Closed mnietz closed 3 weeks ago
This is the expected behaviour.
Cheers, Franco
Thanks, so haproxy can not be used in a ha environment on opnsense?
I wouldn't know why not, you just have to make sure to sync and restart it on the backup, same as with other services.
Other services like, ipsec, wireguard and so on work like expected. And restarting haproxy doesn't solve the issue. You need to login to the standby and apply the configuration. I think this is a possible breaking point when you have a very dynamic haproxy configuration.
sounds like a specific issue for haproxy then
Yep let's move it over then
And restarting haproxy doesn't solve the issue. You need to login to the standby and apply the configuration. I think this is a possible breaking point when you have a very dynamic haproxy configuration.
This seems odd. You don't have to login on the backup firewall. Just navigate to System: High Availability: Status
and use the button at the bottom of that page to synchronize "all" to the backup firewall, this will also restart HAProxy (and other services).
You may also consider to setup a cron job that triggers this sync+restart periodically.
Yes this is what i did. But after the synchronisation our standby firewall still works with the previous configuration. I've recognized this as we added/changed some backend-servers and were wondering why this change was not reflected on the standby. After hiting the 'Apply'-Button on the standby everything works like expected.
Just to avoid misunderstanding: you are using this button to sync+restart to the backup firewall?
we installed some minor-updates and did some further testing. Now it works like expected. Thanks for supporting
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
We have a High-Availability Setup with two OPNSense (Version: 24.1.8, the bug also occurs in 24.1.7) running Haproxy.
When we do a config change in Haproxy, for example adding a webserver into the pool and synchronize it to standby. The changes get synced to the standby firewall but they do not get activated.
The web-ui shows a message: "There are pending configuration changes that must be applied in order for them to take effect. To review them visit the Config Diff page". Applying solves the problem.
To Reproduce
see description
Expected behavior
Config get's synced AND applied on a standby firewall.
Describe alternatives you considered
n/a
Screenshots
n/a
Relevant log files
n/a
Additional context
n/a
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 24.1.8 (amd64). Proxmox VM