SFTP file existence monitor
Problem this snippet solves: SFTP file existence monitor How to use this snippet: This monitor definition allows for a monitor to connect to a SFTP server and check for the existence of a file using username/password. Written for a specific implementation where they wouldn't use key pairs, plus it turns out that curl on F5's was compiled with sftp support disabled, so I had to use expect instead. It's based off of the default sample_monitor. Create a monitor definition with 3 variables: $monitor_sftp_USER = Username of SFTP server $monitor_sftp_PASS = Password for $monitor_sftp_USER $monitor_sftp_STRING` = String/Filename to search for I have also written a modified version whereby you can encrypt the password manually using the unit master-key and add that as the password variable, which I can post if wanted. Code : #!/bin/sh # # (c) Copyright 1996-2006, 2010-2013 F5 Networks, Inc. # # This software is confidential and may contain trade secrets that are the # property of F5 Networks, Inc. No part of the software may be disclosed # to other parties without the express written consent of F5 Networks, Inc. # It is against the law to copy the software. No part of the software may # be reproduced, transmitted, or distributed in any form or by any means, # electronic or mechanical, including photocopying, recording, or information # storage and retrieval systems, for any purpose without the express written # permission of F5 Networks, Inc. Our services are only available for legal # users of the program, for instance in the event that we extend our services # by offering the updating of files via the Internet. # # @(#) $Id: //depot/maint/bigip12.1.1/tm_daemon/monitors/sample_monitor#1 $ # # # these arguments supplied automatically for all external pingers: # $1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname) # $2 = port (decimal, host byte order) # # The following must all be set as variables in the monitor definition # $monitor_sftp_USER = Username of SFTP server # $monitor_sftp_PASS = Password for $monitor_sftp_USER # $monitor_sftp_STRING` = String/Filename to search for # # $MONITOR_NAME = name of the monitor # # In this sample script, $3 is the regular expression # # Name of the pidfile pidfile="/var/run/$MONITOR_NAME.$1..$2.pid" # Send signal to the process group to kill our former self and any children # as external monitors are run with SIGHUP blocked if [ -f $pidfile ] then kill -9 -`cat $pidfile` > /dev/null 2>&1 fi echo "$$" > $pidfile # Remove the IPv6/IPv4 compatibility prefix node_ip=`echo $1 | sed 's/::ffff://'` # Using expect and sftp to get directory listing from the server. # Search the data received for the expected string. expect -c " spawn sftp -oStrictHostKeyChecking=no -oPort=$2 $monitor_sftp_USER@$node_ip; expect \"password:\"; send $monitor_sftp_PASS\r; expect \"sftp>\"; send \"ls -l\r\"; expect \"sftp>\"; send \"exit\r\" " | grep $monitor_sftp_STRING > /dev/null status=$? if [ $status -eq 0 ] then # Remove the pidfile before the script echoes anything to stdout and is killed by bigd rm -f $pidfile echo "up" fi # Remove the pidfile before the script ends rm -f $pidfile Tested this on version: 12.1
GTM/DNS Not able to run simple external monitor?
Hello All, I've been struggling with this for some time and wanted to see if anyone else had any ideas. Scenario: We have a GTM/DNS VE to perform intelligent DNS resolution for generic hosts (IE, non LTM virtual servers etc). We have multiple Squid proxies in one location that we want to intelligently resolve IP's for. For example, we want all traffic to flow through proxyA in case it's down then start resolving proxyB. We figure would could send a command to probe a website on the internet through the proxy which will give us a bit more accuracy instead of a simple port monitor. For example reach out to www.google.com/robots.txt and expect to receive a 200 (or something similar) will ensure the proxy itself can reach the internet even though the port is still accessible to the internal clients. I have a curl command that does reach through the proxy and gets the response we're expecting but we can't seem to get that to work in monitor format. We continue to receive: Offline (Enabled) - Monitor /Common/proxy_mon from [self_ip] : state returned down The External Program: #!/bin/sh # These arguments supplied automatically for all external monitors: # $1 = IP (nnn.nnn.nnn.nnn notation) # $2 = port (decimal, host byte order) # # This script expects the following Name/Value pairs: # HOST = the host name of the SNI-enabled site # URI = the URI to request # RECV = the expected response # # Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE=`echo ${1} | sed 's/::ffff://'` PORT=${2} if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then NODE=${NODE} else NODE=[${NODE}] fi PIDFILE="/var/run/`basename ${0}`.sni_monitor_${HOST}_${PORT}_${NODE}.pid" if [ -f $PIDFILE ]; then echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error kill -9 `cat $PIDFILE` > /dev/null 2>&1 fi echo "$$" > $PIDFILE STATUS=`curl-apd -x http://${NODE}:${PORT} https://${URL} 2>/dev/null` rm -f $PIDFILE if [[ "$STATUS" == "$RECV"* ]]; then echo "UP" fi exit The GTM Monitor: The GTM log just shows the same message as the monitor status on the member properties. We even tried to setup a simple monitor that simply does an echo "UP" so it shouldn't be reaching out through the proxy yet that still comes back with the same status. Any ideas on where else to look is greatly appreciated! Thanks, Luis
Using variables in external Perl monitor
Gents, I currently use a external monitor to check the JSON output of some webservices. Now I try to make it a little bit more flexible. For example I want to try to replace the string "UP" at if($status eq "UP") to if($status eq $statusmsg) but not sure how to do this. Current script: !/usr/bin/env perl use LWP::Simple; use JSON; $URI = $ARGV[2]; $HOSTNAME = $ARGV[0]; $HOSTNAME =~ s/::ffff://; $PORT=$ARGV[1]; $contents = get("http://$HOSTNAME:$PORT$URI"); $json = decode_json($contents); $status = $json->{'status'}; if($status eq "UP") { print $status; } Typing in the variable like below did not help. Also hard to find any documentations about it.... Maybe anyone of you can help me out? Many thanksHow to create a External Monitor?? Please help
Hi, how to create an external monitor for below curl command. Below curl command giving an output "200" when running manually from F5 curl --header "Content-Type: text/xml;charset=UTF-8" --header "SOAPAction:http://mybase.xyz.com/mybaseService/HealthCheck" --data "" -o /dev/null -s -w %{http_code} http://servername:8080/mybaseWS/mybaseService Please help. -Jinshu
External/Scripted monitor fails
Hi, I need to have a monitor that do a curl on a url witch returns a specific value. I could have done this with the regular http monitor but I need to insert a random number into the URI to avoid caching in the internal proxy. I have tried to import the script and create an external monitor but without any results. I'm checking the access log on the apache server and I can not see any requests. I have also created a "script" monitor where I put the script in the /config/eav/ directory. In the script monitor I can set it in the debug mode and I get the following in the log. ********** Debugging session beginning at: Tue Sep 16 21:57:08 2014 Arguments 1-2: ::ffff:192.168.20.1 80 Environment variables: DEBUG=yes FILENAME=test MON_TMPL_NAME=/Common/test NODE_IP=::ffff:192.168.20.1 NODE_PORT=80 -- !/bin/sh invalid line from file /config/eav/test: '!/bin/sh' If I run the script manually it works as expected, but not when the monitor is executing the script. I have 755 as access: -rwxr-xr-x 1 root root 2267 Sep 16 21:51 test Regards AndréasBackup using External Monitor
Hi, We are trying to automate the backup using external monitor.Tried using the below script.Looks like monitor is marking the pool as UP but the content(UCS)is not getting copied over to the destination. Please suggest. !/bin/bash IP= echo ${1} | sed 's/::ffff://' PORT=${2} PIDFILE="/var/run/ basename ${0} .${IP}_${PORT}.pid" if [ -f $PIDFILE ] then kill -9 cat $PIDFILE > /dev/null 2>&1 fi echo "$$" > $PIDFILE tmsh save sys ucs today && scp /var/local/ucs/today.ucs user@${IP}:/var/tmp/backups/ && ssh user@${IP} ls /var/tmp/backups |grep "today" 2>&1 > /dev/null if [ $? -eq 0 ] then echo "UP" fi rm -f $PIDFILE exit
External Monitor brings down pool instantly
Hi, i am trying to monitor the health of elasticsearch cluster by tracking the number of nodes active in the cluster which will raise syslog with the status. however whenever i attach the external monitor, it is bringing down all members of the pool. Could you check what is wrong with it. ################################### # Author: Shirish Basant Rai # Version 1.0 # Date: 06/03/2020 # Usage: # Change log: ################################### #!/bin/sh pidfile="/var/run/$MONITOR_NAME.$1..$2.pid" # Send signal to the process group to kill our former self and any children #$1 and $2 are passed by default, as well as the monitor Name if [ -f $pidfile ] then kill -9 -`cat $pidfile` > /dev/null 2>&1 fi echo "$$" > $pidfile function get_EScluster_num_from_hostname() { # # number=$(echo $1 | awk -F"-" '{print $4}' | sed 's/[^0-9]*//g') echo $number } function get_vsdcluster_num_from_hostname() { #******************************************************************************************** # this function will return the VSD cluster from the VM hostname # 1 Parameters required for this function: LINE retrieved from SYSLOG #******************************************************************************************** number=$(echo $1 | awk -F"-" '{print $3}' | sed 's/[^1-9]*//g') echo $number } #Declare variables declare -a response declare -a Statelist declare -a Nodelist maxup=6 es1_members=3 es2_members=3 #POOL=Pool-STATSES-9200 #Get number of active members of the Pool upmembers=`tmsh show /ltm pool $POOL members |grep "Current Active Members" |awk -F" : " '{ print $2 }'` #Get the details of the pool members response="$(curl -sk -u admin:admin GET https://localhost/mgmt/tm/ltm/pool/Pool-STATSES-9200/?expandSubcollections=true | jq . -M)" #Get the Name of the pool members NodeName=$(echo ${response} | jq -M '.membersReference.items[].name' | sed -e 's/^"//' -e 's/"$//' -e 's/:9200//') #Get the state of the pool members Nodestate=$(echo ${response} | jq -M '.membersReference.items[].state' | sed -e 's/^"//' -e 's/"$//') #Get priority group of Pool members to define ES cluster NodePG=$(echo ${response} | jq -M '.membersReference.items[].priorityGroup') #split string to list Nodelist=( $NodeName ) Statelist=( $Nodestate ) PGlist=( $NodePG ) echo "up" if [ $upmembers -lt $maxup ] then rm -f $pidfile n=0 echo "up" #then find which node is down from which cluster; need to identify the cluster from the es number for i in "${!Statelist[@]}"; do #find the vsd cluster and escluster and log which host is down for which cluster esclusterID=$(get_EScluster_num_from_hostname "${Nodelist[$i]}") vsdclusterID=$(get_vsdcluster_num_from_hostname "${Nodelist[$i]}") if [ "${Statelist[$i]}" == "down" ] then #for Active ES cluster if [ "${PGlist[$i]}" == "100" ] then # send the syslog Alarm n+=1 if [ $n -eq 1 ] then logger -p local0.error -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Active ES cluster from VSD cluster: \"${vsdclusterID}\" is in YELLOW state" elif [ $n -gt 1 ] then logger -p local0.error -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Active ES cluster from VSD cluster: \"${vsdclusterID}\" is in RED state" else [ $n == 0 ] logger -p local0.info -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Active ES cluster from VSD cluster: \"${vsdclusterID}\" is in GREEN state" fi #for Backup ES cluster else n+=1 if [ $n -eq 1 ] then logger -p local0.error -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Backup ES cluster from VSD cluster: \"${vsdclusterID}\" is in YELLOW state" elif [ $n -gt 1 ] then logger -p local0.error -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Backup ES cluster from VSD cluster: \"${vsdclusterID}\" is in RED state" else logger -p local0.info -t GENERIC-SCRIPT "ES-Cluster-Monit SCRIPT-RESULT 0 0 Backup ES cluster from VSD cluster: \"${vsdclusterID}\" is in GREEN state" fi fi fi done echo "up" fiNotifications via External Monitor
Hi, I have an external monitor that sends a notification (email) when it fails. I don't want it failing so I just had it create a file when if fails. If that file doesn't exist, it will notify. If it does exist, it just marks it down but doesn't send the alert. The way I thought to clean it up was just to rm-f the file when the status goes back to UP. This works fine if the script is run manually, but will not work when it runs through F5. Here are the basics of the script: curl -s -v -k -H "Host: ${HOST}" -k https://${NODE}${URI} 2>&1 > /dev/null | grep -i "${RECV}" STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then rm -f /shared/tmp/service-${NODE} echo "UP" else if [ ! -f /shared/tmp/service-${NODE} ] then touch /shared/tmp/service-${NODE} chmod 777 /shared/tmp/service-${NODE} curl -s -o /shared/tmp/service-${NODE}.html -H "Host: ${HOST}" -k https://${NODE}${URI} EMAIL NOTIFICATION PART fi fi exit Is there something that I am missing? Is there a better way?External Monitor for checking proxy authentication and Internet access
Hello Experts, We are load balancing 3 proxy servers and we are trying to construct an external monitor that both checks if an user can authenticate to the proxy and access the internet. So far we've managed to get the following script working when run from the F5 CLI: !/bin/sh (c) Copyright 1996-2007 F5 Networks, Inc. This software is confidential and may contain trade secrets that are the property of F5 Networks, Inc. No part of the software may be disclosed to other parties without the express written consent of F5 Networks, Inc. It is against the law to copy the software. No part of the software may be reproduced, transmitted, or distributed in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose without the express written permission of F5 Networks, Inc. Our services are only available for legal users of the program, for instance in the event that we extend our services by offering the updating of files via the Internet. @() $Id: http_monitor_cURL+GET,v 1.0 2007/06/28 16:10:15 deb Exp $ (based on sample_monitor,v 1.3 2005/02/04 18:47:17 saxon) these arguments supplied automatically for all external monitors: $1 = IP (IPv6 notation. IPv4 addresses are passed in the form ::ffff:w.x.y.z where "w.x.y.z" is the IPv4 address) $2 = port (decimal, host byte order) Additional command line arguments ($3 and higher) may be specified in the monitor template This example does not expect any additional command line arguments Name/Value pairs may also be specified in the monitor template This example expects the following Name/Vaule pairs: URI = the URI to request from the server RECV = the expected response (not case sensitive) remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) IP=`echo ${1} | sed 's/::ffff://'` PORT=${2} PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid" kill of the last instance of this monitor if hung and log current pid if [ -f $PIDFILE ] then echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error kill -9 `cat $PIDFILE` > /dev/null 2>&1 fi echo "$$" > $PIDFILE send request & check for expected response STATUS=`curl -s -o /dev/null -w '%{http_code}' -H 'Cache-Control: no-cache' http://www.google.com --proxy $IP:$PORT -U username@ourdomain:strongpassword --proxy-ntlm` if [ "$STATUS" -eq "200" ] then rm -f $PIDFILE echo "UP" else rm -f $PIDFILE echo "DOWN" fi exit As here I have substituted the username, domain name and the password for obvious reasons. Currently the username has no access to google.com (this is how it should be since it is not allowed access on the proxy) and when executed in CLI the script returns DOWN, as the http_code is 403 - Forbidden. ANYWAY in the WEB interface it shows all nodes green, which should not be the case.. Any help is much appreciated. Regards, Nayden
