• Services
• Club Nagios

We have Nagios configured to do some simple monitoring of our services and machines. It runs on monitor.

Updating configuration

If you're just updating a bit of configuration because dependencies or IPs have changed, this is probably all you need:

ssh monitor
ksu -l
cd /etc/nagios3/conf.d/
# Edit any relevant monitoring exceptions:
edit hosts.input
# Generate the config:
/afs/club/system/scripts/perl/make-nagios-hosts.pl -l what_xen.login hosts.input > hosts.cfg.new
diff -U3 hosts.cfg{,.new}
# Give it a good hard look, because sometimes weird things jump out.
# When you're satisfied, swap the old for the new:
mv hosts.cfg{,.old}
mv hosts.cfg{.new,}
# Run a pre-flight check:
nagios3 -v /etc/nagios3/nagios.cfg
# If no errors or warnings, restart the daemon:
/etc/init.d/nagios3 restart

Then go be happy.

Details on rebuild

The last rebuild, in 2011-05, started with a new squeeze VM.

Install the following packages

• apache2
• nagios3
  • when asked what web server is being used, select apache2
  • otherwise keep the defaults (and no need to set a password)
  • right after the configuration finishes, copy the newly-added nagios user into /etc/passwd.system
• nagios-plugins
• nagios-snmp-plugins
• nagiosgrapher
• subversion
• libapache2-mod-pubcookie
• pubcookie-key-client
• libdbd-mysql-perl

Configuration steps

• Copy SSL certificate and key to /etc/apache2/monitor.{key,crt}
• Copy club CA certificate to /usr/local/share/ca-certificates. Run update-ca-certificates.
• Configure pubcookie:
  • Edit /etc/pubcookie/config so that:

    ssl_key_file: /etc/apache2/monitor.key
    ssl_cert_file: /etc/apache2/monitor.crt

  • ...

    keymgt_uri: https://webiso.club.cc.cmu.edu:2222

  • Get the pubcookie granting certificate:

    keyclient -G /var/lib/pubcookie/pubcookie_granting.crt

  • Get the shared key for the "monitor" application server:

    keyclient -d

• Configure apache:
  • Edit /etc/apache2/sites-available/default and /etc/apache2/sites-available/default-ssl, adding

        RedirectMatch permanent ^/$ https://monitor.club.cc.cmu.edu/nagios3/

    at the end of the <VirtualHost>

  • Edit /etc/apache2/sites-available/default-ssl so that:

            SSLCertificateFile    /etc/apache2/monitor.crt
            SSLCertificateKeyFile /etc/apache2/monitor.key

    And uncomment:

            SSLCACertificatePath /etc/ssl/certs/

  • Edit /etc/apache2/modules-available/pubcookie.conf, so that:

    PubcookieSessionKeyFile         /etc/apache2/monitor.key
    PubcookieSessionCertFile        /etc/apache2/monitor.crt

  • ...

    PubcookieLogin                  https://webiso.club.cc.cmu.edu/login/

  • ...

    PubcookieDomain                 .club.cc.cmu.edu

  • Edit /etc/apache2/conf.d/nagios3.conf, change from

            AuthName "Nagios Access"
            AuthType Basic
            AuthUserFile /etc/nagios3/htpasswd.users

    to

            PubcookieAppId "Nagios Access"
            AuthType Pubcookie
            #AuthUserFile /etc/nagios3/htpasswd.users

  • Run:

    a2enmod ssl
    a2enmod pubcookie
    a2ensite default-ssl
    /etc/init.d/apache2 restart

• Configure Nagios
  • Divert the configuration files from Debian:

    cd /etc/nagios3
    find pwd -name '*.cfg' -exec dpkg-divert --divert {}.debian --local --rename --add {} \;

  • Get the club configuration from subverison:

    cd /etc/nagios3
    mv conf.d conf.d.orig
    svn co https://svn/cclub/nagios-cfg/trunk .
    /afs/club/system/scripts/perl/make-nagios-hosts.pl conf.d/hosts.input > conf.d/hosts.cfg

  • Check the configuration for validity (in case of upgrade, etc.):

    nagios3 -v /etc/nagios3/nagios.cfg

  • Restart the Nagios daemon so it picks up the configuration:

    /etc/init.d/nagios3 restart

Software

This section and everything below it is old. Be wary!

We're currently running the following on monitor:

• apache2
• nagios2
• nagios2-plugins-basic

Club Specialness

Hack /etc/nagios2/apache2.conf appropriately.

This mostly involves doing Pubcookie (WebISO) authentication.

Do the magicness for external commands described in /usr/share/nagios2/README.debian.

Divert the files debian installs into /etc/nagios2/conf.d out of the way (e.g. from xxx.cfg to xxx.cfg.debian), and then delete them (the diversion is so upgrades don't put them back with names Nagios will notice).

Configuration

The configuration lives in subversion...

I should in the future explain how the configuration works.

stroucki's config hacks

As requested at 小亚洲 on 2015-05-23:- removing a host from nagios: remove the host stanza from hosts.cfg, and anywhere else it may appear (like hostgroup definitions etc). For cclub secret sauce, remove any entry in hosts.info. /etc/init.d/nagios3 reload will check for syntax errors before reloading configuration for a running nagios

nagircbot

Runs out of /etc/rc.local. It is configured via command line arguments.

CategoryServices CategoryClubServices