diff options
| author | thompsa <andy@fud.org.nz> | 2010-03-12 14:43:39 +1300 |
|---|---|---|
| committer | thompsa <andy@fud.org.nz> | 2010-03-12 15:01:42 +1300 |
| commit | 06d66037a1f68bee687bec1c7093c33d0a4cc2bd (patch) | |
| tree | 6d40bfcfe40c710b3523ce7d2f034b718786199e /config | |
| parent | 32d1172f9576c5e50982347146e47bc999bd37dc (diff) | |
| download | pfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.tar.gz pfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.tar.bz2 pfsense-packages-06d66037a1f68bee687bec1c7093c33d0a4cc2bd.zip | |
Only run haproxy on the carp master by checking the status when a link
event happens.
Diffstat (limited to 'config')
| -rw-r--r-- | config/haproxy-dev/haproxy.inc | 114 | ||||
| -rwxr-xr-x | config/haproxy-dev/haproxy_global.php | 33 |
2 files changed, 145 insertions, 2 deletions
diff --git a/config/haproxy-dev/haproxy.inc b/config/haproxy-dev/haproxy.inc index 455638a1..26a58c28 100644 --- a/config/haproxy-dev/haproxy.inc +++ b/config/haproxy-dev/haproxy.inc @@ -62,6 +62,9 @@ function haproxy_custom_php_deinstall_command() { exec("rm /usr/local/sbin/haproxy"); exec("rm /usr/local/pkg/haproxy.inc"); exec("rm /usr/local/www/haproxy*"); + exec("rm /etc/devd/haproxy.conf"); + exec("/etc/rc.d/devd restart"); + haproxy_install_cron(false); } function haproxy_custom_php_install_command() { @@ -84,6 +87,8 @@ haproxy_enable=\${haproxy-"YES"} start_cmd="haproxy_start" stop_postcmd="haproxy_stop" +check_cmd="haproxy_check" +extra_commands="check" load_rc_config \$name @@ -101,6 +106,20 @@ haproxy_start () { ENDOFF } +haproxy_check () { + echo "Checking haproxy." + /usr/bin/env \ + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + /usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF + <?php + require_once("globals.inc"); + require_once("functions.inc"); + require_once("haproxy.inc"); + haproxy_check_run(0); + ?> +ENDOFF +} + haproxy_stop () { echo "Stopping haproxy." killall haproxy @@ -115,11 +134,77 @@ EOD; fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); + $devd = <<<EOD +notify 0 { + match "system" "IFNET"; + match "subsystem "carp[0-9]+"; + match "type" "LINK_UP"; + action "/usr/local/etc/rc.d/haproxy.sh check"; +}; +notify 0 { + match "system" "IFNET"; + match "subsystem "carp[0-9]+"; + match "type" "LINK_DOWN"; + action "/usr/local/etc/rc.d/haproxy.sh check"; +}; +EOD; + exec("mkdir -p /etc/devd"); + $fd = fopen("/etc/devd/haproxy.conf", "w"); + fwrite($fd, $devd); + fclose($fd); + exec("/etc/rc.d/devd restart"); + + haproxy_install_cron(true); conf_mount_ro(); exec("/usr/local/etc/rc.d/haproxy.sh start"); } +function haproxy_install_cron($should_install) { + global $config, $g; + if($g['booting']==true) + return; + $is_installed = false; + if(!$config['cron']['item']) + return; + $x=0; + foreach($config['cron']['item'] as $item) { + if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { + $is_installed = true; + break; + } + $x++; + } + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "*/2"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh check"; + $config['cron']['item'][] = $cron_item; + parse_config(true); + write_config(); + configure_cron(); + } + break; + case false: + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + parse_config(true); + write_config(); + } + configure_cron(); + } + break; + } +} + function haproxy_find_acl($name) { global $a_acltypes; @@ -248,6 +333,12 @@ function write_backend($fd, $name, $pool, $frontend) { } function haproxy_configure() { + // reload haproxy + haproxy_writeconf(); + return haproxy_check_run(1); +} + +function haproxy_writeconf() { global $config, $g; $a_global = &$config['installedpackages']['haproxy']; @@ -448,20 +539,39 @@ function haproxy_configure() { exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits"); exec("chmod a+rx /usr/bin/limits"); } +} + +function haproxy_check_run($reload) { + global $config, $g; + + $a_global = &$config['installedpackages']['haproxy']; exec("/usr/bin/limits -n 300014"); - // reload haproxy if(isset($a_global['enable'])) { - if(is_process_running('haproxy')) { + if (isset($a_global['carpdev'])) { + $status = get_carp_interface_status($a_global['carpdev']); + if ($status != "MASTER") { + exec("/bin/pkill -F /var/run/haproxy.pid haproxy"); + return (0); + } else if (is_process_running('haproxy') && $reload == 0) { + return (0); + } + /* fallthrough */ + } + if (is_process_running('haproxy')) { exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -st `cat /var/run/haproxy.pid`"); } else { exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D"); } return (0); } else { + if ($reload && is_process_running('haproxy')) { + exec("/bin/pkill -F /var/run/haproxy.pid haproxy"); + } return (1); } + } function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { diff --git a/config/haproxy-dev/haproxy_global.php b/config/haproxy-dev/haproxy_global.php index f7864a4d..7f4ce483 100755 --- a/config/haproxy-dev/haproxy_global.php +++ b/config/haproxy-dev/haproxy_global.php @@ -56,6 +56,9 @@ if ($_POST) { $reqdfieldsn = explode(",", "Maximum connections"); } + if ($_POST['carpdev'] == "disabled") + unset($_POST['carpdev']); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) @@ -78,6 +81,7 @@ if ($_POST) { $config['installedpackages']['haproxy']['remotesyslog'] = $_POST['remotesyslog'] ? $_POST['remotesyslog'] : false; $config['installedpackages']['haproxy']['logfacility'] = $_POST['logfacility'] ? $_POST['logfacility'] : false; $config['installedpackages']['haproxy']['loglevel'] = $_POST['loglevel'] ? $_POST['loglevel'] : false; + $config['installedpackages']['haproxy']['carpdev'] = $_POST['carpdev'] ? $_POST['carpdev'] : false; $config['installedpackages']['haproxy']['syncpassword'] = $_POST['syncpassword'] ? $_POST['syncpassword'] : false; $config['installedpackages']['haproxy']['advanced'] = base64_encode($_POST['advanced']) ? $_POST['advanced'] : false; $config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false; @@ -98,6 +102,7 @@ $pconfig['synchost3'] = $config['installedpackages']['haproxy']['synchost3']; $pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog']; $pconfig['logfacility'] = $config['installedpackages']['haproxy']['logfacility']; $pconfig['loglevel'] = $config['installedpackages']['haproxy']['loglevel']; +$pconfig['carpdev'] = $config['installedpackages']['haproxy']['carpdev']; $pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']); $pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc']; @@ -271,6 +276,34 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td valign="top" class="vncell"> + Carp monitor + </td> + <td class="vtable"> + <select name="carpdev" class="formfld"> + <option value="disabled" <?php if (!isset($pconfig['carpdev'])) echo "selected"; ?>> + disabled + </option> + <?php + if(is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $carp): + if ($carp['mode'] != "carp") continue; + $ipaddress = $carp['subnet']; + $carp_int = find_carp_interface($ipaddress); + ?> + <option value="<?=$carp_int;?>" <?php if ($carp_int == $pconfig['carpdev']) echo "selected"; ?>> + <?=$carp_int;?> (<?=$ipaddress;?>) + </option> + <?php + endforeach; + } + ?> + </select> + <br/> + Monitor carp interface and only run haproxy on the firewall which is MASTER. + </td> + </tr> + <tr> <td> </td> |