View
48
Download
0
Category
Tags:
Preview:
DESCRIPTION
Rational Configuration Design. To Prevent Irrational Problem Solving. John Murphy. Introduction. Basic. Advanced. Parents and dependencies Managing exceptions Automation. Contacts Hosts Services. Our Scenario. Contacts. Contacts. Contact. User. Login account for an actual user. - PowerPoint PPT Presentation
Citation preview
Rational Configuration Design
John Murphy
To Prevent Irrational Problem Solving
Introduction
Contacts
Hosts
Services
2012 2
Parents and dependencies
Managing exceptions
Automation
Basic Advanced
Our Scenario
2012 3
Contacts
Contacts
Contact address for support.
Email, SMS, Ticketing, etc.
2012 5
Login account for an actual user.
No contact information.
Contact User
Contacts
define contact { contact_name cu-contact contactgroups cg-main email servers@domain.com use contact-user } define contactgroup { contactgroup_name cg-main alias Kmart Contact contactgroup_members vg-team }
2012 6
define contact { name contact-
user host_notifications_enabled 1 service_notifications_enabled 1 host_notification_period 24x7 service_notification_period 24x7 host_notification_options d,u service_notification_options c host_notification_commands notify-h-
email service_notification_commands notify-s-email register 0 }
Contact Definition
Contacts
define contact { contact_name vu-jsmurphy contactgroups vg-team use read-contact } define contactgroup { contactgroup_name vg-team alias Kmart Team }
define contactgroup { contactgroup_name cg-main alias Kmart Contact contactgroup_members vg-team }
2012 7
define contact { name read-
contact host_notifications_enabled 0 service_notifications_enabled 0 host_notification_period none service_notification_period none host_notification_options n service_notification_options n host_notification_commands
check_none service_notification_commands check_none register 0 }
User Definition
Contacts
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"<Directory "/usr/local/nagios/sbin"> SetEnv TZ "Australia/Melbourne" Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Core" AuthType Basic # AuthUserFile /usr/local/nagios/etc/htpasswd.users # Require valid-user
AuthBasicProvider ldap AuthName “Nagios server" AuthzLDAPAuthoritative off AuthLDAPBindDN "CN=bindAccount,OU=User,DC=domain,DC=com" AuthLDAPBindPassword xxxxxxxxx AuthLDAPURL ldaps://domain.com/OU=User,DC=Domain,DC=com?sAMAccountName?sub?(objectClass=user) AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require ldap-group CN=NagiosAccessGroup,OU=Groups,DC=domain,DC=com</Directory>
2012 8
LDAP/AD For Nagios Core
Contacts Summary
Distinguish between your users and your contacts.
Use an existing authentication source for your user logins.
Consider the end-user experience… try to ensure it’s easy to get the information they need.
2012 9
Hosts
Hosts
Focus on minimizing host configuration to make automation easier.
Use templates to assign user view information.
Create host groups based on shared monitoring profiles.
2012 11
Hosts
define host { host_name exchange01 use srv-template alias Exchange server address exchange01 parents switch001,switch002 hostgroups srv-exchange, srv-windows icon_image exchange.png register 1 }
define hostgroup { hostgroup_name srv-windows alias Windows group }
2012 12
define host { name srv-template alias Server host template check_command check_icmp!250.0,60%!
500.0,80% max_check_attempts 3 check_interval 10 retry_interval 2 check_period 24x7 contact_groups cg-main notification_interval 60 notification_period 24x7 notification_options d,f notifications_enabled 1 register 0}
Host Definitions
Hosts Summary
Minimize configuration in host objects to make automation easier.
Hostnames allow for easier maintenance than IP addresses.
Create logical host-groupings that will make service assignment easier e.g. OS type, Location, Applications it serves.
2012 13
Services
Services
Keep services as generic as possible to prevent the need for duplicate services.
Minimizing service templates allows for easier management and baseline changes.
Use service groups for applications.
2012 15
Services
define service { service_description Windows C: usage use main-service-template hostgroup_name srv-windows,srv-v-
windows check_command
check_nt!USEDDISKSPACE!-w 80 -c 90 contact_groups cg-main,cg-main-SMS register 1 }
2012 16
define service { name main-service-template service_description main service template max_check_attempts 3 check_interval 10 retry_interval 2 check_period 24x7 notification_interval 60 notification_period 24x7 notification_options c register 0}
Service Definitions
The puzzle completed
2012 17
Services Summary
Strike a balance between your service-templates and your service definitions.
Service groups are a very useful feature when used appropriately, used inappropriately they are an administrative burden.
Device life-cycle happens, ensure your configuration isn’t burdened by over-complexity.
2012 18
Advanced
Good Parenting (or how to not get woken up 20 times at ~3am)
Use host parenting.
Use host parenting.
Use host parenting.
2012 20
Parent indirectly monitored services with service dependencies.
Parenting Service Dependencies
Indirect Services
2012 21
…And the art of dependenciesA typical ESX monitoring setup…
Q. But what happens when the vSphere server fails?
Indirect Services
2012 22
…And the art of dependenciesA. Something like this
Indirect Services
define service { host_name vSphereServer service_description Ping dependency use main-service-template check_command check_ping!100,80%!200,90% register 1}
define service { service_description CPU Usage use main-service-template hostgroup_name srv-v-windows check_command check_esx!CPU contact_groups cg-main register 1}
2012 23
define servicedependency { dependent_hostgroup_name srv-v-windows dependent_service_description CPU Usage host_name vSphereServer service_description Ping
dependency inherits_parent 1 execution_failure_criteria w,u,c,p notification_failure_criteria w,u,c dependency_period 24x7}
…And the art of dependencies
Managing Exceptions
Clearly label exceptions in your config.
Make sure you can use the same solution again if necessary.
2012 24
Image by Mike Bade: http://robotseatingpies.blogspot.com.au/2011/06/robots-dont-have-feelings_16.html
Automation (or intrapreneurship ideas for the lazy)
Every piece of infrastructure is a potential data source… make use of it!
AD/LDAP Servers.
Virtual infrastructure API’s.
Patching systems.
Asset databases.
Network management platforms.
Network LLDP/CDP tables.
SNMP enabled servers.
Help I’m running out of space!
2012 25
Q&A
Thanks For Listening!
Recommended