Rational Configuration Design John Murphy To Prevent Irrational Problem Solving

Introduction Contacts Hosts Services Parents and dependencies Managing exceptions Automation BasicAdvanced

Our Scenario 20123

2011 Contacts

Contact address for support. , SMS, Ticketing, etc Login account for an actual user. No contact information. ContactUser

Contacts define contact { contact_namecu-contact contactgroupscg-main use contact-user } define contactgroup { contactgroup_namecg-main aliasKmart Contact contactgroup_membersvg-team } define contact { name contact-user host_notifications_enabled1 service_notifications_enabled1 host_notification_period24x7 service_notification_period24x7 host_notification_optionsd,u service_notification_optionsc host_notification_commandsnotify-h- service_notification_commands notify-s- register 0 } Contact Definition

Contacts define contact { contact_namevu-jsmurphy contactgroupsvg-team use read-contact } define contactgroup { contactgroup_namevg-team aliasKmart Team } define contactgroup { contactgroup_namecg-main aliasKmart Contact contactgroup_membersvg-team } define contact { name read-contact host_notifications_enabled0 service_notifications_enabled0 host_notification_periodnone service_notification_periodnone host_notification_optionsn service_notification_optionsn host_notification_commandscheck_none service_notification_commands check_none register 0 } User Definition

Contacts ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" SetEnv TZ "Australia/Melbourne" Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthName "Nagios Core" AuthType Basic # AuthUserFile /usr/local/nagios/etc/htpasswd.users # Require valid-user AuthBasicProvider ldap AuthName “Nagios server" AuthzLDAPAuthoritative off AuthLDAPBindDN "CN=bindAccount,OU=User,DC=domain,DC=com" AuthLDAPBindPassword xxxxxxxxx AuthLDAPURL ldaps://domain.com/OU=User,DC=Domain,DC=com?sAMAccountName?sub?(objectClass=user) AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require ldap-group CN=NagiosAccessGroup,OU=Groups,DC=domain,DC=com LDAP/AD For Nagios Core

Contacts Summary Distinguish between your users and your contacts. Use an existing authentication source for your user logins. Consider the end-user experience… try to ensure it’s easy to get the information they need

2011 Hosts

Focus on minimizing host configuration to make automation easier. Use templates to assign user view information. Create host groups based on shared monitoring profiles

Hosts define host { host_nameexchange01 usesrv-template aliasExchange server addressexchange01 parentsswitch001,switch002 hostgroupssrv-exchange, srv-windows icon_imageexchange.png register 1 } define hostgroup { hostgroup_namesrv-windows aliasWindows group } define host { namesrv-template aliasServer host template check_command check_icmp!250.0,60%!500.0,80% max_check_attempts3 check_interval10 retry_interval2 check_period24x7 contact_groupscg-main notification_interval60 notification_period24x7 notification_optionsd,f notifications_enabled1 register0 } Host Definitions

Hosts Summary Minimize configuration in host objects to make automation easier. Hostnames allow for easier maintenance than IP addresses. Create logical host-groupings that will make service assignment easier e.g. OS type, Location, Applications it serves

2011 Services

Keep services as generic as possible to prevent the need for duplicate services. Minimizing service templates allows for easier management and baseline changes. Use service groups for applications

Services define service { service_descriptionWindows C: usage usemain-service-template hostgroup_namesrv-windows,srv-v-windows check_command check_nt!USEDDISKSPACE!-w 80 -c 90 contact_groupscg-main,cg-main-SMS register1 } define service { namemain-service-template service_descriptionmain service template max_check_attempts3 check_interval10 retry_interval2 check_period24x7 notification_interval60 notification_period24x7 notification_optionsc register0 } Service Definitions

The puzzle completed

Services Summary Strike a balance between your service- templates and your service definitions. Service groups are a very useful feature when used appropriately, used inappropriately they are an administrative burden. Device life-cycle happens, ensure your configuration isn’t burdened by over- complexity

2011 Advanced

Good Parenting (or how to not get woken up 20 times at ~3am) Use host parenting Parent indirectly monitored services with service dependencies. ParentingService Dependencies

Indirect Services …And the art of dependencies A typical ESX monitoring setup… Q. But what happens when the vSphere server fails?

Indirect Services …And the art of dependencies A. Something like this

Indirect Services define service { host_name vSphereServer service_descriptionPing dependency use main-service-template check_command check_ping!100,80%!200,90% register 1 } define service { service_descriptionCPU Usage use main-service-template hostgroup_namesrv-v-windows check_commandcheck_esx!CPU contact_groupscg-main register 1 } define servicedependency { dependent_hostgroup_namesrv-v-windows dependent_service_descriptionCPU Usage host_namevSphereServer service_descriptionPing dependency inherits_parent 1 execution_failure_criteriaw,u,c,p notification_failure_criteriaw,u,c dependency_period24x7 } …And the art of dependencies

Managing Exceptions Clearly label exceptions in your config. Make sure you can use the same solution again if necessary Image by Mike Bade: dont-have-feelings_16.htmlhttp://robotseatingpies.blogspot.com.au/2011/06/robots- dont-have-feelings_16.html

Automation (or intrapreneurship ideas for the lazy) Every piece of infrastructure is a potential data source… make use of it! AD/LDAP Servers. Virtual infrastructure API’s. Patching systems. Asset databases. Network management platforms. Network LLDP/CDP tables. SNMP enabled servers. Help I’m running out of space!

2011 Nagios World Conference 26 Q&A

2011 Nagios World Conference 27 Thanks For Listening!