By default, RELIANOID runs basic health checks on the backends or real servers, but these checks may not be sufficient to ensure the proper functioning of the backends. To address this, RELIANOID includes a service called Farmguardian that executes and manages advanced health checks.
Farmguardian serves as an advanced monitoring tool for backend application servers. It reads configurations, obtains the list of backends, and uses plugins to check the health status of each backend. Based on these checks, Farmguardian updates the backend status for each farm, determining whether the load balancer should route traffic to that backend.
In this section, you will learn how to configure Farmguardian checks using both the Global settings and settings within a Farm.
Global Settings #
Within the Global section, these are the settings for Farmguardian.
In the Global tab, the fields are not editable if the checks are pre-loaded in the system. To modify a health check, create a new Farmguardian, enable the Copy Farmguardian option, and modify the new one.
Name. The identification name of the current Farmguardian check, which cannot be edited.
Command. The command executed to check the backends’ status.
Timeout. The maximum time for the backend to send a response (in seconds).
Interval. The time between health check batches against all the backends. This interval must be long enough to allow all backends to be checked (timeout * number of backends +1).
Description. A brief description of the Farmguardian check.
Cut Connections. When enabled, current connections to detected down backends are flushed, forcing an immediate reconnection to available backends. If disabled, current connections will be drained without disconnecting any clients.
Enable logs. Enables or disables logs for every Farmguardian check. With logs disabled, only backend status changes are shown in the log files.
Backend alias. A name that easily identifies the interface of the backend.
Configure health checks #
All available Farmguardian plugins are located in the directories /usr/lib/nagios/plugins and /usr/local/relianoid/app/libexec/ on the load balancer.
Farmguardian utilizes these plugins to configure advanced health checks, ensuring that real servers are functioning correctly using customized options. There are numerous health checks for different protocols, services, or applications. Below are descriptions of the most important plugins.
check_ftp. This plugin tests FTP connections with the specified host.
Usage: check_ftp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_fping: This plugin uses the fping command to quickly ping the specified host for a fast check.
Usage: check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number]
check_http: This plugin tests the HTTP service on the specified host. It can handle both plain (HTTP) and secure (HTTPS) protocols, follow redirects, search for specific strings or regular expressions, check connection times, and report on certificate expiration times, HTTP return codes, and more.
Usage: check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>] [-J <client certificate file>] [-K <private key>] [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth] [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>] [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]] [-T <content-type>] [-j method]
check_imap: This plugin tests IMAP connections with the specified host.
Usage: check_imap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_ldap: This plugin tests LDAP services using a specified search query.
Usage: check_ldap -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>] [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-2|-3] [-4|-6]
check_ldaps: This plugin tests LDAPS services using a specified search query.
Usage: check_ldaps -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>] [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-2|-3] [-4|-6]
check_mysql: This plugin verifies connections to a MySQL server.
Usage: check_mysql [-d database] [-H host] [-P port] [-s socket] [-u user] [-p password] [-S] [-l] [-a cert] [-k key] [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]
check_mysql_query: This plugin evaluates a query result against specified threshold levels.
Usage: check_mysql_query -q SQL_query [-w warn] [-c crit] [-H host] [-P port] [-s socket] [-d database] [-u user] [-p password] [-f optfile] [-g group]
check_pgsql: This plugin verifies if a PostgreSQL database is currently accepting connections.
Usage: check_pgsql [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>] [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>] [-q <query>] [-C <critical query range>] [-W <warning query range>]
check_pop: This plugin tests POP connections with a specified host.
Usage: check_pop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_radius: This plugin tests whether a RADIUS server is accepting connections.
Usage: check_radius -H host -F config_file -u username -p password [-P port] [-t timeout] [-r retries] [-e expect] [-n nas-id] [-N nas-ip-addr]
check_simap: This plugin tests secure IMAP (SIMAP) connections with the specified host.
Usage: check_simap -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_smtp: This plugin tests SMTP connections with the specified host.
Usage: check_smtp -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr] [-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q] [-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v]
check_snmp: This plugin checks the status of remote machines and retrieves system information using SNMP (Simple Network Management Protocol).
Usage: check_snmp -H <ip_address> -o <OID> [-w warn_range] [-c crit_range] [-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries] [-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter] [-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname] [-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]
check_spop: This plugin tests secure POP (SPOP) connections with the specified host.
Usage: check_spop -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_ssh: This plugin attempts to establish an SSH connection with the specified server and port.
Usage: check_ssh [-4|-6] [-t <timeout>] [-r <remote version>] [-p <port>] <host>
check_ssmtp: This plugin tests SSMTP connections with the specified host.
Usage: check_ssmtp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
check_tcp: This plugin tests TCP connections with the specified host.
Usage: check_tcp -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>] [-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j] [-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]
For more details, run the following command within the plugins directory:
plugin_name --help
Farmguardian utilizes these plugins to monitor the health status of the backends and interprets the execution error output of the plugin as follows:
- If the error output is 0, the backend is considered OK (exit status $? = 0).
- If the error output is not 0 (any non-zero value), the backend is considered NOT OK (exit status $? <> 0).
Custom plugin #
These plugins are configurable and fully programmable by system administrators to adapt to any protocol or application.
Here’s an example of a custom plugin named check_load.sh:
#!/bin/bash ### ###comments: ###snmp utils should be installed ###snmpd should be installed and configured in the backends ### MAXVALUE=4 COMMUNITY="public" EXECUTE=`snmpget -v 2c -c $COMMUNITY $1 .1.3.6.1.4.1.2021.10.1.3.1 |cut -d ':' -f2 | cut -d '.' -f1 | sed s/\ // | sed s/\"//` echo "SNMP CPU load check for $1 is $EXECUTE" # If the result is true, exit with 1; error; else exit = 0; OK if (( $EXECUTE >= $MAXVALUE )); then #error output; the server is overloaded and the load balancer isn’t going to send more connections exit 1 else #, not error; the server can accept more connections exit 0 fi
Constants #
When Farmguardian executes a plugin, it can use constants or tokens as arguments, such as:
HOST: Farmguardian will automatically replace this constant with the real server IP address.
PORT: Farmguardian will automatically replace this constant with the real server port.
These constants can be utilized for every plugin, allowing Farmguardian to execute health checks with the correct parameters.
Farms #
In this tab, you’ll find a list of farms and services utilizing this Farmguardian health check.
Farms and services can be assigned or removed from this Farmguardian health check using multiple selection options with single arrow icons or double arrows to enable or disable all farms.