Forum Discussion
Wade_98751
Nimbostratus
NimbostratusHaving .initialize issues
Good morning,
Need some assistance initializing (objIControl.initialize) as it fails to return true. I downloaded the iControlAssembly and ran the testclient which also returns the error 'not initialized' from the command prompt. This tells me known good code is having the same issue as my code.
What is strange is that I can log into the big ip's cgi URL from the same server I'm running the code from, the CGI URL returns the data I'm looking to use. This tells me that the network connectivity is good and my credentials work to access the BIP's API. Using IE 7.0 I'm prompted to accept the issue with the big ip's local certificate and then I'm challenged for credentials. Do you think having to acknowledge the certificate issue is causing the code to fail?
Below is the VB .net code I'm testing connectivity with in VS 2008. I also have issues initializing the icontrol object from C code shown on DevCentral. Any guidance on how to fix this issue would be greatly appreciated. After successfully initializing the connection I'm looking to disable pool members one by one as we institute a weekly scripted reboot job on our Windows 2003 server web farm.
Thanks for your assistance!
Wade
https://" + bigip_address + "/iControl/iControlPortal.cgi
Basic VB .net code I'm using to test the iControl object:
Module Module1
Sub Main()
Dim objIControl As New iControl.Interfaces
Dim arrPoolList As Array
Dim isGood As Boolean
isGood = objIControl.initialize("172.16.200.8", 443, "adminuser", "adminuserpass", "proxy.contoso.com", 8080, "proxyuser", "proxyuserpass")
'arrPoolList = objIControl.LocalLBPool.get_list
'For x = LBound(arrPoolList) To UBound(arrPoolList)
'Console.WriteLine("Pool name = " & arrPoolList(x))
'Next x
End Sub
End Module
20 Replies
- Sure, I think you can do something a bit simpler with iRules or a monitor, actually:
Set “Action on Service Down” to “None” on the pool settings. (Click here to read the LTM: Action on Service Down article for more on that setting)
Then you can set up either:
an iRule that marks the node DOWN using LB::down when a specific URI is seen
or
a 2nd monitor besides the app health monitor that looks at a specific page to determine if in the maint window.
iRule might be simplest/most deterministic, something like:when HTTP_REQUEST { if { [HTTP::uri] starts_with “/drainserver” } { LB::down [LB::server pool] member [substr [HTTP::query] “ip=” 3 &] [substr [HTTP::query] “port=” 5 &] } }
Then you could send a URI like this to drain a specific server (10.101.0.1:80, in this case):
http://virtualserver.domain.com/drainserver?ip=10.101.0.1&port=80
Then you could script the http call above instead of the iControl bit.
HTH
/deb 
Wade_98751Deb, thank you. I think I will go your route as I'm struggling with the SOAP APIs in VB .Net as I'm not the most talented programmer in the tool shed. The power of the APIs are awesome but I'm taking too long to complete the overarching goal.
Couple questions regarding your suggestions:
1) It seems that if someone knows the URI the iRule is waiting for they could disable members without permission, correct? If so, how could I prevent this using the IIS server's NTLM authentication mechanism or another method?
2) We recently moved away the "Action on Service Down" from 'none' to 'reselect' as we thought it would help load balance away from faulty servers with less application interruption because the application state is kept in a SQL table not web server session object. Will marking the member 'down' as you mentioned drain stop the connections from the member like the 'disable' button does in the LTM's GUI? Or does is it stop connection on the members abruptly? At the pool member management level in the GUI, the 'disable' button works very nicely for our application.
Thanks again for everyone's time and effort in guiding me to a solution which fits our needs.
Wade- Wade_98751deb, that syntax doesnt compile in the iRule editor.
- I think Deb left out the "pool" argument to LB::down.
when HTTP_REQUEST { if { [HTTP::uri] starts_with “/drainserver” } { LB::down pool [LB::server pool] member [substr [HTTP::query] “ip=” 3 &] [substr [HTTP::query] “port=” 5 &] } }
-Joe - Wade_98751This code seems better although its not shutting the node. I havent figured that out yet but at least it compiles and the right values are being passed and logged to the bip ip.
Why isnt the node going down with code like this? I tried using the LB::down node and LB::down node commands and they arent working. Is it because I'm passing the values via a variable name?
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/Drainserver"} {
LB::down [LB::server pool] member [substr [HTTP::query] 4 &] [substr [HTTP::query] 5 &]
set uri1 [findstr [HTTP::query] "ip=" 3 &]
set uri2 [findstr [HTTP::query] "port=" 5 &]
set uri [substr [HTTP::query] 5 &]
log "Uri Part = $uri1 Uri Part2 = $uri2"
log local0 [substr [HTTP::query] 3 &] [substr [HTTP::query] 5 &]
LB::down node $uri1
LB::down pool "QA_RTA_Future" member $uri1 $uri2
}
} - Wade_98751This is the error being logged while using the LB::down command. Do you what this is?
TCL error: Rule DrainServersForMaintenance HTTP_REQUEST - while executing LB::down pool QA_RTA_Future member 172.20.6.60 443 - Have you verified that pool "QA_RTA_Future" is configured properly and that it has a member of 172.20.6.60:443? I'm assuming, since you are using an iRule, that you are terminating the SSL connection on the VIP. Are you re-encrypting the connection to the backend servers? If not, the pool member wouldn't likely be running on port 443.
-Joe - Wade_98751Thanks Joe. Yes, i had something confused initially.
The iRule is working nicely now. Do you know a while loop i could use to check the session to know when they're connections are bled off the node? I've seen the logic in the iControls but I'm not sure the objects are available to iRules.
Thank you,
Wade
Here is some working logic others could use:
**the string trimming may not have been necessary
URI to control the iRule
https://172.1.1.2/drainserver?ip=172.20.1.1&port=80&poolname=WadesPool&prioritystatus=active&
iRule:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/drainserver"} {
set strSvrIP [string trim [findstr [HTTP::query] "ip=" 3 &]]
set strPort [string trim [findstr [HTTP::query] "port=" 5 &]]
set strPoolName [findstr [HTTP::query] "poolname=" 9 &]
set strPoolName [string trim [findstr [HTTP::query] "poolname=" 9 &]]
set strPriorityStatus [string trim [findstr [HTTP::query] "prioritystatus=" 15 &]]
if { $strPriorityStatus == "active" } {
LB::up pool "$strPoolName" "member" "$strSvrIP" "$strPort"
} elseif { $strPriorityStatus == "inactive"} {
LB::down pool "$strPoolName" "member" "$strSvrIP" "$strPort"
}
log "$strPoolName $strPort $strSvrIP was set to $strPriorityStatus by the server mainteance job on servernamehere"
HTTP::respond 200 content "Web Server Reboot Programmatic MaintenanceThank you. The $strPoolName pool member $strSvrIP was successfully set to $strPriorityStatus."
}
} - Wade_98751Deb / Joe,
when HTTP_REQUEST { if { [HTTP::uri] starts_with “/drainserver” } { LB::down [LB::server pool] member [substr [HTTP::query] “ip=” 3 &] [substr [HTTP::query] “port=” 5 &] } }
The LB::down command is changing the priority group to inactive which does drainstop connections off the pool member but when I give it the LB::up command the priority changes to 'active' again but the LTM is not sending HTTP connections to the server. How come?
I couldn't make the IIS server start taking connections again without logging into the LTM GUI and setting the member to 'disabled' and then to 'enabled' again. The server will then start taking connections again.
Can you tell me how to correct this?
Or, what iRule command can I use which is the same as 'enable' and 'disable' on the pool member using the GUI?
thank you!
Wade 
hoolioCirrostratus
