Forum Discussion
ADFS 3.0 monitor for ADFS Proxy servers on LTM 11.6 HF3
We are load balancing ADFS 3.0 Proxy servers, but cannot get the monitor to work. The external script provided by F5 is as follows:
!/bin/sh
These arguments supplied automatically for all external monitors:
$1 = IP (nnn.nnn.nnn.nnn notation)
$2 = port (decimal, host byte order)
This script expects the following Name/Value pairs:
HOST = the host name of the SNI-enabled site
URI = the URI to request
RECV = the expected response
Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
NODE=`echo ${1} | sed 's/::ffff://'` if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
NODE=${NODE}
else
NODE=[${NODE}]
fi
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.sni_monitor_${HOST}_${PORT}_${NODE}_sni.pid"
if [ -f $PIDFILE ]
then
echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
curl-apd -k -v --resolve $HOST:$PORT:$NODE https://$HOST$URI 2>&1 > /dev/null | grep -i "${RECV}"
STATUS=$?
rm -f $PIDFILE
if [ $STATUS -eq 0 ]
then
echo "UP"
fi
exit
I can ssh into the F5 and get a good response when I hard-code the values:
config curl-apd -k -v --resolve adfs.abc.edu:443:10.255.200.201 https://adfs.abc.edu/FederationMetadata/2007-06/FederationMetadata.xml 2>&1 > /dev/null | grep -i "HTTP/1.1 200 OK"
< HTTP/1.1 200 OK
Is there a way on the command line to see what variables are actually being used or maybe a way to log their values? I wonder if it is not correctly pulling the $NODE or $PORT values. As an experiment I also changed [ $STATUS -eq 0 ] to [ $STATUS eq 0 ] just to see if the monitor would come up and that did not help either.
Thanks, Rob
- Michael_JenkinsCirrostratus
You could try adding some logging to the file, so that it will output some data to a file.
At the bottom of this page there are some links to example external monitors. Some of them do file logging, and you may be able to take some ideas from there (the Generic SNMP Monitor has some built-in logging)
This question has some external monitor code that seems to log to the LTM log. You might can scan through there too and see if you could use any of the code ideas.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com