Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] possebility to choose between manual and auto sync in HA mode #4604

Closed
2 tasks done
colttt opened this issue Jan 14, 2021 · 8 comments
Closed
2 tasks done

[FR] possebility to choose between manual and auto sync in HA mode #4604

colttt opened this issue Jan 14, 2021 · 8 comments
Assignees
@AdSchellevis
Labels
feature Adding new functionality
Milestone
21.7

Comments

@colttt
Copy link

colttt commented Jan 14, 2021

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.
If we have HA configured we need to push configuration changes (like firewall rules) manually. It would be nice if we can choose between manually or automatically. And yes it's a bit risky, but then I can choose for myself what I want.

Describe the solution you like
An Opt-In option to choose between both methods
@mimugmail
Copy link
Member

https://www.reddit.com/r/OPNsenseFirewall/comments/lto37l/new_community_plugin_ha_config_sync_and_reload/

@AdSchellevis
Copy link
Member

@mimugmail adding a task which can be added in cron to do a sync + restart (just like the gui does) depending on state might also be an option for the core system.

I don't mind as long as the action has no relation to the config sync so it can't block and it's not the default behaviour of the firewall (use it your own risk). If that's a feature more people seem to miss, we might consider adding an optional task and a reference in the documentation.

@mimugmail
Copy link
Member

@AdSchellevis the logic of the script isn't really smart, but it does what it should:

STATUS=$(ifconfig | grep "carp:" | awk '{ print $2 }' | uniq)

if [ $STATUS = MASTER ]

then
  /usr/local/etc/rc.filter_synchronize

elif [ $STATUS = BACKUP ]

then
  /usr/local/sbin/configctl template reload \*

else
  echo "UNKNOWN STATUS"

fi

@AdSchellevis
Copy link
Member

@mimugmail ok, shall we interpret this request then as a sync + restart job that only triggers when all interfaces are master? I don't mind adding a configd call for that if it makes people happy. (you need the restart to prevent async backup state)

@mimugmail
Copy link
Member

I'd guess its a good alternative for the ones insisting on automatic sync

Always happy to test :)

AdSchellevis added a commit that referenced this issue Feb 28, 2021
@AdSchellevis
HA Sync: extend rc.filter_synchronize with capabilities to reconfigur…
d737ff9 
…e the backup node (template flush + service reload) for #4604

to offer the ability to schedule a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup
@AdSchellevis
Copy link
Member

ok, there you go d737ff9

To try:

opnsense-patch d737ff9
service configd restart
configctl system ha_reconfigure_backup

(action should be visible in cron too)

Still need to update the docs

@AdSchellevis AdSchellevis self-assigned this Feb 28, 2021
@AdSchellevis AdSchellevis added the feature Adding new functionality label Feb 28, 2021
@mimugmail
Copy link
Member

Thx, this was quick.
But rc.filter_synchronize itself to transfer from master to backup also needs a description for cron?

@AdSchellevis
Copy link
Member

@mimugmail nope, it's the same script, ha_reconfigure_backup just adds actions

@AdSchellevis AdSchellevis mentioned this issue Mar 2, 2021
Closed
2 tasks
@fichtner fichtner added this to the 21.7 milestone Mar 2, 2021
Greelan added a commit to Greelan/opnsense-docs that referenced this issue Mar 6, 2021
@Greelan @AdSchellevis
@sjjh @tomlawesome @fichtner @swhite2 @kulikov-a @SalazarBruno @marcquark
Update (#2)
92ea5a2 
* udate changelogs

* update changelog collection script to cope with multiple flavours, while here, also swich to python3

* update changelogs

* netmap / bpf, adjust information, seemed to have been a side affect pre-21.1

* clarify number of Public Services needed (opnsense#309)

* Add new LTE card to interfaces.rst (opnsense#308)

@tomlawesome thanks for confirming

* fix broken links for the changelogs

* changelog: here be dragons

* remove custom theme instructions and templates and move back to standard using existing options.

* pip[3] in case pip3 doesn't exist :)

* update changelogs

* parse changelog Links

* update api docs, closes opnsense#310

* Fix typo (opnsense#311)

* Firmware: fix some spelling errors (opnsense#313)

* www/nginx update docs for upstream verify (opnsense#305)

* Correcting mismatched interfaces in upload rule (opnsense#314)

The names of the interfaces were wrong in the upload rule

* hint to cronjobs for shorter backup intervals (opnsense#315)

* release notes:

* HA-Sync cron job: add documentation, closes opnsense/core#4604

* Wireguard selective routing how-to (opnsense#317)

* Update wireguard-client.rst to clarify use of WireGuard net (opnsense#304)

This proposed tweak to the how-to is intended to address the issue discussed in this forum thread: https://forum.opnsense.org/index.php?topic=21170.0

* API: Add a note for postman users (opnsense#318)

Co-authored-by: Ad Schellevis <ad@opnsense.org>
Co-authored-by: sjjh <2787214+sjjh@users.noreply.github.com>
Co-authored-by: tomlawesome <76453276+tomlawesome@users.noreply.github.com>
Co-authored-by: Franco Fichtner <franco@opnsense.org>
Co-authored-by: Stephan de Wit <33954429+swhite2@users.noreply.github.com>
Co-authored-by: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Co-authored-by: Bruno Magnum Vasconcelos Monteiro Salazar <salazar.bruno@gmail.com>
Co-authored-by: Marc Leuser <marcquark@users.noreply.github.com>
Greelan added a commit to Greelan/opnsense-docs that referenced this issue Mar 8, 2021
@Greelan @AdSchellevis
@sjjh @tomlawesome @fichtner @swhite2 @kulikov-a @SalazarBruno @marcquark
Update (#3)
87674b8 
* udate changelogs

* update changelog collection script to cope with multiple flavours, while here, also swich to python3

* update changelogs

* netmap / bpf, adjust information, seemed to have been a side affect pre-21.1

* clarify number of Public Services needed (opnsense#309)

* Add new LTE card to interfaces.rst (opnsense#308)

@tomlawesome thanks for confirming

* fix broken links for the changelogs

* changelog: here be dragons

* remove custom theme instructions and templates and move back to standard using existing options.

* pip[3] in case pip3 doesn't exist :)

* update changelogs

* parse changelog Links

* update api docs, closes opnsense#310

* Fix typo (opnsense#311)

* Firmware: fix some spelling errors (opnsense#313)

* www/nginx update docs for upstream verify (opnsense#305)

* Correcting mismatched interfaces in upload rule (opnsense#314)

The names of the interfaces were wrong in the upload rule

* hint to cronjobs for shorter backup intervals (opnsense#315)

* release notes:

* HA-Sync cron job: add documentation, closes opnsense/core#4604

* Wireguard selective routing how-to (opnsense#317)

* Update wireguard-client.rst to clarify use of WireGuard net (opnsense#304)

This proposed tweak to the how-to is intended to address the issue discussed in this forum thread: https://forum.opnsense.org/index.php?topic=21170.0

* API: Add a note for postman users (opnsense#318)

Co-authored-by: Ad Schellevis <ad@opnsense.org>
Co-authored-by: sjjh <2787214+sjjh@users.noreply.github.com>
Co-authored-by: tomlawesome <76453276+tomlawesome@users.noreply.github.com>
Co-authored-by: Franco Fichtner <franco@opnsense.org>
Co-authored-by: Stephan de Wit <33954429+swhite2@users.noreply.github.com>
Co-authored-by: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Co-authored-by: Bruno Magnum Vasconcelos Monteiro Salazar <salazar.bruno@gmail.com>
Co-authored-by: Marc Leuser <marcquark@users.noreply.github.com>
fichtner pushed a commit that referenced this issue Mar 9, 2021
@AdSchellevis @fichtner
HA Sync: extend rc.filter_synchronize with capabilities to reconfigur…
05abc4f 
…e the backup node (template flush + service reload) for #4604

to offer the ability to schedule a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup

(cherry picked from commit d737ff9)
AdSchellevis added a commit that referenced this issue Mar 14, 2021
@AdSchellevis
HA Sync: extend rc.filter_synchronize with capabilities to reconfigur…
395fa73 
…e the backup node (template flush + service reload) for #4604

to offer the ability to schedule a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup
Greelan added a commit to Greelan/opnsense-docs that referenced this issue Aug 19, 2021
@Greelan @AdSchellevis
@sjjh @tomlawesome @fichtner @swhite2 @kulikov-a @SalazarBruno @marcquark
Update (#3)
55c14d0 
* udate changelogs

* update changelog collection script to cope with multiple flavours, while here, also swich to python3

* update changelogs

* netmap / bpf, adjust information, seemed to have been a side affect pre-21.1

* clarify number of Public Services needed (opnsense#309)

* Add new LTE card to interfaces.rst (opnsense#308)

@tomlawesome thanks for confirming

* fix broken links for the changelogs

* changelog: here be dragons

* remove custom theme instructions and templates and move back to standard using existing options.

* pip[3] in case pip3 doesn't exist :)

* update changelogs

* parse changelog Links

* update api docs, closes opnsense#310

* Fix typo (opnsense#311)

* Firmware: fix some spelling errors (opnsense#313)

* www/nginx update docs for upstream verify (opnsense#305)

* Correcting mismatched interfaces in upload rule (opnsense#314)

The names of the interfaces were wrong in the upload rule

* hint to cronjobs for shorter backup intervals (opnsense#315)

* release notes:

* HA-Sync cron job: add documentation, closes opnsense/core#4604

* Wireguard selective routing how-to (opnsense#317)

* Update wireguard-client.rst to clarify use of WireGuard net (opnsense#304)

This proposed tweak to the how-to is intended to address the issue discussed in this forum thread: https://forum.opnsense.org/index.php?topic=21170.0

* API: Add a note for postman users (opnsense#318)

Co-authored-by: Ad Schellevis <ad@opnsense.org>
Co-authored-by: sjjh <2787214+sjjh@users.noreply.github.com>
Co-authored-by: tomlawesome <76453276+tomlawesome@users.noreply.github.com>
Co-authored-by: Franco Fichtner <franco@opnsense.org>
Co-authored-by: Stephan de Wit <33954429+swhite2@users.noreply.github.com>
Co-authored-by: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Co-authored-by: Bruno Magnum Vasconcelos Monteiro Salazar <salazar.bruno@gmail.com>
Co-authored-by: Marc Leuser <marcquark@users.noreply.github.com>
oshogbo pushed a commit to DynFi/opnsense-core that referenced this issue Mar 3, 2022
@AdSchellevis
HA Sync: extend rc.filter_synchronize with capabilities to reconfigur…
9071f19 
…e the backup node (template flush + service reload) for opnsense/core#4604

to offer the ability to schedule a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup
oshogbo pushed a commit to DynFi/opnsense-core that referenced this issue Mar 3, 2022
@AdSchellevis
HA Sync: extend rc.filter_synchronize with capabilities to reconfigur…
815dab6 
…e the backup node (template flush + service reload) for opnsense/core#4604

to offer the ability to schedule a new configd action "system ha_reconfigure_backup":

configctl system ha_reconfigure_backup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality
Milestone
21.7
Development

No branches or pull requests
4 participants
@fichtner @AdSchellevis @colttt @mimugmail