检查member在persist表中存在的行数总和,即是当前这个member的ssl vpn会话的连接总数。如果总数大于指定的值(这里是假设是495)则禁用该member。如果小于这个值则启用它。
#!/bin/bash
shift
shift
node_ip="$*"
echo "up"
for i in $node_ip ; do
sslnum=b persist show | grep $i | wc -l
sessionstatus=b pool FP_pool member $i:https session show | grep enable | wc -l
if [ $sslnum -ge 495 ] ; then
if [ sessionstatus -eq 1 ] ; then
b pool FP_pool member $i:https session disable
logger -p local0.warning "MON_TMPL_NAME:i total ssl session num are $sslnum ,more 495"
fi
else
if [ sessionstatus -eq 0 ] ; then
logger -p local0.warning "MON_TMPL_NAME:i total ssl session num are $sslnum ,less 495"
b pool FP_pool member $i:https session enable
fi
fi
done
将以上代码保存在/usr/bin/monitors/sslnum.eav中。建立一个外部monitor,在参数里填写实际pool中成员IP,如下图
应用到pool,成员继承即可。
文章评论