Bug #9489
closed
pfsense with ha closing sessions when apply any rule, xmlrpc erros are shown
0%
Description
Cloned from:
https://forum.netgate.com/topic/131916/pfsense-with-ha-closing-sessions-when-apply-any-rule
On XG-7100,
- sync interface ping, port 443 is open, ...
- xmlrpc works (the config sync does work at stage #1)
- xmlrpc errors are shown after a while (restore_config_section and host_firmware_version are shown as failed)
- sessions get closed on apply any change in the modification
Please note that only once the apply button has been pressed, and 2 "Syncing firewall" has been logged in 2 seconds span.
Logs from master:
Apr 29 01:48:44 pf1-lipi check_reload_status: Syncing firewall
Apr 29 01:48:45 pf1-lipi php-fpm348: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.11.8.232:443/xmlrpc.php.
Apr 29 01:48:46 pf1-lipi php-fpm348: /rc.filter_synchronize: XMLRPC reload data success with https://10.11.8.232:443/xmlrpc.php (pfsense.host_firmware_version).
Apr 29 01:48:46 pf1-lipi php-fpm348: /rc.filter_synchronize: XMLRPC versioncheck: 18.9 -- 18.9
Apr 29 01:48:46 pf1-lipi php-fpm348: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.11.8.232:443/xmlrpc.php.
Apr 29 01:48:46 pf1-lipi check_reload_status: Syncing firewall
Apr 29 01:48:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.11.8.232:443/xmlrpc.php.
Apr 29 01:48:57 pf1-lipi check_reload_status: Reloading filter
Apr 29 01:49:25 pf1-lipi sshd51791: user admin login class [preauth]
Apr 29 01:49:25 pf1-lipi sshd51791: user admin login class [preauth]
Apr 29 01:49:25 pf1-lipi sshd51791: user admin login class [preauth]
[login as my session get disconnected]
Apr 29 01:49:46 pf1-lipi php-fpm348: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method restore_config_section:
Apr 29 01:49:46 pf1-lipi php-fpm348: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method restore_config_section:
Apr 29 01:49:46 pf1-lipi php-fpm348: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.11.8.232:443/xmlrpc.php.
Apr 29 01:49:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Apr 29 01:49:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Apr 29 01:49:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.11.8.232:443/xmlrpc.php.
Apr 29 01:50:46 pf1-lipi php-fpm348: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method restore_config_section:
Apr 29 01:50:46 pf1-lipi php-fpm348: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method restore_config_section:
Apr 29 01:50:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Apr 29 01:50:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Apr 29 01:50:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: XMLRPC versioncheck: -- 18.9
Apr 29 01:50:47 pf1-lipi php-fpm5542: /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
How to reproduce:
1) setup a cluster in HA
2) apply any configuration change (even disable one rule and enable it again, then press apply)
3) errors are shown both in UI and logs
Updated by Jim Pingle almost 5 years ago
- Status changed from New to Not a Bug
You have a configuration error, probably a down gateway triggering state killing. Keep the discussion on the forum.
Updated by chris j almost 5 years ago
I 2nd this issue, brand new install setup HA cluster with just two machines, everything seems fine and config seems to be syncing however plagued with error messages every time i log in to the box. Sync interfaces are dedicated interfaces, all interfaces match on name and order.
Just for note after reading the above link, my sync interfaces does not have gateway monitoring as its a /30, the rule I have on the sync interface allows everything, ip v4 any any, also tried ticking the "no pfsync" box, to prevent the syncing of states on the sync interface to no avail.
Updated by chris j almost 5 years ago
A communications error occurred while attempting to call XMLRPC method restore_config_section: 2019-05-09 20:54:59 2019-05-09 20:55:59
A communications error occurred while attempting to call XMLRPC method restore_config_section:
A communications error occurred while attempting to call XMLRPC method restore_config_section: 2019-05-09 20:56:08 2019-05-09 20:56:20
A communications error occurred while attempting to call XMLRPC method host_firmware_version:
A communications error occurred while attempting to call XMLRPC method restore_config_section: 2019-05-09 20:57:08 2019-05-09 20:57:20
A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Updated by chris j almost 5 years ago
running packages:
pfBlockerNG-devel
Service_Watchdog
snort
squid
squidGuard
Updated by Jim Pingle almost 5 years ago
This is not a bug, but a problem with your configuration. This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .
See Reporting Issues with pfSense Software for more information.