Accounting replication issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Accounting replication issue

Chris Adams-2
I have two servers running FreeRADIUS (CentOS 7 with freeradius-3.0.4).
They are logging accounting records to local MySQL servers.  For
redundancy, I configured FreeRADIUS to replicate the accounting records
to each other, based on the robust-proxy-accounting sample config.

This works, except when one server is unavailable (call it server A),
the other (server B) stops replicating the records until I restart
FreeRADIUS on server B.  Server B logs that server A went away, and logs
that it came back (in this case, somebody did something dumb on server A
and triggered the kernel oom_killer - didn't touch the FreeRADIUS or
MySQL processes, just the dumb grep):

Jul 24 09:25:38 srvB radiusd[20768]: Marking home server srvA port 1813 as zombie (it has not responded in 6.000000 seconds).
Jul 24 09:25:38 srvB radiusd[20768]: (52212975) ERROR: Failing proxied request, due to lack of any response from home server srvA port 1813
Jul 24 09:25:42 srvB radiusd[20768]: No response to status check 52213042 for home server srvA port 1813
Jul 24 09:26:05 srvB radiusd[20768]: No outstanding request was found for reply from host srvA port 1813 - ID 197
Jul 24 09:26:06 srvB radiusd[20768]: No outstanding request was found for reply from host srvA port 1813 - ID 198
Jul 24 09:26:06 srvB radiusd[20768]: (52213350) Received response to status check 52213350 (1 in current sequence)
Jul 24 09:26:06 srvB radiusd[20768]: (52213350) Marking home server srvA port 1813 alive

The comments in the sample config just say "When the home servers come
back up, the packets are forwarded, and the detail file processed as
normal." - I don't see any configuration related to that, but it
defintely did not happen for me; the records were just written to the
detail file until I restarted the service (which then processed the
backlog correctly).

Any suggestions for what to look at?
--
Chris Adams <[hidden email]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Accounting replication issue

Alan DeKok-2
On Jul 27, 2017, at 10:15 AM, Chris Adams <[hidden email]> wrote:

>
> I have two servers running FreeRADIUS (CentOS 7 with freeradius-3.0.4).
> They are logging accounting records to local MySQL servers.  For
> redundancy, I configured FreeRADIUS to replicate the accounting records
> to each other, based on the robust-proxy-accounting sample config.
>
> This works, except when one server is unavailable (call it server A),
> the other (server B) stops replicating the records until I restart
> FreeRADIUS on server B.  Server B logs that server A went away, and logs
> that it came back (in this case, somebody did something dumb on server A
> and triggered the kernel oom_killer - didn't touch the FreeRADIUS or
> MySQL processes, just the dumb grep):
>
> Jul 24 09:25:38 srvB radiusd[20768]: Marking home server srvA port 1813 as zombie (it has not responded in 6.000000 seconds).
> Jul 24 09:25:38 srvB radiusd[20768]: (52212975) ERROR: Failing proxied request, due to lack of any response from home server srvA port 1813
> Jul 24 09:25:42 srvB radiusd[20768]: No response to status check 52213042 for home server srvA port 1813
> Jul 24 09:26:05 srvB radiusd[20768]: No outstanding request was found for reply from host srvA port 1813 - ID 197
> Jul 24 09:26:06 srvB radiusd[20768]: No outstanding request was found for reply from host srvA port 1813 - ID 198
> Jul 24 09:26:06 srvB radiusd[20768]: (52213350) Received response to status check 52213350 (1 in current sequence)
> Jul 24 09:26:06 srvB radiusd[20768]: (52213350) Marking home server srvA port 1813 alive

  That's all good...

> The comments in the sample config just say "When the home servers come
> back up, the packets are forwarded, and the detail file processed as
> normal." - I don't see any configuration related to that, but it
> defintely did not happen for me; the records were just written to the
> detail file until I restarted the service (which then processed the
> backlog correctly).
>
> Any suggestions for what to look at?

  Upgrade to 3.0.15.  It's been found and fixed a long time ago.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Accounting replication issue

Chris Adams-2
Once upon a time, Alan DeKok <[hidden email]> said:
>   Upgrade to 3.0.15.  It's been found and fixed a long time ago.

Thanks.  I did read through the changelog before my initial message, but
didn't search for the right things.

I know it isn't 3.0.15, but Red Hat is rebasing to 3.0.12 (plus
backported CVE fixes) in the next point release of RHEL 7, 7.4.

--
Chris Adams <[hidden email]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...