<div class="gmail_quote">On Mon, Apr 21, 2008 at 10:25 AM, Andreas Ericsson <<a href="mailto:ae@op5.se">ae@op5.se</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div class="Ih2E3d">Allan Clark wrote:<br> > Hi;<br> > In my company, we have a complex series of firewalled zones within each<br> > datacenter. We also intend to use Nagios from one datacenter to check<br> > another's external services. We use LDAP extensively, and deploy everything<br> > -- including Nagios -- with a redundant.<br> ><br> > I've done some initial work to configure Nagios using LDAP based on<br> > current-CVS Nagios-3.0.1.<br> ><br> > The only past work towards this that I found was an email from Benoit<br> > Mortier [1], who I have contacted and he's interested in providing test<br> > data. The edits are in base/config.c, base/nagios.c, and<br> > xdata/xoddefault.c. I'm writing to:<br> ><br> <br> </div>I advise against this in the strongest possible terms. You can (and<br> should) use a NEB-module for this instead of modifying the core<br> directly. NEB-modules can do very nearly everything that the core<br> code can do (including registering objects) but do not add any<br> external dependencies to the nagios core.</blockquote><div><br></div><div>I didn't see where I could satisfy additional items that would normally be maintained in the main config file.</div><div><br></div><div>Because Nagios reads the main config, then checks, then fails due to missing parameters, there's no change to put that extra content into a NEB, right? Maybe I missed where the NEB gets called.</div> <div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Since, by the look of the wiki (which I didn't examine too closely),<br> you've already done the heavy lifting, it shouldn't be too difficult<br> to lift it out and make a NEB-module of the code instead. I'll help<br> you with that, but I'll fight you ever step of the way if you want<br> to add in-core LDAP support for Nagios.</blockquote><div><br></div><div>part of the heavy-lifting: main config, hosts, services.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> The reason I don't like to see such things in the core are multiple:<br> 1. It adds extra dependencies.<br> 2. It adds to the maintenance burden.<br> 3. If your code is poorly designed you can potentially wreak cause<br> pandemonium for a multitude of people.<br> 4. Very few people want to store their configuration in LDAP (this<br> is a guess based on the number of request for LDAP-ish features<br> I've seen).</blockquote><div><br></div><div>I agree that the LDAP people are a subset; should I protect the LDAP-aware stuff being a ./configure --enable-ldap and compile-time ifdefs? I'm willing to build a nagios-ldap RPM as well.</div> <div><br></div><div>I have to admit a little emotional response to concerns over code-quality when there are 15kLOC functions, but I'd actually like to submit a patch to compress that into repeating parts of a lookup table -- "fixing" something that's confusing to me :) -- It may also allow "true" and "false" for booleans as well to allow the config to be a bit more verbose. A little emotion, but recalling that that 15kLOC function *works*, and is well-tested, I completely agree with your answer here to limit change/churn/risk.<br> </div><div><br></div><div>I'm rolling a beta install at my work, and I'll clean up what I have.</div><div><br></div><div>Do I need to delete the doxygen-style comments I've been doing? I have a poor memory, and use doxygen as a poor-man's graphical cscope (call graphs.. yummy) -- do I need to remove that, or should I push the other route, of getting a Doxyfile into the CVS before my patch gets seen?</div> <div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">You're not wasting your time. You've just started veering off in the<br> wrong direction. I'd suggest you remedy this by re-writing your LDAP<br> thing as a NEB-module and then promote that as a separate project.<br> <br> If you post patches, I may be able to help you with the conversion. I<br> believe it would be a great addition to Nagios, but it doesn't belong<br> in the core.</blockquote><div><br></div><div>I appreciate the help, let me make my stuff available in a bit cleaner form this week, and I hope you can advise in detail about some of it.</div><div><br></div><div>For anyone seeing this in an archive, my worknotes are tossed in a few blog entries, and the comments can allow later discovery of deliverables:</div> <div><a href="http://tech.b.chickenandporn.com/2008/01/02/nagios-and-ldap/">http://tech.b.chickenandporn.com/2008/01/02/nagios-and-ldap/</a></div><div><a href="http://tech.b.chickenandporn.com/2008/04/13/use-ldap-to-configure-nagios/">http://tech.b.chickenandporn.com/2008/04/13/use-ldap-to-configure-nagios/</a><br> </div><div><br></div><div>Thanks, Andreas!</div><div><br></div><div>Allan</div><div><br></div><div>-- <br></div></div><a href="mailto:allanc@chickenandporn.com">allanc@chickenandporn.com</a> "金鱼" <a href="http://linkedin.com/in/goldfish">http://linkedin.com/in/goldfish</a>