From: root Date: Fri, 25 Sep 2015 07:20:30 +0000 (+0200) Subject: JAM: commit recent changes concerning epics archiver server X-Git-Url: https://jspc29.x-matter.uni-frankfurt.de/git/?a=commitdiff_plain;h=9ec697c0ad4843cd7a2670bc4657261103c2de03;p=hadesicinga.git JAM: commit recent changes concerning epics archiver server disabled X11 forwarding at check_by_ssh commands --- diff --git a/icinga/cgi.cfg b/icinga/cgi.cfg index a360ec9..43b563d 100644 --- a/icinga/cgi.cfg +++ b/icinga/cgi.cfg @@ -155,6 +155,17 @@ enforce_comments_on_actions=0 first_day_of_week=0 +# DISABLE CMD CGI CSRF PROTECTION +# This option disables the protection against CSRF attacks +# (Cross-Site Request Forgery). Use this option only if you are +# using external programs (like Nagstamon) which access +# cmd.cgi directly to submit commands. By default the submitted +# command (via external program) will be rejected. +# The default is 0 (protection is on). + +disable_cmd_cgi_csrf_protection=0 + + # AUTHENTICATION USAGE # This option controls whether or not the CGIs will use any # authentication when displaying host and service information, as diff --git a/icinga/objects/commands.cfg b/icinga/objects/commands.cfg index 7c43544..1440d28 100644 --- a/icinga/objects/commands.cfg +++ b/icinga/objects/commands.cfg @@ -266,7 +266,7 @@ define command { # } define command { command_name check_proc_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_check_process.pl $ARG2$" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_check_process.pl $ARG2$" } @@ -278,26 +278,26 @@ define command { define command { command_name check_multi_proc_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_check_process_multi.pl $ARG2$ $ARG3$ $ARG4$" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_check_process_multi.pl $ARG2$ $ARG3$ $ARG4$" } #check_by_ssh check_disk - JAM: -E for exact match if partition exists define command { command_name check_disk_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -E -p $ARG4$" + command_line $USER1$/check_by_ssh -o ForwardX11=no -t 20 -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -E -p $ARG4$" } #check_by_ssh check_load define command { command_name check_load_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_load -r -w $ARG2$,$ARG3$,$ARG4$ -c $ARG5$,$ARG6$,$ARG7$" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_load -r -w $ARG2$,$ARG3$,$ARG4$ -c $ARG5$,$ARG6$,$ARG7$" } #check_by_ssh check_adaptec define command { command_name check_adaptec - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "sudo /usr/lib/nagios/plugins/adaptec-check" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "sudo /usr/lib/nagios/plugins/adaptec-check" } @@ -305,7 +305,7 @@ define command { # JAM note: need to specify ca access list as defined in ioc st.cmd to prevent caget error due to double network interface on EB servers define command { command_name check_epics_pv - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_epics.sh -pv $ARG2$ -H 192.168.103.255" + command_line $USER1$/check_by_ssh -o ForwardX11=no -t 20 -l $ARG1$ -H $HOSTADDRESS$ -C "/home/hadaq/nagios/plugins/my_epics.sh -pv $ARG2$ -H 192.168.103.255:$ARG4$" } @@ -313,7 +313,8 @@ define command { define command { command_name check_epics_pv_local - command_line $USER1$/my_epics.sh -pv $ARG1$ -H 192.168.103.255 -expval $ARG2$ + command_line $USER1$/my_epics.sh -pv $ARG1$ -H "192.168.103.255 192.168.103.255:10012 192.168.103.255:10008 192.168.103.255:10003 192.168.103.255:10002 192.168.103.255:10001 192.168.103.255:10014 192.168.103.255:10007 192.168.103.255:10004 192.168.103.255:10010 192.168.103.255:10013 192.168.103.255:10015 192.168.103.255:10016 192.168.103.255:10009 192.168.103.255:10005 192.168.103.255:10011 192.168.103.255:10006" +# -expval $ARG2$ } @@ -347,13 +348,13 @@ define command { #my_check_disk_smartctl.pl define command { command_name check_disk_smartctl_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/my_check_disk_smartctl.pl $ARG2$ $ARG3$" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/my_check_disk_smartctl.pl $ARG2$ $ARG3$" } #check_by_ssh my_check_raid.pl define command { command_name check_raid_by_ssh - command_line $USER1$/check_by_ssh -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_linux_raid.pl" + command_line $USER1$/check_by_ssh -o ForwardX11=no -l $ARG1$ -H $HOSTADDRESS$ -C "/usr/lib/nagios/plugins/check_linux_raid.pl" } diff --git a/icinga/objects/hosts_eb_servers.cfg b/icinga/objects/hosts_eb_servers.cfg index a5e0170..03e6979 100644 --- a/icinga/objects/hosts_eb_servers.cfg +++ b/icinga/objects/hosts_eb_servers.cfg @@ -257,14 +257,14 @@ define service{ notification_interval 30 notification_options c,u,r check_command check_proc_status!50501!cleanup! - event_handler restart_process!hadaq!/home/hadaq/bin/cleanup.pl!" "! + event_handler restart_process!hadaq!/home/hadaq/bin/cleanup.pl!"-d"! } define service{ use remote-service hostgroup_name eb-servers-active - host_name lxhadeb06 +# host_name lxhadeb06 service_description adaptec normal_check_interval 10 retry_check_interval 1 @@ -300,28 +300,28 @@ define service{ use eventbuilder-status host_name lxhadeb05 service_description EB01-status - check_command check_epics_pv!hadaq!HAD:eb01:status!1 + check_command check_epics_pv!hadaq!HAD:eb01:status!1!10001 } define service{ use eventbuilder-status host_name lxhadeb05 service_description EB05-status - check_command check_epics_pv!hadaq!HAD:eb05:status!1 + check_command check_epics_pv!hadaq!HAD:eb05:status!1!10005 } define service{ use eventbuilder-status host_name lxhadeb05 service_description EB09-status - check_command check_epics_pv!hadaq!HAD:eb09:status!1 + check_command check_epics_pv!hadaq!HAD:eb09:status!1!10009 } define service{ use eventbuilder-status host_name lxhadeb05 service_description EB13-status - check_command check_epics_pv!hadaq!HAD:eb13:status!1 + check_command check_epics_pv!hadaq!HAD:eb13:status!1!10013 } @@ -330,28 +330,28 @@ define service{ use eventbuilder-status host_name lxhadeb02 service_description EB02-status - check_command check_epics_pv!hadaq!HAD:eb02:status!1 + check_command check_epics_pv!hadaq!HAD:eb02:status!1!10002 } define service{ use eventbuilder-status host_name lxhadeb02 service_description EB06-status - check_command check_epics_pv!hadaq!HAD:eb06:status!1 + check_command check_epics_pv!hadaq!HAD:eb06:status!1!10006 } define service{ use eventbuilder-status host_name lxhadeb02 service_description EB10-status - check_command check_epics_pv!hadaq!HAD:eb10:status!1 + check_command check_epics_pv!hadaq!HAD:eb10:status!1!10010 } define service{ use eventbuilder-status host_name lxhadeb02 service_description EB14-status - check_command check_epics_pv!hadaq!HAD:eb14:status!1 + check_command check_epics_pv!hadaq!HAD:eb14:status!1!10014 } @@ -360,28 +360,28 @@ define service{ use eventbuilder-status host_name lxhadeb03 service_description EB03-status - check_command check_epics_pv!hadaq!HAD:eb03:status!1 + check_command check_epics_pv!hadaq!HAD:eb03:status!1!10003 } define service{ use eventbuilder-status host_name lxhadeb03 service_description EB07-status - check_command check_epics_pv!hadaq!HAD:eb07:status!1 + check_command check_epics_pv!hadaq!HAD:eb07:status!1!10007 } define service{ use eventbuilder-status host_name lxhadeb03 service_description EB11-status - check_command check_epics_pv!hadaq!HAD:eb11:status!1 + check_command check_epics_pv!hadaq!HAD:eb11:status!1!10011 } define service{ use eventbuilder-status host_name lxhadeb03 service_description EB15-status - check_command check_epics_pv!hadaq!HAD:eb15:status!1 + check_command check_epics_pv!hadaq!HAD:eb15:status!1!10015 } @@ -390,28 +390,28 @@ define service{ use eventbuilder-status host_name lxhadeb04 service_description EB04-status - check_command check_epics_pv!hadaq!HAD:eb04:status!1 + check_command check_epics_pv!hadaq!HAD:eb04:status!1!10004 } define service{ use eventbuilder-status host_name lxhadeb04 service_description EB08-status - check_command check_epics_pv!hadaq!HAD:eb08:status!1 + check_command check_epics_pv!hadaq!HAD:eb08:status!1!10008 } define service{ use eventbuilder-status host_name lxhadeb04 service_description EB12-status - check_command check_epics_pv!hadaq!HAD:eb12:status!1 + check_command check_epics_pv!hadaq!HAD:eb12:status!1!10012 } define service{ use eventbuilder-status host_name lxhadeb04 service_description EB16-status - check_command check_epics_pv!hadaq!HAD:eb16:status!1 + check_command check_epics_pv!hadaq!HAD:eb16:status!1!10016 } diff --git a/icinga/objects/hosts_hades.cfg b/icinga/objects/hosts_hades.cfg index 8a74e3e..1a3fedb 100644 --- a/icinga/objects/hosts_hades.cfg +++ b/icinga/objects/hosts_hades.cfg @@ -98,16 +98,29 @@ define host{ register 1 } -#lxg0434 epics archiver host +#lxg0434 OLD epics archiver host +#define host{ +# name lxg0434 +# use hades-host ; Name of host template to use +# host_name lxg0434 +# alias EPICS archiver server (lxg0434) +# address 140.181.84.32 +# register 1 +# } + +#lxg0441 preliminary other epics archiver host define host{ - name lxg0434 + name lxg0441 use hades-host ; Name of host template to use - host_name lxg0434 - alias EPICS archiver server (lxg0434) - address 140.181.84.32 + host_name lxg0441 + alias EPICS archiver server (lxg0441) + address 140.181.92.222 register 1 } + + + define host{ name e7had2 use hades-host ; Name of host template to use @@ -117,6 +130,25 @@ define host{ register 1 } +define host{ + name hadsc1 + use hades-host ; Name of host template to use + host_name hadsc1 + alias CAN/SIAM slow control (hadsc1) + address 140.181.111.196 + register 1 + } + + +define host{ + name lxir043 + use hades-host ; Name of host template to use + host_name lxir043 + alias MDC CSS (J. Markert)) + address 140.181.86.212 + register 1 + } + #kp1pc105 @@ -184,10 +216,20 @@ define hostgroup{ members hades30, hades31, hades33, hadesdaq02, hadesdaq01 } + +define hostgroup{ + hostgroup_name hades-raid-pcs + alias HADES PCs with RAID + members hades30, hades31, hadesdaq02, hadesdaq01 +} + + define hostgroup{ hostgroup_name EPICS-archivers alias EPICS-archivers - members lxg0434 +# members lxg0434 + members lxhadeb06 + } @@ -231,7 +273,7 @@ define hostgroup{ define service{ use remote-service hostgroup_name hades-pcs, EPICS-archivers - host_name e7had2 + host_name e7had2, lxir043, lxg0441 service_description PING check_command check-host-alive } @@ -241,7 +283,7 @@ define service{ define service{ use remote-service - hostgroup_name hades-pcs + hostgroup_name hades-raid-pcs service_description RAID1 notifications_enabled 1 ; Suppress direct notification by setting to 0 check_command check_raid_by_ssh!hadaq @@ -250,6 +292,7 @@ define service{ define service{ use remote-service ; Name of service template to use hostgroup_name hades-pcs, EPICS-archivers + host_name lxir043, lxg0441 service_description SSH check_command check_ssh } @@ -257,11 +300,27 @@ define service{ define service{ use remote-service hostgroup_name EPICS-archivers - service_description http access + service_description CA archiver http 4812 notifications_enabled 1 ; Suppress direct notification by setting to 0 check_command check_http!"-p 4812"! } +define service{ + use remote-service + hostgroup_name EPICS-archivers + service_description CA archive data server http 8086 + notifications_enabled 1 ; Suppress direct notification by setting to 0 + check_command check_http!-e 404 -p 8086! +} + +define service{ + use remote-service + host_name lxg0441 + service_description CA archiver http 4912 + notifications_enabled 1 ; Suppress direct notification by setting to 0 + check_command check_http!"-p 4912"! +} + define service{ use remote-service @@ -293,4 +352,11 @@ define servicegroup{ members *,SSH } +define servicegroup{ + servicegroup_name Epics CA + alias Channel Access archiver and data server prozesses + members *,CA archiver http 4812,*,CA archiver http 4912,*,CA archive data server http 8086 + } + + diff --git a/icinga/objects/localhost.cfg b/icinga/objects/localhost.cfg index 048c567..0e32415 100644 --- a/icinga/objects/localhost.cfg +++ b/icinga/objects/localhost.cfg @@ -89,7 +89,7 @@ define service{ use local-service ; Name of service template to use host_name localhost service_description Current Users - check_command check_local_users!40!100 + check_command check_local_users!100!300 } @@ -101,7 +101,7 @@ define service{ use local-service ; Name of service template to use host_name localhost service_description Total Processes - check_command check_local_procs!500!1000!RSZDT + check_command check_local_procs!1000!2000!RSZDT } @@ -112,7 +112,7 @@ define service{ use local-service ; Name of service template to use host_name localhost service_description Current Load - check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0 + check_command check_local_load!32.0,20.0,10.0!64.0,40.0,20.0 } diff --git a/icinga/objects/templates.cfg b/icinga/objects/templates.cfg index fa768d3..c1777c6 100644 --- a/icinga/objects/templates.cfg +++ b/icinga/objects/templates.cfg @@ -231,9 +231,9 @@ define service{ define service{ name eventbuilder-status use remote-service - max_check_attempts 4 - normal_check_interval 20 - retry_check_interval 10 + max_check_attempts 30 + normal_check_interval 10 + retry_check_interval 1 notification_options c,u,r register 0 }