On 05/27/2013 10:18 AM, René Koch (ovido) wrote:
> On Thu, 2013-05-23 at 16:22 +0300, Sasha Chuzhoy wrote:
>> On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
>>> On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
>>>> On 05/22/2013 05:18 PM, Itamar Heim wrote:
>>>>> On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
>>>>>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
>>>>>>>> -------- Original Message --------
>>>>>>>> Subject: [Users] Nagios monitoring plugin check_rhev3
1.2 released
>>>>>>>> Date: Thu, 16 May 2013 16:31:24 +0200
>>>>>>>> From: René Koch<r.koch(a)ovido.at>
>>>>>>>> To: users<Users(a)ovirt.org>
>>>>>>>>
>>>>>>>> I'm happy to announce version 1.2 of check_rhev3.
>>>>>>>>
>>>>>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and
it's forks,
>>>>>>>> which is
>>>>>>>> used to monitor datacenters, clusters, hosts, vms, vm
pools and
>>>>>>>> storage
>>>>>>>> domains
>>>>>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt
virtualization
>>>>>>>> environments.
>>>>>>>>
>>>>>>>> The download locations are
>>>>>>>> *
>>>>>>>>
https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz
>>>>>>>> *
>>>>>>>>
https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6...
>>>>>>>>
>>>>>>>>
>>>>>>>> *
>>>>>>>>
https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6...
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> For further information on how to install this plugin
visit:
>>>>>>>>
>>>>>>>>
https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
>>>>>>>>
>>>>>>>> A detailed usage documentation can be found here:
>>>>>>>>
https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
>>>>>>>>
>>>>>>>>
>>>>>>>> Changelog:
>>>>>>>>
>>>>>>>> - General:
>>>>>>>> - Moved project to github:
https://github.com/ovido/check_rhev3
>>>>>>>>
>>>>>>>> - New features:
>>>>>>>> - Verify RHEV-M certificate
>>>>>>>> - Allow authentication sessions for authentication in
RHEV>= 3.1
>>>>>>>> and
>>>>>>>> oVirt>= 3.1
>>>>>>>> - Use option -n<nic> to check a specific nic
>>>>>>>>
>>>>>>>> - Bugs fixed:
>>>>>>>> - Performance data issue with check_multi
>>>>>>>>
>>>>>>>>
>>>>>>>> If you have any questions or ideas, please drop me an
email:
>>>>>>>> r.koch(a)ovido.at.
>>>>>>>>
>>>>>>>> Thank you for using check_rhev3.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Hi Rene,
>>>>>>>
>>>>>>> we deployed the plugin and noticed its flooding the event
log with
>>>>>>> login
>>>>>>> events for the user its using via the REST API.
>>>>>>> can you please add persistent session to the REST API calls
so login
>>>>>>> will happen only once and won't flood the log?
>>>>>>>
>>>>>>>
http://www.ovirt.org/Features/RESTSessionManagement
>>>>>> It's one of the features in the latest version (1.2):
>>>>>>
>>>>>> -o, --cookie
>>>>>> Use cookie based authenticated sessions (requires
RHEV>= 3.1)
>>>>>>
>>>>>>
>>>>>> I implemented it in the following way:
>>>>>> - Plugin checks if file with session cookie exists (per default
>>>>>> in /var/tmp)
>>>>>> - If not: login with username and password (that's why you
need to
>>>>>> specify auth pair or authfile) and fetch JSESSIONID
>>>>>> -- Writes ID into session cookie file
>>>>>> - If cookie file is found: login using JSESSIONID and ignore
username
>>>>>> and password. So you can change username/password and login will
still
>>>>>> work.
>>>>>> - If login using session ID fails and cookie file exists, it
will be
>>>>>> deleted and a login with username and password is tried the next
time
>>>>>> the plugin is executed
>>>>>>
>>>>>> If you start the script with -vvv you can see if login is down
with auth
>>>>>> session or with username/password...
>>>>>>
>>>>>> I didn't test it with oVirt 3.2 (yet), but works fine in
RHEV 3.1.
>>>>> well, we are trying it with next version of RHEV actually :)
>>>>> sasha - can you please start the script with -vvv to provide the
log
>>>>> for login behavior?
>>>>>
>>>> Here is all (I hope) the relevant data:
>>>> [V] Starting the main script.
>>>> [V] Checking which component to monitor.
>>>> [D] check_host: Called function check_host.
>>>> [V] Host: Checking host .
>>>> [V] Host: No subcheck is specified, checking memory usage.
>>>> [D] check_statistics: Called function check_statistics.
>>>> [V] Statistics: Checking statistics of hosts.
>>>> [D] check_statistics: Input parameter $component: hosts
>>>> [D] check_statistics: Input parameter $search:
>>>> [D] check_statistics: Input parameter $statistics: memory
>>>> [D] check_statistics: Converting variables.
>>>> [D] check_statistics: Converted variable $url: hosts
>>>> [D] get_result: Called function get_result.
>>>> [D] get_result: Input parameter $_[0]: /hosts?search=
>>>> [D] get_result: Input parameter $xml: hosts
>>>> [D] get_result: Input parameter $search: id
>>>> [D] rhev_connect: Called function rhev_connect.
>>>> [V] REST-API: Connecting to REST-API.
>>>> [D] rhev_connect: Input parameter: /hosts?search=.
>>>> [V] REST-API: RHEVM-API URL:
https://<hostname>:8443/api/hosts?search=
>>>> [V] REST-API: RHEVM-API User:<username>
>>>> [V] REST-API: RHEVM-API Password:<password>
>>>> [V] REST-API: cookie filename:
>>>>
bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y
>>>> ZWRoYXQuY29tCg==
>>>> [D] rhev_connect: Using username and password authentication.
>>>> [V] REST-API: Cache-Control: no-cache
>>>> Connection: close
>>>> Date: Thu, 23 May 2013 07:50:33 GMT
>>>> Pragma: No-cache
>>>> Server: Apache-Coyote/1.1
>>>> Content-Type: application/xml
>>>> Expires: Thu, 01 Jan 1970 02:00:00 IST
>>>> Client-Date: Thu, 23 May 2013 07:50:33 GMT
>>>> Client-Peer: 10.35.16.97:8443
>>>> Client-Response-Num: 1
>>>> Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149
>>>> Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN>
>>>> Client-SSL-Cipher: DHE-RSA-AES256-SHA
>>>> Client-SSL-Warning: Peer certificate not verified
>>>> Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure
>>>> [D] rhev_connect:<?xml version="1.0"
encoding="UTF-8" standalone="yes"?>
>>>> <hosts>
>>>> ##### The output is truncated ########
>>> It seems to me that you did start the plugin without "-o"
option...
>>>
>>> Without -o plugin uses username + password authentication (to be
>>> compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing
>>> setups):
>>> $ ./check_rhev3 -H localhost -f authfile -D -vvv
>>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
>>> [D] rhev_connect: Using username and password authentication.
>>>
>>> With -o a cookie file it uses username + password when the cookie file
>>> is missing (first call):
>>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o
>>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
>>> [D] rhev_connect: Using cookie authentication.
>>> [D] rhev_connect: No cookie file found - using username and password
>>>
>>> And uses session cookie if it exists:
>>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o
>>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
>>> [D] rhev_connect: Using cookie authentication.
>>> [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
>>>
>>> Please try again with "-o".
>> Can't connect to the API with -o
>
> Sorry for my late response.
>
> Can you connect to API with the Session-ID?
> $ cat /var/tmp/<cookie filename>
> $ curl -k -b<session-id> -H "Prefer: persistent-auth" -X GET
https://<host>:<port>/api
>
> e.g.
> $ cat /var/tmp/cmhldm0tYWRtaW5AaW50ZXJuYWwK
> JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN
> $ curl -k -b JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN -H "Prefer:
persistent-auth" -X GET
https://localhost:8443/api
1. Where to run "cat /var/tmp/<cookie filename>" ? It's empty on the
client I used for all the tests.
2. At this point I have no choice but to disable the check of the
RHEV-TLV setup. The 77 checks cause the manager to respond slowly, and
it causes (I believe) anomalies, i.e. host goes to non-responsive mode.
The file with the checks I used is attached for review/convenience.
Thanks.
I'll work on the authentication function of the plugin and improve it to
avoid these issues.
For your slowly RHEV manager: this seems strange to me, as 77 checks (I
assume per 5 minutes) are 15 checks/minute is 1 check per 4 seconds (if
I did calculate this correct). But nevertheless I'll test this with my
RHEV and oVirt setups...
>
>
>>>
>>> Regards,
>>> René
>>>
>>>
>>>>> Thanks,
>>>>> Itamar
>>>>>
>>
>