Ethan Galstad asked me to put together something demonstrating integration
of CFEngine with Nagios but I just haven't had time to do that yet.
(Like automatic configuration of Nagios using CFEngine.)
I've read the blog post, the integration is one way: Nagios tells CFEngine
to restart Apache. -D sets a class, restart_apache2_now, and the policy
must have a rule that says if this class is set, then restart apache2.
So if you want your Nagios installation to invoke CFEngine to push a patch
or repair the state of the machine, you can do it using cf-runagent (which
is the CFEngine 3 equivalent of CFEngine 2 cfrun mentioned in the article).
Your Nagios server would use cf-runagent to "poke" the remote server's
cf-serverd, and would set a class (again, the -D switch:
Define a list of comma separated classes to be sent to a
remote agent
)
and then cf-agent would run on the remote host, and perform whatever repair
is relevant to the context of the -D class.
Because CFEngine is such a flexible tool, it does allow integration with other
system administration tools, like Nagios. Also because it is such a powerful
tool, it can, to a large part subsume other tools. You can also start with
integration and end with subsuming. Just speaking theoretically, my own
environment is a mix of tools.
Aleksey
On Tue, Sep 13, 2011 at 2:56 PM, Jan Muhammad <janm...@yahoo.com> wrote:
> Hi Group,
> I wonder anyone has experience on integrating CFengine with
> Nagios(http://www.nagios.org/). I came across this blog
> post(http://www.sladder.org/?tag=cfengine); but it's not detailed enough to
> follow.
> Considering a large scale network setup, a scenario can be if we want to
> generate some alerts from the patch status monitoring database (e.g. based
> on MySQL DB); that a particular node has a 'Vulnerable' piece of software or
> something (service or firewall etc) is mis-configured. So instead of
> manually installing (a patch or work around), can we generate an
> alert(trigger) from Nagios so that it send me email notification to site
> admin identifying that a 'Vulnerability Found' or 'Invoke' the CFengine
> instance to push a patch or configure the 'hole' on the Vulnerable host in
> an automated way.
>
> Any relevant documentation (paper/links), will be appreciated.
>
> Thanks n advance.
>
> Regards
>
> -Jan
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
>
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
