeover if critical services are not running + forced failover on service failure
0%
Description
In CARP-based HA setups, pfSense currently makes the master/backup decision primarily based on CARP state and interface availability.
However, this can lead to false master situations where the node becomes MASTER even though critical services are not running or are unhealthy.
This is especially problematic in production environments where pfSense acts as a firewall and service provider (e.g. OpenVPN server, DNS, DHCP, HAProxy, IPS/IDS).
I'm attaching a rudimentary script to show you what I think.
Files
Updated by Kris Phillips 3 days ago
- Status changed from New to Incomplete
I'm not clear on the problem here. Services should be started on the secondary automatically when it assumes MASTER role from the former primary.
CARP has no mechanism for automatic service management. All of the functions that do this are in PHP and monitor for the "roll" event to initiate certain services.
There shouldn't be a situation where services aren't running on the secondary firewall or the secondary firewall takes over when the primary should be handling traffic. If either of these things occurs, there is a problem with the configuration or the device.
Please provide additional details.