Generating nagios configs from LDAP, nmap, and traceroute

Jérôme Fenal jerome.fenal at logicacmg.com
Wed Dec 17 10:32:45 CET 2003
Previous message: Generating nagios configs from LDAP, nmap, and traceroute
Next message: Generating nagios configs from LDAP, nmap, and traceroute
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Luke A. Kanies wrote:

> Hi all,
> 
> I've just started on a project to generate my nagios configurations, and
> I'd like to know if others have worked on similar projects, and I'd also
> like to know if others would find this work useful, and if so, how.
> 
> One of my barriers to using nagios has always been my unwillingness to
> maintain yet another host list.  I already maintain a list of all of my
> hosts in LDAP, and my nagios configs need to automatically update
> themselves based on that list.  Also, I can't have my nagios configuration
> be the definition of what "should" be running on the system, because then
> when I update the host I have to update Nagios, which I hate.
> 
> So, I'm trying to come up with a design for maintaining my entire Nagios
> data configuration automatically.  My LDAP host list is basically
> self-maintaining (I have a client/server style script that does most the
> work), I already have all of my contacts in LDAP, the network is
> authoritative on what machines each of my machines depends on, and the
> hosts themselves are (usually) authoritative on what services they should
> be providing.

That's also what we have.
We have a list a all servers (let's say Posix ones), that are polled on 
admin request to refresh the list.
We also have a distribution system (rdist and in the future cfengine) to 
distribute plugins on all hosts.
Then we also distribute to all hosts a Perl script to create nrpe.cfg 
(we use NRPE) et services-hostname.cfg. The later one is then copied on 
the Nagios host with scp (thanks to agent forwarding, so will only work 
with somebodies key, not a server one). Nagios is then reloaded.

> What I want is something to collect all of that and turn it into a valid
> nagios config.  However, there are still some pieces missing.  For
> instance, the LDAP directory is not currently capable of holding the
> templates for the various object types, and there are some nagios-specific
> details I'll probably want to associate with hosts and contacts.
> 
> So, I think the first step is to create a nagios schema for LDAP.  This is
> the main thing I want to check:  Would I be redoing someone else's work
> here?  It's definitely a no-no to have schema variety.  If no one else has
> ever done this before, then I'll go ahead and create one for OpenLDAP (it
> should be easily usable for most other LDAP servers) and contribute it
> back to the Nagios developers.

I don't think (but I may fool myself ;-) this is the right thing to do. 
You can have different configurations for the same host in Nagios :
- active checks with NRPE,
- passive checks from Nagios crontab,
- passive checks from agent crontab,
- etc.

Either you will limit the model to yours, or you'll have to think and 
write code for all models.
But an LDAP directory could be handy to store dependancies between hosts 
(this server is behind this router, and so on).

> Second is getting the data out of the directory.  I've actually already
> created a set of ruby classes which do this quite well.  I've also created
> a parser in ruby which can parse existing files and glean all the data in
> them; it's a small stretch from where I am to parsing those files and
> putting all of their data into LDAP.  Because I don't currently have any
> nagios configs, I'm less interested in moving data into LDAP, but I'd be
> glad to work with people who would like to transition from storing data in
> flat files to storing it in LDAP.

As said, we use Perl.

> Next is figuring out which services a given host should be running.  I am
> currently focusing on external services (i.e., ports), but will later
> visit using nrpe et al to monitor other stuff.  I know that there is
> already an nmap2nagios script, and I would probably plan on utilyzing
> lessons from this script, but because I need the results to interoperate
> with the rest of my data structures I'll probably write something similar
> in ruby.  This tool will specifically support only scanning specific for
> specific ports, as in most cases I don't want to monitor every port.

All the choices are made in the script.
I have a function for each type of test (check_disk, check_load, etc.).
All very specific checks (as SAP pings) are configured by hand. It could 
be automatically configured, but it is not).

> Lastly is deducing the dependencies for each host.  Apparently not many
> people (none?) have built automated topology tools using traceroute, as I
> could not find any online (well, I could find some that resulted in maps,
> but none that were generically for building topologies).  It should be
> pretty simple to do, so I plan on adding a 'dependencies' method or
> something to my ruby objects that transparently uses traceroute to figure
> out the dependencies.  I may later abstract that into an overall topology
> tool, but unless I have a client specifically request that, I am unlikely
> to do so any time soon.  (I'm an independent consultant and am doing all
> this for a client.)  It also would not be a bad idea to have an option for
> automatically monitoring these extra hosts.

We have a Perl script (not open source, unfortunately), that queries 
SNMP agents for all network devices (routers and switches). That sort of 
thing could help you to create dependancy information. Net::SNMP is your 
friend.

> 
> So, now that you basically know my plans, my main question is:  Has
> someone done something like this before?  I'm slightly incredulous that
> everyone using nagios is hand-editing every config file and manually
> adding every service and every dependency.

Yes, but as much integrated as you want.

> I'm hoping to release all of the code I write, but it will take some
> effort on my part, as my current client has one of those we-get-everything
> contracts.  At the very least I plan on writing an article on my
> experiences and then probably redoing the work in my free time.

Regards,

Jérôme

-- 
Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Generating nagios configs from LDAP, nmap, and traceroute
Next message: Generating nagios configs from LDAP, nmap, and traceroute
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list