F5 DNS external monitor
Hi , we are using an F5 DNS (v12.1.2) . We are now getting request for doing a DNS loadbalalancing for 2 IP's in seperate datacenters. (openshift setups) Both IP's are accessible via https but are running multiple instances on same port (so different uri's on same IP) . So using a standard https monitor isn't a solution in this case . https monitor will work but will not show status of individual services . And we need to known the status of individual instances. I was thinking about defining seperate monitors for each url specified . But the problem is that monitoring pools or members is done based on IP address . And i would instead need to use the FQDN in the monitor . i'm able to use a curl command "curl -kvX -H GET https://<dns-name>/checkService" & this works when i use the FQDN .Using IP doesn't work . Anybody an idea on how to use FQDN's in monitor? i also tested with external monitors from articles " https://devcentral.f5.com/s/articles/http-monitor-curl-basic-get" & " https://devcentral.f5.com/s/articles/https-sni-monitoring-how-to" But i'm getting some weird results when using these on F5 DNS .i was able to define the tls-sni monitor but when checking logs from debug i saw it takes all the variables i defined , except the 'hostname" , where F5 DNS continued to use his own hostname. Resulting in a failure . But not really sure if these external monitors are designed for use on LTM only or also on DNS ?
NTP Monitor for 11.x -- With Complete Instructions
Problem this snippet solves: As the F5 LTM does not come with an NTP health monitor, I began my search for one. I found one here, written for 9.x and spent a few minutes getting it to work in 11.5.4. Disclaimer: All the hard work was already done, I simply made a few updates to it for 11.x: https://devcentral.f5.com/codeshare/ntp-monitor How to use this snippet: Upload NTP.pm (NTP Library) via FTP to the '/usr/bin/monitors/CPAN/Net' directory (You will have to create the CPAN and Net folders using the 'mkdir' command in UNIX shell). Import custom NTP healthcheck file, ntp_mon: 'System >> File Management >> External Monitor Program File List >> Import' Local Traffic>> Monitors >> Create Name: ntp_monitor Type:external External Program: ntp_mon Bind to pool, and treat like normal health monitor. To ensure functionality, temporarily add a host that you know does not serve NTP such as your desktop, to ensure it marks the host down. Code : 71928
Health monitor to mark pool member up when a ping FAILS (inverse ping health check)
Hello, I am attempting to figure out the best way to create a health monitor that is an inverse of the ICMP monitor-when ping to an IP fails, I want the pool member to be marked UP. When ping to an IP succeeds, I want the pool member to be marked DOWN. My first attempt at this was using an external monitor with the below script; that does not seem to be working. #!/bin/sh ping -c 5 [IP here] > /dev/null && exit || echo "down" exit $? I am running 11.5.3 HF2. Does anyone know if the best way to achieve this beahvior, or why my script isn't working? It looks like it outputs nothing to stdout (should cause the monitor to fail) unless the ping fails, at which point it outputs something (should cause the monitor to pass)Variables in an external monitor BASH script
Greetings, I have written a shell script to use as an external monitor. It works as expected when I execute it from the bash shell, but fails as a monitor. I believe the reason for the failure is the way I am using VARIABLEs. Is the code below legal? TMSH='/usr/bin/tmsh' VCS1='10.12.1.11' VCS2='10.12.1.12' DEBUG=1 PRI=$TMSH list ltm snat snat_ids_primary | $GREP -E "$VCS1|$VCS2" if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Result of Primary SNAT check -> $PRI" | $LOGGER -p local0.debug; fi When run from the CLI interactively the log will have data to in the $PRI variable. Mar 26 17:24:46 local/bip-bxb-lab-01 debug logger: IDS_SNAT: Result of Primary SNAT check -> 10.12.1.11/32 Mar 26 17:24:46 local/bip-bxb-lab-01 debug logger: 10.12.1.12/32 When run as an external monitor the $PRI variable is empty. Mar 26 17:21:24 local/bip-bxb-lab-01 debug logger: IDS_SNAT: Result of Primary SNAT check -> I am clearly doing something wrong I just don't know what. Any help would be appreciated. Thank you.
external monitor location
Hey, I have an issue where I can not find an external monitor that is used on a dozen apps in our environment. I issued the find command on all of our prod external ltms still couldnt find it. I looked in /usr/bin/monitors and /usr/share/monitors. I found the arg_example and sample_monitors default one there but not the external monitor I was looking for which is dual_https. Any help would be appreciated!!!SFTP file existence monitor
Problem this snippet solves: SFTP file existence monitor How to use this snippet: This monitor definition allows for a monitor to connect to a SFTP server and check for the existence of a file using username/password. Written for a specific implementation where they wouldn't use key pairs, plus it turns out that curl on F5's was compiled with sftp support disabled, so I had to use expect instead. It's based off of the default sample_monitor. Create a monitor definition with 3 variables: $monitor_sftp_USER = Username of SFTP server $monitor_sftp_PASS = Password for $monitor_sftp_USER $monitor_sftp_STRING` = String/Filename to search for I have also written a modified version whereby you can encrypt the password manually using the unit master-key and add that as the password variable, which I can post if wanted. Code : #!/bin/sh # # (c) Copyright 1996-2006, 2010-2013 F5 Networks, Inc. # # This software is confidential and may contain trade secrets that are the # property of F5 Networks, Inc. No part of the software may be disclosed # to other parties without the express written consent of F5 Networks, Inc. # It is against the law to copy the software. No part of the software may # be reproduced, transmitted, or distributed in any form or by any means, # electronic or mechanical, including photocopying, recording, or information # storage and retrieval systems, for any purpose without the express written # permission of F5 Networks, Inc. Our services are only available for legal # users of the program, for instance in the event that we extend our services # by offering the updating of files via the Internet. # # @(#) $Id: //depot/maint/bigip12.1.1/tm_daemon/monitors/sample_monitor#1 $ # # # these arguments supplied automatically for all external pingers: # $1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname) # $2 = port (decimal, host byte order) # # The following must all be set as variables in the monitor definition # $monitor_sftp_USER = Username of SFTP server # $monitor_sftp_PASS = Password for $monitor_sftp_USER # $monitor_sftp_STRING` = String/Filename to search for # # $MONITOR_NAME = name of the monitor # # In this sample script, $3 is the regular expression # # Name of the pidfile pidfile="/var/run/$MONITOR_NAME.$1..$2.pid" # Send signal to the process group to kill our former self and any children # as external monitors are run with SIGHUP blocked if [ -f $pidfile ] then kill -9 -`cat $pidfile` > /dev/null 2>&1 fi echo "$$" > $pidfile # Remove the IPv6/IPv4 compatibility prefix node_ip=`echo $1 | sed 's/::ffff://'` # Using expect and sftp to get directory listing from the server. # Search the data received for the expected string. expect -c " spawn sftp -oStrictHostKeyChecking=no -oPort=$2 $monitor_sftp_USER@$node_ip; expect \"password:\"; send $monitor_sftp_PASS\r; expect \"sftp>\"; send \"ls -l\r\"; expect \"sftp>\"; send \"exit\r\" " | grep $monitor_sftp_STRING > /dev/null status=$? if [ $status -eq 0 ] then # Remove the pidfile before the script echoes anything to stdout and is killed by bigd rm -f $pidfile echo "up" fi # Remove the pidfile before the script ends rm -f $pidfile Tested this on version: 12.1arg-ex-out using over half of space on partition
Hi, I'm getting the error message, that my F5 has 0% free space - this sucks. I've noticed that this space is used mostly by /var partition: /dev/mapper/vg--db--sda-set.12--hf1._var 3.0G 2.8G 23M 100% /var ` I've found a file named arg_ex_out that uses 1,8G of disk space, and I have no idea what this is. My other F5 (active in HA configuration) has the same file, but "only" around 650M big. The content of the file seems to repeat itself over and over and looks like this: `---- Command Line Args ---- ::ffff: 53 ---- Environment Args ---- ARGS_I= MON_INST_LOG_NAME=/var/log/monitors/SHARED_m_dns-SHARED_2-53.log MON_TMPL_NAME=/SHARED/m_dns NODE_IP=::ffff: NODE_NAME=/SHARED/ NODE_PORT=53 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/contrib/bin:/usr/local/bin:/usr/contrib/sbin:/usr/local/sbin:/usr/libexec RUN_I=/Common/arg_example TMOS_RD=2 = ---- End Args ---- ---- Command Line Args ---- ::ffff: 53 ---- Environment Args ---- ARGS_I= MON_INST_LOG_NAME=/var/log/monitors/SHARED_m_dns-SHARED_-53.log MON_TMPL_NAME=/SHARED/m_dns NODE_IP=::ffff: NODE_NAME=/SHARED/ NODE_PORT=53 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/contrib/bin:/usr/local/bin:/usr/contrib/sbin:/usr/local/sbin:/usr/libexec RUN_I=/Common/arg_example TMOS_RD=2 = ---- End Args ---- This repeats over and over again - judging by the filesize quite a lot. Perhaps it's some sort of external monitor? Any ideas? I'll be needing to upgrade the devices quite soon, I guess I'd need the disk space