Howto configure Postoffline trigger under Veritas Cluster Server [How do I use a Virtual IP as the source address of outgoing traffic?]

Posted on November 26, 2012

0


– My Lab Environment

OS = rhel 6.2

SFHA = 6.0

– Introduction to SSMTP utility:

SSMTP is a program to deliver an email from a local computer to a configured mailhost (mailhub)/gmail. One of its primary uses is for forwarding automated email (like system alerts) off your machine and to an external email address.

– Installation:

#yum install ssmtp

– Configuration file:

/etc/ssmtp/ssmtp.conf

– Configuration:

To configure SSMTP, you will have to edit its configuration file (/etc/ssmtp/ssmtp.conf) and enter your account settings:

# The user account that sends all the mails
root=username@gmail.com

# The mail server (where the mail is sent to), usually on port 587
mailhub=smtp.gmail.com:587

# Use SSL/TLS before starting negotiation 
UseSTARTTLS=Yes

# Username/Password
AuthUser=username of gmail account
AuthPass=password of gmail account

– Creating Aliases:

Create aliases for local user-names in /etc/ssmtp/revaliases configuration file:

root:username@gmail.com:smtp.gmail.com:587

- Sending mails:
A simple method to send emails is to create a text file(filename.txt) containing the following:

To: username@somedomain.com
From: youraccount@gmail.com
Subject: Test

This is a test mail.
Now execute the following command from Linux shell :
#ssmtp address@domain.com < filename.txt

- POSTOFFLINE script in VCS:
This event trigger is invoked on the system where the group went offline from a partial or fully online state. This trigger is invoked when the group faults, or is taken offline manually.

In the properties of ClusterServiceGroup, set the TriggersEnabled attribute to “POSTOFFLINE”
This will trigger the POSTOFFLINE trigger of VCS whenever the ClusterServiceGroup gets faulted or goes offline.

- Editing the POSTOFFLINE script:

Copy the postoffline script from /opt/VRTSvcs/bin/sample_triggers to /opt/VRTSvcs/bin/triggers

#vi /opt/VRTSvcs/bin/triggers/postoffline

Append the following line at the end of the script:

system("/opt/VRTSvcs/bin/triggers/mailtrigger.sh");
which is a Perl system call that further executes a Linux Bash script “mailtrigger.sh”

mailtrigger.sh is a single statement bash script containing the ssmtp command:
ssmtp address@domain.com < file.txt

This shell script sends emails to all the recipients listed in the file.txt


Whenever the notifier resource is turned off or gets faulted, POSTOFFLINE trigger is executed that sends email to designated recipients.

- What happen if you did not configure the alias

( Please Note: At this point I am confident that my trigger was executing. See a snapshot of engine log:
INFO V-16-6-15002 (node1) hatrigger:hatrigger executed /opt/VRTSvcs/bin/triggers/postoffline node1 successfully )
The flow of emails from the postoffline trigger is like this Cluster Node => Gmail => domain account where you are willing the user receive email. So If you did not configure the alias when happens that the gmail will receive a request to send an email to username@Clusternodename. At this pointthe mail will be bounce back as the ClusterNodeName will not be the valid host name. This clue I found when my gmail account receive a Delivery failed message. See the below for your reference:



======================================================================

I have also done one more test lab. Below is a details TEST LAB # 2a

ENVIRONMENT

RHEL = 7.0

SFHA = InfoScale Enterprise 7.0

Total nodes = 2

TIP: In linux when we add a route, it gives an option to pick the source ip, so in our case we pick the virtual ip as source ip for outgoing traffic(make sure that virtual ip resource is online or virtual ip should be online )

SUBJECT: Clustered application is not picking virtual ip in case for outgoing connection

OR

How do I use a Virtual IP as the source address of outgoing traffic?

CONFIGURATION

1- Copy postonline script from /opt/VRTSvcs/bin/sample-trigger to /opt/VRTSvcs/bin/triggers

(if triggers directory is not created, then create it)

2- Enable TriggerEnable attribute from Service Group and add/write POSTONLINE in attribute.

3- edit the postonline script and add below code under # put your code here…
#group = $ARGV[1];
if ($ARGV[1] eq “SERVICEGROUP NAME”) {
system(“ip route add x.x.x.x via x.x.x.x dev eno33559296 src virtual-ip”);

NOTE

The trigger will only run when service group will be online. If you offline a single resource and online it, then the trigger will not work. So did the below steps to make sure that postonline trigger is working fine.

tail -f /var/VRTSvcs/log/engine.log

hares -offline VIRTUAL-IP(TOP RESOURCE) -sys NODE-NAME
hagrp -online SERVICEGROUP-NAME -sys NODE_NAME

OR

Right click on top resource from java console and offline it and right click on service group and click on online.

You will see the below output under tail -f /var/VRTSvcs/log/engine.log command window
2017/05/06 09:55:11 VCS INFO V-16-6-15002 (NODE-NAME) hatrigger:hatrigger executed /opt/VRTSvcs/bin/triggers/postonline NODE-NAME SERVICEGROUP-NAME successfully

TIP: To check that node is able to connect via virtual IP for outgoing traffic, ping the destination IP and run the command (tcpdump -n src host destination-ip) then you should receive below output

06:33:06.916519 IP destination-ip > virtual-ip: ICMP echo reply, id 49301, seq 11, length 64

 

I have also done one more test lab. Below is a details TEST LAB # 2b

In above exercise we required to online via right click thru JAVA Console > service group  > click online (as hagrp has to be run). Now in the TEST LAB 2b we have the liberty to right click on specific virtual IP resource and click on online then the resource trigger will be executed and our required command will be executed post online of virtual IP resource. Below is the configuration.

1- Copy resstatechange from /opt/VRTSvcs/bin/sample_triggers to /opt/VRTSvcs/bin/triggers

2- Do below configuration under resstatechange:

# Usage:
# resstatechange <system> <resource> <oldstate> <newstate>
resstatechange NODE1-HA VIP OFFLINE ONLINE

# put your code here…
system (“ip route add 10.10.20.1 via 192.168.24.1 dev eth0 src 192.168.24.100”);

3- Change resource attribute of triggerresourcestatechange from false to true

======================================================================

I have also done one more test lab. Below is a details TEST LAB # 3

ENVIRONMENT

RHEL = 7.0

SFHA = InfoScale Enterprise 7.0

Total nodes = 2

TIP: In linux when we add a route, it gives an option to pick the source ip, so in our case we pick the virtual ip as source ip for outgoing traffic(make sure that virtual ip resource is online or virtual ip should be online )

SUBJECT: Clustered application is not picking virtual ip in case for outgoing connection

OR

How do I use a Virtual IP as the source address of outgoing traffic?

HELP

https://sort.veritas.com/public/documents/sfha/6.0.2/linux/productguides/html/generic_applications/apbs01.htm

CONFIGURATION

In this procedure we create an application resource and design our own script of start, stop and monitor.

START SCRIPT FOR START ATTRIBUTE OF APPLICATION RESOURCE

# cat /vipstart.sh
#!/bin/bash
ip route add 10.10.20.1 via 192.168.24.1 dev eth0 src 192.168.24.100

STOP SCRIPT FOR STOP ATTRIBUTE OF APPLICATION RESOURCE

# cat /vipstop.sh
#!/bin/bash
ip route del 10.10.20.1 via 192.168.24.1 dev eth0 src 192.168.24.100

MONITOR SCRIPT FOR MONITOR ATTRIBUTE OF APPLICATION RESOURCE

# cat /vipmonitor.sh
#!/bin/sh
APPLICATION_IS_ONLINE=110
APPLICATION_IS_OFFLINE=100
VIP=192.168.24.100
#if [ -f “ip route show|grep $VIP” ] ; then        # add any steps, if required
if ip route show|grep $VIP ; then        # add any steps, if required
exit $APPLICATION_IS_ONLINE
else
exit $APPLICATION_IS_OFFLINE
fi

APPLICATION RESOURCE ATTRIBUTES SYNTAX

Suppose script name is vipmonitor.sh,vipstart & vipstop. Then below are the syntax

start attribute                  /PATH/vipmonitor.sh

stop attribute                  /PATH/vipstart.sh

monitor program         /PATH//vipstop.sh

SINGLE SCRIPT FOR START, STOP & MONITOR ATTRIBUTES

#!/bin/bash
APPLICATION_IS_ONLINE=110
APPLICATION_IS_OFFLINE=100
DESTINATIONIP=10.10.20.1
GATEWAY=192.168.24.1
SOURCEIP=192.168.24.100
DEVICE=eth0
START=”ip route add $DESTINATIONIP via $GATEWAY dev $DEVICE src $SOURCEIP”
STOP=”ip route del $DESTINATIONIP via $GATEWAY dev $DEVICE src $SOURCEIP”

#####################################
#      DONT CHANGE BELOW            #
####################################

case “$1” in
start)
$START
;;
stop)
$STOP
;;
#esac

monitor)
{
if ip route show|grep $SOURCEIP ; then
exit $APPLICATION_IS_ONLINE
else
exit $APPLICATION_IS_OFFLINE
fi
}
;;
esac

APPLICATION RESOURCE ATTRIBUTES

Suppose script name is outgoing.sh. Then below are the syntax

start attribute                  /PATH/outgoing.sh start

stop attribute                  /PATH/outgoing.sh stop

monitor program         /PATH/outgoing.sh monitor

Advertisements
Posted in: SFHA / VCS