Monitoring of "Configuration Synchronization (XMLRPC Sync)"

Started by fabio, February 17, 2020, 11:09:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 17, 2020, 11:09:44 PM
Hi All,

I've a couple of opnsense in HA and all works fine.

Now I need to check if the configuration of the 2 node are synced  ... so to be sure to "remember to update your backup server in System: High availablity: status"

Does someone know a sensible way to verify the configuration sync status ? any method/suggestion will be well accepted.

As general idea I would like implement a "nagios plugin" to monitor also this check with my icinga2 servers.

Thanks
February 18, 2020, 03:17:49 PM #1
Does the sync work for you? In 19.7 I could create CARP, firewall rules and DHCP settings and when hitting save, it got sync'ed to backup node. - Except for a few settings everything got sync'ed by clicking save to backup.

ATM I have to manually sync every time when changing things. Pretty annoying when updating rule sets. To easy to forget a sync and backup running asynchron.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
February 18, 2020, 10:28:38 PM #2 Last Edit: February 18, 2020, 10:32:24 PM by fabio
According to the manual https://docs.opnsense.org/manual/hacarp.html

QuoteTo prevent issues spreading over both machines at the same time, we choose to only update on command (see the status page).

So yes, my sync works fine ... but, as you told, it's quite easy to forgot the status page push button.

This is my reason to have an external check to monitor the sync status of the 2 nodes.
I've tried to looking for a "configuration version" in the backup file and via SNMP, to be able to compare the 2 versions, but I didn't found anything usable.


PS: I'm running 20.1 in test and a 19.7 in production
February 19, 2020, 10:47:35 PM #3
What a bullshit. It is a cluster and shall behave like one system. If I configure shit, both machines should have this issue than it is found faster.

ATM I have more issues due to forgotten syncs than by malconfiguration. And you are right. Sync must be monitored.

Hard to believe that after failover firewall behaviour changes because of a forgotten sync.

And additionally there.should be a big sync button on each page that supports ha sync - as shortcut AND reminder.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
March 26, 2020, 06:18:28 AM #4
fabio did you already found a solution?
March 26, 2020, 09:22:26 AM #5
Unfortunately no valid solution till now.

--
Fabio
March 27, 2020, 01:30:08 PM #6
For me, that looks like it's working:
https://github.com/opnsense/core/issues/4000#issuecomment-604964711

done that way:
- Login to your PRIMARY
- cd /usr/local/opnsense/service/conf/actions.d/
- vi actions_hasync.conf

Code Select

[start]
command:configctl filter sync loads
parameters:-c '%s'
type:script
description:run ha_sync
message:cronbased syncing ha



after saving:
Code Select
service configd restart

then create a cron job
March 28, 2020, 09:23:48 PM #7
Thanks katamadone [CH]

looks like a very interesting workaround  ... next week I'll try it.

Thanks again for this suggestion
--
Fabio
March 31, 2020, 07:30:38 AM #8
Print
Go Up Pages1
User actions