RobS
Dec 19, 2014Altostratus
ADFS 3.0 monitor for ADFS Proxy servers on LTM 11.6 HF3
We are load balancing ADFS 3.0 Proxy servers, but cannot get the monitor to work. The external script provided by F5 is as follows:
!/bin/sh
These arguments supplied automatically for all external monitors:
$1 = IP (nnn.nnn.nnn.nnn notation)
$2 = port (decimal, host byte order)
This script expects the following Name/Value pairs:
HOST = the host name of the SNI-enabled site
URI = the URI to request
RECV = the expected response
Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
NODE=`echo ${1} | sed 's/::ffff://'` if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
NODE=${NODE}
else
NODE=[${NODE}]
fi
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.sni_monitor_${HOST}_${PORT}_${NODE}_sni.pid"
if [ -f $PIDFILE ]
then
echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
curl-apd -k -v --resolve $HOST:$PORT:$NODE https://$HOST$URI 2>&1 > /dev/null | grep -i "${RECV}"
STATUS=$?
rm -f $PIDFILE
if [ $STATUS -eq 0 ]
then
echo "UP"
fi
exit
I can ssh into the F5 and get a good response when I hard-code the values:
config curl-apd -k -v --resolve adfs.abc.edu:443:10.255.200.201 https://adfs.abc.edu/FederationMetadata/2007-06/FederationMetadata.xml 2>&1 > /dev/null | grep -i "HTTP/1.1 200 OK"
< HTTP/1.1 200 OK
Is there a way on the command line to see what variables are actually being used or maybe a way to log their values? I wonder if it is not correctly pulling the $NODE or $PORT values. As an experiment I also changed [ $STATUS -eq 0 ] to [ $STATUS eq 0 ] just to see if the monitor would come up and that did not help either.
Thanks, Rob