Request For Comments: NWPE - Nagios Web Plugin Executor

[atonns at mail.ivillage.com]

Dear Nagios Community,

I'm considering making a project that I'm working on for my employer open
source. They are o.k. with the concept of open source licensing (otherwise I
wouldn't be writing this email). However, before putting the extra effort in
to "clean it up for public consumption", I want to poll the community to see
if there's any interest.

Project:
NWPE: Nagios Web Plugin Executor
Execute service checks remotely, using HTTP[S] as a transport protocol, and
a thin wrapper around CGI as a service check API.
It functions similar to nrpe with the benefit of possibly improving the
performance of perl scripts for service checks (when using apache/mod_perl).

History:
For a home-grown monitoring system, I decided I wanted to go with SNMPv3
agents. The main reason were the authentication and encryption aspects. So,
I created a nice Solaris package of net-snmpd 5.0.7 and was very happy with
it. I am using Nagios to poll all of my servers w/agents. At the time,
SNMPv3 support had not been integrated into check_snmp, so I ventured into
coding my own plugins. Using perl with Net::SNMP was the right solution. One
major advantage my scripts have over check_snmp/snmpget is that I can
retrieve an entire MIB table and reference objects by their description
field (ie: from the hrStorageTable use htStorageDescr to determine the index
into hrStorageUsed/hrStorageSize) and have the script be automatically
flexible when new items are added (ie: additional partitions are mounted,
etc.). So far, I've had miserable success with embedded Perl Nagios (ePN).
It leaks memory like mad (I have to restart at LEAST once a day) and the
number of service checks (1400+) is totally overwhelming my poor UltraII. So
I cooked up an alternative...

Functionality:
A small C program 'nwpe' is called from a Nagios command
(checkcommands.cfg). It is small, and strongly leverages libcurl
(http://curl.sourceforge.net/libcurl/) to connect (via HTTP or HTTPS) and
optionally authenticate to a webserver. An example usage would be:

./nwpe -U https://servicechecker.nagios.org/svc/check_remote_disk -a
"args=--hostname=webserver1 --path=/usr --warning=20% --critical=10%" -u
nagios -p checkITout

"check_remote_disk" is a CGI script written in perl. In my case the
webserver is running mod_perl. It uses Net::SNMP and other perl modules to
perform it's service check. It also invokes a custom perl module I have
written, NWPE (which will hopefully become Nagios::NWPE) that does the
following:

a) parses the POST/GET "args" field with a CGI object into @ARGV for parsing
by Getopt::Long
b) redirects STDOUT to an IO::String to capture all output from the plugin
c) sets the appropriate return value for the state of the service check
(OK/WARNING/CRITICAL/UNKNOWN) in the HTTP Header field "Return-state:"
d) prints the 'cached' output of the plugin on the real STDOUT with
mime-type "text/plain"

Essentially, the NWPE module makes it relatively painless to convert command
line service checks written in perl to CGI/mod_perl service checks.

Finally, after the service check has return the data, the 'nwpe' C program
prints the output of the request on STDOUT and returns the appropriate value
(Return-state:) to Nagios.

Reasoning:
The 'nwpe' system creates:
1) Additional flexibility - any scripting language that can be run from a
webserver (perl/mod_perl/asp/jsp) can be used as a service check
2) Additional scalability - allows you to deploy multiple service check
webservers just about anywhere on any network and leverage HTTP load-balance
technology (Cisco LocalDirector, BigIP, etc.) to distribute the load of
running service checks.
3) Additional performance - using mod_perl to speed up normally slow perl
service check execution
4) Additional security - access to service checks can be authenticated &
encrypted, and use any other access control mechanisms your favorite
webserver provides.

When using nwpe with apache/mod_perl, I see it as combining the best of nrpe
and ePN.

Downsides:
1) I have not integrated performance data into NWPE. However, I suspect it
could easily be added as an additional HTTP Header or something similar
(I've not done any performance data work with Nagios whatsoever).
2) the NWPE perl module is currently rough around the edges. Very rough.
It's the first serious perl module I've written (and bares a striking
resemblance to the stuff in perlboot, perltoot and perlobj).
3) While SSL has been integrated into libcurl for sometime, HTTP
authentication is only part of the 7.10.6 pre-release and I couldn't get
pre3 to work (but pre2 works like a champ). This might make compiling nwpe a
little hairy.
4) nwpe has not been setup with autoconf yet. It's features are slim.

If there's a decent amount of positive response, I will try to see if I
carve out some time to setup a site for NWPE development.

Thanks,
--Tony

--
"Computer science is as much about computers as
        astronomy is about telescopes" -- Edsger Dijkstra
---------------------------------------------------------
Anthony Tonns, UNIX Administrator - atonns at mail.ivillage.com


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null