Archive for the ‘Nagios’ Category

Apache: setting up ldap for authentication for Nagios

Thursday, December 3rd, 2009

We already have LDAP running in my environment. So, with SLES 10 SP3 and Apache here is a quick way to get your web based Nagios application using your LDAP system.

  1. Set up your nagios.conf file under /etc/apache2/conf.d
  2. Add the following lines to the nagios share
       AuthName   LDAP_Auth_Test                  
       AuthBasicProvider ldap                     
       AuthzLDAPAuthoritative off
       AuthLDAPBindDN uid=your user name,dc=your domain,dc=com
       AuthLDAPBindPassword  password for your user name                         
       AuthLDAPURL ldap://ldap.com:389/dc=your value
    ,dc=your value,dc=com?uid?
    
  3. Change the permissions on the nagios.conf file to 400 with the Apache user as the owner. The reason is for security and the only user that needs to read the file is Apache. Don’t worry, root will be able to modify the file.
  4. Vi /etc/sysconfig/apache2 and add the following to the APACHE_MODULES section: authnz_ldap ldap
  5. Start Apache and you are finished. When someone connects to the application, they will receive the authentication text box, so they can enter their userid and password before entering the application.

NOTE: Users are only authenticating against the application. Once they leave the web application, they will be required to authenticate against your proxy server. That is considering you are running Nagios internally with apache on the same host.

Enjoy and I hope this helps.

Nagios: ndoutils giving problem with remote database connection

Thursday, December 3rd, 2009

I am in the middle of building a green Nagios environment. That means I am deploying virtual servers to do the work. That platform is SLES 10 SP3 x64 on an IBM x3550, set for full virtulization in the BIOS. Our environment is so large, 2000+ hosts and 3000+ services that we broke Nagios into two sections. The two sections are: retail and corporate.

Breaking the areas down required two virtual hosts. A third virtual host was introduced to run the databases. When I said databases, I created two nagios databases to separate the data from both areas. The problem I encounted was with ndoutils. It just loved not to work properly at first, then I took some steps and had the data writing to a remote database.

First I compiled ndoutils-1.4b7. I gave the following arguments:

sudo ./configure \
--prefix=/opt/nagios \
--with-mysql-lib=/usr/lib64/mysql \
--with-mysql-inc=/usr/include/mysql \ #You will have to install mysql-devel

After that finished I performed a sudo make, then copied the files to their respective directories as indicated in the README file.

ndo2db.cfg

  1. I created the var directory under my Nagios install and changed ownership to nagios:nagcmd.
  2. I changed the paths for the various sockets to my Nagios installation path.
  3. Changed the db_name to whatever the database is called.
  4. Changed the db_host to the FQDN of the virtual database server.
  5. Set the db_user and db_password up for the nagios user.
  6. Saved my changes and closed the file.

ndomod.cfg

  1. I just changed the path of the files to my nagios installation path.
  2. Saved the changes and closed the file.

nagios.cfg

  1. Since I am using Nagios 3, all I had to do was uncomment the broker agent.
  2. I saved the changes and closed the file.

Here is where the fun comes in to play. I was experiencing a problem with ndomod being unable to establish a data sync. So I went to the database host and performed the following functions:

  1. I untarred the ndoutils package on the database server.
  2. I logged into mysql and created the databases.
  3. I modified the mysql.sql file in the ndoutils package to reflect the database name.
  4. Then I ran sudo mysql < mysql.sql. That created the tables within each database.
  5. I then set up the nagios account in mysql using mysql_setpermissions. I gave nagios access to all the databases from anywhere and set the password I established in the ndo2db.cfg file. That is very lax on my part, but the only one using the databases will be the nagios user.

I then started nagios and ndomod on both the virtual hosts. Then performed a netstat -a and was able to see the sockets connecting to my database server. I then performed a mysql query on the database server with a select * from nagios_objects; and saw the tables being populated on both databases.

I hope this helps someone else, because I wrapped my head around this for two days before stumbling on this solution.