Generating nagios configs from LDAP, nmap, and traceroute

Luke A. Kanies luke at madstop.com
Tue Dec 16 22:37:53 CET 2003


Hi all,

I've just started on a project to generate my nagios configurations, and
I'd like to know if others have worked on similar projects, and I'd also
like to know if others would find this work useful, and if so, how.

One of my barriers to using nagios has always been my unwillingness to
maintain yet another host list.  I already maintain a list of all of my
hosts in LDAP, and my nagios configs need to automatically update
themselves based on that list.  Also, I can't have my nagios configuration
be the definition of what "should" be running on the system, because then
when I update the host I have to update Nagios, which I hate.

So, I'm trying to come up with a design for maintaining my entire Nagios
data configuration automatically.  My LDAP host list is basically
self-maintaining (I have a client/server style script that does most the
work), I already have all of my contacts in LDAP, the network is
authoritative on what machines each of my machines depends on, and the
hosts themselves are (usually) authoritative on what services they should
be providing.

What I want is something to collect all of that and turn it into a valid
nagios config.  However, there are still some pieces missing.  For
instance, the LDAP directory is not currently capable of holding the
templates for the various object types, and there are some nagios-specific
details I'll probably want to associate with hosts and contacts.

So, I think the first step is to create a nagios schema for LDAP.  This is
the main thing I want to check:  Would I be redoing someone else's work
here?  It's definitely a no-no to have schema variety.  If no one else has
ever done this before, then I'll go ahead and create one for OpenLDAP (it
should be easily usable for most other LDAP servers) and contribute it
back to the Nagios developers.

Second is getting the data out of the directory.  I've actually already
created a set of ruby classes which do this quite well.  I've also created
a parser in ruby which can parse existing files and glean all the data in
them; it's a small stretch from where I am to parsing those files and
putting all of their data into LDAP.  Because I don't currently have any
nagios configs, I'm less interested in moving data into LDAP, but I'd be
glad to work with people who would like to transition from storing data in
flat files to storing it in LDAP.

Next is figuring out which services a given host should be running.  I am
currently focusing on external services (i.e., ports), but will later
visit using nrpe et al to monitor other stuff.  I know that there is
already an nmap2nagios script, and I would probably plan on utilyzing
lessons from this script, but because I need the results to interoperate
with the rest of my data structures I'll probably write something similar
in ruby.  This tool will specifically support only scanning specific for
specific ports, as in most cases I don't want to monitor every port.

Lastly is deducing the dependencies for each host.  Apparently not many
people (none?) have built automated topology tools using traceroute, as I
could not find any online (well, I could find some that resulted in maps,
but none that were generically for building topologies).  It should be
pretty simple to do, so I plan on adding a 'dependencies' method or
something to my ruby objects that transparently uses traceroute to figure
out the dependencies.  I may later abstract that into an overall topology
tool, but unless I have a client specifically request that, I am unlikely
to do so any time soon.  (I'm an independent consultant and am doing all
this for a client.)  It also would not be a bad idea to have an option for
automatically monitoring these extra hosts.

So, now that you basically know my plans, my main question is:  Has
someone done something like this before?  I'm slightly incredulous that
everyone using nagios is hand-editing every config file and manually
adding every service and every dependency.

I'm hoping to release all of the code I write, but it will take some
effort on my part, as my current client has one of those we-get-everything
contracts.  At the very least I plan on writing an article on my
experiences and then probably redoing the work in my free time.

Anyone have any of this experience?

Thanks,
Luke Kanies
Reductive Consulting


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list