-
Notifications
You must be signed in to change notification settings - Fork 883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: LUA Records - allow test IP to be different than returned IP #7468
Comments
Untested: |
I assumed some oversimplifications, it may not be this easy in fact... |
Right now you can kind-of hack this in by having a fully reliable but useless fallback IP (like localhost) and testing for that in the ifportup/ifurlup return value, making sure you never return it to the world. I agree it would be nice if this was easier. |
I will test option A using the hack you provided and get back to you with my results. I hadn't thought of the different ways the functions handle values/vars vs. strings. Thanks for the assistance. |
I'm using the geoip backend for simplicity, and in the yaml zone file, I have the following entry just to test with 1 upstream server to see if I can get it to return a different IP than the one used for testing. test.gslb.example.com:
- lua: 'a "({[''192.168.1.100'']=''192.168.2.100''})
[ifurlup(''https://test.example.com:8443/login/'', {''192.168.1.100''})]"' I can see the status update as follows for the health check: pdns_server: LUA record monitoring declaring 192.168.1.100 UP for URL
https://test.example.com:8443/login/! but I don't get a DNS answer. Instead there is an error message on the server: Lua record reported: Trying to cast a lua variable from "nil" to
"N5boost7variantISsSt6vectorISt4pairIiSsESaIS3_EENS_6detail7variant5void_ES8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_S8_EE" |
I can reproduce the problem, and what @Habbie suggested didn't work either even after syntax fixes. |
I think adding |
|
@chbruyand - used a variation of your suggestion above with success!! thank you everyone who chimed in - I'm seeing some of the benefits of using a generic scripting engine instead of a static set of health checks! |
Beware that |
Good to know - I didn't use it because your suggested solution is much more flexible, so no reason to use a single-use-case solution when a more generic one exists. Thanks again! |
Short description
Allow the test IP in a LUA record to be different than the returned answer. Existing tests return an answer that is one of the tested IPs, it would be useful to test against one IP, and return an entirely different IP (such as testing an internal address, and returning the outside NAT address).
Usecase
For some systems (especially older/legacy), it would be useful to be able to test a different IP than the one returned. For example, if a system does not have a good health-check function/API/URL, the admin web interface might be the best way to detect UP/DOWN health. In this case, it is preferred to keep the admin interface available on the inside address only, and not available from the outside network.
This is very common in other GSLB solutions, but is, admittedly, not the best way to test in most circumstances. However, it would provide a great deal of flexibility in letting admins craft the best health checks possible given their existing systems and infrastructure.
Description
There are (at least) two possible ways to enable this functionality. They are defined in
Option A
andOption B
below.Option A - Add an optional
Test IP
fieldOne option is to add an optional field for the address used to test against, in addition to the answer it will return.
For example, with the
ifportup
test, an example test might be:This will check to see if port 80 is listening on 192.168.1.100 and 192.168.1.101, and return one of the healthy IPs. A different syntax could indicate a different test IP, which would be optional. The implementation isn't important, but for the sake of discussion, a separator could be used between the answer-ip and the test-ip. An example is below using a
+
to separate the two IPs, with the following test parameters. This is just an example; the syntax is not important, and can be changed to fit the limitations of the LUA and/or other requirements/limitations, as needed.This can be expanded upon for other tests, with the most obvious one the ifurlup() function.
Option B - Add a true/false flag to LUA test functions
What is perhaps a better option would be to allow functions to have a true/false flag that, if set, simply returns
true
orfalse
if the test is successful. Then the administrator can configure the LUA record in a fashion similar to the netmask() source address function.For example, the example LUA entry below uses the netmask() function to determine which CNAME to return:
If an optional argument was added to the end of the end of the passed set of values, such as
tf
, the test would return atrue
orfalse
instead of one of the healthy member's information. Then, using LUA, decisions can be made about how to answer the query. The below example would allow similar functionality but using a URL check as the boolean test case for the if/then tree.The text was updated successfully, but these errors were encountered: