Hi All,
I've a couple of opnsense in HA and all works fine.
Now I need to check if the configuration of the 2 node are synced ... so to be sure to "remember to update your backup server in System: High availablity: status"
Does someone know a sensible way to verify the configuration sync status ? any method/suggestion will be well accepted.
As general idea I would like implement a "nagios plugin" to monitor also this check with my icinga2 servers.
Thanks
Does the sync work for you? In 19.7 I could create CARP, firewall rules and DHCP settings and when hitting save, it got sync'ed to backup node. - Except for a few settings everything got sync'ed by clicking save to backup.
ATM I have to manually sync every time when changing things. Pretty annoying when updating rule sets. To easy to forget a sync and backup running asynchron.
According to the manual https://docs.opnsense.org/manual/hacarp.html (https://docs.opnsense.org/manual/hacarp.html)
QuoteTo prevent issues spreading over both machines at the same time, we choose to only update on command (see the status page).
So yes, my sync works fine ... but, as you told, it's quite easy to forgot the status page push button.
This is my reason to have an external check to monitor the sync status of the 2 nodes.
I've tried to looking for a "configuration version" in the backup file and via SNMP, to be able to compare the 2 versions, but I didn't found anything usable.
PS: I'm running 20.1 in test and a 19.7 in production
What a bullshit. It is a cluster and shall behave like one system. If I configure shit, both machines should have this issue than it is found faster.
ATM I have more issues due to forgotten syncs than by malconfiguration. And you are right. Sync must be monitored.
Hard to believe that after failover firewall behaviour changes because of a forgotten sync.
And additionally there.should be a big sync button on each page that supports ha sync - as shortcut AND reminder.
fabio did you already found a solution?
Unfortunately no valid solution till now.
--
Fabio
For me, that looks like it's working:
https://github.com/opnsense/core/issues/4000#issuecomment-604964711
done that way:
- Login to your PRIMARY
- cd /usr/local/opnsense/service/conf/actions.d/
- vi actions_hasync.conf
[start]
command:configctl filter sync loads
parameters:-c '%s'
type:script
description:run ha_sync
message:cronbased syncing ha
after saving:
service configd restart
then create a cron job
(https://i.ibb.co/HKFDq2V/grafik.png) (https://ibb.co/HKFDq2V)
Thanks katamadone [CH]
looks like a very interesting workaround ... next week I'll try it.
Thanks again for this suggestion
--
Fabio
take a look into
https://github.com/opnsense/core/issues/4000