====== openQRM - Nagios ====== ===== Server (openQRM-Rechner) ===== # aptitude install nagios-nrpe-plugin - Plugins - Monitoring - Nagios3 - Config - Automatic Nagios Configuration Hier muss "enable automatic mapping of the openQRM Network" stehen! Es sollte nicht aktiviert sein! ==== Konfiguration ==== meine Spezial-Scripte rein pfeifen: # tar xf check_nagios.tar -C /usr/lib/nagios/plugins/ gepackt wurden Ralf seine Speziel-Scripte so: # cd /usr/lib/nagios/plugins/ && tar cf /tmp/rbf_check_nagios.tar check_*.* Die Original-Kommandos wurden alle in "C" geschrieben und deshalb enthalten die Dateinamen keine Endung. Ralf seine Scripte haben alle eine Script-spezifische Endung. Globale Konfiguration: # vi /etc/nagios3/nagios.cfg Kommando-Konfigurationen: # ls /etc/nagios-plugins/config/ Unsere Ergänzungen: # vi /etc/nagios3/conf.d/generic_www-server_nagios.cfg # check int perf define command{ command_name check_perf_int command_line /usr/lib/nagios/plugins/check_perf.py $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$ $ARG6$ $ARG7$ } #------------------------------------------------------------------------------# # A list of your web servers define hostgroup { hostgroup_name www-server alias WWW servers members } #------------------------------------------------------------------------------# # Generic host definition template - This is NOT a real host, just a template! define host{ name www-server ; The name of this host template notifications_enabled 1 ; Host notifications are enabled event_handler_enabled 1 ; Host event handler is enabled flap_detection_enabled 1 ; Flap detection is enabled failure_prediction_enabled 1 ; Failure prediction is enabled process_perf_data 1 ; Process performance data retain_status_information 1 ; Retain status information across program restarts retain_nonstatus_information 1 ; Retain non-status information across program restarts check_command check-host-alive max_check_attempts 10 notification_interval 0 notification_period 24x7 notification_options d,u,r contact_groups redbusadmin host_groups www-server register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! } ############################################################################### # contacts.cfg ############################################################################### #------------------------------------------------------------------------------# ############################################################################### ############################################################################### # # CONTACTS # ############################################################################### ############################################################################### # In this simple config file, a single contact will receive all alerts. define contact{ contact_name redbusadmin alias redbusadmin service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r host_notification_options d,r service_notification_commands notify-service-by-email host_notification_commands notify-host-by-email email redbusadmin } ############################################################################### ############################################################################### # # CONTACT GROUPS # ############################################################################### ############################################################################### # We only have one contact in this simple configuration file, so there is # no need to create more than one contact group. define contactgroup{ contactgroup_name redbusadmin alias Webserver Administrators members redbusadmin } #------------------------------------------------------------------------------# ############################################################################### ############################################################################### # # CONTACTS # ############################################################################### ############################################################################### # In this simple config file, a single contact will receive all alerts. define contact{ contact_name redbusadminmail alias redbusadminmail service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r host_notification_options d,r service_notification_commands notify-service-by-email host_notification_commands notify-host-by-email email redbusadminmail } ############################################################################### ############################################################################### # # CONTACT GROUPS # ############################################################################### ############################################################################### # We only have one contact in this simple configuration file, so there is # no need to create more than one contact group. define contactgroup{ contactgroup_name redbusadminmail alias Webserver Mail Administrators members redbusadminmail } #------------------------------------------------------------------------------# ############################################################################### ############################################################################### # # CONTACTS # ############################################################################### ############################################################################### # In this simple config file, a single contact will receive all alerts. define contact{ contact_name winadminfstl alias winadminfstl service_notification_period 24x7 host_notification_period 24x7 service_notification_options w,u,c,r host_notification_options d,r service_notification_commands notify-service-by-email host_notification_commands notify-host-by-email email winadminfstl } ############################################################################### ############################################################################### # # CONTACT GROUPS # ############################################################################### ############################################################################### # We only have one contact in this simple configuration file, so there is # no need to create more than one contact group. define contactgroup{ contactgroup_name winadminfstl alias 1st Level members winadminfstl } ==== /opt/bin/nrpe_server_generator.sh ==== #!/bin/bash # # /opt/bin/nrpe_server_generator.sh generic-service testrechner01 192.168.3.208 admins # # vi /usr/share/openqrm/web/action/resource-monitor.php # $COMMAND="nrpe_server_generator.sh"." ".$resource_fields['resource_template']." ".$resource_fields['resource_hname']." ".$resource_fields['resource_ipadresse']." ".$resource_fields['resource_contactgroups']; # VM eth2: ip addr add 10.10.2.38/24 dev eth2 ; ifconfig eth2 up ; ip route add default via 10.10.2.3 # CFGDIR="/etc/nagios3/conf.d/" USETEMPLATE="${1}" HNAME="${2}" IPADRESSE="${3}" CONTACTGROUPS="${4}" #------------------------------------------------------------------------------# . /usr/share/openqrm/etc/openqrm-server.conf . /opt/etc/zimmer_ip.cfg if [ -n "${IPADRESSE}" ] ; then # SELECT ip_address,ip_subnet,ip_gateway,ip_dns1,ip_dns2,ip_domain WEBIPADR="$(echo " SELECT ip_address FROM ${ZIPTABLES} WHERE ip_hostname='${HNAME}' ; " | mysql -N -h ${OPENQRM_DATABASE_SERVER} -u${OPENQRM_DATABASE_USER} -p${OPENQRM_DATABASE_PASSWORD} ${OPENQRM_DATABASE_NAME} )" if [ -z "${WEBIPADR}" ] ; then WEBIPADR="${IPADRESSE}" fi #echo "WEBIPADR='${WEBIPADR}'" fi #------------------------------------------------------------------------------# cat << EOF > ${CFGDIR}/${HNAME}.cfg ############################################################################### # WINDOWS.CFG - SAMPLE CONFIG FILE FOR MONITORING A WINDOWS MACHINE # # Last Modified: 2010-07-09 # # NOTES: This config file assumes that you are using the sample configuration # files that get installed with the Nagios quickstart guide. # ############################################################################### ############################################################################### ############################################################################### # # HOST DEFINITIONS # ############################################################################### ############################################################################### # Define a host for the Windows machine we'll be monitoring # Change the host_name, alias, and address to fit your situation define host{ use ${USETEMPLATE} ; Inherit default values from a template host_name ${HNAME} ; The name we're giving to this host alias ${HNAME} ; longer name associated with the host address ${IPADRESSE} ; IP address of the host } ############################################################################### ############################################################################### # # HOST GROUP DEFINITIONS # ############################################################################### ############################################################################### # Define a hostgroup for Windows machines # All hosts that use the windows-server template will automatically be a member of this group # Define a hostgroup for Windows machines # All hosts that use the windows-server template will automatically be a member of this group ############################################################################### ############################################################################### # # SERVICE DEFINITIONS # ############################################################################### ############################################################################### # Create a service for monitoring the version of NRPE that is installed # Change the host_name to match the name of the host you defined above define service{ use generic-service host_name ${HNAME} service_description Anzahl der User check_command check_nrpe_1arg!check_users contact_groups ${CONTACTGROUPS} } define service{ use generic-service host_name ${HNAME} service_description CPU Load check_command check_nrpe_1arg!check_load contact_groups ${CONTACTGROUPS} } define service{ use generic-service host_name ${HNAME} service_description Disk Root check_command check_nrpe_1arg!check_root contact_groups ${CONTACTGROUPS} } EOF # Der Generator, der die Variable "DYNAMISCHECHECKER" erstellt, # kann nur auf dem Client ausgeführt werden! # # Da wir hier nur mit einem ROOT-Volumen arbeiten, macht das nix. # Für den einen Fall packen wir ein Statische CFG-Sektion rein. # (siehe Sektion über diesem Kommentar) # #echo "${DYNAMISCHECHECKER}" | while read DISK MNTPT WARN CRIT CHECKNM #do #echo " #define service{ # use generic-service # host_name ${HNAME} # service_description Disk ${MNTPT} # check_command check_nrpe_1arg!${CHECKNM} # contact_groups ${CONTACTGROUPS} #} #" #done >> ${CFGDIR}/${HNAME}.cfg cat << EOF >> ${CFGDIR}/${HNAME}.cfg define service{ use generic-service host_name ${HNAME} service_description NTP Check check_command check_nrpe_1arg!check_ntp contact_groups ${CONTACTGROUPS} } #define service{ # use generic-service # host_name ${HNAME} # service_description NTP Check Time # check_command check_ntp_time!${IPADRESSE} # contact_groups ${CONTACTGROUPS} #} #define service{ # use generic-service # host_name ${HNAME} # service_description NTP Check NTPDate # check_command check_ntp.sh!${IPADRESSE} # contact_groups ${CONTACTGROUPS} #} define service{ use generic-service host_name ${HNAME} service_description Ping Check check_command check_ping_web!${WEBIPADR}!200.0,40%!900.0,80%!10!60 contact_groups ${CONTACTGROUPS} } #define service{ # use generic-service # host_name ${HNAME} # service_description MAIL Queue Postfix # check_command check_nrpe_1arg!check_mailq_postfix # contact_groups ${CONTACTGROUPS}mail # } define service{ use generic-service host_name ${HNAME} service_description MAIL Queue Nullmailer check_command check_nrpe_1arg!check_mailq_nullmailer contact_groups ${CONTACTGROUPS}mail } define service{ use generic-service host_name ${HNAME} service_description Procs HTTPD check_command check_nrpe_1arg!check_procs_www contact_groups ${CONTACTGROUPS}mail } define service{ use generic-service host_name ${HNAME} service_description SERVER Perf Check INT check_command check_perf_int!${WEBIPADR}!/check/!n!perfcheck.php!280!400!80000 contact_groups winadminfstl } EOF /etc/init.d/nagios3 restart ==== /opt/bin/nrpe_cfg_generator.sh ==== #!/bin/bash OPENQRM_SERVER_BASE_DIR=$(dirname $0)/../../../.. OPENQRM_SERVER_BASE_DIR=$(pushd $OPENQRM_SERVER_BASE_DIR > /dev/null && echo $PWD && popd > /dev/null) . $OPENQRM_SERVER_BASE_DIR/openqrm/include/openqrm-functions if [ -f $OPENQRM_RESOURCE_PARAMETER_FILE ]; then . $OPENQRM_RESOURCE_PARAMETER_FILE OPENQRM_SERVER_IP=$resource_openqrmserver elif [ -f $OPENQRM_SERVER_BASE_DIR/openqrm/etc/openqrm-server.conf ]; then . $OPENQRM_SERVER_BASE_DIR/openqrm/etc/openqrm-server.conf . $OPENQRM_SERVER_BASE_DIR/openqrm/include/openqrm-server-functions openqrm_server_get_config OPENQRM_SERVER_IP=$OPENQRM_SERVER_IP_ADDRESS resource_id=0 resource_openqrmserver=$OPENQRM_SERVER_IP_ADDRESS openqrm_web_protocol=$OPENQRM_WEB_PROTOCOL fi OPENQRM_POSTENCODE="$OPENQRM_SERVER_BASE_DIR/openqrm/sbin/openqrm-postencode" # let only root run this script WHOAMI=`whoami` if [ "$WHOAMI" != "root" ]; then echo "ERROR: Please run this script as root!" exit 6 fi OPENQRM_NRPE_INI="$OPENQRM_SERVER_BASE_DIR/openqrm/plugins/nagios3/etc/nrpe_cfg_generator.ini" if [ -r $OPENQRM_NRPE_INI ] ; then . $OPENQRM_NRPE_INI else echo "Die Datei $OPENQRM_NRPE_INI fehlt, ABBRUCH!!!" exit 1 fi mkdir -p /opt/etc # /dev/sda3 / 15% 10% check_root # /dev/sda4 /home 15% 10% check_home DYNAMISCHECHECKER="$(mount | egrep '^/dev/' | awk '{print $1,$3}' | while read DISK MNTP REST do echo -n "${DISK} ${MNTP} ${CHECK_DISK_W} ${CHECK_DISK_C} " echo "${MNTP}" | tr -d '/' | sed -e 's/.*/check_&/' -e 's/check_$/check_root/' done)" #------------------------------------------------------------------------------# cat << EOF > ${KONFIG} ############################################################################# # Sample NRPE Config File # Written by: Ethan Galstad (nagios@nagios.org) # # Last Modified: 11-23-2007 # # NOTES: # This is a sample configuration file for the NRPE daemon. It needs to be # located on the remote host that is running the NRPE daemon, not the host # from which the check_nrpe client is being executed. ############################################################################# # LOG FACILITY # The syslog facility that should be used for logging purposes. log_facility=daemon # PID FILE # The name of the file in which the NRPE daemon should write it's process ID # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. pid_file=${PIDFILE} # PORT NUMBER # Port number we should wait for connections on. # NOTE: This must be a non-priviledged port (i.e. > 1024). # NOTE: This option is ignored if NRPE is running under either inetd or xinetd server_port=${SERVERPORT} # SERVER ADDRESS # Address that nrpe should bind to in case there are more than one interface # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd server_address=${IPADRESSE} # NRPE USER # This determines the effective user that the NRPE daemon should run as. # You can either supply a username or a UID. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd nrpe_user=nagios # NRPE GROUP # This determines the effective group that the NRPE daemon should run as. # You can either supply a group name or a GID. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd nrpe_group=nagios # ALLOWED HOST ADDRESSES # This is an optional comma-delimited list of IP address or hostnames # that are allowed to talk to the NRPE daemon. # # Note: The daemon only does rudimentary checking of the client's IP # address. I would highly recommend adding entries in your /etc/hosts.allow # file to allow only the specified host to connect to the port # you are running this daemon on. # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd allowed_hosts=${ALLOWEDHOSTS} # COMMAND ARGUMENT PROCESSING # This option determines whether or not the NRPE daemon will allow clients # to specify arguments to commands that are executed. This option only works # if the daemon was configured with the --enable-command-args configure script # option. # # *** ENABLING THIS OPTION IS A SECURITY RISK! *** # Read the SECURITY file for information on some of the security implications # of enabling this variable. # # Values: 0=do not allow arguments, 1=allow command arguments dont_blame_nrpe=1 # COMMAND PREFIX # This option allows you to prefix all commands with a user-defined string. # A space is automatically added between the specified prefix string and the # command line from the command definition. # # *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** # Usage scenario: # Execute restricted commmands using sudo. For this to work, you need to add # the nagios user to your /etc/sudoers. An example entry for alllowing # execution of the plugins from might be: # # nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ # # This lets the nagios user run all commands in that directory (and only them) # without asking for a password. If you do this, make sure you don't give # random users write access to that directory or its contents! # command_prefix=/usr/bin/sudo # DEBUGGING OPTION # This option determines whether or not debugging messages are logged to the # syslog facility. # Values: 0=debugging off, 1=debugging on debug=0 # COMMAND TIMEOUT # This specifies the maximum number of seconds that the NRPE daemon will # allow plugins to finish executing before killing them off. command_timeout=60 # CONNECTION TIMEOUT # This specifies the maximum number of seconds that the NRPE daemon will # wait for a connection to be established before exiting. This is sometimes # seen where a network problem stops the SSL being established even though # all network sessions are connected. This causes the nrpe daemons to # accumulate, eating system resources. Do not set this too low. connection_timeout=300 # WEEK RANDOM SEED OPTION # This directive allows you to use SSL even if your system does not have # a /dev/random or /dev/urandom (on purpose or because the necessary patches # were not applied). The random number generator will be seeded from a file # which is either a file pointed to by the environment valiable $RANDFILE # or $HOME/.rnd. If neither exists, the pseudo random number generator will # be initialized and a warning will be issued. # Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness #allow_weak_random_seed=1 # INCLUDE CONFIG FILE # This directive allows you to include definitions from an external config file. #include= # INCLUDE CONFIG DIRECTORY # This directive allows you to include definitions from config files (with a # .cfg extension) in one or more directories (with recursion). #include_dir= #include_dir= # COMMAND DEFINITIONS # Command definitions that this daemon will run. Definitions # are in the following format: # # command[]= # # When the daemon receives a request to return the results of # it will execute the command specified by the argument. # # Unlike Nagios, the command line cannot contain macros - it must be # typed exactly as it should be executed. # # Note: Any plugins that are used in the command lines must reside # on the machine that this daemon is running on! The examples below # assume that you have plugins installed in a ${PREFIX}/libexec # directory. Also note that you will have to modify the definitions below # to match the argument format the plugins expect. Remember, these are # examples only! # The following examples use hardcoded command arguments... command[check_users]=${PREFIX}/check_users -w "${CHECK_USERS_W}" -c "${CHECK_USERS_C}" command[check_load]=${PREFIX}/check_load -w "${CHECK_LOAD_W}" -c "${CHECK_LOAD_C}" EOF #------------------------------------------------------------------------------# echo "${DYNAMISCHECHECKER}" | awk -v prefix="${PREFIX}" '{print "command["$5"]="prefix"/check_disk -w",$3,"-c",$4,"-r",$1}' >> ${KONFIG} #------------------------------------------------------------------------------# cat << EOF >> ${KONFIG} command[check_swap]=${PREFIX}/check_swap -w "${CHECK_SWAP_W}" -c "${CHECK_SWAP_C}" command[check_zombie_procs]=${PREFIX}/check_procs -w "${CHECK_ZOMBIE_PROCS_W}" -c "${CHECK_ZOMBIE_PROCS_C}" -s "${CHECK_ZOMBIE_PROCS_S}" command[check_total_procs]=${PREFIX}/check_procs -w "${CHECK_TOTAL_PROCS_W}" -c "${CHECK_TOTAL_PROCS_C}" command[check_ntp]=${PREFIX}/check_ntp -H "${CHECK_NTP_H}" -w "${CHECK_NTP_W}" -c "${CHECK_NTP_C}" #command[check_mysql_perf]=${PREFIX}/check_mysql_perf -H "${CHECK_MYSQL_PERF_H}" -P "${CHECK_MYSQL_PERF_PORT}" -u "${CHECK_MYSQL_PERF_USR}" -p "${CHECK_MYSQL_PERF_PORT}" -w "${CHECK_MYSQL_PERF_W}" -c "${CHECK_MYSQL_PERF_C}" -m "${CHECK_MYSQL_PERF_M}" command[check_procs_www]=${PREFIX}/check_procs -w 270 -c 295 -a httpd2-prefork # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for # command arguments *AND* the dont_blame_nrpe directive in this # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. #command[check_users]=${PREFIX}/check_users -w $ARG1$ -c $ARG2$ #command[check_load]=${PREFIX}/check_load -w $ARG1$ -c $ARG2$ #command[check_disk]=${PREFIX}/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ #command[check_procs]=${PREFIX}/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ command[check_mailq_postfix]=${PREFIX}/check_mailq -w 200 -c 300 -M postfix command[check_mailq_nullmailer]=${PREFIX}/check_mailq.pl -w 200 -c 300 -M nullmailer EOF #------------------------------------------------------------------------------# ==== /opt/etc/nrpe_cfg_generator.ini ==== PREFIX="/usr/lib/nagios/plugins" CFGDIR="/etc/nagios" KONFIG="${CFGDIR}/nrpe.cfg" PIDFILE="/var/run/nrpe.pid" HNAME="$(hostname -f | awk '{ print tolower($0) }')" IPADRESSE="$(ifconfig -a | egrep 'inet Adresse:|inet addr' | awk '{print $2}' | awk -F':' '{print $2}' | egrep -v '^$' | head -1)" SERVERPORT="5666" ALLOWEDHOSTS="10.10.2.220,10.10.2.221,10.10.2.222,10.10.5.80,10.10.5.81,10.10.5.82" CHECK_USERS_W="5" CHECK_USERS_C="10" CHECK_LOAD_W="15,10,5" CHECK_LOAD_C="30,25,20" CHECK_DISK_W="15%" CHECK_DISK_C="10%" CHECK_SWAP_W="30%" CHECK_SWAP_C="20%" CHECK_ZOMBIE_PROCS_W="5" CHECK_ZOMBIE_PROCS_C="10" CHECK_ZOMBIE_PROCS_S="Z" CHECK_TOTAL_PROCS_W="150" CHECK_TOTAL_PROCS_C="200" #CHECK_NTP_H="127.0.0.1" CHECK_NTP_H="10.10.5.80" CHECK_NTP_W="1" # bitte nur ganzzahlige Werte verwenden CHECK_NTP_C="5" # bitte nur ganzzahlige Werte verwenden CHECK_MYSQL_PERF_H="127.0.0.1" CHECK_MYSQL_PERF_PORT="3306" CHECK_MYSQL_PERF_USR="bs" CHECK_MYSQL_PERF_P="" CHECK_MYSQL_PERF_W="160" CHECK_MYSQL_PERF_C="198" CHECK_MYSQL_PERF_M="threads-connected" USETEMPLATE="www-server" CONTACTGROUPS="redbusadmin" TIMESERVER="10.10.5.80" ==== Plugin für den Client verpacken ==== Das Archiv, welches bei jedem Client-Start gesaugt und ausgepackt wird, heißt **/usr/share/openqrm/plugins/nagios3/web/boot-service-nagios3.tgz**. Hier liegt normalerweise nur das "Start-Stop-Script" drin, jetzt müssen die neuen Datei mit rein. #!/bin/sh cd /opt/bin/ || exit 1 cd /opt/ tar cvzf boot-service-nagios3.tgz bin/nrpe_cfg_generator.sh etc/nrpe_cfg_generator.ini etc/init.d/nagios3 && cat boot-service-nagios3.tgz > /usr/share/openqrm/plugins/nagios3/web/boot-service-nagios3.tgz ===== Client (VM) ===== # aptitude -y install nagios-nrpe-server nagios-plugins-extra Der Rest wird vom openQRM-Clienten erledigt.