OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: fabio on February 17, 2020, 11:09:44 pm

Title: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: fabio on February 17, 2020, 11:09:44 pm

Hi All,

I've a couple of opnsense in HA and all works fine.

Now I need to check if the configuration of the 2 node are synced  ... so to be sure to "remember to update your backup server in System: High availablity: status"

Does someone know a sensible way to verify the configuration sync status ? any method/suggestion will be well accepted.

As general idea I would like implement a "nagios plugin" to monitor also this check with my icinga2 servers.

Thanks

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: hbc on February 18, 2020, 03:17:49 pm

Does the sync work for you? In 19.7 I could create CARP, firewall rules and DHCP settings and when hitting save, it got sync'ed to backup node. - Except for a few settings everything got sync'ed by clicking save to backup.

ATM I have to manually sync every time when changing things. Pretty annoying when updating rule sets. To easy to forget a sync and backup running asynchron.

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: fabio on February 18, 2020, 10:28:38 pm

According to the manual https://docs.opnsense.org/manual/hacarp.html (https://docs.opnsense.org/manual/hacarp.html)

Quote

To prevent issues spreading over both machines at the same time, we choose to only update on command (see the status page).

So yes, my sync works fine ... but, as you told, it's quite easy to forgot the status page push button.

This is my reason to have an external check to monitor the sync status of the 2 nodes.
I've tried to looking for a "configuration version" in the backup file and via SNMP, to be able to compare the 2 versions, but I didn’t found anything usable.


PS: I'm running 20.1 in test and a 19.7 in production

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: hbc on February 19, 2020, 10:47:35 pm

What a bullshit. It is a cluster and shall behave like one system. If I configure shit, both machines should have this issue than it is found faster.

ATM I have more issues due to forgotten syncs than by malconfiguration. And you are right. Sync must be monitored.

Hard to believe that after failover firewall behaviour changes because of a forgotten sync.

And additionally there.should be a big sync button on each page that supports ha sync - as shortcut AND reminder.

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: katamadone [CH] on March 26, 2020, 06:18:28 am

fabio did you already found a solution?

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: fabio on March 26, 2020, 09:22:26 am

Unfortunately no valid solution till now.

--
Fabio

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: katamadone [CH] on March 27, 2020, 01:30:08 pm

For me, that looks like it's working:
https://github.com/opnsense/core/issues/4000#issuecomment-604964711

done that way:
- Login to your PRIMARY
- cd /usr/local/opnsense/service/conf/actions.d/
- vi actions_hasync.conf

Code: [Select]

[start]
command:configctl filter sync loads
parameters:-c '%s'
type:script
description:run ha_sync
message:cronbased syncing ha


after saving:
 

Code: [Select]

service configd restart
then create a cron job
(https://i.ibb.co/HKFDq2V/grafik.png) (https://ibb.co/HKFDq2V)

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: fabio on March 28, 2020, 09:23:48 pm

Thanks katamadone [CH]

looks like a very interesting workaround  ... next week I'll try it.

Thanks again for this suggestion
--
Fabio

Title: Re: Monitoring of "Configuration Synchronization (XMLRPC Sync)"
Post by: katamadone [CH] on March 31, 2020, 07:30:38 am

take a look into
https://github.com/opnsense/core/issues/4000