OK, I just set up Nagios monitoring with ipa-healthcheck. In case someone
wants to replicate, this is roughly what I did with Puppet:
FreeIPA Puppet manifest:
Install the package:
+ exec {'/usr/bin/curl
https://copr.fedorainfracloud.org/coprs/rcritten/ipa-healthcheck/repo/epe...
-o /etc/yum.repos.d/rcritten-ipa-healthcheck-epel-7.repo':
+ creates => '/etc/yum.repos.d/rcritten-ipa-healthcheck-epel-7.repo',
+ }
+ ->
+ package {'freeipa-healthcheck':}
Ensure /var/log/audit exists:
+ file {'/var/log/audit/':
+ ensure => directory,
+ }
Run the process daily and put the output in /var/www/html
+ file {'/etc/cron.daily/ipa-healthcheck':
+ content => "#!/bin/sh
+
+/bin/ipa-healthcheck --failures-only --output-file
/var/www/html/ipa-healthcheck
+",
+ mode => "0500",
+ }
Nagios configuration:
define hostgroup {
hostgroup_name ipa
}
define servicegroup{
servicegroup_name ipa-healthcheck
}
define service{
use generic-service
check_command check_http!-S -u /ipa-healthcheck -M 173800 -l -r
'^\[\]$'
service_description ipa-healthcheck
servicegroups ipa-healthcheck
hostgroup_name ipa
}
; I check that /var/www/html/ipa-healthcheck contains [] and that it has
been updated in the last two days + 1000s
Now I just need to add my IPA servers to the ipa hostgroup and they'll
automatically get the check.
Cheers,
Álex
On Mon, Nov 11, 2019 at 8:03 PM Rob Crittenden via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Alex Corcoles wrote:
> On Mon, Nov 11, 2019 at 3:48 PM Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Jones, Bob (rwj5d) via FreeIPA-users wrote:
> > If you’re making these sorts of changes, might I suggest a flag to
> generate Nagios safe output that is just a summary of how many
> warnings/errors were found like the way checkipaconsistency does
> it? Otherwise we will have to come up with a wrapper to parse the
> output and create the correct output format.
>
> I don't know what you mean by "nagios-safe output". Are you
suggesting a
> sort of --summary option that just reports the number and types of
> output?
>
>
> I think the idea is to follow the Nagios plugin API:
>
>
https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/plugi...
>
> Strictly speaking, the output of a Nagios plugin is not so important-
> unless you manage to output "valid" perfdata, Nagios will chug along
> (maybe it will not show pretty service status) and things will just work
> IFF the return code from the process follows the Nagios standards (0:
> OK, 1: WARNING, 2: CRITICAL, 3 or other: UNKNOWN).
>
> IMHO, if the tool provides structured output like it currently does
> (JSON), writing a Nagios wrapper should be "easy" and it wouldn't be
> significantly worse than implementing "Nagios"-mode within
ipa-healthcheck.
>
> OTOH, Nagios is probably one of the most popular monitoring solutions
> right now, IIRC, it's the only monitoring solution that RedHat packages
> in RHEL and a lot of other monitoring solutions can use Nagios plugins,
> so it would be very nice if yum install freeipa-server automatically
> installed a Nagios check.
I looked at this prior to writing healthcheck and managed to write a
generic Nagios handled that slurped in the healthcheck JSON output and
generated items for each one. It was just a POC to see if I was heading
in the right direction but it seemed to work.
I didn't expect that ipa-healthcheck return value would be all that
useful other than "the tool itself blew up"
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/