OK, I just set up Nagios monitoring with ipa-healthcheck. In case someone
wants to replicate, this is roughly what I did with Puppet:
FreeIPA Puppet manifest:
Install the package:
+ exec {'/usr/bin/curl
https://copr.fedorainfracloud.org/coprs/rcritten/ipa-healthcheck/repo/epel-7/rcritten-ipa-healthcheck-epel-7.repo
-o /etc/yum.repos.d/rcritten-ipa-healthcheck-epel-7.repo':
+ creates => '/etc/yum.repos.d/rcritten-ipa-healthcheck-epel-7.repo',
+ }
+ ->
+ package {'freeipa-healthcheck':}
Ensure /var/log/audit exists:
+ file {'/var/log/audit/':
+ ensure => directory,
+ }
Run the process daily and put the output in /var/www/html
+ file {'/etc/cron.daily/ipa-healthcheck':
+ content => "#!/bin/sh
+
+/bin/ipa-healthcheck --failures-only --output-file
/var/www/html/ipa-healthcheck
+",
+ mode => "0500",
+ }
Nagios configuration:
define hostgroup {
hostgroup_name ipa
}
define servicegroup{
servicegroup_name ipa-healthcheck
}
define service{
use generic-service
check_command check_http!-S -u /ipa-healthcheck -M 173800 -l -r
'^\[\]$'
service_description ipa-healthcheck
servicegroups ipa-healthcheck
hostgroup_name ipa
}
; I check that /var/www/html/ipa-healthcheck contains [] and that it has
been updated in the last two days + 1000s
Now I just need to add my IPA servers to the ipa hostgroup and they'll
automatically get the check.
Cheers,
Álex
On Mon, Nov 11, 2019 at 8:03 PM Rob Crittenden via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Alex Corcoles wrote:
> > On Mon, Nov 11, 2019 at 3:48 PM Rob Crittenden <rcrit...@redhat.com
> > <mailto:rcrit...@redhat.com>> wrote:
> >
> > Jones, Bob (rwj5d) via FreeIPA-users wrote:
> > > If you’re making these sorts of changes, might I suggest a flag to
> > generate Nagios safe output that is just a summary of how many
> > warnings/errors were found like the way checkipaconsistency does
> > it? Otherwise we will have to come up with a wrapper to parse the
> > output and create the correct output format.
> >
> > I don't know what you mean by "nagios-safe output". Are you
> suggesting a
> > sort of --summary option that just reports the number and types of
> > output?
> >
> >
> > I think the idea is to follow the Nagios plugin API:
> >
> >
> https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/pluginapi.html
> >
> > Strictly speaking, the output of a Nagios plugin is not so important-
> > unless you manage to output "valid" perfdata, Nagios will chug along
> > (maybe it will not show pretty service status) and things will just work
> > IFF the return code from the process follows the Nagios standards (0:
> > OK, 1: WARNING, 2: CRITICAL, 3 or other: UNKNOWN).
> >
> > IMHO, if the tool provides structured output like it currently does
> > (JSON), writing a Nagios wrapper should be "easy" and it wouldn't be
> > significantly worse than implementing "Nagios"-mode within
> ipa-healthcheck.
> >
> > OTOH, Nagios is probably one of the most popular monitoring solutions
> > right now, IIRC, it's the only monitoring solution that RedHat packages
> > in RHEL and a lot of other monitoring solutions can use Nagios plugins,
> > so it would be very nice if yum install freeipa-server automatically
> > installed a Nagios check.
>
> I looked at this prior to writing healthcheck and managed to write a
> generic Nagios handled that slurped in the healthcheck JSON output and
> generated items for each one. It was just a POC to see if I was heading
> in the right direction but it seemed to work.
>
> I didn't expect that ipa-healthcheck return value would be all that
> useful other than "the tool itself blew up"
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_) http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
