My Nagios Deployment History

This page collects a bunch of information meant for personal use. This is NOT an official document on Nagios or Nagios installation at CERN.

Installation and configuration

For the installation I used a single virtual machine, and followed the instruction at GridMonitoringNcgYaim. YAIM terminated successfully.

Issues

  • Nagios is not started when configuring it with Yaim.

The httpd and nagios service are correctly running.

The file /var/log/httpd/error_log has:
[Tue Apr 07 09:31:53 2009] [error] [client 127.0.0.1] Directory index forbidden by rule: /var/www/html/
The httpd server answers correctly to http requests but there are problems with https:

[root@vtb-generic-80 yum.repos.d]# curl http://localhost/
HELLO GIANNI!
[root@vtb-generic-80 yum.repos.d]# curl https://localhost/
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

This problem has been solved appending the BitFace CA certificate to the file /usr/share/ssl/certs/ca-bundle.crt and adding the line

SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
to the file /etc/httpd/conf.d/ssl.conf. This line was removed from that file by YAIM during the nagios configuration. Yet, the curl https://localhost/ test gives the same error. At this point one should be able to see the Nagios web interface at: https://SERVER_NAME/nagios/.

Monitoring a Linux machine with native checks

Using NRPE

For installing and using NRPE the following document has been used NRPE2.0. Thanks to Ethan Galstad for writing such a clear introduction!

Issues

  • NRPE configuration: on a SLC4 machine, where the FTS service was installed, the configuration failed because the C compiler was missing. It has been installed with 'yum install gcc'. Then the configuration script failed for missing SSL headers, they have been installed with 'yum install openssl-devel'.
  • iptables configuration: if you get the following error when inserting a rule in the iptables chain:
[root@lxbra2310 nrpe-2.12]# iptables -I INPUT -p tcp -m tcp --dport 5666 -j accept
iptables v1.2.11: Couldn't load target `accept':/lib/iptables/libipt_accept.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
you need to change '-j accept' into '-j ACCEPT'.
  • iptables: the Nagios host cannot execute the check_nrpe on the remote host:
[root@vtb-generic-69 nrpe-2.12]# /usr/local/nagios/libexec/check_nrpe -H 128.142.182.87   
Connection refused by host

Do not ask me why, after re-executing the previous iptables -I command, the problem disappeared, now the remote host is correctly contacted:

[root@vtb-generic-69 nrpe-2.12]# /usr/local/nagios/libexec/check_nrpe -H 128.142.182.87
NRPE v2.12

I found out that on the monitored machine there is cron job that runs hourly with the purpose of maintaining a certain configuration of the firewall, the right setup for a production environment has to be clarified.

After this, the check_nrpe!check_load service has been added to the object definition for the remote host and it worked fine. The service details window in Nagios looks like the following picture: Screnshot1.png

Using specific Grid tests without proxy

For this test we used the FTS-basic tests available from the certification tests repository. The bash script FTS-basic check the host, the Tomcat server and the LDAP server. For this test the test script has been copied to the /tmp directory and owned by the group nagioscmd.

At this point, the object created to manage the FTS host checks is fts32.cfg

-- GianniPucciani - 07 Apr 2009

Topic attachments
I Attachment History Action Size Date Who Comment
PNGpng screenshot1.png r1 manage 61.3 K 2009-04-20 - 17:11 GianniPucciani service details nagios screenshot
Edit | Attach | Watch | Print version | History: r15 | r10 < r9 < r8 < r7 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r8 - 2009-04-21 - GianniPucciani
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback