27
Rational Configuration Desig John Murphy To Prevent Irrational Problem Solving

Rational Configuration Design John Murphy To Prevent Irrational Problem Solving

Embed Size (px)

Citation preview

Rational Configuration Design

John Murphy

To Prevent Irrational Problem Solving

Introduction

Contacts

Hosts

Services

2012 2

Parents and dependencies

Managing exceptions

Automation

Basic Advanced

Our Scenario

2012 3

Contacts

Contacts

Contact address for support.

Email, SMS, Ticketing, etc.

2012 5

Login account for an actual user.

No contact information.

Contact User

Contacts

define contact {        contact_name cu-contact        contactgroups cg-main        email [email protected]        use                                 contact-user        } define contactgroup {        contactgroup_name cg-main        alias Kmart Contact        contactgroup_members vg-team        }

2012 6

define contact {        name                                    contact-

user        host_notifications_enabled 1        service_notifications_enabled 1        host_notification_period 24x7        service_notification_period 24x7        host_notification_options d,u        service_notification_options c        host_notification_commands notify-h-

email        service_notification_commands       notify-s-email        register                                0        }

Contact Definition

Contacts

define contact {        contact_name vu-jsmurphy        contactgroups vg-team        use                                 read-contact        } define contactgroup {        contactgroup_name vg-team        alias Kmart Team        }

define contactgroup {        contactgroup_name cg-main        alias Kmart Contact        contactgroup_members vg-team        }

2012 7

define contact {        name                                    read-

contact        host_notifications_enabled 0        service_notifications_enabled 0        host_notification_period none        service_notification_period none        host_notification_options n        service_notification_options n        host_notification_commands

check_none        service_notification_commands       check_none        register                                0        }

User Definition

Contacts

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"<Directory "/usr/local/nagios/sbin">   SetEnv TZ "Australia/Melbourne"   Options ExecCGI   AllowOverride None   Order allow,deny   Allow from all   AuthName "Nagios Core"   AuthType Basic # AuthUserFile /usr/local/nagios/etc/htpasswd.users   # Require valid-user

   AuthBasicProvider ldap AuthName “Nagios server" AuthzLDAPAuthoritative off AuthLDAPBindDN "CN=bindAccount,OU=User,DC=domain,DC=com" AuthLDAPBindPassword xxxxxxxxx AuthLDAPURL ldaps://domain.com/OU=User,DC=Domain,DC=com?sAMAccountName?sub?(objectClass=user) AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require ldap-group CN=NagiosAccessGroup,OU=Groups,DC=domain,DC=com</Directory>

2012 8

LDAP/AD For Nagios Core

Contacts Summary

Distinguish between your users and your contacts.

Use an existing authentication source for your user logins.

Consider the end-user experience… try to ensure it’s easy to get the information they need.

2012 9

Hosts

Hosts

Focus on minimizing host configuration to make automation easier.

Use templates to assign user view information.

Create host groups based on shared monitoring profiles.

2012 11

Hosts

define host {        host_name exchange01        use srv-template        alias Exchange server        address exchange01        parents switch001,switch002        hostgroups srv-exchange, srv-windows        icon_image exchange.png        register  1        }

define hostgroup {        hostgroup_name srv-windows        alias Windows group        }

2012 12

define host {       name srv-template       alias Server host template       check_command check_icmp!250.0,60%!

500.0,80%       max_check_attempts 3       check_interval 10       retry_interval 2       check_period 24x7       contact_groups cg-main       notification_interval 60       notification_period 24x7       notification_options d,f       notifications_enabled 1       register 0}

Host Definitions

Hosts Summary

Minimize configuration in host objects to make automation easier.

Hostnames allow for easier maintenance than IP addresses.

Create logical host-groupings that will make service assignment easier e.g. OS type, Location, Applications it serves.

2012 13

Services

Services

Keep services as generic as possible to prevent the need for duplicate services.

Minimizing service templates allows for easier management and baseline changes.

Use service groups for applications.

2012 15

Services

define service {        service_description Windows C: usage        use main-service-template        hostgroup_name srv-windows,srv-v-

windows        check_command

check_nt!USEDDISKSPACE!-w 80 -c 90        contact_groups cg-main,cg-main-SMS        register 1        }

2012 16

define service {       name main-service-template       service_description main service template       max_check_attempts 3       check_interval 10       retry_interval 2       check_period 24x7       notification_interval 60       notification_period 24x7       notification_options c       register 0}

Service Definitions

The puzzle completed

2012 17

Services Summary

Strike a balance between your service-templates and your service definitions.

Service groups are a very useful feature when used appropriately, used inappropriately they are an administrative burden.

Device life-cycle happens, ensure your configuration isn’t burdened by over-complexity.

2012 18

Advanced

Good Parenting (or how to not get woken up 20 times at ~3am)

Use host parenting.

Use host parenting.

Use host parenting.

2012 20

Parent indirectly monitored services with service dependencies.

Parenting Service Dependencies

Indirect Services

2012 21

…And the art of dependenciesA typical ESX monitoring setup…

Q. But what happens when the vSphere server fails?

Indirect Services

2012 22

…And the art of dependenciesA. Something like this

Indirect Services

define service {     host_name            vSphereServer     service_description Ping dependency     use                  main-service-template     check_command     check_ping!100,80%!200,90%    register             1}

define service {     service_description CPU Usage     use                  main-service-template     hostgroup_name srv-v-windows     check_command check_esx!CPU     contact_groups cg-main register             1}   

2012 23

define servicedependency {       dependent_hostgroup_name srv-v-windows       dependent_service_description CPU Usage       host_name vSphereServer       service_description Ping

dependency       inherits_parent                          1       execution_failure_criteria w,u,c,p       notification_failure_criteria w,u,c       dependency_period 24x7}

…And the art of dependencies

Managing Exceptions

Clearly label exceptions in your config.

Make sure you can use the same solution again if necessary.

2012 24

Image by Mike Bade: http://robotseatingpies.blogspot.com.au/2011/06/robots-dont-have-feelings_16.html

Automation (or intrapreneurship ideas for the lazy)

Every piece of infrastructure is a potential data source… make use of it!

AD/LDAP Servers.

Virtual infrastructure API’s.

Patching systems.

Asset databases.

Network management platforms.

Network LLDP/CDP tables.

SNMP enabled servers.

Help I’m running out of space!

2012 25

Q&A

Thanks For Listening!