Monitoring | Farmguardians | Update

Monitoring | Farmguardians | Update

By default, Relianoid runs basic health checks on the backends or real servers, but sometimes these checks are not enough to determine if the backends are working properly or not. For this reason, Relianoid implements a service called Farmguardian that that executes and manages advanced health checks.

The objective of Farmguardian is to act as an advanced monitoring tool for backends application servers. Farmguardian performs this by reading configurations and obtaining the list of backends with the help of plugins that check the health status of each backend. Farmguardian also updates the backend status for each farm, determining if the load balancer should send traffic to that backend.

In this section, you will learn how to configure the farmguardian checks using both the Global settings and settings wihtin a Farm.

Global Settings #

Within the Global section, these are the settings for Farmguardian.

In the Global tab, the fields are not editable if the checks are pre-loaded in the system. If you want to modify a health check, you should create a new farmguardian, enable the Copy farmguardian and modify the new one.

Name. The identification name of the current Farmguardian check, can not be edited.
Command. Set the command executed to check the backends status.
Timeout. The highest amount of time for the backend to send back a response. Units (seconds).
Interval. Time in between health check batches against all the backends. Notice that each interval time, the farmguardian check will stop and be relaunched, so it must be high enough so it can check all backends ( timeout * nº backends +1 ).
Description. This field contains a brief description of the Farmguardian check.
Cut Connections. When this option is enabled, the current connections of the detected backends that are down are flushed, forcing an immediate reconnection to available backends. If disabled, the current connections will be drained without disconnecting any client.
Enable logs. Enables or disables the logs of every farmguardian check. With logs disabled only the backend status changes are shown in the log files.
Backend alias. A name that easily identifies the interface of the backend.

Configure health checks #

All available farmguardian plugins can be found under the directory /usr/local/zevenet/app/libexec/ inside of the load balancer.

Farmguardian uses plugins to configure advanced health checks to detect if a certain real server is working as expected using customized options. There are a lot of health checks for each protocol, service, or application. The most important plugins are described below.

check_ftp. This plugin tests FTP connections with the specified host.

Usage:
check_ftp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_fping: This plugin will use the fping command to ping the specified host for a fast check.

Usage:
 check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number]

check_http: This plugin tests the HTTP service on the specified host. It can test plain (HTTP) and secure (HTTPS) protocols, follow redirects, search for strings and regular expressions, check connection times, and report on certificate expiration times, HTTP return codes, etc.

Usage:
 check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
       [-J <client certificate file>] [-K <private key>]
       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]
       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]
       [-T <content-type>] [-j method]

check_imap: This plugin tests IMAP connections with the specified host.

Usage:
check_imap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_ldap: This plugin tests LDAP services. It can be tested with a given search.

Usage:
 check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

check_ldaps: This plugin tests LDAPS services. It can be tested with a given search.

Usage:
 check_ldaps -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

check_mysql: This plugin tests connections to a MySQL server.

Usage:
 check_mysql [-d database] [-H host] [-P port] [-s socket]
       [-u user] [-p password] [-S] [-l] [-a cert] [-k key]
       [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]

check_mysql_query: This plugin checks a query result against threshold levels.

Usage:
 check_mysql_query -q SQL_query [-w warn] [-c crit] [-H host] [-P port] [-s socket]
       [-d database] [-u user] [-p password] [-f optfile] [-g group]

check_pgsql: Test whether a PostgreSQL Database is accepting connections.

Usage:
check_pgsql [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>]
 [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>]
[-q <query>] [-C <critical query range>] [-W <warning query range>]

check_pop: This plugin tests POP connections with the specified host.

Usage:
check_pop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_radius: Tests to see if a RADIUS server is accepting connections.

Usage:
check_radius -H host -F config_file -u username -p password
			[-P port] [-t timeout] [-r retries] [-e expect]
			[-n nas-id] [-N nas-ip-addr]

check_simap: This plugin tests secure IMAP connections with the specified host.

Usage:
check_simap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_smtp: This plugin will attempt to open an SMTP connection with the host.

Usage:
check_smtp -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]
[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]
[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] 

check_snmp: Check the status of remote machines and obtain system information via SNMP.

Usage:
check_snmp -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]
[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]
[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]
[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]
[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]

check_spop: This plugin tests secure POP connections with the specified host.

Usage:
check_spop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_ssh: Try to connect to an SSH server at specified server and port.

Usage:
check_ssh  [-4|-6] [-t <timeout>] [-r <remote version>] [-p <port>] <host>

check_ssmtp: This plugin tests SSMTP connections with the specified host.

Usage:
check_ssmtp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_tcp: This plugin tests TCP connections with the specified host.

Usage:
check_tcp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

For further information, execute the following command under the plugins path:

plugin_name --help

Farmguardian will use these plugins to check the health status of the backends and will manage the execution error output of the executed plugin to decide the backend status as follows:

If the error output == 0 then the backend is OK > $? = 0
If the error output <> 0 then the backend is NOT OK > $? <> 0

Custom plugin #

These plugins can be configured and fully programmable by sysadmins to be adapted to any protocol or application.

This example shows a custom plugin check_load.sh.

#!/bin/bash
###
###comments:
###snmp utils should be installed
###snmpd should be installed and configured in the backends
###
MAXVALUE=4
COMMUNITY="public"
EXECUTE=`snmpget -v 2c -c $COMMUNITY $1 .1.3.6.1.4.1.2021.10.1.3.1 |cut -d ':' -f2 | cut -d '.' -f1 | sed s/\ // | sed s/\"//`

echo "SNMP CPU load check for $1 is $EXECUTE"
# If the result is true, exit with 1; error; else exit = 0; OK
if (( $EXECUTE >= $MAXVALUE )); then
#error output; the server is overloaded and the load balancer isn’t going to send more connections
exit 1
else
#, not error; the server can accept more connections
exit 0
fi

Constants #

When Farmguardian executes a plugin, it can use some constants or tokens as arguments, like:

HOST. Farmguardian will take care of modifying this constant by the real server IP address.
PORT. Farmguardian will take care of modifying this constant by the real server port.

These constants can be used for every plugin, Farmguardian will use them to run the health check with the real parameters in place.

Farms #

On this tab, there is a list of farms and services using this Farmguardian health check.

Farms and services can be assigned or removed from this Farmguardian health check using multiple selections with single arrow icons or double arrows to enable or disable all farms.

SHARE ON:

Powered by BetterDocs