RELAYCTL(8) - System Manager's Manual

RELAYCTL(8) - System Manager’s Manual #

RELAYCTL(8) - System Manager’s Manual

NAME #

relayctl - control the relay daemon

SYNOPSIS #

relayctl [-s socket] command [argument …]

DESCRIPTION #

The relayctl program controls the relayd(8) daemon.

The following options are available:

-s socket

Use socket instead of the default /var/run/relayd.sock to communicate with relayd(8).

The following commands are available:

host disable [name | id]

Disable a host. Treat it as though it were always down.

host enable [name | id]

Enable the host. Start checking its health again.

load filename

Reload the configuration from the specified file.

log brief

Disable verbose debug logging.

log verbose

Enable verbose debug logging.

monitor

Continuously report any changes in the host checking engine and the pf(4) engine.

poll

Schedule an immediate check of all hosts.

redirect disable [name | id]

Disable a redirection. If it has pf(4) redirection rules installed, remove them. Mark the redirection’s main table and – if applicable – disable the backup table as well.

redirect enable [name | id]

Enable a redirection. Mark the redirection’s main table and – if applicable – enable the backup table as well.

reload

Reload the configuration file.

show hosts

Show detailed status of hosts and tables. It will also print the last error for failed host checks; see the DIAGNOSTICS section below.

show redirects

Show detailed status of redirections including the current and average access statistics. The statistics will be updated every minute. Redirections using the sticky-address option will count the number of sticky states, not the total number of redirected connections.

show relays

Show detailed status of relays including the current and average access statistics. The statistics will be updated every minute.

show routers

Show detailed status of routers including the configured network routes.

show sessions

Dump the complete list of running relay sessions.

show summary

Display a list of all relays, redirections, routers, tables, and hosts.

table disable [name | id]

Disable a table. Consider all hosts disabled. If it is a main table of a redirection which has a non-empty backup table, swap the contents of the pf(4) table with those of the backup table.

table enable [name | id]

Enable a table. Start doing checks for all hosts that aren’t individually disabled again.

FILES #

/var/run/relayd.sock

UNIX-domain socket used for communication with relayd(8).

DIAGNOSTICS #

If a host is down and a previous check failed, relayctl will display the last error in the output of the show hosts command. This is especially useful for debugging server or configuration failures. The following errors will be reported:

none

No specific error was reported by the check engine.

aborted

All checks were aborted by an external event, like a configuration reload.

interval timeout

The check did not finish in the configured time of an interval. This can happen if there are too many hosts that have to be checked by relayd(8) and can be avoided by increasing the global interval option in relayd.conf(5).

icmp read timeout

tls read timeout

tcp read timeout

The check failed because the remote host did not send a reply within the configured timeout.

icmp write timeout

tls write timeout

tcp write timeout

tls connect timeout

tcp connect timeout

The check failed because relayd(8) was not ready to send the request within the configured timeout.

tls connect error

tls read error

tls write error

tcp connect error

tcp read failed

tcp write failed

An I/O error occurred. This indicates that relayd(8) was running low on resources, file descriptors, or was too busy to run the request. It can also indicate that a TLS or TCP protocol error occurred or that the connection was unexpectedly aborted.

tls connect failed

tcp connect failed

The check failed because the protocol handshake did not succeed in opening a stateful connection with the remote host.

script failed

The external script executed by the check did not return a valid return code.

send/expect failed

The payload data returned by the remote host did not match the expected pattern.

http code malformed

http digest malformed

The remote host did not return a valid HTTP header or body.

http code mismatch

The remote host did not return a matching HTTP error code. This may indicate a real server problem (a server error, the page was not found, permission was denied) or a configuration error. For example, it is a very common mistake that relayd(8) was configured to expect a HTTP 200 OK status but the host is returning a HTTP 302 Found redirection. See relayd.conf(5) for more information on validating the HTTP return code.

http digest mismatch

The remote host did not return the expected content and the computed digest was different to the configured value. See relayd.conf(5) for more information on validating the digest.

SEE ALSO #

relayd(8)

HISTORY #

The relayctl program, formerly known as hoststatectl, first appeared in OpenBSD 4.1. It was renamed to relayctl in OpenBSD 4.3.

OpenBSD 7.5 - November 29, 2017