Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Qlik Insider: SaaS capabilities for Data Integration and Analytics, May 25th! Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 
RadovanOresky
Partner
Partner

How to get health-check info for a node without Proxy?

Hi,

I use engine/healthcheck API to monitor the availability of Qlik Sense nodes.  One of the consumer nodes has only Engine, no Proxy. The virtual proxy is load balanced to this node and linked Proxy is from central node.

The problem = When I try to read the engine/healtcheck info for that consumer node (without Proxy) it returns the same values as the healthcheck for the central node.

I guess this is because, as the documentation says: "the health check request is called via the Qlik Sense Proxy Service, which routes the request to the engine on the same physical computer. To request the health check information for a different node, use that node's IP address with the engine port"

If I understand it correctly, I should use IP Address:4747 to check the health-check info for that node which has no Proxy. The problem is, that I cannot make it to work.  Whatever combination I try times out.

Is there a workaround to enable this?

Labels (1)
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

Ultimately you are going to want to pass along the internal client certificate used by Qlik and go over port 4747. There are many ways of accomplishing this in virtually any programming or scripting language, here's a concept using PowerShell:

$hdrs = @{}
$hdrs.Add("X-Qlik-Xrfkey","examplexrfkey123")
$hdrs.Add("X-Qlik-User", "UserDirectory=INTERNAL; UserId=sa_api")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$Data = Get-Content C:\ProgramData\Qlik\Sense\Host.cfg
$FQDN = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($($Data)))
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
while (1) {
    $health = Invoke-RestMethod -Uri "https://$($FQDN):4747/engine/healthcheck?xrfkey=examplexrfkey123" -Method Get -Headers $hdrs -ContentType 'application/json' -Certificate $cert; 
    Write-Host ($health.apps.in_memory_docs).count 'in memory doc';
    Write-Host ($health.apps.loaded_docs).count 'loaded doc';
    sleep 5; 
    Clear-Host}

from here

Example output:

healthcheck.png

 

View solution in original post

5 Replies
Levi_Turner
Employee
Employee

Ultimately you are going to want to pass along the internal client certificate used by Qlik and go over port 4747. There are many ways of accomplishing this in virtually any programming or scripting language, here's a concept using PowerShell:

$hdrs = @{}
$hdrs.Add("X-Qlik-Xrfkey","examplexrfkey123")
$hdrs.Add("X-Qlik-User", "UserDirectory=INTERNAL; UserId=sa_api")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$Data = Get-Content C:\ProgramData\Qlik\Sense\Host.cfg
$FQDN = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($($Data)))
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
while (1) {
    $health = Invoke-RestMethod -Uri "https://$($FQDN):4747/engine/healthcheck?xrfkey=examplexrfkey123" -Method Get -Headers $hdrs -ContentType 'application/json' -Certificate $cert; 
    Write-Host ($health.apps.in_memory_docs).count 'in memory doc';
    Write-Host ($health.apps.loaded_docs).count 'loaded doc';
    sleep 5; 
    Clear-Host}

from here

Example output:

healthcheck.png

 

RadovanOresky
Partner
Partner
Author

@Levi_Turner , thank you very much. It works great. I even set it up via the native Qlik REST connector.

shaybitton
Partner
Partner

Hi @Levi_Turner 

Your code works great only if I use the FQDN but not with an IP address. what is the reason?

In my case i want to check all engines in the cluster with an external system - will it work with the same Qlikclient certificate? 

 

Thanks,

Shay

Levi_Turner
Employee
Employee

The installed name for Qlik would need to match the FQDN variable. In the code above it's parsing the installed name from a config file so it will always match. If you need to ignore this then it's more of a question for how to skip SSL validation in PowerShell than anything Qlik specific. That being said, from https://til.intrepidintegration.com/powershell/ssl-cert-bypass we can do this:

$hdrs = @{}
$hdrs.Add("X-Qlik-Xrfkey","examplexrfkey123")
$hdrs.Add("X-Qlik-User", "UserDirectory=INTERNAL; UserId=sa_api")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$FQDN = '127.0.0.1'
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
while (1) {
    $health = Invoke-RestMethod -Uri "https://$($FQDN):4747/engine/healthcheck?xrfkey=examplexrfkey123" -Method Get -Headers $hdrs -ContentType 'application/json' -Certificate $cert
    Write-Host ($health.apps.in_memory_docs).count 'in memory doc';
    Write-Host ($health.apps.loaded_docs).count 'loaded doc';
    sleep 5; 
    Clear-Host}
shaybitton
Partner
Partner

Works great !

Thank you very much