Well, as some people know, I keep around a small set of packages for my own needs (stuff I need from time to time, packages currently in the distributions but yet too old).
So here are some additions to my small repo (that is so far this month):
- iftop 0.17-7 for SLES10 (i586, x86_64, SRPM) — Rebuild from Fedora’s SRPM
- nagios-nrpe 2.12-1 for SLES10 (i586, x86_64, SRPM) — Rebuild/Bump from my previous SRPM
- nagios 3.0.3-1 for SLES10 — Rebuild/Bump from the original SLES10 SRPM
Disclaimer: I don’t take any responsibility for faults within the software, I just provide the RPM’s! Feel free to ask me about stuff concerning these RPM’s, but I ain’t accountable if your stuff goes kaboom …
Life
RPM, SLES10
Remember my last post about cpu masking ? Well, turns out that you can do it to a “template”.
The only point you don’t need to do, is to mark the VM as a “template“. You still can clone it and move it around and all that other stuff, but the good part is, that the cloned VM keeps the cpu mask set to the “template” *shrug*
I don’t know, why VMware didn’t include that feature into the templates, since it’s a real freaky way to do.
Life
VMotion, VMware Infrastructure
Well, it seems to be getting a “trend” for me, to integrate stuff into our Active Directory. Now that I know why, and how easy that is, I expect to add more stuff. The good thing about the integration is, that you only need to maintain a single source for authorization.
The bad thing about that is, that stuff becomes dependant on the Active Directory (we do have four domain controllers, so that should be fine).
Now, here’s the ssl-(only) apache2 configuration file for my vhost:
<VirtualHost *:80>
## mod_core
DocumentRoot "/usr/share/nagios"
ServerName nagios.barfoo.org
ServerAlias nagios3.barfoo.org
ServerAdmin nagiosadmin@barfoo.org
## mod_rewrite
RewriteEngine On
RewriteRule ^/(.*) https://nagios.barfoo.org/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
## mod_core
DocumentRoot "/usr/share/nagios"
ServerName nagios.barfoo.org
ServerAdmin nagiosadmin@barfoo.org
ScriptAlias /nagios/cgi-bin /usr/lib/nagios/cgi
Alias /nagios /usr/share/nagios
Alias /pnp /usr/share/nagios/html/pnp4nagios
<DirectoryMatch "/usr/(share/nagios|lib/nagios/cgi)">
AllowOverride None
Order deny,allow
Deny from all
Allow from 10.0.0.
Options None
# Authorization
AuthType Basic
AuthName "Nagios Barfoo"
# The authentification provider is mod_ldap
AuthBasicProvider ldap
# mod_ldap is our *only* authentification provider for this!
AuthzLDAPAuthoritative on
# Redirect the userfile requests to /dev/null
AuthUserFile /dev/null
# AD requires an authentication DN to access any records
AuthLDAPBindDN "BARFOO\\ldap_nagios"
AuthLDAPBindPassword "somethingrandom"
# The URL to search in
AuthLDAPURL "ldap://dc0.barfoo.org dc1.barfoo.org dc2.barfoo.org dc3.barfoo.org/OU=Users,dc=barfoo,dc=org?sAMAccountName?sub?(objectClass=*)"
# Search the group membership in the specified group, otherwise it's gonna
# get searched at the binding DN's location
AuthLDAPGroupAttributeIsDN on
Require ldap-group CN=gr_nagios,OU=Groups,DC=barfoo,DC=org
</DirectoryMatch>
## mod_log
ErrorLog /var/log/apache2/nagios.barfoo.org.error_log
TransferLog /var/log/apache2/nagios.barfoo.org.access_log
CustomLog /var/log/apache2/nagios.barfoo.org.ssl_request_log ssl_combined
## mod_ssl
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/nagios.barfoo.org.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/nagios.barfoo.org.key
<Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>As you can see, AuthLDAPUrl holds the four LDAP servers separated by spaces (that’s what the Apache2 documentation says about that), and that actually works.
The only additional thing I had to change from the nagios part is in /etc/nagios/cgi.cfg to allow everyone to issue system commands. Also, if you ever stumble upon extranous chars in the check_nrpe output, update to a newer NRPE version, that fixed it for me (that is on the receiver side - as in the box running the NRPE agent).
Life
Active Directory, Nagios, SLES10, Work