1
High availability / previously working: -> The backup firewall is not accessible or not configured.
« on: April 11, 2024, 01:55:38 am »
I've a pair of hosts running OPNsense 24.7.a_341 (X11SDV-4C-TP8F)
igb0 is their heartbeat interface, crossconnected
they can ping/interact across the hb interface.
failover still generally works... (carp)
however recently I noticed that an haproxy change I made didn't synchronize to the secondary....
I went to jiggle the handle, and got the response in the webUI `the backup firewall is not accessible or not configured`
this is weird, as things had been working fine (and honestly, I'm not sure when things **STOPPED** working, because the opnsense-log output is so clogged with the erroneous
`telemetry token missing in /usr/local/etc/suricata/rule-updater.config` messages, I didn't notice:
however, I'm not really sure how to begin diagnosing this... backup of the primary config, and restore to to the primary host works, which presumably conveys that the config is okay.
running the /usr/local/etc/rc.filter_synchronize command manually on the primary
makes it hard to know if the deprecation warnings are contributing to the problem or not.
Suggestions?
igb0 is their heartbeat interface, crossconnected
Code: [Select]
[root@evey /usr/local/etc]# ifconfig igb0
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Heartbeat (opt1)
options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:xx:xx:xx:xx:e8
inet xx.xx.100.3 netmask 0xfffffff8 broadcast xx.xx.100.7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Code: [Select]
[root@atticus /home/wolfspyre]# ifconfig igb0
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Heartbeat (opt1)
options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
ether 00:xx:xx:xx:xx:c8
inet xx.xx.100.2 netmask 0xfffffff8 broadcast xx.xx.100.7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
they can ping/interact across the hb interface.
failover still generally works... (carp)
however recently I noticed that an haproxy change I made didn't synchronize to the secondary....
I went to jiggle the handle, and got the response in the webUI `the backup firewall is not accessible or not configured`
this is weird, as things had been working fine (and honestly, I'm not sure when things **STOPPED** working, because the opnsense-log output is so clogged with the erroneous
`telemetry token missing in /usr/local/etc/suricata/rule-updater.config` messages, I didn't notice:
Code: [Select]
<11>1 2024-04-10T18:20:00-05:00 evey.wolfspyre.com opnsense-devel 47647 - [meta sequenceId="3"] /usr/local/etc/rc.filter_synchronize: An error occurred while attempting XMLRPC sync with username wolfspyre and https://xx.xx.100.2/xmlrpc.php parse error. not well formed
however, I'm not really sure how to begin diagnosing this... backup of the primary config, and restore to to the primary host works, which presumably conveys that the config is okay.
running the /usr/local/etc/rc.filter_synchronize command manually on the primary
Code: [Select]
[root@evey /usr/local/etc]# /usr/local/etc/rc.filter_synchronize
send >>>
Host: xxx.xxx.100.2
User-Agent: XML_RPC
Content-Type: text/xml
Content-Length: 117
Authorization: Basic dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
<?xml version="1.0"?>
<methodCall>
<methodName>opnsense.firmware_version</methodName>
<params>
</params></methodCall>received >>>
Deprecated: Creation of dynamic property IXR_Message::$currentTag is deprecated in /usr/local/opnsense/contrib/IXR/IXR_Library.php on line 239
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/opnsense/contrib/IXR/IXR_Library.php:239) in /usr/local/opnsense/contrib/IXR/IXR_Library.php on line 464
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/opnsense/contrib/IXR/IXR_Library.php:239) in /usr/local/opnsense/contrib/IXR/IXR_Library.php on line 465
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/opnsense/contrib/IXR/IXR_Library.php:239) in /usr/local/opnsense/contrib/IXR/IXR_Library.php on line 466
Warning: Cannot modify header information - headers already sent by (output started at /usr/local/opnsense/contrib/IXR/IXR_Library.php:239) in /usr/local/opnsense/contrib/IXR/IXR_Library.php on line 467
<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<value>
<struct>
<member><name>base</name><value><struct>
<member><name>version</name><value><string>24.1.5</string></value></member>
</struct></value></member>
<member><name>firmware</name><value><struct>
<member><name>version</name><value><string>24.7.a_341</string></value></member>
</struct></value></member>
<member><name>kernel</name><value><struct>
<member><name>version</name><value><string>24.1.5</string></value></member>
</struct></value></member>
</struct>
</value>
</param>
</params>
</methodResponse>
error >>>
parse error. not well formed
makes it hard to know if the deprecation warnings are contributing to the problem or not.
Suggestions?