Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SFTP External Monitor fails but manual script execution succeeds

Hi,

I've been working on setting up an SFTP monitor for some time now. I'm getting really close but there's one thing left that I'm having a hard time understanding and is just not working as expected.

Here is the base script:

# !/bin/bash
#
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
#
sftp -o Port=${PORT} -b /home/ext_monitor/cyclone/sftpmonitor.input sftpMonitor@${IP} | grep 'IB' 2>$1 > /dev/null
#
# mark node UP if expected response was received
if [ $? -eq 0 ]
then
  echo "UP"
fi

When I upload this script to the F5 and execute it manually (using IP and Port arguments in-line) it works just fine.

What I'm trying to do is attach this to the pool level; there are 4 pool members and my understanding is the first two variables ($1 (ipv6 address) and $2 (port)) are auto-populated by the F5 when it tries connecting in the external monitor, but the monitor was failing.

Next, I modified the script a bit so that instead of using IP and PORT variables, I just hard-coded one of the pool member information and attached the monitor at the pool member level, but that also failed.

Any assistance I could get would be very appreciated... I feel like I'm very close and just missing a couple key things here.

Here's the current monitor configuration:

ltm monitor external external-sftp-cyclone {
    defaults-from external
    destination *:*
    interval 5
    run /Common/external-cyclone-sftp-2022
    time-until-up 0
    timeout 16
}

Also, in case it is relevant: I do also have a tcp monitor attached alongside it as I cannot risk the pool member going down at this time while I test this.

0
Rate this Question
Comments on this Question
Comment made 3 months ago by jpeterson6 180

I should add: The batch file sftpmonitor.input simply runs 'dir' and 'bye' commands.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

have a look at an older but still good article on trouble shooting external monitors: https://devcentral.f5.com/articles/ltm-external-monitors-troubleshooting

0
Comments on this Answer
Comment made 3 months ago by jpeterson6 180

I have, thank you.

One thing I have tried is adding the following echo commands after the variables are populated:

# !/bin/bash
#
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
echo "${IP}:${PORT} connected via external-cyclone-monitor" | logger -p local0.
echo ${IP} ${PORT} >> /var/tmp/sftp-test-mon.log
#
sftp -o Port=${PORT} -b /home/ext_monitor/cyclone/sftpmonitor.input sftpMonitor@${IP} | grep 'IB' 2>$1 > /dev/null
#
# mark node UP if expected response was received
if [ $? eq 0 ]
then
  echo "UP"
fi

As a result, I am neither seeing logs on /var/log/ltm with that string, nor am I seeing the log file being crated in /var/tmp/

I believe this is a situation where the external monitor is actually not sending data, but I do not know why. I have a support case open - but if anyone here knows what may be the issue I would appreciate hearing it.

0
Comment made 3 months ago by boneyard 4988

the permissions are ok for it?

0
Comment made 3 months ago by jpeterson6 180

I looked for it in "/config/filestore/files_d/Common_d/external_monitor_d"

-rwxr-xr-x. 1 tomcat tomcat 391 2017-08-17 18:41 :Common:external-cyclone-monitor_43028_11

Looks ok to me; 755.

Just to clarify it is the same:

**cat ./:Common:external-cyclone-monitor_43028_11**
# !/bin/bash
#
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
echo "${IP}:${PORT} connected via external-cyclone-monitor" | logger -p local0.
echo ${IP} ${PORT} >> /var/tmp/sftp-test-mon.log
#
sftp -o Port=${PORT} -b /home/ext_monitor/cyclone/sftpmonitor.input sftpMonitor@${IP} | grep 'IB' 2>$1 > /dev/null
#
# mark node UP if expected response was received
if [ $? eq 0 ]
then
  echo "UP"
fi
0
Comment made 3 months ago by boneyard 4988

perhaps you have it solved by now, please share the solution then.

i gave it a try also and your script or the example from dev central doesn't work for me either.

have you tried the tmsh run util test-monitor command to see what that says?

0
Comment made 3 months ago by boneyard 4988

i think i got it, it might be your first line, try replacing

# !/bin/bash with #!/bin/sh

also the should be - before the eq, but that might have been lost in copy paste.

0
Comment made 3 months ago by jpeterson6 180

Yeah, I caught the missing '-' but unfortunately that wasn't my golden goose. I tried changing the first line as you suggested but no dice there either.

I'm still working with TAC. The engineer just had me run the same command, here are the results:

(tmos)# run /util test-monitor external-sftp-cyclone address 10.50.212.45 port 2022
--- environment:
NODE_IP='::ffff:10.50.212.45'
NODE_NAME=''
PATH='/sbin:/bin:/usr/sbin:/usr/bin:/usr/contrib/bin:/usr/local/bin:/usr/contrib/sbin:/usr/local/sbin:/usr/libexec'
NODE_PORT='2022'
ARGS_I=''
MON_TMPL_NAME='external-sftp-cyclone'
--- executing (timeout in 46s): /config/filestore/files_d/Common_d/external_monitor_d/:Common:external-cyclone-monitor_43028_14 10.50.212.45 2022
Traceback (most recent call last):
  File "/usr/local/bin/test_monitor", line 186, in <module>
    p = Popen(args, stderr=PIPE, stdout=PIPE, env=environ)
  File "/usr/lib/python2.6/subprocess.py", line 642, in __init__
    errread, errwrite)
  File "/usr/lib/python2.6/subprocess.py", line 1238, in _execute_child
    raise child_exception
OSError: [Errno 8] Exec format error
0
Comment made 3 months ago by boneyard 4988

exactly the same error i got until i moved to '#!/bin/sh'

of course now when i move back to /bin/bash it doesn't return ...

ok i do get that one if i have a space between the # and ! on the first line, you sure you don't have that now?

can you share your whole external monitor script again as it is used now?

1
Comment made 3 months ago by jpeterson6 180

Yep, it's the extra space on the first line.

Are you my support engineer? He just came to the same conclusion :)

Apparently, even though manually running the script works, when it runs through the external-monitor parser that space matters. Go figure....

That was a fun one.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

How do you authenticate the user'sftpMonitor' in the above mentioned sftp monitor script.

0
Comments on this Answer
Comment made 2 months ago by jpeterson6 180

You'll need to use public key auth in order to authenticate without a password.

Try this link for details: http://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

0