High Availability devices, only one device can be added

I have a pair of firewalls that operate in a High Availability configuration. The changes are made in the ‘primary’ firewall and via a dedicated interface, those changes are sent/pushed/copied to the ‘secondary’ firewall. A virtual IP is used to manage both devices. HA will determine if the primary or secondary firewall is the ‘active’ firewall. Each firewall has its own dedicated IP, for management/confirming settings. When I attempt to add the secondary firewall to librenms, it tells me a device with the same system name already exists. Is there any way around this? Keep in mind, I can’t name each firewall their own name, I can only write changes to the active firewall, the firewall in standby mode operates in read-only mode.

Thanks.

Im not sure if force add also skips sysname check.

If not, go to Global Settings -> Discovery -> General Discovery Settings and allow duplicate sysname.

If you really want to do this, I think your best bet is to probably add it as a separate hostname, firewall00 & firewall01. Part of the problem with active/passive things is that the active node typically owns a hostname, ip and mac that will move with the active role, in the event that failover occurs, the devices actually trade places on the network…I’m not sure that there’s any network monitoring platform that can account for this scenario and I think that different vendors implementations can add a considerable amount of quirkiness to the monitoring.

Years ago I managed a pair of Cisco Pix firewalls that were in an h/a active-passive configuration. If you tried to console into the passive Pix, you’d actually receive a message stating that it was in an h/a pair and no configuration could be done on the device. Since then I’ve managed F5’s, Palo Alto Firewalls, Fortigates etc. and they are all very similar in how their active/passive stuff works.

Personally I monitor the active device, whatever that may be. I’ve got syslog to indicate if a failover ev
ent occurred. Setting up an alert for that might be a terrific idea. What model FW’s are you running?

edit–>just be advised that if you proceed with this, if a failover happens, your devices are trading spaces. fw00 becomes fw01 and vice versa for as many failovers that occur.

I am adding them with their dedicated monitoring IPs, but they share the same system name, which is what LibreNMS is complaining about.

@TheGreatDoc When I go to settings, I don’t see Discovery. The other tab options are Alert Settings, External Settings and Webui Settings.

Thanks.

I must be on an old version, I only see the options I listed above, only 4 tabs.

Then https://docs.librenms.org/Extensions/Auto-Discovery/#allow-duplicate-sysname

What version are you running? You should update your install :slight_smile:

I am trying to update it, right now. I’m getting a warning stating that ./daily.sh should be manually ran, and when I run sudo ./daily.sh I still see the same warning after I run validate.php.

Also, I need to update PHP, but I think I ran into an issue last time I ran this on my other LibreNMS install. What is the best way to update PHP? Is it a simple command I can run?

current librenms version is - 1.48.1-25-g21192a9

daily must be run as librenms user. If you run it with sudo, you’ll break your install…

(I seem to have got in a bit of a situation here, with validate.php and daily.sh unable to complete)

@PipoCanaja

Ok, I was not running those commands with the librenms user, as you stated. I am trying to use the command ‘su - librenms’ to switch to the librenms user and when it asks for the password I’m using the password for my admin user, which isn’t working. I’m not sure which password it needs. If there is a default password for the librenms, I’ll have to try to find that password. I’m getting authentication failure when I attempt to switch to librenms.

Part of the problem I have is that I have multiple librenms servers. One for production and one on a personal network, not affiliated in any way with the production librenms server. They were installed at different times with different OS versions and I didn’t realize there were this many differences between my two systems (which is nobody’s fault, just a note). I am updating my documentation to reflect respective changes in both servers. I bring this up because I’ve asked similar questions, but never really indicated that they were for different systems.

Thanks.

To get to user “librenms”, you can start from root and then type “su - librenms”.

Ok, I typed:

sudo -s to get me into root, I see [email protected]:~#

Then I typed:

su - librenms and all I see now is $ with the cursor flashing. I haven’t seen this before and I know I’ve successfully ran ./daily and ./validate properly, in the past.

I think I am missing something.

Thanks.

@PipoCanaja

su - librenms doesn’t work, well, it works, but it takes me to a $ prompt.

Typing ‘su librenms’ does switch the prompt to ‘[email protected]:/root$’ but I think it is running with root permissions based on the googling I’ve been doing. I don’t think I want to proceed in this mode.

Not sure how to proceed.

Thanks.

You get $ console coz librenms doesnt have the bash shell. You can change it to bash

chsh --shell /bin/bash librenms

Thanks @TheGreatDoc this gets me a bit further, but now I’m seeing PAM: Authentication Failure. I tried with no password and I also tried with the only password I use for my admin account. Thanks.

@TheGreatDoc @PipoCanaja

Any other commands I can run?

Thanks.

The command I posted is to be run by root (or sudo if ubuntu) that way you change the librenms user shell to bash.

Apart from that, you can also configure your install directly in config.php

https://docs.librenms.org/Extensions/Auto-Discovery/#allow-duplicate-sysname

Hope that helps

When I run the command using sudo, it brings me back to the same prompt I am already in, which is my admin [email protected], shouldn’t that change to reflect the librenms user?

I don’t think I want to mess with config.php, yet, and that will only solve the duplicate name issue. It seems that I’m not fully up to date/having issues with daily.php because of the user name issue.

If I can’t get past this, I’ll need to leave this server as is since it won’t update, which isn’t a desired outcome.

Thanks.

After running that command, if you sudo su - librenms should get the normal bash shell for the user