Forum Discussion

RiadSanchz's avatar
RiadSanchz
Icon for Cirrus rankCirrus
Feb 20, 2018

Disabling a Pool Member for maintenance from the Server Side

Hello F5 DevCentral -

 

My Application and Database Teams have been requesting assistance with two issues.

 

  1. Can they disable a server for maintenance and mark down the F5 health monitor when they work on the server?

     

  2. Can they disable one web page from a node(server)? Then mark the page down under maintenance and somehow the F5 can exclude that web page from the pool? This might require an iRule I believe.

     

I have both Hardware and VE BIG-IP F5 LB's and I have reviewed both links below to answer 1, but when I completed all of the steps below the App and Database Team state question 1 is not working.

 

https://support.f5.com/csp/article/K12818 and https://devcentral.f5.com/questions/redirect-to-a-maintenance-page

 

Step 1 – Created Virtual Server with IP: 10.4.24.23. I have a VS with IP: 10.4.24.23 which is reachable and has multiple DNS A records (multiple FQDN’s) assigned to it by our InfoBlox Team.

 

[xxxxxx:Active:In Sync] ~ ping -c 2 10.4.24.23

 

PING 10.4.24.23 (10.4.24.23) 56(84) bytes of data.

 

64 bytes from 10.4.24.23: icmp_seq=1 ttl=255 time=2.97 ms

 

64 bytes from 10.4.24.23: icmp_seq=2 ttl=255 time=0.746 ms

 

Step 2 – Created test Pools with the pool name “SharePoint2013-PoC_80_pool” and “SharePoint2013-PoC_443_pool”.

 

The pools contain two test servers with IP’s: 10.4.20.87 and 10.4.23.206 listening on ports 80 & 443.

 

Step 3 – Created a Custom Monitor called “monitor_http_TestEnabled2” under Local Traffic ›› Monitors ››

 

Step 4 – I have applied the Custom Health Monitor to the Node(Server).

 

Step 5 – The Application Team has created a text file called server.txt which is reachable via http://controlfile-test.corp.mdsdata.com. When I run the curl command to reach the server, I get the “disabled” message.

 

[xxxxxxxxx:Active:In Sync] ~ curl http://controlfile-test.corp.mdsdata.com/server.txt

 

Status: disabled[xxxxxxxxx:Active:In Sync] ~

 

When I ping the server with the server.txt file I am getting a response back from a different web page assigned to the VS.

 

[xxxxxxxxx:Active:In Sync]~ ping -c 3 controlfile-test.corp.mdsdata.com

 

PING controlfile-test.corp.mdsdata.com (10.4.24.23) 56(84) bytes of data.

 

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=1 ttl=255 time=0.858 ms

 

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=2 ttl=255 time=0.966 ms

 

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=3 ttl=255 time=0.531 ms

 

xxxxxxxxx:Active:In Sync] ~ ping -c 3 controlfile-test.corp.mdsdata.com

 

PING controlfile-test.corp.mdsdata.com (10.4.24.23) 56(84) bytes of data.

 

64 bytes from itsforme-test.corp.mdsdata.com (10.4.24.23): icmp_seq=1 ttl=255 time=0.892 ms

 

64 bytes from itsforme-test.corp.mdsdata.com (10.4.24.23): icmp_seq=2 ttl=255 time=0.974 ms

 

64 bytes from itsforme-test.corp.mdsdatas.com (10.4.24.23): icmp_seq=3 ttl=255 time=0.921 ms

 

When I ping the actual server IP from the CLI I get a response back, but from the GUI I can see the custom monitor for the node displays it is marked down, which I believe is the correct result.

 

Finally, The Server Team is telling me they do not belive the Customer MOnitor is working. Can someone tell me what the Server Team side has to do to get this to work? Im quite new at working with the F5 LB , therefore helping me understand what has to be done on the server side would be a great help, so know what to ask the server team for. Sorry for the very long question :-).

 

application delivery
BIG-IP
LTM
  • Pedro_Haoa's avatar
    Pedro_Haoa
    Ret. Employee
    Feb 21, 2018

    Hello,

     

    Could you post here your monitor configuration?

     

    Via CLI: tmsh list /ltm monitor

     

    Cheers!

     

  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Feb 21, 2018

    Monitor disable mean your pool member will not take new request from VIP and slowly all existing session will be terminated/closed but system is remain in network. So, you will able to ping from your system/BigIP.

     

    In-order to block ping, You will have to enable setting in window/unix server.

     

    • RiadSanchz's avatar
      RiadSanchz
      Icon for Cirrus rankCirrus
      Feb 21, 2018

      Hi f5_rock -

       

      Thank you for clarifying the monitor disable state and from what I can see the node is currently disabled. Whats confusing is the steps taken from the server teams. When the server team changes the file to "Status: enabled" the monitor should display the node is online again I believe, correct?

       

      Right now when I perfom a GET I am seeing "Status: disabled", so the node is marked down. Therefore the pool member will not take new request from VIP and slowly all existing session will be terminated/closed but system is remain in network. I guess I am seeing the correct result, but client is states he see the server still receiving requests and I think he is incorrect.

       

      Im trying to understand the logic from the server side of things. Where does the client place the server.txt file which contains the "Status: enabled/disabled" text? A specific directory under webpage? I perform a GET to http://controlfile-test.corp.mdsdata.com/server.txt and then I get the reply back with either a disabled or enabled. Would the server team have to create a file for every FQDN's theyd like to disable for maintenance?

       

      [xxxxxxxxx:Active:In Sync] ~ curl http://controlfile-test.corp.mdsdata.com/server.txt

       

      Status: disabled[xxxxxxxxx:Active:In Sync] ~

       

    • Samir_Jha_52506's avatar
      Samir_Jha_52506
      Icon for Noctilucent rankNoctilucent
      Feb 21, 2018

      Thank you so much for question..

      When the server team changes the file to "Status: enabled" the monitor should display the node is online again I believe, correct?

      defaults-from http
destination *:webcache
interval 5
recv "Status: enabled"    --> Server Team is changing the page contains based on that LB monitor. LB takes decision to enable & disable pool member
send "GET / HTTP/1.1\\r\\nHost:controlfile-test.corp.mdsdata.com"
time-until-up 0
timeout 16

      recv "Status: enabled" --> Server Team is changing the page contains(enable/disable) based on that LB monitor. LB takes decision to enable & disable pool member

      Client is states he see the server still receiving requests and I think he is incorrect.

      Due to LB persistence method, current session is going to Pool member, Its default behavior of LB. You can make persistence 

      none
      in LB VIP to solve issue and make sure other persistence profile should not attached.

      Im trying to understand the logic from the server side of things. Where does the client place the server.txt file which contains the "Status: enabled/disabled" text?

      Client placed file on server side & changing parameters via DB/Web to enable/disable pool member.

      i.e http://controlfile-test.corp.mdsdata.com/server.txt

  • RiadSanchz's avatar
    RiadSanchz
    Icon for Cirrus rankCirrus
    Feb 21, 2018

    Hello Pedro - sure here you go:

    ltm monitor http monitor_http_TestEnabled2 {

    defaults-from http

destination *:webcache

interval 5

recv "Status: enabled"

send "GET / HTTP/1.1\\r\\nHost:controlfile-test.corp.mdsdata.com"

time-until-up 0

timeout 16