Bug #4902
closedXMLRPC Sync version check ineffective in some cases
100%
Description
With an HA setup with XMLRPC sync there is supposed to be a version check to prevent different versions of pfSense from synchronizing due to configuration differences. This does not seem to be functional currently as a 2.1.x primary can still sync to a 2.2.x secondary which breaks various areas such as outbound NAT, captive portal zones, and others that differ based on the configuration revisions between the versions.
Updated by Jim Pingle about 9 years ago
Looks like we only test for "$parsed_response['config_version'] < $config['version']" and not greater than.
https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/rc.filter_synchronize#L126
Updated by Jim Pingle about 9 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 33697d18572e8f3f320b0627101e663710fa3dba.
Updated by Jim Pingle about 9 years ago
Applied in changeset 4379f31869e48e98f73600a166854ab417c3f645.
Updated by Jim Pingle about 9 years ago
- Status changed from Feedback to Resolved
Re-tested each possible scenario here. Any time the versions differ, either older or newer, the sync stops as desired.
1: P:11.9 S:11.9 -- Sync worked
2: P:11.9 S:11.8 -- Generated error
3: P:11.9 S:12.0 -- Generated error
4: P:11.8 S:11.9 -- Generated error
5: P:12.0 S:11.9 -- Generated error
6: P:11.9 S:11.9 -- Sync worked again
Tests 4 and 5 were technically redundant (4 the same as 3, 5 the same as 2) but I ran them anyhow for completeness.