Monitoring | Farm Guardian | Update

POSTED ON 15 January, 2019

By default, Zevenet runs simple health checks to the backends or real servers in HTTP farms, but sometimes this check is not enough to determine that the backends are working appropriately. For this reason, Zevenet implements a service that executes and manages advanced health checks via a daemon that uses plugins called Farm Guardian.

The main task of Farm Guardian is to work as an advanced monitoring tool for applications, for this, Farm Guardian reads the farm configuration and obtains the backend list, and helped by a plugin checks the backend health status, Farm Guardian updates the backend status for the given farm allowing or not allowing the load balancer to send traffic to such backend.

From this section, you can configure the Farmguardian check. You can see two section Global and Farms.

Global Settings

In the Global section, there are the health checks settings of a certain Farmguardian health check, as it’s shown below.
The fields of this section can be not editable if the check is pre-configured in the system, if you want to modify that check, you should Create a new Farmguardian check adding the copy param with the desired check name and modify the new.

  • Name. Identification name of the current Farm Guardian check.
  • Description. This field contains some description about the check.
  • Command. Check command and parameters to be executed on a regular basis against every backend.
  • Interval. Time in seconds between health check batches against all the backends.
  • Cut Connections. When this option is enabled, the current connections of the detected down backend are flushed, forcing an immediate reconnection to an available backend. If disabled, the current connections will be drained without disconnecting users.
  • Logs. Enables or disables the logs of every health check of Farm Guardian. With logs disabled only the backend status changes are shown in the log files.

Configure health checks

The used plugins by Farm Guardian can be found under the directory /usr/lib/nagios/plugins/.

Farm Guardian uses plugins in order to configure advanced health checks to detect if a certain real server is working as expected using customized options. There are a lot of health checks for every kind of protocol, service or application. The most important plugins are described below.

check_ftp: This plugin tests FTP connections with the specified host.

Usage:
check_ftp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_fping: This plugin will use the fping command to ping the specified host for a fast check.

Usage:
 check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number]

check_http: This plugin tests the HTTP service on the specified host. It can test plain (HTTP) and secure (HTTPS) protocols, follow redirects, it searches for strings and regular expressions, check connection times, and report on certificate expiration times, HTTP return codes, etc.

Usage:
 check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
       [-J <client certificate file>] [-K <private key>]
       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]
       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]
       [-T <content-type>] [-j method]

check_imap: This plugin tests IMAP connections with the specified host.

Usage:
check_imap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_ldap: This plugin tests LDAP services. It can be tested with a given search.

Usage:
 check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

check_ldaps: This plugin tests LDAPS services. It can be tested with a given search.

Usage:
 check_ldaps -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]
       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]
       [-2|-3] [-4|-6]

check_mysql: This plugin tests connections to a MySQL server.

Usage:
 check_mysql [-d database] [-H host] [-P port] [-s socket]
       [-u user] [-p password] [-S] [-l] [-a cert] [-k key]
       [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]

check_mysql_query: This plugin checks a query result against threshold levels.

Usage:
 check_mysql_query -q SQL_query [-w warn] [-c crit] [-H host] [-P port] [-s socket]
       [-d database] [-u user] [-p password] [-f optfile] [-g group]

check_pgsql: Test whether a PostgreSQL Database is accepting connections.

Usage:
check_pgsql [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>]
 [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>]
[-q <query>] [-C <critical query range>] [-W <warning query range>]

check_pop: This plugin tests POP connections with the specified host.

Usage:
check_pop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_radius: Tests to see if a RADIUS server is accepting connections.

Usage:
check_radius -H host -F config_file -u username -p password
			[-P port] [-t timeout] [-r retries] [-e expect]
			[-n nas-id] [-N nas-ip-addr]

check_simap: This plugin tests secure IMAP connections with the specified host.

Usage:
check_simap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_smtp: This plugin will attempt to open an SMTP connection with the host.

Usage:
check_smtp -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]
[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]
[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] 

check_snmp: Check the status of remote machines and obtain system information via SNMP.

Usage:
check_snmp -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]
[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]
[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]
[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]
[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]

check_spop: This plugin tests secure POP connections with the specified host.

Usage:
check_spop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_ssh: Try to connect to an SSH server at specified server and port.

Usage:
check_ssh  [-4|-6] [-t <timeout>] [-r <remote version>] [-p <port>] <host>

check_ssmtp: This plugin tests SSMTP connections with the specified host.

Usage:
check_ssmtp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

check_tcp: This plugin tests TCP connections with the specified host.

Usage:
check_tcp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]
[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]
[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]
[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]

For further information, execute the following command under the plugins path:

plugin_name --help

Farm Guardian will use these plugins to check the health status of the backends and will manage the execution error output of the executed plugin for deciding the backend status as follows:

If the error output == 0 then the backend is OK > $? = 0

If the error output <> 0 then the backend is NOT OK > $? <> 0

Custom plugin

These plugins can be configured and fully programmable by sysadmins in order to be adapted to any protocol or application.

This example shows a custom plugin check_load.sh.

#!/bin/bash
###
###comments:
###snmp utils should be installed
###snmpd should be installed and configured in the backends
###
MAXVALUE=4
COMMUNITY="public"
EXECUTE=`snmpget -v 2c -c $COMMUNITY $1 .1.3.6.1.4.1.2021.10.1.3.1 |cut -d ':' -f2 | cut -d '.' -f1 | sed s/\ // | sed s/\"//`

echo "SNMP CPU load check for $1 is $EXECUTE"
# If the result is true, exit with 1; error; else exit = 0; OK
if (( $EXECUTE >= $MAXVALUE )); then
#error output; the server is overloaded and the load balancer isn’t going to send more connections
exit 1
else
#not error; the server can accept more connections
exit 0
fi

Constants

When Farm Guardian execute a plugin, it can use some constants or tokens as arguments, like:

  • HOST: Farm Guardian will take care of modifying this constant by the real server IP address.
  • PORT: Farm Guardian will take care of modifying this constant by the real server port.

These constants can be used for every plugin, Farm Guardian will use them to run the health check with the real parameters in place.

Farms

On this section there is a list of farms and services using this Farm Guardian health check.

Farms and services can be detached from this Farm Guardian health check clicking the trash icon.

Share on:

Documentation under the terms of the GNU Free Documentation License.

Was this article helpful?

Related Articles