Feature #3522
closed
Option to set CARP interfaces to 'maintenance mode', persisting through a reboot so the primary machines stays as backup/inactive
Added by Pi Ba over 10 years ago.
Updated about 10 years ago.
Description
Option to set CARP interfaces to 'maintenance mode', persisting through a reboot so the primary machines stays as backup/inactive.
This is required when there are some problems (possibly with the hardware) and the primary machine needs to be booted and checked again before becoming 'master'. Currently it will take back the master state during reboot even though there might still be problems or some re-configuring to do..
My attempts to provide this option for 2.2 and 2.1 have been rejected. Some discussion there also about it being or not being needed..
https://github.com/pfsense/pfsense/pull/851 and https://github.com/pfsense/pfsense/pull/957
These commits can be installed through 'system patches' package, which will help for maintenance. But remember that wont work with installing a pfSense upgrade.
It hasn't been rejected because it's not needed (though Ermal said that initially, I know that's not the case from experience, as I noted on pull 851 in more detail) on the second attempt at least, that was because it was against RELENG_2_1 and that's a feature-frozen branch.
Ermal can comment further if needed, but I think your second attempt addressed all his concerns and should be acceptable to merge to master if you can submit another request.
Thanks!
This has been pushed into the 2.2 Alpha from what I read on the forums. Correct? The status probably can be changed on this feature request if so.
- Status changed from New to Feedback
Using "2.2-ALPHA (amd64) built on Fri Aug 15 14:31:24 CDT 2014".
When the master exits persistent carp maintenance mode, it still stays as the backup node. Is this by design, or a bug? After I've exited the maintenance mode, I need to press "temporarily disable carp", and then "enable carp" for it to become the master again.
what advskew do you use.? with 0 i noted an issue as commented in the 851 pull-request. "One strange thing is that setting advskew to 0 is not possible when it is higher. What to do?"
I used the default adskew that pfSense configured the CARP interface with. Master has skew 0, slave has 100.
Ok, so to 'fix' the behavior, give master a skew of 1 , slave will sync to 101, and everything will work as it is supposed to be. Or at least that's what i expect, haven't tested it in a while..
As for the proper fix i am not sure if pfSense should simply not allow a skew of 0, and use 1 as a default which would probably be the simplest, or perhaps FreeBSD internals should be fixed to also allow 'setting' the skew back to 0, though i am unsure how big an change that would require.
Tried to change skew from 0 to 1, but I might have detected a new bug. I'm unable to change a CARP IP after it has been created. Even just changing the description results in this error message:
The following input errors were detected:
This IP address is being used by another interface or VIP.
Dropped all the CARP interfaces, and recreated them with skew set to 1 and 101, and now it works properly. Will test the above some more, and create a new issue.
- Status changed from Feedback to Resolved
feature is implemented. There is still an outstanding problem with it not dropping back to the configured advskew, that's covered in #3910.
Also available in: Atom
PDF