Agenda: exercises-nagios-IV-VIII-medium.page

File exercises-nagios-IV-VIII-medium.page, 16.8 KB (added by admin, 5 years ago)
Line 
1% Nagios Installation and Configuration
2%
3# Introduction
4
5## Goals
6
7* Install and configure Nagios
8
9## Notes
10
11* Commands preceded with "$" imply that you should execute the command as
12  a general user - not as root.
13* Commands preceded with "#" imply that you should be working as root.
14* Commands with more specific command lines (e.g. "rtrX>" or "mysql>")
15  imply that you are executing commands on remote equipment, or within
16  another program.
17
18# Exercises
19
20# PART IV - Adding Parent Relationships
21
22Each item is a child of either a switch or a router in our classroom, EXCEPT for
23your gateway router (rtrX) and the other members of your group. We are now going
24to add a "parents" statement for each device we have configured.
25
26If you are unsure of the parent relationships you can look at our classroom Network
27Diagram. Remember, the parent relationships are from the point of view of your Nagios
28instance running on your pc.
29
30## 1. Adding Parents to switches.cfg
31
32~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33$ cd /etc/nagios3/conf.d
34$ sudo editor switches.cfg
35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36
37Update the entry:
38
39~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
40define host {
41    use         generic-host
42    host_name   sw
43    alias       Backbone Switch
44    address     10.10.0.253
45}
46~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
47
48
49to be
50
51
52~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
53define host {
54    use         generic-host
55    host_name   sw
56    alias       Backbone Switch
57    address     10.10.0.253
58    parents     rtrX
59}
60~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
61
62
63Where "rtrX" is the gateway router for your group. I.E., for group 1 you
64would use "rtr1", for group 2, "rtr2" and so forth.
65
66Save and exit from the file.
67
68
69## 2. Adding Parents to routers.cfg
70
71~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72$ sudo editor routers.cfg
73~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
74
75For each entry we will add a "parents" line. So, for the gw definition at
76the top of the file this should now look like:
77
78
79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
80define host {
81    use         generic-host
82    host_name   gw
83    alias       Classrooom Gateway Router
84    address     10.10.0.254
85    parents     sw
86}
87~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
88
89For all the remaining rtrX entries you should, also, add a line that says:
90
91~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92    parents     sw
93~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94
95EXCEPT For the rtrX entry for your group. There should be NO PARENTS entry. If you
96have an entry for "ap1" (classroom wireless access point), then the parents entry is,
97also, "sw" - same as the other routers.
98
99So, if you are in group 2, then the entries for groups 1, 2 and 3 would look like:
100
101
102~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
103define host {
104    use         generic-host
105    host_name   rtr1
106    alias       Group 1 Router
107    address     10.10.1.254
108    parents     sw
109}
110
111define host {
112    use         generic-host
113    host_name   rtr2
114    alias       Group 2 Router
115    address     10.10.2.254
116}
117
118define host {
119    use         generic-host
120    host_name   rtr3
121    alias       Group 3 Router
122    address     10.10.3.254
123    parents     sw
124}
125~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
126
127
128Update the rest of the file correctly and then save and exit from the file.
129
130
131## 3. Adding Parents to pcs.cfg
132
133For all the PC entries you should add a "parents" line that has the router
134for that PC's group. For the noc the parent is the core switch or "sw"
135
136~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
137#
138# Classroom NOC
139#
140
141define host {
142    use         generic-host
143    host_name   noc
144    alias       Workshop NOC machine
145    address     10.10.0.250
146    parents     sw
147}
148
149
150For PCs in Group 1 entries look like:
151
152
153#
154# Group 1
155#
156
157define host {
158    use         generic-host
159    host_name   pc1
160    alias       pc1
161    address     10.10.1.1
162    parents     rtr1
163}
164
165define host {
166    use         generic-host
167    host_name   pc2
168    alias       pc2
169    address     10.10.1.2
170    parents     rtr1
171}
172
173~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
174
175etc
176
177
178
179Do this for all the PCs in the remaining groups. I.E., pc5 in Group 2 has
180a parents statement of:
181
182~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
183     parents    rtr2
184~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
185
186BUT, FOR THE 4 ENTRIES FOR THE PCS IN YOUR GROUP DO NOT ADD ANY PARENTS STATEMENT!
187REPEAT - THE PCS IN YOUR GROUP DO NOT HAVE ANY PARENT ENTRY!
188
189Save and exit from the file.
190
191
192## 4. Restart Nagios and See the Updated Status Map
193
194~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
195$ sudo service nagios3 restart
196~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
197
198If you have errors, fix these and try restarting again.
199
200Open a web browser to http://pcN.ws.nsrc.org/nagios3 and click on the "Map" link
201on the left. Your map should now look quite different. You should see a map that
202represents the Nagios world point of view from your machine.
203
204
205
206# PART V - Create More Host Groups
207
208## 0. Prep
209
210In the web view, look at the pages "Hostgroup Overview", "Hostgroup
211Summary", "Hostgroup Grid". This gives a convenient way to group together
212hosts which are related (e.g. in the same site, serving the same purpose).
213
214## 1. Update /etc/nagios3/conf.d/hostgroups_nagios2.cfg
215
216For the following exercises it will be very useful if we have created
217or update the following hostgroups:
218
219~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
220      debian-servers
221      routers
222      switches
223~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
224 
225If you edit the file /etc/nagios3/conf.d/hostgroups_nagios2.cfg you
226will see an entry for debian-servers that just contains localhost.
227Update this entry to include all the classroom PCs, including the
228noc (this assumes that you created a "noc" entry in your pcs.cfg
229file). Remember to skip your PC entry as it is represented by the
230localhost entry.
231
232~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
233$ sudo editor /etc/nagios3/conf.d/hostgroups_nagios2.cfg
234~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
235
236Update the entry that says:
237
238~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
239# A list of your Debian GNU/Linux servers
240define hostgroup {
241        hostgroup_name  debian-servers
242                alias           Debian GNU/Linux Servers
243                members         localhost
244        }
245~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
246     
247So that the "members" parameter contains something like this. Use your
248classroom network diagram to confirm the exact number of machines and names
249in your workshop.
250
251~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
252  members    localhost,pc1,pc2,pc3,pc4,pc5,pc6,pc7,pc8,pc9,pc10,pc11,pc12, \
253             pc13,pc14,pc15,pc16,pc17,pc18,pc19,pc20,pc21,pc22,pc23,pc24,pc25,\
254             pc26,pc27,pc28,pc29,pc30,pc31,pc32,pc33,pc34,pc35,pc36
255~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
256
257Be sure that the end of the line has a "\" to indicate a new line. Otherwise
258you will get an error when you go to restart Nagios. Remember that your own
259PC is "localhost", so skip your pc entry.
260
261Once you have done this, add one more host group for our classroom switch(es).
262If there is more than just one switch (sw.ws.nsrc.org) include this on the
263members line below, otherwise the entry at the end of the hostgroups_nagios2.cfg
264file should look like (COPY and PASTE):
265
266~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~       
267# A list of our switches
268define hostgroup {
269        hostgroup_name  switches
270                alias           Classroom Switches
271                members         sw
272        }
273~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
274           
275When you are done be sure to verify your work and restart Nagios.
276 
277## 2. Go back to the web interface and look at your new Host Groups in Nagios.
278
279
280# PART VI - Extended Host Information ("making your graphs pretty")
281
282## 1. Update extinfo_nagios2.cfg
283
284If you would like to use appropriate icons for your defined hosts in
285Nagios this is where you do this. We have the three types of devices:
286
287* Cisco routers
288* Cisco switches
289* Ubuntu servers
290
291There is a fairly large repository of icon images available for you to
292use located here:
293
294~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
295/usr/share/nagios/htdocs/images/logos/
296~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
297
298these were installed by default as dependent packages of the nagios3
299package in Ubuntu. In some cases you can find model-specific icons for
300your hardware, but to make things simpler we will use the following
301icons for our hardware:
302
303~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
304/usr/share/nagios/htodcs/images/logos/base/debian.*
305/usr/share/nagios/htdocs/images/logos/cook/router.*
306/usr/share/nagios/htdocs/images/logos/cook/switch.*
307~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
308
309The next step is to edit the file /etc/nagios3/conf.d/extinfo_nagios2.cfg
310and tell nagios what image you would like to use to represent your devices.
311
312~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
313$ sudo editor /etc/nagios3/conf.d/extinfo_nagios2.cfg
314~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
315
316Here is what an entry for your routers looks like (there is already an entry
317for debian-servers that will work as is). Note that the router model (3600)
318is not all that important. The image used represents a router in general.
319
320~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
321define hostextinfo {
322        hostgroup_name   routers
323        icon_image       cook/router.png
324        icon_image_alt   Cisco Routers (7200)
325        vrml_image       router.png
326        statusmap_image  cook/router.gd2
327}
328~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
329
330Note how we can simply use "hostgroup_name routers" as this has already been
331defined in the file hostgroups_nagios2.cfg. This makes configuring multiple, like
332items much simpler.
333
334Now add an entry for your switches. Once you are done check your work and
335restart Nagios. Take a look at the Status Map in the web interface (Map link
336on the left). It should be much nicer, with real icons instead of question marks
337for most items.
338
339
340# PART VII - Create Service Groups
341
342## 1. Create service groups for ssh and http for each set of pcs.
343
344The idea here is to create three service groups. Each service group will
345be for a quarter of the classroom. We want to see these PCs grouped together
346and include status of their ssh and http services. To do this edit
347and create the file:
348
349~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
350$ cd /etc/nagios3/conf.d                        (just to be sure)
351$ sudo editor servicegroups.cfg
352~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
353
354Here is a sample of the service group for group 1:
355
356~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
357define servicegroup {
358        servicegroup_name       group1-services
359        alias                   group 1 services
360        members  pc1,SSH,pc1,HTTP,pc2,SSH,pc2,HTTP,pc3,SSH,pc3,HTTP,pc4,SSH,pc4,HTTP
361        }
362~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
363
364Note that if the members line is too long you can use the "\" at the end to
365create a new line of members just below.
366       
367Note that "SSH" and "HTTP" need to be uppercase as this is how the service_description is
368written in the file /etc/nagios3/conf.d/services_nagios2.cfg
369         
370You should create an entry for other groups of servers too.
371
372CRITICAL - When you create an entry for your group remember to use "localhost" instead
373of your "pcN" name since you have only defined your pc as localhost in the file
374hostgroups_nagios2.cfg.
375
376Save your changes, verify your work and restart Nagios. Now if you click on the
377Service Groups menu item in the Nagios web interface you should see this information
378grouped together.
379     
380
381# PART VIII - Configure Guest Access to the Nagios Web Interface
382
383## 1. You will edit the file /etc/nagios3/cgi.cfg to give read-only guest user access to the Nagios web interface.
384
385By default Nagios is configured to give full r/w access via the Nagios
386web interface to the user nagiosadmin. You can change the name of this
387user, add other users, change how you authenticate users, what users
388have access to what resources and more via the cgi.cfg file.
389
390First, lets create a "guest" user and password in the htpasswd.users
391file.
392     
393~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
394$ sudo htpasswd /etc/nagios3/htpasswd.users guest
395~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
396
397You can use any password you want (or none). A password of "guest" is
398not a bad choice.
399
400Next, edit the file /etc/nagios3/cgi.cfg and look for what type of access
401has been given to the nagiosadmin user. By default you will see the following
402directives (note, there are comments between each directive):
403
404~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
405authorized_for_system_information=nagiosadmin
406authorized_for_configuration_information=nagiosadmin
407authorized_for_system_commands=nagiosadmin
408authorized_for_all_services=nagiosadmin
409authorized_for_all_hosts=nagiosadmin
410authorized_for_all_service_commands=nagiosadmin
411authorized_for_all_host_commands=nagiosadmin
412~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
413
414Now let's tell Nagios to allow the "guest" user some access to
415information via the web interface. You can choose whatever you would
416like, but what is pretty typical is this:
417
418~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
419authorized_for_system_information=nagiosadmin,guest
420authorized_for_configuration_information=nagiosadmin,guest
421authorized_for_system_commands=nagiosadmin
422authorized_for_all_services=nagiosadmin,guest
423authorized_for_all_hosts=nagiosadmin,guest
424authorized_for_all_service_commands=nagiosadmin
425authorized_for_all_host_commands=nagiosadmin
426~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
427
428Note we do not give the guest user access to system commands, service commands
429nor host commands.
430
431Once you make the changes, save the file cgi.cfg, verify your
432work and restart Nagios.
433
434To see if you can log in as the "guest" user you will need to clear
435the cookies in your web browser or open an alternate web browser if you have one.
436You will not notice any difference in the web interface. The difference is that a
437number of items that are available via the web interface (forcing a service/host
438check, scheduling checks, comments, etc.) will not work for the guest user.
439
440## 2. Enable External commands in nagios.cfg
441
442This change is required in order to allow users to "Acknowledge" problems
443with hosts and services in the Web interface.  The default file permissions
444are set up in a secure way to prevent the web interface from updating
445nagios, so you need to make them slightly more permissive.
446
447First, edit the file "/etc/nagios3/nagios.cfg", and change the line:
448
449~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
450        check_external_commands=0
451~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
452
453to
454
455~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
456        check_external_commands=1
457~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
458
459Save the file and exit.
460
461Then, perform the following commands to change directory permissions and
462to make the changes permanent:
463
464~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
465$ sudo /etc/init.d/nagios3 stop
466$ sudo dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
467$ sudo dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
468$ sudo /etc/init.d/nagios3 start
469~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
470
471Once this is done, go to "Problems" > "Services (Unhandled)" and find a
472service in the red (critical) or yellow (warning) state. Click on the
473service name. Then under "Service commands" click on "Acknowledge this
474service problem".
475
476The problem should disappear from the list of unhandled problems.
477