aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorthompsa <andy@fud.org.nz>2010-03-12 14:43:39 +1300
committerthompsa <andy@fud.org.nz>2010-03-12 15:01:42 +1300
commit06d66037a1f68bee687bec1c7093c33d0a4cc2bd (patch)
tree6d40bfcfe40c710b3523ce7d2f034b718786199e /config
parent32d1172f9576c5e50982347146e47bc999bd37dc (diff)
downloadpfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.tar.gz
pfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.tar.bz2
pfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.zip
Only run haproxy on the carp master by checking the status when a link
event happens.
Diffstat (limited to 'config')
-rw-r--r--config/haproxy-dev/haproxy.inc114
-rwxr-xr-xconfig/haproxy-dev/haproxy_global.php33
2 files changed, 145 insertions, 2 deletions
diff --git a/config/haproxy-dev/haproxy.inc b/config/haproxy-dev/haproxy.inc
index 455638a1..26a58c28 100644
--- a/config/haproxy-dev/haproxy.inc
+++ b/config/haproxy-dev/haproxy.inc
@@ -62,6 +62,9 @@ function haproxy_custom_php_deinstall_command() {
exec("rm /usr/local/sbin/haproxy");
exec("rm /usr/local/pkg/haproxy.inc");
exec("rm /usr/local/www/haproxy*");
+ exec("rm /etc/devd/haproxy.conf");
+ exec("/etc/rc.d/devd restart");
+ haproxy_install_cron(false);
}
function haproxy_custom_php_install_command() {
@@ -84,6 +87,8 @@ haproxy_enable=\${haproxy-"YES"}
start_cmd="haproxy_start"
stop_postcmd="haproxy_stop"
+check_cmd="haproxy_check"
+extra_commands="check"
load_rc_config \$name
@@ -101,6 +106,20 @@ haproxy_start () {
ENDOFF
}
+haproxy_check () {
+ echo "Checking haproxy."
+ /usr/bin/env \
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
+ /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF
+ <?php
+ require_once("globals.inc");
+ require_once("functions.inc");
+ require_once("haproxy.inc");
+ haproxy_check_run(0);
+ ?>
+ENDOFF
+}
+
haproxy_stop () {
echo "Stopping haproxy."
killall haproxy
@@ -115,11 +134,77 @@ EOD;
fclose($fd);
exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh");
+ $devd = <<<EOD
+notify 0 {
+ match "system" "IFNET";
+ match "subsystem "carp[0-9]+";
+ match "type" "LINK_UP";
+ action "/usr/local/etc/rc.d/haproxy.sh check";
+};
+notify 0 {
+ match "system" "IFNET";
+ match "subsystem "carp[0-9]+";
+ match "type" "LINK_DOWN";
+ action "/usr/local/etc/rc.d/haproxy.sh check";
+};
+EOD;
+ exec("mkdir -p /etc/devd");
+ $fd = fopen("/etc/devd/haproxy.conf", "w");
+ fwrite($fd, $devd);
+ fclose($fd);
+ exec("/etc/rc.d/devd restart");
+
+ haproxy_install_cron(true);
conf_mount_ro();
exec("/usr/local/etc/rc.d/haproxy.sh start");
}
+function haproxy_install_cron($should_install) {
+ global $config, $g;
+ if($g['booting']==true)
+ return;
+ $is_installed = false;
+ if(!$config['cron']['item'])
+ return;
+ $x=0;
+ foreach($config['cron']['item'] as $item) {
+ if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) {
+ $is_installed = true;
+ break;
+ }
+ $x++;
+ }
+ switch($should_install) {
+ case true:
+ if(!$is_installed) {
+ $cron_item = array();
+ $cron_item['minute'] = "*/2";
+ $cron_item['hour'] = "*";
+ $cron_item['mday'] = "*";
+ $cron_item['month'] = "*";
+ $cron_item['wday'] = "*";
+ $cron_item['who'] = "root";
+ $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh check";
+ $config['cron']['item'][] = $cron_item;
+ parse_config(true);
+ write_config();
+ configure_cron();
+ }
+ break;
+ case false:
+ if($is_installed == true) {
+ if($x > 0) {
+ unset($config['cron']['item'][$x]);
+ parse_config(true);
+ write_config();
+ }
+ configure_cron();
+ }
+ break;
+ }
+}
+
function haproxy_find_acl($name) {
global $a_acltypes;
@@ -248,6 +333,12 @@ function write_backend($fd, $name, $pool, $frontend) {
}
function haproxy_configure() {
+ // reload haproxy
+ haproxy_writeconf();
+ return haproxy_check_run(1);
+}
+
+function haproxy_writeconf() {
global $config, $g;
$a_global = &$config['installedpackages']['haproxy'];
@@ -448,20 +539,39 @@ function haproxy_configure() {
exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits");
exec("chmod a+rx /usr/bin/limits");
}
+}
+
+function haproxy_check_run($reload) {
+ global $config, $g;
+
+ $a_global = &$config['installedpackages']['haproxy'];
exec("/usr/bin/limits -n 300014");
- // reload haproxy
if(isset($a_global['enable'])) {
- if(is_process_running('haproxy')) {
+ if (isset($a_global['carpdev'])) {
+ $status = get_carp_interface_status($a_global['carpdev']);
+ if ($status != "MASTER") {
+ exec("/bin/pkill -F /var/run/haproxy.pid haproxy");
+ return (0);
+ } else if (is_process_running('haproxy') && $reload == 0) {
+ return (0);
+ }
+ /* fallthrough */
+ }
+ if (is_process_running('haproxy')) {
exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -st `cat /var/run/haproxy.pid`");
} else {
exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D");
}
return (0);
} else {
+ if ($reload && is_process_running('haproxy')) {
+ exec("/bin/pkill -F /var/run/haproxy.pid haproxy");
+ }
return (1);
}
+
}
function haproxy_do_xmlrpc_sync($sync_to_ip, $password) {
diff --git a/config/haproxy-dev/haproxy_global.php b/config/haproxy-dev/haproxy_global.php
index f7864a4d..7f4ce483 100755
--- a/config/haproxy-dev/haproxy_global.php
+++ b/config/haproxy-dev/haproxy_global.php
@@ -56,6 +56,9 @@ if ($_POST) {
$reqdfieldsn = explode(",", "Maximum connections");
}
+ if ($_POST['carpdev'] == "disabled")
+ unset($_POST['carpdev']);
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn'])))
@@ -78,6 +81,7 @@ if ($_POST) {
$config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false;
$config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false;
$config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false;
+ $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false;
$config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false;
$config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false;
$config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false;
@@ -98,6 +102,7 @@ $pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3'];
$pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog'];
$pconfig['logfacility'] = $config['installedpackages']['haproxy']['logfacility'];
$pconfig['loglevel'] = $config['installedpackages']['haproxy']['loglevel'];
+$pconfig['carpdev'] = $config['installedpackages']['haproxy']['carpdev'];
$pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']);
$pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc'];
@@ -271,6 +276,34 @@ function enable_change(enable_change) {
</td>
</tr>
<tr>
+ <td valign="top" class="vncell">
+ Carp monitor
+ </td>
+ <td class="vtable">
+ <select name="carpdev" class="formfld">
+ <option value="disabled" <?php if (!isset($pconfig['carpdev'])) echo "selected"; ?>>
+ disabled
+ </option>
+ <?php
+ if(is_array($config['virtualip']['vip'])) {
+ foreach($config['virtualip']['vip'] as $carp):
+ if ($carp['mode'] != "carp") continue;
+ $ipaddress = $carp['subnet'];
+ $carp_int = find_carp_interface($ipaddress);
+ ?>
+ <option value="<?=$carp_int;?>" <?php if ($carp_int == $pconfig['carpdev']) echo "selected"; ?>>
+ <?=$carp_int;?> (<?=$ipaddress;?>)
+ </option>
+ <?php
+ endforeach;
+ }
+ ?>
+ </select>
+ <br/>
+ Monitor carp interface and only run haproxy on the firewall which is MASTER.
+ </td>
+ </tr>
+ <tr>
<td>
&nbsp;
</td>