API tools faq
paste
Advertisement
Guest User

LTM Script

a guest
Mar 27th, 2014
352
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.40 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #####
  4. #
  5. # This will be run as an external monitor.
  6. #
  7. # This script uses curl to grab the content of a status page on the LFEP server,
  8. # and based on the content analyzes the SNAT configuration and adjusts it if
  9. # necessary.
  10. #
  11. # The first check criteria for this script is the status page content. The
  12. # only valid content stings are "nj1" and "bxb". This tell us which site
  13. # current owns the primary IP address, and which site owns the alternate IP
  14. # address. If there is any other string in the status page the script will
  15. # log that there wasn't any valid content and exit without making any changes.
  16. #
  17. # Once the primary and alternate site is determined "tmsh list ltm snat" is
  18. # executed to make sure the SNAT configuration matches the IP ownership
  19. # described above. If there is a conflict, (e.g. bxb is dtermined to be the
  20. # owner of the primary ip space, but its servers are being SNATed to the
  21. # alternated IP space) the current SNAT definitions for the primary and
  22. # alternate IP will be deleted and recreated appropriately.
  23. #
  24. # The choice was made to delete and recreated the SNATs instead of modifying
  25. # the existing configs for two reasons. The first, it was syntax-wise easier.
  26. # The second, the SNAT configurations should be consistent if the script constantly
  27. # recreating them.
  28. #
  29. # Both sites also have SNAT definitions for both the primary and alternate IP
  30. # space applied. If one stie owns a particular address space, the SNAT definition
  31. # for the IP space it doesn't own lists a junk IP address as the origin. This was
  32. # done to keep the script as small as possible.
  33. #
  34. # When the curl result and SNAT definition do not line up appropriately the following happenes:
  35. # 1. A backup is performed, and the resulting filename will have the "ids-snat.sh" string within it.
  36. # 2. The exisint SNAT definitions get deleted
  37. # 3. New SNAT definitions with the same names as the deleted will be created to line up with the expected result.
  38. # 4. The config will be synced with the peer
  39. #
  40. # Any other failure combination should just cause the script to exit without changing anything.
  41. #
  42. ####
  43.  
  44. #set -eu
  45.  
  46. # Full path variables to commands used in the script
  47. CURL='/usr/bin/curl'
  48. GREP='/bin/grep'
  49. TMSH='/usr/bin/tmsh'
  50. LOGGER='/bin/logger'
  51.  
  52. #IP addresses of the VCS members
  53. VCS1='10.12.1.11'
  54. VCS2='10.12.1.12'
  55.  
  56. #IP address to be configured for the SNAT group not in use by this LTM at this time.
  57. JUNKVCS='1.1.1.1'
  58.  
  59. #iTranslation IP address of the Primary and Alt SNAT definitions
  60. PRI_IP='10.11.1.10'
  61. ALT_IP='10.11.1.20'
  62.  
  63. # Log debug to local0.debug (/var/log/ltm)?
  64. # Check if a variable named DEBUG exists from the monitor definition
  65. # This can be set using a monitor variable DEBUG=0 or 1
  66. if [ -n "$DEBUG" ]
  67. then
  68. if [ $DEBUG -eq 1 ]; then echo "IDS_SNAT: `basename $0`: \$DEBUG: $DEBUG" | $LOGGER -p local0.debug; fi
  69. else
  70. # If the monitor config didn't specify debug, enable/disable it here
  71. DEBUG=1
  72. #echo "IDS_SNAT: `basename $0`: \$DEBUG: $DEBUG" | logger -p local0.debug
  73. fi
  74.  
  75. # Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
  76. IP=`echo $1 | sed 's/::ffff://'`
  77.  
  78. # Save the port for use in the shell command
  79. PORT="$2"
  80.  
  81. #The URL of the status message of the pool member
  82. URL="http://$IP/apachecheck.html"
  83. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Url being checked -> $URL" | $LOGGER -p local0.debug; fi
  84.  
  85. # Check if there is a prior instance of the monitor running
  86. PIDFILE="/var/run/`basename $0`.$IP.$PORT.pid"
  87. if [ -f $PIDFILE ]
  88. then
  89. kill -9 `cat $PIDFILE` > /dev/null 2>&1
  90. echo "IDS_SNAT: `basename $0`: exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $PIDFILE`" | $LOGGER -p local0.error
  91. fi
  92. # Add the current PID to the PIDFILE
  93. echo "$$" > $PIDFILE
  94. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Contents of $PIDFILE -> `cat $PIDFILE`" | $LOGGER -p local0.debug; fi
  95.  
  96. #Grab the content of the status page and store it in $PAGE
  97. PAGE=`$CURL -s $URL`
  98. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Status page contains -> $PAGE" | $LOGGER -p local0.debug; fi
  99.  
  100. # TMSH list the content of snat definition snat_ids_primary, and look for
  101. # the VCS IP addresses to store them in the $PRI variable. If the VCS are
  102. # not in the primary SNAT, $PRI should be empty.
  103. PRI=`$TMSH list ltm snat snat_ids_primary | $GREP -E "$VCS1|$VCS2"`
  104. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Result of Primary SNAT check -> $PRI" | $LOGGER -p local0.debug; fi
  105.  
  106. # TMSH list the content of snat definition snat_ids_alt, and look for
  107. # the VCS IP addresses to store them in the $BKP variable. If the VCS are
  108. # not in the alt SNAT, $BKP should be empty.
  109. BKP=`$TMSH list ltm snat snat_ids_alt | $GREP -E "$VCS1|$VCS2"`
  110. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: Result of Backup SNAT check -> $BKP" | $LOGGER -p local0.debug; fi
  111.  
  112. # The $DATE variable is used in the UCS backup file name.
  113. DATE=`/bin/date +"%y%m%d.%H%M%S.%N"`
  114.  
  115. # If the status page conatins "bxb", check to see if the VCS IPs are listed
  116. # in the $PRI variable, and make sure the $BKP variable is empty. If these
  117. # conditions are met exit the script. If not, delete the SNAT difinitions
  118. # and recreate them with the appropriate configurations.
  119. if [ $PAGE = "bxb" ]
  120. then
  121. # Echo up to STDOUT for the pool member to be listed as up.
  122. echo "Up"
  123. # If bxb is in the status page, the VCS IP should be in $PRI and $BKP should be empty.
  124. # In this scenarios the bxb LTMs will have the primary IP, and the alt IP will be
  125. # configured on the nj1 LTMs
  126. if [[ "$PRI" =~ "$VCS1" ]] && [[ "$PRI" =~ "$VCS2" ]] && [ ! "$BKP" ]
  127. then
  128. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: bxb in status page, and VCS IPs ($VCS1 and $VCS2) listed as origins in snat_ids_primary." | $LOGGER -p local0.debug; fi
  129. rm -f $PIDFILE
  130. exit 0
  131. # If bxb is in the status page, and the VCS IPs are in the snat_ids_atl snat difinition reset the SNAT definitions.
  132. elif [ ! "$PRI" ] && [[ "$BKP" =~ "$VCS1" ]] && [[ "$BKP" =~ "$VCS2" ]]
  133. then
  134. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: CHANGE CONDITION, bxb in status page, and VCS IPs ($VCS1 and $VCS2) listed as origins in snat_ids_alt." | $LOGGER -p local0.debug; fi
  135. echo "IDS_SNAT: Status page changed to $PAGE. Starting NAT change process" | $LOGGER -p local0.info
  136. # Create UCS backup with a name that will identify it with the IDS SNAT process. Log updates regarding this command to /var/log/ltm.
  137. echo "IDS_SNAT: Starting UCS backup ids_snat_backup_$DATE.ucs" | $LOGGER -p local0.info
  138. $TMSH save sys ucs ids_snat_backup_$DATE.ucs > /dev/null 2>&1
  139. if [ $? -eq 0 ]
  140. then
  141. echo "IDS_SNAT: Backup ids_snat_backup_$DATE.ucs successfully created" | $LOGGER -p local0.info
  142. else
  143. echo "IDS_SNAT: Backup ids_snat_backup_$DATE.ucs failed. Script stopping." | $LOGGER -p local0.info
  144. rm -f $PIDFILE
  145. exit 1
  146. fi
  147.  
  148. # Delete the existing snat_ids_primary definition. Log updates regarding this command to /var/log/ltm.
  149. echo "IDS_SNAT: Deleting SNAT snat_ids_primary" | $LOGGER -p local0.info
  150. $TMSH delete ltm snat snat_ids_primary > /dev/null 2>&1
  151. if [ $? -eq 0 ]
  152. then
  153. echo "IDS_SNAT: SNAT snat_ids_primary successfully deleted" | $LOGGER -p local0.info
  154. else
  155. echo "IDS_SNAT: SNAT snat_ids_primary deletion failed. Script stopping." | $LOGGER -p local0.info
  156. rm -f $PIDFILE
  157. exit 1
  158. fi
  159.  
  160. # Delete the existing snat_ids_alt definition. Log updates regarding this command to /var/log/ltm.
  161. echo "IDS_SNAT: Deleting SNAT snat_ids_alt" | $LOGGER -p local0.info
  162. $TMSH delete ltm snat snat_ids_alt > /dev/null 2>&1
  163. if [ $? -eq 0 ]
  164. then
  165. echo "IDS_SNAT: SNAT snat_ids_alt successfully deleted" | $LOGGER -p local0.info
  166. else
  167. echo "IDS_SNAT: SNAT snat_ids_alt deletion failed. Script stopping." | $LOGGER -p local0.info
  168. rm -f $PIDFILE
  169. exit 1
  170. fi
  171.  
  172. # Recreate snat_ids_primary with the VCS IPs listed as origins. Log updates regarding this command to /var/log/ltm.
  173. echo "IDS_SNAT: Creating SNAT snat_ids_primary" | $LOGGER -p local0.info
  174. $TMSH create ltm snat snat_ids_primary mirror enabled translation $PRI_IP origins add { $VCS1 $VCS2 } > /dev/null 2>&1
  175. if [ $? -eq 0 ]
  176. then
  177. echo "IDS_SNAT: SNAT snat_ids_primary successfully created" | $LOGGER -p local0.info
  178. else
  179. echo "IDS_SNAT: SNAT snat_ids_primay creation failed. Script stopping." | $LOGGER -p local0.info
  180. rm -f $PIDFILE
  181. exit 1
  182. fi
  183.  
  184. # Recreate snat_ids_alt with the JUNK IP listed as origins. Log updates regarding this command to /var/log/ltm.
  185. echo "IDS_SNAT: Creating SNAT snat_ids_alt" | $LOGGER -p local0.info
  186. $TMSH create ltm snat snat_ids_alt mirror enabled translation $ALT_IP origins add { $JUNKVCS } > /dev/null 2>&1
  187. if [ $? -eq 0 ]
  188. then
  189. echo "IDS_SNAT: SNAT snat_ids_alt successfully created" | $LOGGER -p local0.info
  190. else
  191. echo "IDS_SNAT: SNAT snat_ids_alt creation failed. Script stopping." | $LOGGER -p local0.info
  192. rm -f $PIDFILE
  193. exit 1
  194. fi
  195.  
  196. # Perform and LTM config sync. Log updates regarding this command to /var/log/ltm.
  197. echo "IDS_SNAT: SYNCing the LTM config" | $LOGGER -p local0.info
  198. $TMSH run sys config-sync > /dev/null 2>&1
  199. if [ $? -eq 0 ]
  200. then
  201. echo "IDS_SNAT: LTM successfully synced" | $LOGGER -p local0.info
  202. rm -f $PIDFILE
  203. exit 0
  204. else
  205. echo "IDS_SNAT: LTM did not sync properly." | $LOGGER -p local0.info
  206. rm -f $PIDFILE
  207. exit 1
  208. fi
  209. fi
  210. # If the status page conatins "nj1" and not "bxb", check to see if the VCS IPs are listed
  211. # in the $BKP variable, and make sure the $PRI variable is empty. If these
  212. # conditions are met exit the script. If not, delete the SNAT difinitions
  213. # and recreate them with the appropriate configurations.
  214. elif [ $PAGE = "nj1" ]
  215. then
  216. # Echo up to STDOUT for the pool member to be listed as up.
  217. echo "Up"
  218. # If nj1 is in the status page, the VCS IP should be in $BKP and $PRI should be empty.
  219. # In this scenarios the nj1 LTMs will have the primary IP, and the alt IP will be
  220. # configured on the bxb LTMs
  221. if [ ! "$PRI" ] && [[ "$BKP" =~ "$VCS1" ]] && [[ "$BKP" =~ "$VCS2" ]]
  222. then
  223. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: nj1 in status page, and VCS IPs ($VCS1 and $VCS2) listed as origins in snat_ids_alt." | $LOGGER -p local0.debug; fi
  224. rm -f $PIDFILE
  225. exit 0
  226. # If nj1 is in the status page, and the VCS IPs are in the snat_ids_primary snat difinition reset the SNAT definitions.
  227. elif [[ "$PRI" =~ "$VCS1" ]] && [[ "$PRI" =~ "$VCS2" ]] && [ ! "$BKP" ]
  228. then
  229. if [ "$DEBUG" -eq 1 ]; then echo "IDS_SNAT: CHANGE CONDITION, nj1 in status page, and VCS IPs ($VCS1 and $VCS2) listed as origins in snat_ids_primary." | $LOGGER -p local0.debug; fi
  230. echo "IDS_SNAT: Status page changed to $PAGE. Starting NAT change process" | $LOGGER -p local0.info
  231. # Create UCS backup with a name that will identify it with the IDS SNAT process. Log updates regarding this command to /var/log/ltm.
  232. echo "IDS_SNAT: Starting UCS backup ids_snat_backup_$DATE.ucs" | $LOGGER -p local0.info
  233. $TMSH save sys ucs ids_snat_backup_$DATE.ucs > /dev/null 2>&1
  234. if [ $? -eq 0 ]
  235. then
  236. echo "IDS_SNAT: Backup ids_snat_backup_$DATE.ucs successfully created" | $LOGGER -p local0.info
  237. else
  238. echo "IDS_SNAT: Backup ids_snat_backup_$DATE.ucs failed. Script stopping." | $LOGGER -p local0.info
  239. rm -f $PIDFILE
  240. exit 1
  241. fi
  242.  
  243. # Delete the existing snat_ids_primary definition. Log updates regarding this command to /var/log/ltm.
  244. echo "IDS_SNAT: Deleting SNAT snat_ids_primary" | $LOGGER -p local0.info
  245. $TMSH delete ltm snat snat_ids_primary > /dev/null 2>&1
  246. if [ $? -eq 0 ]
  247. then
  248. echo "IDS_SNAT: SNAT snat_ids_primary successfully deleted" | $LOGGER -p local0.info
  249. else
  250. echo "IDS_SNAT: SNAT snat_ids_primary deletion failed. Script stopping." | $LOGGER -p local0.info
  251. rm -f $PIDFILE
  252. exit 1
  253. fi
  254.  
  255. # Delete the existing snat_ids_alt definition. Log updates regarding this command to /var/log/ltm.
  256. echo "IDS_SNAT: Deleting SNAT snat_ids_alt" | $LOGGER -p local0.info
  257. $TMSH delete ltm snat snat_ids_alt > /dev/null 2>&1
  258. if [ $? -eq 0 ]
  259. then
  260. echo "IDS_SNAT: SNAT snat_ids_alt successfully deleted" | $LOGGER -p local0.info
  261. else
  262. echo "IDS_SNAT: SNAT snat_ids_alt deletion failed. Script stopping." | $LOGGER -p local0.info
  263. rm -f $PIDFILE
  264. exit 1
  265. fi
  266.  
  267. # Recreate snat_ids_primary with the JUNK IP listed as origins. Log updates regarding this command to /var/log/ltm.
  268. echo "IDS_SNAT: Creating SNAT snat_ids_primary" | $LOGGER -p local0.info
  269. $TMSH create ltm snat snat_ids_primary mirror enabled translation $PRI_IP origins add { $JUNKVCS } > /dev/null 2>&1
  270. if [ $? -eq 0 ]
  271. then
  272. echo "IDS_SNAT: SNAT snat_ids_primary successfully created" | $LOGGER -p local0.info
  273. else
  274. echo "IDS_SNAT: SNAT snat_ids_primay creation failed. Script stopping." | $LOGGER -p local0.info
  275. rm -f $PIDFILE
  276. exit 1
  277. fi
  278.  
  279. # Recreate snat_ids_alt with the VCS IPs listed as origins. Log updates regarding this command to /var/log/ltm.
  280. echo "IDS_SNAT: Creating SNAT snat_ids_alt" | $LOGGER -p local0.info
  281. $TMSH create ltm snat snat_ids_alt mirror enabled translation $ALT_IP origins add { $VCS1 $VCS2 } > /dev/null 2>&1
  282. if [ $? -eq 0 ]
  283. then
  284. echo "IDS_SNAT: SNAT snat_ids_alt successfully created" | $LOGGER -p local0.info
  285. else
  286. echo "IDS_SNAT: SNAT snat_ids_alt creation failed. Script stopping." | $LOGGER -p local0.info
  287. rm -f $PIDFILE
  288. exit 1
  289. fi
  290.  
  291. # Perform and LTM config sync. Log updates regarding this command to /var/log/ltm.
  292. echo "IDS_SNAT: SYNCing the LTM config" | $LOGGER -p local0.info
  293. $TMSH run sys config-sync > /dev/null 2>&1
  294. if [ $? -eq 0 ]
  295. then
  296. echo "IDS_SNAT: LTM successfully synced" | $LOGGER -p local0.info
  297. rm -f $PIDFILE
  298. exit 0
  299. else
  300. echo "IDS_SNAT: LTM did not sync properly." | $LOGGER -p local0.info
  301. rm -f $PIDFILE
  302. exit 1
  303. fi
  304. fi
  305.  
  306. fi
  307. # If none of the testing conditions match, log it and exit.
  308. echo "IDS_SNAT ERROR: No conditions met" | $LOGGER -p local0.error
  309. rm -f $PIDFILE
  310. exit 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!