Forum Discussion

hexueli_36169's avatar
hexueli_36169
Icon for Nimbostratus rankNimbostratus
Mar 19, 2010

How to setup external monitor with extended ping?

I'm running into a situation to setup extended ping monitor for LDAP servers. It seems the LDAP server sometimes may lose its IP routing info and be only available on its default VLAN. When this happens, this LDAP server will be malfunction and should be marked down in the pool, but since LTM Nodes default monitor (icmp) is done via the same vlan, the LDAP server still appears online to LTM. To get around this issue, I'm trying to setup a monitor to ping LDAP server via a source IP on another vlan.

 

Here is the script I tested:

 

---------

 

node_ip=`echo $1 | sed 's/::ffff://'`

 

pidfile="/var/run/`basename $0`.$node_ip..$2.pid"

 

if [ -f $pidfile ]

 

then

 

kill -9 `cat $pidfile` > /dev/null 2>&1

 

fi

 

echo "$$" > $pidfile

 

ping -I 10.10.10.2 -c 1 -W 1 node_ip | grep rtt

 

if [ $? -eq 0 ]

 

then

 

echo "UP"

 

fi

 

rm -f $pidfile

 

-----------

 

Problems I got:

 

1. The source IP, 10.10.10.2 in this example, seems can't be the floating IP and needs to use the actual self IP, which is different on Active/Standby LTM. How can I keep different source IP in this monitor script on active/standby LTM after config-sync?

 

2. When creating this external monitor in the GUI, there is an option of "Alias Service Port". When I used default "All ports" and then set pool member with "All Services", I got an error saying the health monitor has a wildcard destination service and node has zero service. I then picked up a TCP port for the monitor and node, but the monitor showed pool member down. How can I get around this issue when setting up a monitor for icmp?

 

 

Thanks for your help!
management
monitoring

6 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 22, 2010
    You'll need to use a non-floating self IP as each unit in a redundant pair performs monitor checks while active or standby. To get a non-floating self IP, can you replace the 10.10.10.2 IP in the ping command with this awk line from hwidjaja?

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=32&tpage=1&view=topic&postid=814027814206

     

     

    `awk 'BEGIN {RS="}\n";FS=RS} /^self 1.1.1/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'`

     

     

    Make sure to replace 1.1.1 with the first three octets of the non-floating self IP address you want to match

     

     

    node_ip=`echo $1 | sed 's/::ffff://'`

     

    pidfile="/var/run/`basename $0`.$node_ip..$2.pid"

     

    if [ -f $pidfile ]

     

    then

     

    kill -9 `cat $pidfile` > /dev/null 2>&1

     

    fi

     

    echo "$$" > $pidfile

     

    ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 1.1.1/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 node_ip | grep rtt

     

    if [ $? -eq 0 ]

     

    then

     

    echo "UP"

     

    fi

     

    rm -f $pidfile

     

     

    Do you have the pool members set for port 0 or a specific port like 389? Can you set a specific port on the pool members and use the external monitor with no alias port?

     

     

    Thanks, Aaron
  • hexueli_36169's avatar
    hexueli_36169
    Icon for Nimbostratus rankNimbostratus
    Apr 07, 2010
    Hi Aron,

     

    I tried with this external monitor script:

     

    node_ip=`echo $1 | sed 's/::ffff://'`

     

    pidfile="/var/run/`basename $0`.$node_ip..$2.pid"

     

    if [ -f $pidfile ]

     

    then

     

    kill -9 `cat $pidfile` > /dev/null 2>&1

     

    fi

     

    echo "$$" > $pidfile

     

    ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 153.88.99/ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 &node_ip | grep rtt

     

    if [ $? -eq 0 ]

     

    then

     

    echo "UP"

     

    fi

     

    rm -f $pidfile

     

    exit

     

    ------------

     

    Note, I replaced "node_ip" with "&node_ip" in the ping command line, is that right?

     

    Pool members are set with port 389 and external monitor can either set a specific alias port or all ports, I've tested both, and unfortunately, it still doesn't work - all pool members are dtected down.

     

    Any idea?

     

    Thanks!

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 08, 2010
    I think you'll want to use $node_ip instead of &node_ip. The ping command seems to work on a test unit:

     

     

    ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 10.42./ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 10.41.0.22

     

    PING 10.41.0.22 (10.41.0.22) from 10.42.2.2 : 56(84) bytes of data.

     

    64 bytes from 10.41.0.22: icmp_seq=1 ttl=127 time=1.68 ms

     

     

    --- 10.41.0.22 ping statistics ---

     

    1 packets transmitted, 1 received, 0% packet loss, time 0ms

     

    rtt min/avg/max/mdev = 1.687/1.687/1.687/0.000 ms

     

     

    Aaron
  • hexueli_36169's avatar
    hexueli_36169
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2010
    Hi Aaron,

     

    Yes, that ping command works, but still not the external monitor with that script - I made it as .sh file and copied to /usr/bin/monitors/, then created a monitor wit htype "External". Do you have the chance to test that external monitoron your test unit?

     

    Thanks a lot!

     

    /Shirley
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 09, 2010
    Hi Shirley,

     

     

    Here's an example which work for me. You can save the code below as /usr/bin/monitors/custom_ping.bash, make it executable (chmod 744 /usr/bin/monitors/custom_ping.bash) and then define an external monitor like this:

     

     

    If you add a DEBUG variable in the monitor definition and set it to 1, the script will write out debug to /var/log/ltm.

     

     

    Aaron

     

     

    Monitor definition

     

     

    
 b monitor custom_ping_monitor list
monitor custom_ping_monitor {
   defaults from external
   DEBUG "0"
   run "custom_ping.bash"
}

     

     

    Monitor script

     

     

    
!/bin/bash
 Save as /usr/bin/monitors/custom_ping.bash
 Make executable using chmod 744 custom_ping.bash
 Use a custom IP address to source a ping to the pool member IP address
 Get the self IP address starting with 10.41.1. from the bigip_base.conf
 Log debug to local0.debug (/var/log/ltm)?
 Check if a variable named DEBUG exists from the monitor definition
 This can be set using a monitor variable DEBUG=0 or 1
if [ -n "$DEBUG" ]
then
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: true: \$DEBUG: $DEBUG" | logger -p local0.debug; fi
else
    If the monitor config didn't specify debug, enable/disable it here
   DEBUG=0
   echo "EAV `basename $0`: false: \$DEBUG: $DEBUG" | logger -p local0.debug
fi
 Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo $1 | sed 's/::ffff://'`
 We don't use the port except for logging
PORT=$2
 Check if there is a prior instance of the monitor running
pidfile="/var/run/`basename $0`.$IP.$PORT.pid"
if [ -f $pidfile ]
then
   kill -9 `cat $pidfile` > /dev/null 2>&1
   echo "EAV `basename $0`: exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $pidfile`" | logger -p local0.error
fi
 Add the current PID to the pidfile
echo "$$" > $pidfile
 Send the ping request and look for rtt in response
 Redirect stderr and stdout to nothing to ensure we don't errantly mark the pool member up
ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;}' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 $IP | grep rtt 2>&1 > /dev/null
 Debug
if [ $DEBUG -eq 1 ]
then
   echo "EAV `basename $0`: Running for ${IP}:${PORT} using source IP `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'`" | logger -p local0.debug
fi
 Check if the command ran successfully
 Note that any standard output will result in the script execution being stopped
 So do any cleanup before echoing to STDOUT
if [ $? -eq 0 ]
then
   rm -f $pidfile
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: Succeeded for ${IP}:${PORT}" | logger -p local0.debug; fi
   echo "UP"
else
   rm -f $pidfile
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: failed for ${IP}:${PORT}" | logger -p local0.debug; fi
fi

     

     

  • hexueli_36169's avatar
    hexueli_36169
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2010
    Hi Aaron,

     

    Your script works for me as well. Thanks a lot for your help -very much appreciated!

     

     

    BR/Shirley