In NSX Advanced Load Balancer, the configuration of external health monitors has user name and password fields that are sensitive and are read as variables. It is used within the health monitor.
Configuring and Reading User name and Password in Health Monitor
Following is a sample script for reading user name and password in the health monitor:
#!/bin/bash read VAR_USERNAME read VAR_PASSWORD curl -u $VAR_USERNAME:$VAR_PASSWORD smtp://$IP:$PORT
The user name and password variables are read in a fixed order.The required order in the script is: user name must come first and then the password.
Configuring Authentication for External Health Monitor using UI
Navigate to .
Click Create or edit to the existing Health Monitors.
In the CREATE HEALTH MONITOR screen, enter the details in the fields. For complete configuration steps, see Creating a New Health Monitor section Health Monitoring.
Under External tab, enter User name and Password.
For complete configuration steps, see Configuring External Settings section in External Health Monitor.Under RBAC tab, enter the Key & Values. For complete configuration steps, see Granular Role-Based Access Controls Using Labels section in the VMware NSX Advanced Load BalancerAdministration Guide.
Click Save.
Configuring Authentication for External Health Monitor using CLI
Configure existing health monitor object as shown below:
[admin:aviuser_controller]: > configure healthmonitor ext-hm Updating an existing object. Currently, the object is: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | uuid | healthmonitor-9480a008-715c-427f-8396-bc3cb31fb3a7 | | name | ext-hm | | send_interval | 10 sec | | receive_timeout | 4 sec | | successful_checks | 2 | | failed_checks | 2 | | type | HEALTH_MONITOR_EXTERNAL | | external_monitor | | | command_code | #!/bin/bash | | | read VAR_USERNAME | | | read VAR_PASSWORD | | | curl -u $VAR_USERNAME:$VAR_PASSWORD smtp://$IP:$PORT | | is_federated | False | | tenant_ref | admin | +-------------------+------------------------------------------------------+
Enter authentication
[admin:aviuser_controller]: healthmonitor> authentication password Password for server authentication. username Username for server authentication.
Enter user name and password, and save the configuration.
[admin:aviuser_controller]: healthmonitor> save +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | uuid | healthmonitor-9480a008-715c-427f-8396-bc3cb31fb3a7 | | name | ext-hm | | send_interval | 10 sec | | receive_timeout | 4 sec | | successful_checks | 2 | | failed_checks | 2 | | type | HEALTH_MONITOR_EXTERNAL | | external_monitor | | | command_code | #!/bin/bash | | | read VAR_USERNAME | | | read VAR_PASSWORD | | | curl -u $VAR_USERNAME:$VAR_PASSWORD smtp://$IP:$PORT | | authentication | | | username | <sensitive> | | password | <sensitive> | | is_federated | False | | tenant_ref | admin | +-------------------+------------------------------------------------------+
The existing external health monitors using user name/ password in plain text have to be re-configured following the above guidelines if there is a requirement to have user name/ password in the encrypted form for those existing external health monitors.
