OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: mfedv on August 15, 2022, 06:46:28 pm

Title: Scripts in /usr/local/etc/rc.syshook.d/carp not run on "Temporarily Disable CARP
Post by: mfedv on August 15, 2022, 06:46:28 pm

Hi,

playing around with wireguard on a CARP HA installation, I tried the carp syshook script from https://forum.opnsense.org/index.php?topic=25993.msg129864#msg129864.

In many cases, the syshook script gets properly invoked and the wireguard-go process is started/stopped accordingly.

But using "Temporarily Disable CARP" ( Interfaces / Virtual IPs / Status ) on the current MASTER, the script is not getting called and wireguard-ko keeps running on previous MASTER while also being started on previous BACKUP. When clicking "Enable CARP" again, the script is first called for "BACKUP" state, then for "MASTER" state in short succession.

So you can't really rely on carp hook invocations alone, you would also need to do additional regular monitoring (e.g. via cron). This is rather cumbersome.

If devd does not fire in this situation, perhaps this can be simulated by carp_status.php?

Regards
Matthias

(even if wireguard should not actually be suited for HA failover, these missing hook notifications are a more general problem not restricted to wireguard alone)

Title: Re: Scripts in /usr/local/etc/rc.syshook.d/carp not run on "Temporarily Disable CARP
Post by: rkerno on August 22, 2022, 10:06:31 pm

I'm also seeing this problem with pppoe.  And I notice the OpenVPN logs are not showing either.  To confirm, the issue is when you Temporarily Disable CARP on the Master.  It works fine if you Enter Maintenance Mode on the master.