Running nagios-plugins via saltstack

I’m so sick of maintaining NRPE-config on my servers, and I dont really want root-sshkeys all over the place. Recently I discovered saltstack and started to play with it a bit. I came up with the idea of running Nagios(or Icinga) on the same server as my salt-master and so I created a little wrapper that lets me run nagios-checks via saltstack.

Here’s how it works.

This is my little wrapper-script written in python: https://github.com/mortis1337/nagios-plugins/blob/master/check_by_salt.py

The wrapper takes hostname, plugin and a timeoutvalue as arguments:

$ python check_by_salt.py -H examplehost -p “/path/to/existing/nagiosplugin arg1 arg2″ -t 10

The wrapper imports salt and runs commands on minions with cmd.run_all and returns the output and the exitcode.

For this to work as the nagios/icinga user, you will have to configure the client_acl for the user in the salt-master config, so go ahead and edit the master-configfile (default: /etc/salt/master)

Search for “client_acl” in the file and add this :

client_acl:
icinga:
- cmd.*

Yeeaaaap, thats quite the security risk right there, but read up on how to limit what can be done with the cmd-state in salt and atleast it will be safer than using ssh-keys :)

check_by_salt in combination with https://github.com/mortis1337/nagios-plugins/blob/master/check_disk_generic.py will instantly give you monitoring of all your disks with no clientside-configuration.

Use it if you like it and feel free to improve it.

 

 

 

Be Sociable, Share!

Tags: , , , ,

4 Responses to “Running nagios-plugins via saltstack”

  1. marno Says:

    While salts remote command execution capabilities are really cool, wouldn’t it be easier to deploy a check mk agent to the hosts and then just inventory that? Thats what we’re doing and thats working great. Autp inventory and less network overhead!

  2. morten Says:

    Yeah, check_mk seems cool, but in this case it is easier for us to port all our existig custom check_by_ssh checks to using salt instead. :)

  3. marno Says:

    Make sure to check mrpe part of check mk agent, it makes migration of these kind of ‘legacy’ infrastructures a breeze, we used it for several customers which had existing nagios setups. In the end the inventorying feature alone is going to save you so much time, you should definitely give it a try!

  4. Eddard Says:

    It’s in german but also a good alternative to replace nrpe with salt: http://docs.lenux.org/salt-nagios-check-script-eine-alternative-zu-nrpe

Leave a Reply