We have Nagios configured to do some simple monitoring of our services and machines. It runs on monitor.

Rebuild, May 2011

Started with a new squeeze VM.

Install the following packages

• apache2
• nagios3
  • when asked what web server is being used, select apache2
  • otherwise keep the defaults (and no need to set a password)
  • right after the configuration finishes, copy the newly-added nagios user into /etc/passwd.system
• nagios-plugins
• nagios-snmp-plugins
• nagiosgrapher
• subversion
• libapache2-mod-pubcookie
• pubcookie-key-client
• libdbd-mysql-perl

Configuration steps

• Copy SSL certificate and key to /etc/apache2/monitor.{key,crt}
• Copy club CA certificate to /usr/local/share/ca-certificates. Run update-ca-certificates.
• Configure pubcookie:
  • Edit /etc/pubcookie/config so that:

    ssl_key_file: /etc/apache2/monitor.key
    ssl_cert_file: /etc/apache2/monitor.crt

  • ...

    keymgt_uri: https://webiso.club.cc.cmu.edu:2222

  • Get the pubcookie granting certificate:

    keyclient -G /var/lib/pubcookie/pubcookie_granting.crt

  • Get the shared key for the "monitor" application server:

    keyclient -d

• Configure apache:
  • Edit /etc/apache2/sites-available/default and /etc/apache2/sites-available/default-ssl, adding

        RedirectMatch permanent ^/$ https://monitor.club.cc.cmu.edu/nagios3/

    at the end of the <VirtualHost>

  • Edit /etc/apache2/sites-available/default-ssl so that:

            SSLCertificateFile    /etc/apache2/monitor.crt
            SSLCertificateKeyFile /etc/apache2/monitor.key

    And uncomment:

            SSLCACertificatePath /etc/ssl/certs/

  • Edit /etc/apache2/modules-available/pubcookie.conf, so that:

    PubcookieSessionKeyFile         /etc/apache2/monitor.key
    PubcookieSessionCertFile        /etc/apache2/monitor.crt

  • ...

    PubcookieLogin                  https://webiso.club.cc.cmu.edu/login/

  • ...

    PubcookieDomain                 .club.cc.cmu.edu

  • Edit /etc/apache2/conf.d/nagios3.conf, change from

            AuthName "Nagios Access"
            AuthType Basic
            AuthUserFile /etc/nagios3/htpasswd.users

    to

            PubcookieAppId "Nagios Access"
            AuthType Pubcookie
            #AuthUserFile /etc/nagios3/htpasswd.users

  • Run:

    a2enmod ssl
    a2enmod pubcookie
    a2ensite default-ssl
    /etc/init.d/apache2 restart

• Configure Nagios
  • Divert the configuration files from Debian:

    cd /etc/nagios3
    find pwd -name '*.cfg' -exec dpkg-divert --divert {}.debian --local --rename --add {} \;

  • Get the club configuration from subverison:

    cd /etc/nagios3
    mv conf.d conf.d.orig
    svn co https://svn/cclub/nagios-cfg/trunk .
    /afs/club/system/scripts/perl/make-nagios-hosts.pl conf.d/hosts.input > conf.d/hosts.cfg

  • Check the configuration for validity (in case of upgrade, etc.):

    nagios3 -v /etc/nagios3/nagios.cfg

  • Restart the Nagios daemon so it picks up the configuration:

    /etc/init.d/nagios3 restart

Software

This section and everything below it is old. Be wary!

We're currently running the following on monitor:

• apache2
• nagios2
• nagios2-plugins-basic

Club Specialness

Hack /etc/nagios2/apache2.conf appropriately.

This mostly involves doing Pubcookie (WebISO) authentication.

Do the magicness for external commands described in /usr/share/nagios2/README.debian.

Divert the files debian installs into /etc/nagios2/conf.d out of the way (e.g. from xxx.cfg to xxx.cfg.debian), and then delete them (the diversion is so upgrades don't put them back with names Nagios will notice).

Configuration

The configuration lives in subversion...

I should in the future explain how the configuration works.

CategoryServices CategoryClubServices