We’ll install Shinken with the Thruk web user interface and the PNP4Nagios graphs. We’ll also configure SNMP, NRPE and SSH access to the monitored hosts.
Packages will be installed in /opt unless they are already packaged.
Prepare sources:
mkdir /opt/shinken-dl/
wget http://www.shinken-monitoring.org/pub/shinken-1.4.tar.gz
tar xzf shinken-1.4.tar.gz
Installation:
cd /opt/shinken-dl/shinken-1.4/
TARGET=/opt/shinken SKUSER=shinken SKGROUP=shinken ./install -i
./install -p nagios-plugins
./install -p manubulon # snmp checks
./install -p check_netint # network/trafic checks
sed -i -e 's,/usr/bin/mail,mail,' /opt/shinken/etc/commands.cfg
service_check_timeout=60
- Support long event handlers:
event_handler_timeout=300
- Change in templates.cfg:
- If you need hosts that can’t be ping’d, comment out in generic-host:
#check_command check_host_alive
#notification_period 24x7
#check_period 24x7
notification_interval 1440
event_handler_enabled 1
event_handler test_log_service
In case you need to configure the Shinken mail sender:
echo "shinken shinken-notifications@mydomain.tld" >> /etc/postfix/canonical
postmap /etc/postfix/canonical
cat <<'EOF' >> /etc/postfix/main.cf
sender_canonical_maps = hash:/etc/postfix/canonical
EOF
Shinken also sends mail to none@localhost which is the contact for user ‘guest’. This triggers bounces, so you can auto-trash these mails:
echo 'none: /dev/null' >> /etc/aliases && newaliases
rpm -ivh http://www.thruk.org/files/pkg/v1.76-3/rhel6/x86_64/thruk-1.76-3.rhel6.x86_64.rpm
Thruk is available at: http://YOUR_SHINKEN_IP/thruk/
PNPPREFIX=/opt/pnp4nagios
PNP4Nagios is now linked from Thruk though action_url, and more generally available at http://YOUR_SHINKEN_IP/pnp4nagios/
Let’s enable SNMP on our monitored hosts.
# Install SNMP server:
yum install net-snmp
# Read-only access:
echo "rocommunity public" > /etc/snmp/snmpd.conf
# Don't log each SNMP request:
[ -e /etc/sysconfig/snmpd ] && echo 'OPTIONS="-LS0-4d -Lf /dev/null -p /var/run/snmpd.pid"' >> /etc/sysconfig/snmpd # RHEL6
[ -e /etc/sysconfig/snmpd.options ] && echo 'OPTIONS="-LSwd -Lf /dev/null -p /var/run/snmpd.pid -a"' >> /etc/sysconfig/snmpd.options # RHEL5
# Launch SNMP server on startup:
chkconfig snmpd on
service snmpd restart
Let’s enable NRPE on our monitored hosts (port 5666).
# Activate the EPEL6 repository - install:
http://download.fedoraproject.org/pub/epel/6/i386/repoview/epel-release.html
# Install NRPE server:
yum install nrpe
# Allow access from Shinken poller:
sed -i -e 's/^allowed_hosts=.*/allowed_hosts=127.0.0.1,YOUR_SHINKEN_IP/' /etc/nagios/nrpe.cfg
# Launch NRPE server on startup:
chkconfig nrpe on
service nrpe start
Enable and configure remote checks in /etc/nagios/nrpe.cfg.
Let’s give Shinken access to our monitored hosts, e.g. to execute event handlers or run NRPE through SSH:
On the Shinken Server, generate a SSH key /home/shinken/.ssh/id_rsa:
sudo -u shinken ssh-keygen</code>
On each monitored host:
useradd -r monitaction -m
mkdir -pm 700 ~monitaction/.ssh/
echo "ssh-rsa AAAAB3...EKtMx/9o0ApJl shinken@rh6" > ~monitaction/.ssh/authorized_keys # from /home/shinken/.ssh/id_rsa.pub
chown -R monitaction: ~monitaction/.ssh/
mkdir -pm 750 /etc/sudoers.d/
touch /etc/sudoers.d/local
chmod 440 /etc/sudoers.d/local
Defaults !requiretty
monitaction ALL= NOPASSWD: /sbin/service jbossas7 *
monitaction ALL= NOPASSWD: /sbin/service thunderhead *
monitaction ALL= NOPASSWD: /sbin/service httpd *
Test from the Shinken server:
ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null 192.168.X.X -l monitaction -t sudo /sbin/service httpd reload
Of course, open firewall access from the Shinken server to the monitored host’s SSH.
If you’re interested in Graphite, you can start from this basis:
- network_based_modules_-_graphite_graphing
- use_with_graphite
Additional configuration:
echo "/opt/graphite/bin/carbon-cache.py start" >> /etc/rc.local
chgrp apache /opt/graphite/storage/
chmod g+w /opt/graphite/storage/
sudo -u apache /opt/graphite/bin/python /opt/graphite/webapp/graphite/manage.py runserver # TODO: access from Apache
# Remove the numerous dummy network graphs creating by mistake by Graphite:
echo "rm -f /opt/graphite/storage/whisper/*/shinken/NetworkUsage/*_13????????_.wsp" >> /etc/cron.daily/graphite-cleanup
chmod 755 /etc/cron.daily/graphite-cleanup