Forum Discussion
hexueli_36169
Nimbostratus
NimbostratusHow to setup external monitor with extended ping?
I'm running into a situation to setup extended ping monitor for LDAP servers. It seems the LDAP server sometimes may lose its IP routing info and be only available on its default VLAN. When this happens, this LDAP server will be malfunction and should be marked down in the pool, but since LTM Nodes default monitor (icmp) is done via the same vlan, the LDAP server still appears online to LTM. To get around this issue, I'm trying to setup a monitor to ping LDAP server via a source IP on another vlan.
Here is the script I tested:
---------
node_ip=`echo $1 | sed 's/::ffff://'`
pidfile="/var/run/`basename $0`.$node_ip..$2.pid"
if [ -f $pidfile ]
then
kill -9 `cat $pidfile` > /dev/null 2>&1
fi
echo "$$" > $pidfile
ping -I 10.10.10.2 -c 1 -W 1 node_ip | grep rtt
if [ $? -eq 0 ]
then
echo "UP"
fi
rm -f $pidfile
-----------
Problems I got:
1. The source IP, 10.10.10.2 in this example, seems can't be the floating IP and needs to use the actual self IP, which is different on Active/Standby LTM. How can I keep different source IP in this monitor script on active/standby LTM after config-sync?
2. When creating this external monitor in the GUI, there is an option of "Alias Service Port". When I used default "All ports" and then set pool member with "All Services", I got an error saying the health monitor has a wildcard destination service and node has zero service. I then picked up a TCP port for the monitor and node, but the monitor showed pool member down. How can I get around this issue when setting up a monitor for icmp?
Thanks for your help!
6 Replies
hoolioCirrostratus
You'll need to use a non-floating self IP as each unit in a redundant pair performs monitor checks while active or standby. To get a non-floating self IP, can you replace the 10.10.10.2 IP in the ping command with this awk line from hwidjaja?
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=32&tpage=1&view=topic&postid=814027814206
`awk 'BEGIN {RS="}\n";FS=RS} /^self 1.1.1/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'`
Make sure to replace 1.1.1 with the first three octets of the non-floating self IP address you want to match
node_ip=`echo $1 | sed 's/::ffff://'`
pidfile="/var/run/`basename $0`.$node_ip..$2.pid"
if [ -f $pidfile ]
then
kill -9 `cat $pidfile` > /dev/null 2>&1
fi
echo "$$" > $pidfile
ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 1.1.1/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 node_ip | grep rtt
if [ $? -eq 0 ]
then
echo "UP"
fi
rm -f $pidfile
Do you have the pool members set for port 0 or a specific port like 389? Can you set a specific port on the pool members and use the external monitor with no alias port?
Thanks, Aaron
hexueli_36169Hi Aron,
I tried with this external monitor script:
node_ip=`echo $1 | sed 's/::ffff://'`
pidfile="/var/run/`basename $0`.$node_ip..$2.pid"
if [ -f $pidfile ]
then
kill -9 `cat $pidfile` > /dev/null 2>&1
fi
echo "$$" > $pidfile
ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 153.88.99/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 &node_ip | grep rtt
if [ $? -eq 0 ]
then
echo "UP"
fi
rm -f $pidfile
exit
------------
Note, I replaced "node_ip" with "&node_ip" in the ping command line, is that right?
Pool members are set with port 389 and external monitor can either set a specific alias port or all ports, I've tested both, and unfortunately, it still doesn't work - all pool members are dtected down.
Any idea?
Thanks!- hoolioI think you'll want to use $node_ip instead of &node_ip. The ping command seems to work on a test unit:
ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 10.42./ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 10.41.0.22
PING 10.41.0.22 (10.41.0.22) from 10.42.2.2 : 56(84) bytes of data.
64 bytes from 10.41.0.22: icmp_seq=1 ttl=127 time=1.68 ms
--- 10.41.0.22 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.687/1.687/1.687/0.000 ms
Aaron - hexueli_36169Hi Aaron,
Yes, that ping command works, but still not the external monitor with that script - I made it as .sh file and copied to /usr/bin/monitors/, then created a monitor wit htype "External". Do you have the chance to test that external monitoron your test unit?
Thanks a lot!
/Shirley - hoolioHi Shirley,
Here's an example which work for me. You can save the code below as /usr/bin/monitors/custom_ping.bash, make it executable (chmod 744 /usr/bin/monitors/custom_ping.bash) and then define an external monitor like this:
If you add a DEBUG variable in the monitor definition and set it to 1, the script will write out debug to /var/log/ltm.
Aaron
Monitor definitionb monitor custom_ping_monitor list monitor custom_ping_monitor { defaults from external DEBUG "0" run "custom_ping.bash" }
Monitor script!/bin/bash Save as /usr/bin/monitors/custom_ping.bash Make executable using chmod 744 custom_ping.bash Use a custom IP address to source a ping to the pool member IP address Get the self IP address starting with 10.41.1. from the bigip_base.conf Log debug to local0.debug (/var/log/ltm)? Check if a variable named DEBUG exists from the monitor definition This can be set using a monitor variable DEBUG=0 or 1 if [ -n "$DEBUG" ] then if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: true: \$DEBUG: $DEBUG" | logger -p local0.debug; fi else If the monitor config didn't specify debug, enable/disable it here DEBUG=0 echo "EAV `basename $0`: false: \$DEBUG: $DEBUG" | logger -p local0.debug fi Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) IP=`echo $1 | sed 's/::ffff://'` We don't use the port except for logging PORT=$2 Check if there is a prior instance of the monitor running pidfile="/var/run/`basename $0`.$IP.$PORT.pid" if [ -f $pidfile ] then kill -9 `cat $pidfile` > /dev/null 2>&1 echo "EAV `basename $0`: exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $pidfile`" | logger -p local0.error fi Add the current PID to the pidfile echo "$$" > $pidfile Send the ping request and look for rtt in response Redirect stderr and stdout to nothing to ensure we don't errantly mark the pool member up ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;}' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 $IP | grep rtt 2>&1 > /dev/null Debug if [ $DEBUG -eq 1 ] then echo "EAV `basename $0`: Running for ${IP}:${PORT} using source IP `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'`" | logger -p local0.debug fi Check if the command ran successfully Note that any standard output will result in the script execution being stopped So do any cleanup before echoing to STDOUT if [ $? -eq 0 ] then rm -f $pidfile if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: Succeeded for ${IP}:${PORT}" | logger -p local0.debug; fi echo "UP" else rm -f $pidfile if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: failed for ${IP}:${PORT}" | logger -p local0.debug; fi fi - hexueli_36169Hi Aaron,
Your script works for me as well. Thanks a lot for your help -very much appreciated!
BR/Shirley
