Nagios Configured by LDAP

Allan Clark allanc at chickenandporn.com
Mon Apr 21 22:19:45 CEST 2008
Previous message: Nagios Configured by LDAP
Next message: Possible feature request - Servicegroup escalation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Apr 21, 2008 at 10:25 AM, Andreas Ericsson <ae at op5.se> wrote:

> Allan Clark wrote:
> > Hi;
> > In my company, we have a complex series of firewalled zones within each
> > datacenter.  We also intend to use Nagios from one datacenter to check
> > another's external services.  We use LDAP extensively, and deploy
> everything
> > -- including Nagios -- with a redundant.
> >
> > I've done some initial work to configure Nagios using LDAP based on
> > current-CVS Nagios-3.0.1.
> >
> > The only past work towards this that I found was an email from Benoit
> > Mortier [1], who I have contacted and he's interested in providing test
> > data.  The edits are in base/config.c, base/nagios.c, and
> > xdata/xoddefault.c.  I'm writing to:
> >
>
> I advise against this in the strongest possible terms. You can (and
> should) use a NEB-module for this instead of modifying the core
> directly. NEB-modules can do very nearly everything that the core
> code can do (including registering objects) but do not add any
> external dependencies to the nagios core.


I didn't see where I could satisfy additional items that would normally be
maintained in the main config file.

Because Nagios reads the main config, then checks, then fails due to missing
parameters, there's no change to put that extra content into a NEB, right?
 Maybe I missed where the NEB gets called.


Since, by the look of the wiki (which I didn't examine too closely),
> you've already done the heavy lifting, it shouldn't be too difficult
> to lift it out and make a NEB-module of the code instead. I'll help
> you with that, but I'll fight you ever step of the way if you want
> to add in-core LDAP support for Nagios.


part of the heavy-lifting: main config, hosts, services.

The reason I don't like to see such things in the core are multiple:
> 1. It adds extra dependencies.
> 2. It adds to the maintenance burden.
> 3. If your code is poorly designed you can potentially wreak cause
>   pandemonium for a multitude of people.
> 4. Very few people want to store their configuration in LDAP (this
>   is a guess based on the number of request for LDAP-ish features
>   I've seen).


I agree that the LDAP people are a subset; should I protect the LDAP-aware
stuff being a ./configure --enable-ldap and compile-time ifdefs?  I'm
willing to build a nagios-ldap RPM as well.

I have to admit a little emotional response to concerns over code-quality
when there are 15kLOC functions, but I'd actually like to submit a patch to
compress that into repeating parts of a lookup table -- "fixing" something
that's confusing to me :)  -- It may also allow "true" and "false" for
booleans as well to allow the config to be a bit more verbose.  A little
emotion, but recalling that that 15kLOC function *works*, and is
well-tested, I completely agree with your answer here to limit
change/churn/risk.

I'm rolling a beta install at my work, and I'll clean up what I have.

Do I need to delete the doxygen-style comments I've been doing?  I have a
poor memory, and use doxygen as a poor-man's graphical cscope (call graphs..
yummy) -- do I need to remove that, or should I push the other route, of
getting a Doxyfile into the CVS before my patch gets seen?


You're not wasting your time. You've just started veering off in the
> wrong direction. I'd suggest you remedy this by re-writing your LDAP
> thing as a NEB-module and then promote that as a separate project.
>
> If you post patches, I may be able to help you with the conversion. I
> believe it would be a great addition to Nagios, but it doesn't belong
> in the core.


I appreciate the help, let me make my stuff available in a bit cleaner form
this week, and I hope you can advise in detail about some of it.

For anyone seeing this in an archive, my worknotes are tossed in a few blog
entries, and the comments can allow later discovery of deliverables:
http://tech.b.chickenandporn.com/2008/01/02/nagios-and-ldap/
http://tech.b.chickenandporn.com/2008/04/13/use-ldap-to-configure-nagios/

Thanks, Andreas!

Allan

-- 
allanc at chickenandporn.com "金鱼" http://linkedin.com/in/goldfish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20080421/c7ba0943/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
Previous message: Nagios Configured by LDAP
Next message: Possible feature request - Servicegroup escalation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Developers mailing list