CSS 11500 - Keepalive script to remotely execute a shell script on a server
Hi!
I've been trying to connect the dots but so far I've got nothing close to what I need - based on Cisco's documentation.
I was wondering if it was possible for the CSS switch to connect to a server in order to execute a shell script such as "/opt/whatever/script.sh", which would return a specific value like "OK". Anything different than OK would mean a dead service, and the affected service would be taken out of business (no load balancing play).
Could someone confirm whether it can be done?
Many thanks!!
Leo
Leo,
you could try to use CSS script to telnet to the server, and execute the command.
But that would be ugly.
What you should do, is put your script inside a cgi webpage and let the CSS call the webpage.
Your webserver will then run the script that you want and return to result inside and HTML page to the CSS which can then decide on the status of the server.
If you do not have a web server, you should create a small tcp server to listen to CSS request and again send the result of the script back to css.
Gilles.
Similar Messages
-
Is it possible to configure a keepalive script to detect the text returned from a cold fusion web page - eg "server available". Not the header but actual content of the page.
Gilles:
I know this is a two years old, but need some help with the issue regarding this post. I need to have a script keepalive to verify the content of a page. I tried what you mentioned here, but my service won't come up. My set up is this:
SERVICE
service serbancasawebback
type ssl-accel-backend
add ssl-proxy-list bhdssl
keepalive type script ap-kal-httptagban
protocol tcp
port 80
ip address 192.168.249.23
active
The script I used is as follows:
!no echo
! Filename: ap-kal-httptagban
! Parameters: HostName WebPage HostTag
! Description:
! This script will connect to the remote host and do an HTTP
! GET method upon the web page that the user has asked for.
! This script also adds a host tag to the GET request.
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Not receiving an HTTP status â200 OKâ
if ${ARGS}[#] âNEQâ â3â
echo âUsage: ap-kal-httptagban \'192.168.249.23 /bancasa/start.swe?SWECmd=Logoff www2.bhd.com.do\'â
exit script 1
endbranch
! Defines:
set HostName â${ARGS}[1]â
set WebPage â${ARGS}[2]â
set HostTag â${ARGS}[3]â
! Connect to the remote Host
set EXIT_MSG âConnection Failureâ
socket connect host ${HostName} port 80 tcp
! Send the GET request for the web page
set EXIT_MSG âSend: Failedâ
socket send ${SOCKET} âGET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\nâ
! Wait for a good status code
set EXIT_MSG âWaitfor: Failedâ
socket waitfor ${SOCKET} âSWE Internal Errorâ 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
Notice this is an SSL back-end service. The web page the user should request is:
https://www2.bhd.com.do/bancasa/start.swe?SWECmd=Logoff
If it returs the page with the error, then is down.
I'm not sure I have all arguments OK or in the correct format. Also,I'm a little confused regarding whta the Hostag should be.
Can you please verify what I have wrong ?
Thanks -
Hi,
I have a question... Is there a reason for a keepalive being up and the service that as the keepalive associated being down?
kind regards,
LRHi LR!
Is it possible that the service is administratively down?
be well,
dw -
I am trying to write a script for detecting the status of an LDAP server on a CSS. I figured out that I should capture the binary send and receive data of the LDAP query. I captured the request and response packets. But I have no idea of which part of the binary data (and how) I should put into the stock LDAP keepalive script. Could someone put me in the right direction?
Thanks a lot.
DanielJust look at the existing ldap script
CSS11503-2# sho script ap-kal-ldap
!no echo
! Filename: ap-kal-ldap
! Parameters: HostName
! Description: "Lightweight Directory Access Protocol v3"
! This script will connect to an LDAP server and attempt to
! "bind request" to the server. Once the server gives a
! positive response we will disconnect (RFC-2251).
! Bind Response Code we will search for is: 0x0a 0x01 0x00
! Failure Upon:
! 1. Not establishing a connection with the host.
! 2. Failure to receive the above response code.
! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "NEQ" "1"
echo "Usage: ap-kal-ldap \'Hostname\'"
exit script 1
endbranch
! Defines:
set HostName "${ARGS}[1]"
set EXIT_MSG "Connection Failed"
! Connect to the remote host (use default timeout)
socket connect host ${HostName} port 389 tcp 2000
set EXIT_MSG "Send: Failure"
! Send a Bind Request to the remote host. This is simply a standard
! "capture" of a bind request in hex. This should work for all standard
! version 3 LDAP servers.
socket send ${SOCKET} "300c020102600702010204008000" raw
set EXIT_MSG "Recieve: Failure"
! Expect to receive a standard response from the host. This should
! be equal to a SUCCESS response code:
socket waitfor ${SOCKET} "0a0100" 2000 raw
set EXIT_MSG "Send: Failure"
! Send an exit "Unbind Request" to the remote host so that they
! are not left hanging.
socket send ${SOCKET} "30050201034200" raw
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
CSS11503-2#
In red, you see the command to send the binary (this includes everything inside the tcp payload - after the tcp header).
In blue, you see the command to inspect received data and consider the response valid if the sequence is seens somewhere in the tcp payload of the response.
Gilles. -
Cisco CSS 11503 ntp keepalive script
Have setup a new Owner/Service/Group for loadbalancing NTP traffic to 2 NTP servers. It all appears to work fine apart from failure of one of the servers NTP service. I've currently set up a simple ping keepalive which works fine if one of the servers fail but this keepalive won't detect if the servers NTP service fails. I'm running 8.20 code. My question is has anybody created a working keepalive script for NTP traffic for the CSS?
Hi Daniel,
I had looked at that script but it doesn't suit my needs. The script uses TCP port 37 for its keepalives whereas our NTP servers use UDP port 123.
Regards
Noel -
Hi,
I am writing a keepalive script, which put the service in active mode or in suspended mode, depending on a web page content, requested by the script. It works very good from active to suspended, but once in suspended mode, the keepalive script is not run anymore and therefore cannot detect the page, which should put the service back online! Is there a way for the keepalive to continue, even if a service is suspended ?
Thank you
Yves HaemmerliYes, I traced what the script does and it is clear to me that the keepalive stops if the service is put in suspended mode. I agree with you, if the service is down, the keepalive continue every retryperiod.
But I solved my problem in the following way : I created a second service, which uses another script (actually a subset of the first script), which also monitors the test pages on the server. This second script always exits with return code 0 (sucessful) and therefore never stops working. As soon the second script recognizes the character string "PORTALUP" in the test page, it sets the first service in active mode, which restarts the keepalive scheduling. It works perfectly and this allows to put a server in maintenance mode (suspend) from the server itself, without to stop existing user flows.
As this is a workaround solution, it would be better if the CSS would continue to keepalive in suspend mode...
Yves Haemmerli -
How can I remotely execute scripts using Messages?
I want to be able to remotely execute applescripts by sending messages from iMessage. I want to test who is sending the message (so it is secure), then execute the text that is received. I have tried using the message received handler for when a message is received, but it doesn't seem to work. How can I do this?
Umm,
I have the same AppleScript in iChat 5.x.x in the same folder in Snow Leopard. (well, actually it is in the iChat folder in the Scripts folder)
I even have it on my Leopard Computer for iChat 4.0.9 (again in the iChat folder).
We are talking about the Library folder seen at the top level of the Hard Drive (Along with System, Applications, Users) rather then the Home Folder/Library of the logged in User.
7:53 PM Sunday; July 21, 2013
iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.4)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad
"Limit the Logs to the Bits above Binary Images." No, Seriously -
Do CSS 11500 series allow remote SPAN?
Hi,
I found SPAN (Switch port analyzer) is available on CSS 11500 series, but could only found destination must be local. Is it possible to do remote SPAN and make the destination be in another remote switch?
And how many local span sessions are allowed?
Thanks,
Rgds
JorgeCisco WebNS Software Version 7.20 delivers support for a new Cisco CSS 11501 model and Cisco WebNS Software 7.20 supports SPAN the features.
Switched Port Analyzer (SPAN) or port mirroring is useful for network analysis?a copy of the packets received or transmitted by a source port is sent to a designated destination port.
Kindly go through these links to get detailed information:
http://www.provantage.com/cisco-systems-css11503-ac~7CSCO288.htm
http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a008077c440 -
How to execute unix shell script in webdynpro?
hi all,
We have some iquirement of executing script in unix.If anyone know How to execute unix shell script in webdynpro?
best regard
reefishRee,
1. Find SSH client for windows, then execute SSH with Runtime.exec() on local host with arguments like remote host, auth, command to execute etc.
2. Get SSH client in Java and execute SSH commands on remote host using pure Java API.
Don't ask me for links, Google works today, I checked this
Valery Silaev
SaM Solutions
http://www.sam-solutions.net -
Remotely execute batch commands for AD users?
Alright, so I haven't found this anywhere, but is there a way to remotely execute commands for AD users?Eg. I have a user with an invalid signature in Outlook. I originally wrote up a script that would apply these signatures and set them as default on user logon, but I also made versioning available in my script, and I don't want to create an entire new version just because of a single signature, so instead I would prefer to use a command like "xcopy "\\server\deployed\signatures\%username%\signature.htm" /q /y /z" Is it possible for me to do it remotely?PS.Sorry if the question may sound stupid, I just haven't done something like this before.
This topic first appeared in the Spiceworks CommunityAlright, so I haven't found this anywhere, but is there a way to remotely execute commands for AD users?Eg. I have a user with an invalid signature in Outlook. I originally wrote up a script that would apply these signatures and set them as default on user logon, but I also made versioning available in my script, and I don't want to create an entire new version just because of a single signature, so instead I would prefer to use a command like "xcopy "\\server\deployed\signatures\%username%\signature.htm" /q /y /z" Is it possible for me to do it remotely?PS.Sorry if the question may sound stupid, I just haven't done something like this before.
This topic first appeared in the Spiceworks Community -
Hi,
I have a question regarding sorry server configuration on the CSS 11500 series.
Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
service Sorry-Server
protocol tcp
port 8000
keepalive type tcp
ip address 192.168.2.254
active
service server1
ip address 192.168.2.101
protocol tcp
keepalive type tcp
port 8080
active
service server2
ip address 192.168.2.102
protocol tcp
keepalive type tcp
port 8080
active
owner Customer1
content Content1
vip address 192.168.1.101
port 80
protocol tcp
url "/*"
balance aca
advanced-balance arrowpoint-cookie
flow-timeout-multiplier 6
add service server1
add service server2
primarySorryServer Sorry-Server
active
content Content1-Redirect
redirect "/psp/CUSTOMER1/?cmd=login"
vip address 192.168.1.101
port 80
protocol tcp
url "/"
active
Thanks in advance for your help!
Best regards,
HarryHi again,
During a maintenance window I made the following change and that made things a bit better:
service Sorry-Server
type redirect
keepalive type none
redirect-string "192.168.2.254:8000"
active
However, since the redirect string points to a private address, Internet users are not able to access the URL.
As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
service Sorry-Server
type redirect
keepalive type none
redirect-string "sorry.example.com:8000"
active
service Sorry-Server-2
ip address 192.168.2.254
protocol tcp
port 8000
keepalive type tcp
active
owner Customer1
content Content2
vip address x.x.x.x
add service Sorry-Server-2
port 8000
protocol tcp
active
Is there a better way to do this?
Best regards,
Harry -
Exception when remotely executing Export-CsArchivingData cmdlet from C# managed code
Hi,
Hopefully this is the right forum.
The issue is specifically about remotely executing Export-CsArchivingData cmdlet from C# managed code.
I use RunspacePool to connect to remote Lync server as described here:
http://msdn.microsoft.com/en-us/library/ee706598(v=vs.85).aspx
I can connect to remote Lync server and execute many Lync cmdlets (e.g. Get-CsUser, Get-CsSite, Get-CsPool, etc) and get the results just fine.
However, when it tries to execute Export-CsArchivingData cmdlet remotely, it throws the following exception:
System.AggregateException: One or more errors occurred. ---> System.Management.Automation.RemoteException: The term 'Export-CsArchivingData' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the
name, or if a path was included, verify that the path is correct and try again.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation.PowerShell.EndInvoke(IAsyncResult asyncResult)
Additional info:
1. I created a custom RBAC role and added Export-CsArchivingData to it. Then, assign this new role to the account that runs the application.
2. Using regular powershell (not Lync powershell) from the machine (that I run my app from) with Lync admin tool installed and ran with the account that has the custom RBAC role assigned, I can connect to remote Lync server and execute Export-CsArchivingData
just fine.
3. Execute the app using the same above account (that has custom RBAC role) on two machines (one with Lync admin tool installed, one without) and connect to remote Lync server.
Same behavior on both machine, I got the above the exception when executing Export-CsArchivingData and no problem when executing other Lync cmdlets mentioned above.
Yes, even from a machine without Lync admin tool installed, I can execute other Lync cmdlets mentioned above.
At this point, I am not sure why I get the above exception when Export-CsArchivingData is executed from my app while I can connect to remote Lync server and call Export-CsArchivingData just fine via regular Powershell, both on the same machine.
Note: I do not call Import-Module Lync in C# managed code since it is not necessary so far for executing other Lync cmdlets remotely.
Any idea on what to look for?
Thanks in advance.I would recommend you call Import-Module Lync first, the command is not recognized.
Lisa Zheng
TechNet Community Support -
CSS 11500 url path rewrite and NAT
Hi,
We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.
What we would like to do is the following:
http://www.example.com/path1 -> http://host1:80
http://www.example.com/path2 -> http://host1:8080
http://www.example.com/path3 -> http://host2:80
The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.
The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.
Any help would be very much appreciated!
Regards,
HaraldHello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.
First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.
Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.
Third : To solve your problem...
http://www.example.com/path1 -> http://host1:80 (ipA)
http://www.example.com/path2 -> http://host1:80 (ipB)
http://www.example.com/path3 -> http://host2:80
if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...
O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(
I'm sorry if I make mistake, I'm just telling my experience... -
Hi
I have 2 CSS 11500 series units working in a master / slave configuration.
Both units are identical in regards to hardware, IOS, etc.
1 unit allows the running config to be saved by the ' copy run start' command where the other goes through the motions of saving, but a 'show startup-config' shows nothing.
This unit seems to be operational in every other regard. Is this a hardware fault or am I missing a software command somewhere along the way ?
Thanks
IanYou get such problems when the device is running short of memory. Try increasing the DRAM because what is happening is that the device saves the config in the NVRAM but it does not have enough DRAM to display the configuration when the "sh startup-config" command is executed. A temporary solution is to restart the device, if the problem persists then you have to upgrade the memory.
-
Does anyone know if it is possible to do a 301 redirect as opposed to the 302 redirect in a CSS 11500?
Everything I have read and these forums indicate 302 only I am just wondering if anyone knows of a way to work around via script or possibly any CSS updates that can add 301 functionality.
Maybe you are looking for
-
I downloaded code for a reservation event receiver from here: http://blog.sharepointsydney.com.au/post/Setting-up-multiple-calendars-for-meeting-room-bookings-prevent-double-booking.aspx However, on the ItemUpdating it throws an "Object Reference No
-
My lost device no-longer shows up on wheres my iPhone???
Hi I need help with locating my iPhone , this is a bit of a story but i really need help!! Basically I left my iPhone plugged into my laptop to leave on charge, but I left my iphone off because theres something wrong with the docking station and for
-
VCF/vCard not importing correctly
This is odd. I have hundreds of vCards and most of them imported correctly into Address Book. But some are dropping many of the phone numbers. The following vCard only imports the NYC number (ending in 3350) and leaves all the others out. But the rea
-
Using Flash Player 11 with iSky?
Hi, I have a windows7 64-bit operating system. Have never been able to use the Flash Player 11 for iSky with Windows Internet Explorer, but it worked using Google Chrome, up until a huge Windows update a couple of days ago. Now it isn't working at al
-
When you bring up the browser and type in Church of God's Messengers, it brings up the links. When you click on the links, it closes Firefox completely. When you bring back up Firefox it asks you if you want to restore the session. I never used to ha