SKUDONET uses simple health checks to monitor backends, but sometimes these checks are not enough. To address this, SKUDONET uses a daemon called Farmguardian to execute and manage advanced health checks using a set of plugins.

Farmguardian is an advanced monitoring tool for applications’ backends. It reads the farm configuration and obtains the backend list. Then, it uses plugins to check the backend health status and updates the backend status for a given farm. This determines whether the load balancer should send traffic to that backend.

In this section, you will learn how to configure Farmguardian checks. We will explore both tabs, the Global and Farms tab.

Global Settings

The Global section contains settings for certain Farmguardian health checks, as shown in the image below. These settings cannot be edited if the check is pre-loaded in the system. To modify a pre-loaded health check, you must create a new Farmguardian check, enable the Copy Farmguardian option, and then modify the new check.

• Name: The name of the Farmguardian check. This cannot be edited.
• Command: The command that is executed to check the status of the backend.
• Timeout: The maximum amount of time that the backend has to send back a response. Measured in seconds.
• Interval: The amount of time between each batch of health checks against all of the backends. Note that at each interval, the Farmguardian check will stop and be restarted. Therefore, the interval must be high enough to allow the check to check all of the backends (timeout * number of backends + 1).
• Description: A brief description of the Farmguardian check.
• Cut Connections: When this option is enabled, any existing connections to backends that are down are flushed, forcing clients to reconnect to available backends immediately. If this option is disabled, existing connections will be drained without disconnecting any clients.
• Enable logs: Enables or disables logging for the Farmguardian check. With logging disabled, only changes to the backend status will be shown in the log files.

Health checks configurations

All of the available Farmguardian plugins are located in the directory /usr/local/zevenet/app/libexec/ on the load balancer.

Farmguardian uses plugins to configure advanced health checks to detect whether a particular real server is working as expected using customized options. There are many health checks available for each protocol, service, or application. The most important plugins are described below.

check_ftp: This plugin tests FTP connections to the specified host.

Usage:
check_ftp -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_fping: This plugin will send a ping request to the specified host to quickly check if it is responding.

Usage:
 check_fping  -w limit -c limit [-b size] [-n number] [-T number] [-i number]

check_http: This plugin checks if the HTTP service is working properly on the specified host. It can test both regular HTTP and secure HTTPS connections, follow redirects, search for specific text or regular expressions in the response, check how long it takes to connect to the server, and report on when the server’s certificate expires, the HTTP status code, and other information.

Usage:
 check_http -H  | -I  [-u ] [-p ]
       [-J ] [-K ]
       [-w ] [-c ] [-t ] [-L] [-E] [-a auth]
       [-b proxy_auth] [-f ]
       [-e ] [-d string] [-s string] [-l] [-r  | -R ]
       [-P string] [-m :] [-4|-6] [-N] [-M ]
       [-A string] [-k string] [-S ] [--sni] [-C [,]]
       [-T ] [-j method]

check_imap: This plugin checks if the IMAP service is working properly on the specified host.

Usage:
check_imap -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_ldap: This plugin checks if the LDAP service is working properly on the specified host. It can also be used to test specific LDAP searches.

Usage:
check_ldap -H  -b  [-p ] [-a ] [-D ]
       [-P ] [-w ] [-c ] [-t timeout]
       [-2|-3] [-4|-6]

check_ldaps: This plugin checks if the LDAPS service is working properly on the specified host. It can also be used to test specific LDAPS searches.

Usage:
 check_ldaps -H  -b  [-p ] [-a ] [-D ]
       [-P ] [-w ] [-c ] [-t timeout]
       [-2|-3] [-4|-6]

check_mysql: This plugin checks if you can connect to a MySQL database server.

Usage:
 check_mysql [-d database] [-H host] [-P port] [-s socket]
       [-u user] [-p password] [-S] [-l] [-a cert] [-k key]
       [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]

check_mysql_query: This plugin checks if the results of a query are within a certain range.

Usage:
 check_mysql_query -q SQL_query [-w warn] [-c crit] [-H host] [-P port] [-s socket]
       [-d database] [-u user] [-p password] [-f optfile] [-g group]

check_pgsql: Check if you can connect to a PostgreSQL database.

Usage:
check_pgsql [-H ] [-P ] [-c ] [-w ]
 [-t ] [-d ] [-l ] [-p ]
[-q ] [-C ] [-W ]

check_pop: This plugin checks if you can connect to a POP server on the specified host.

Usage:
check_pop -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_radius: Checks if you can connect to a RADIUS server.

Usage:
check_radius -H host -F config_file -u username -p password
			[-P port] [-t timeout] [-r retries] [-e expect]
			[-n nas-id] [-N nas-ip-addr]

check_simap: This plugin checks if you can connect to a secure IMAP server on the specified host.

Usage:
check_simap -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_smtp: This plugin will try to connect to the specified host using the Simple Mail Transfer Protocol (SMTP). SMTP is a protocol that is used to send email messages between email servers.

Usage:
check_smtp -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]
[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]
[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] 

check_snmp: Use the Simple Network Management Protocol (SNMP) to monitor the health and performance of remote devices.

Usage:
check_snmp -H  -o  [-w warn_range] [-c crit_range]
[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]
[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]
[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]
[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]

check_spop: This plugin checks if you can connect to a secure POP server on the specified host.

Usage:
check_spop -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_ssh: Check if you can connect to an SSH server on a specific host and port.

Usage:
check_ssh  [-4|-6] [-t ] [-r ] [-p ] 

check_ssmtp: This plugin checks if you can connect to an SSMTP server on the specified host.

Usage:
check_ssmtp -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

check_tcp: This plugin checks if you can connect to the specified host using the Transmission Control Protocol (TCP).

Usage:
check_tcp -H host -p port [-w ] [-c ] [-s ]
[-e ] [-q ][-m ] [-d ]
[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]
[-D [,]] [-S ] [-E]

To learn more about a specific plugin, run the following command in the plugins directory:

plugin_name --help

Farm Guardian will use these plugins to check the health status of the backends. If the plugin returns an error, Farm Guardian will manage the error output to decide the backend status.

If the error output == 0 then the backend is OK > $? = 0
If the error output <> 0 then the backend is NOT OK > $? <> 0

Custom plugin

Sysadmins can configure these plugins because they can be programmed to work with any protocol or application.

This example shows a custom plugin called check_load.sh.

#!/bin/bash
###
###comments:
###snmp utils should be installed
###snmpd should be installed and configured in the backends
###
MAXVALUE=4
COMMUNITY="public"
EXECUTE=`snmpget -v 2c -c $COMMUNITY $1 .1.3.6.1.4.1.2021.10.1.3.1 |cut -d ':' -f2 | cut -d '.' -f1 | sed s/ // | sed s/"//`

echo "SNMP CPU load check for $1 is $EXECUTE"
# If the result is true, exit with 1; error; else exit = 0; OK
if (( $EXECUTE >= $MAXVALUE )); then
#error output; the server is overloaded and the load balancer isn't going to send more connections
exit 1
else
#, not error; the server can accept more connections
exit 0
fi

Constants

When FarmGuardian runs a plugin, it can use some constants or tokens as arguments, such as:

• HOST: FarmGuardian will replace this constant with the real server IP address.
• PORT: FarmGuardian will replace this constant with the real server port.

FarmGuardian will use these constants for each plugin to run the health check with the real parameters.

Farms

Farms and services can be assigned or removed from this Farmguardian health check using multiple selections with single arrow icons or double arrows to enable or disable all farms.”:

This tab shows a list of farms and services that are using this Farmguardian health check.

You can Add or Remove farms and services from this health check using the single arrow icons to select individual items, or the Double arrow icons to select all items. You can also Enable or Disable all farms at once using the double arrow icons.

Next Article: Network | NIC