Skip to content

Latest commit

 

History

History
202 lines (161 loc) · 7.63 KB

check_http_get_raw.md

File metadata and controls

202 lines (161 loc) · 7.63 KB
Raw

Check HTTP GET RAW (BETA)

It performs an HTTP GET of PATH for HOST using a RAW socket sending the packets from the SOURCE_INTERFACE to the MAC address of the REAL_SERVER with a TCP/IP destination set to VIRTUAL_IP and PORT. The MD5 hash of the HTTP response body is then compared to VALUE for the check to be successful.

This is suitable to be used as a check for load balancers in direct routing mode (LVS-DR) to ensure that the real server is indeed answering to packets with the VIRTUAL_IP destination IP.

It is basically the same check as HTTP_GET in Keepalived.

N.B.: This check accepts only single TCP packets replies, see the TODO section in the project README for future developments.

Dependencies

  • GNU C compiler (i.e. gcc package).
  • GNU C Library: Development Libraries and Header Files (i.e. install libc6-dev package (or equivalent) on Debian based distros, glibc-devel on RedHat based ones).
  • OpenSSL development files (i.e. install libssl-dev package on Debian based distros, openssl-devel on RedHat based ones).

Compilation

make http_get

The binary check_http_get_raw is created in the bin/ directory.

Usage

Because of the usage of RAW sockets, the check need to be run as root.

check_http_get_raw [OPTION...]
    SOURCE_IFACE
    REAL_SERVER
    VIRTUAL_IP
    PORT
    HOST
    PATH
    VALUE

Exit status

EXIT_SUCCESS on success, EXIT_FAILURE on failure, as defined in stdlib.h.

Parameters

  • SOURCE_IFACE: the name of the network interface to use to send the packets from (i.e. eth0).
  • REAL_SERVER: IPv4 or hostname of the real server to check. Only used to get it's MAC address (i.e. 10.0.0.42).
  • VIRTUAL_IP: IPv4 or hostname of the virtual IP for which the check should be performed, used as destination IP in the TCP packets (i.e. 10.0.0.100).
  • PORT: TCP port number to use for the check (i.e. 80).
  • HOST: HTTP Host header to be used (i.e. www.example.com).
  • PATH: HTTP Resource to request, with leading slash (i.e. /healthcheck)
  • VALUE: MD5 hash of the HTTP response body to verify it (i.e. d36f8f9425c4a8000ad9c4a97185aca5)

Options

  • -r, --role-file=FILE: Path of the file that contains the current role of the load balancer. Only the first character is read, accepted values are: 1 => MASTER, anything else => BACKUP. When this parameter is set the checks on a BACKUP server are done using the real server IP instead of the VIRTUAL_IP with a standard TCP socket.
  • -t, --timeout=MILLISECONDS: Timeout for each REAL_SERVER reply in ms. To disable set to 0. [Default: 1000]
  • -v, --verbose: Produce increasing verbose output to standard error based on the number of occurrences. -v: CLI parameters and HTTP response summary. -vv: Print also the full HTTP response body. -vvv: Print also all TCP packets. -vvvv: Print also all ARP packets.
  • -?, --help: Give this help list
  • --usage: Give a short usage message

Sample usage

To calculate the MD5 of the expected HTTP response body:

curl -s -H "Host: www.example.com" http://10.0.0.42/healthcheck | md5sum

Use the resulting hash as last parameter for check_http_get_raw:

check_http_get_raw -vv -t 500 -r /var/run/lvs.role eth0 10.0.0.42 10.0.0.100 80 www.example.com /healthcheck d36f8f9425c4a8000ad9c4a97185aca5

The sample usage and sample output uses a verbosity level of 2 to show only HTTP related logging, see the sample output of the TCP check for an example of TCP and ARP logging.

Sample output

[PARAMS] iface: eth0, real_server: 10.0.0.42, virtual_ip: 10.0.0.100, port: 80, host: www.example.com, path: /healthcheck, value: d36f8f9425c4a8000ad9c4a97185aca5, role_file: /var/run/lvs.role, timeout: 500ms, verbosity: 2
* Connected to 10.0.0.100 (22:22:22:22:22:22) port 80
> GET /healthcheck HTTP/1.1
> User-Agent: raw-socket-checkers/1.0
> Host: www.example.com
>
< HTTP/1.1 200 OK
< Server: nginx/1.6.2
< Date: Fri, 08 Jan 2016 11:08:20 GMT
< Content-Type: text/plain
< Content-Length: 3
< Last-Modified: Fri, 08 Jan 2016 11:03:22 GMT
< Connection: keep-alive
< ETag: "568f977a-3"
< Accept-Ranges: bytes
<
OK
* HTTP Body MD5 is d36f8f9425c4a8000ad9c4a97185aca5
* Closed connection to 10.0.0.100

Full help message

Usage: check_http_get_raw [OPTION...]
            SOURCE_IFACE REAL_SERVER VIRTUAL_IP PORT HOST PATH VALUE

check_http_get_raw -- an HTTP GET checker with RAW sockets

It performs an HTTP GET of PATH for HOST using a RAW socket sending the packets
from the SOURCE_INTERFACE to the MAC address of the REAL_SERVER with a TCP/IP
destination set to VIRTUAL_IP and PORT. The MD5 hash of the HTTP response body
is then compared to VALUE for the check to be successful.

This is suitable to be used as a check for load balancers in direct routing
mode (LVS-DR) to ensure that the real server is indeed answering to packets
with the VIRTUAL_IP destination IP.

Example:
check_http_get_raw -vvvv -t 500 -r /var/run/lvs.role eth0 10.0.0.42 10.0.0.100
80 www.example.com /healthcheck d36f8f9425c4a8000ad9c4a97185aca5

Example to calculate the MD5 of the HTTP response:
curl -s -H "Host: www.example.com" http://10.0.0.42/healthcheck | md5sum

============================
EXIT STATUS
----------------------------

EXIT_SUCCESS on success, EXIT_FAILURE on failure.

============================
PARAMETERS
----------------------------

  SOURCE_IFACE    the name of the network interface to use to send the packets
                  from (i.e. eth0).

  REAL_SERVER     IPv4 or hostname of the real server to check. Only used to
                  get it's MAC address (i.e. 10.0.0.42).

  VIRTUAL_IP      IPv4 or hostname of the virtual IP for which the check
                  should be performed, used as destination IP in the TCP
                  packets (i.e. 10.0.0.100)

  PORT            TCP port number to use for the check (i.e. 80)

  HOST            Virtual host to made the request to, becomes the HTTP Host
                  header in the request (i.e. www.example.com)
  PATH            HTTP Resource to request, with leading slash
                  (i.e. /healthcheck)
  VALUE           MD5 hash of the HTTP response body to verify it
                  (i.e. d36f8f9425c4a8000ad9c4a97185aca5)

============================
OPTIONS
----------------------------

  -r, --role-file=FILE       Path of the file that contains the current role of
                             the load balancer. Only the first character is
                             read, accepted values are: 1 => MASTER, anything
                             else => BACKUP. When this parameter is set the
                             checks on a BACKUP server are done using the real
                             server IP instead of the VIRTUAL_IP with a
                             standard TCP socket.
  -t, --timeout=MILLISECONDS Timeout for each REAL_SERVER reply in ms.
                             To disable set to 0. [Default: 1000]
  -v, --verbose              Produce increasing verbose output to standard
                             error based on the number of occurrences:
                             -v)    CLI parameters and HTTP response summary
                             -vv)   Print also the full HTTP response body
                             -vvv)  Print also all TCP packets
                             -vvvv) Print also all ARP packets
  -?, --help                 Give this help list
      --usage                Give a short usage message

Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.