I am migrating the load balancer pools from one F5 load balancer to another.
Along with that move is a change to the monitor used to control automated load balancer status –
when the app is stopped we have a sequence in the stop function which drains and then offlines the
application in the load balancer, allowing for a graceful removal of the app from the pool.
On start, the app remains offline, and an online argument changes the pool status to “enabled”
bringing the app into the pool after verifying that it is accessible and active.
The first step in this was to find which apps are redirecting from port 80 to port 443, This will
allow us to migrate the nodes as port 443 in the load balancer where they are actually running on port 443.
In the original F5 they could be installed as port 80 nodes, and because of the redirect in most
cases everything would work. But there is an extra hop. We also have a new monitoring check which uses
http or https to directly verify load balancer pool status. The F5 won’t follow a redirect in the monitor.
Where before it was arbitrary which port the node could be installed in, now it will not be.
The configuration to accomplish the redirect is:
#Force all traffic through secure http
RewriteCond %{HTTP:SSLClientCipher} !^..*$
RewriteCond %{HTTP_HOST} !^localhost* [NC]
RewriteCond %{REQUEST_URI} !/fwtf2?\.jsp
RewriteCond %{REQUEST_URI} !/d\.jsp
RewriteCond %{REQUEST_URI} !^/support/supportData\.jsp
RewriteCond %{REQUEST_URI} !^.*(\r|\n|%0A|%0D).* [NC]
RewriteCond %{REQUEST_URI} !^/distui/bootstrap/.*
RewriteCond %{REQUEST_URI} !^/healthcheck$
RewriteCond %{REQUEST_URI} !^/lb_status$
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,NE,R,L]
We could approach this by exempting lb_status from the redirect, thus making the check
itself accessible over http. But that’s not what we want right now.
What I need right now is a list of the hosts that have this rewrite rule in place,
and are running on port 443.
The string I used is
RewriteRule ^(.*) https://
I ran func to get a list of hosts set up as jboss and as minions for the environment using:
func server* ping
I created the list, sorted it, removed any “[FAILED]” hosts after verifying they should fail.
An application no longer used, or a server not actually in use right now.
To cycle through the list and pull out the information needed I ran:
[root@p1-qau01 ~]# for i in `cat list_sort`
do
if [[ `func ${i}* call command run 'egrep " RewriteRule \^\(\.\*\) https:\/\/" /etc/httpd/conf/*' | egrep "\[0,"` ]]; then
echo ""
echo $i
echo _________________________________________________
func ${i}* call command run 'egrep " RewriteRule \^\(\.\*\) https:\/\/" /etc/httpd/conf/*'
fi
done
server.net
_________________________________________________
('server.net',
[0,
'/etc/httpd/conf/app.conf: RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [NC,R,L]\n',
''])
server.net
_________________________________________________
('server.net',
[0,
'/etc/httpd/conf/app.conf: RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [NC,R,L]\n',
''])
p1-server.net
_________________________________________________
('server.net',
[0,
'/etc/httpd/conf/svc.conf: RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,NE,R,L]\n/etc/httpd/conf/Cust.conf: RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [NC,R,L]\n/etc/httpd/conf/app.conf: RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [NC,R,L]\n',
''])
What this does is check if the content of the string exists, then if it does (a “0” result from the func command) then re-execute it getting not just the end code but the full result and print it to the screen in a readable format.
Once this completed I had a list of all of the apps using this redirect. The names of the config files correspond to the application, making this relatively easy to create a list from these results.
— doug