Re: [Users] Fwd: Nagios monitoring plugin check_rhev3 1.2 released
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit: https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene, we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log? http://www.ovirt.org/Features/RESTSessionManagement Thanks, Itamar Thanks, Itamar
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit: https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2): -o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1) I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed If you start the script with -vvv you can see if login is down with auth session or with username/password... I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. Regards, René
Thanks, Itamar
Thanks, Itamar
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit: https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior? Thanks, Itamar
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit:
https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
Thanks, Itamar
-- Sasha Chuzhoy Engineering Operations Red Hat Israel Ltd
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit:
https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option... Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication. With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g Please try again with "-o". Regards, René
Thanks, Itamar
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch <r.koch@ovido.at> To: users <Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit:
https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV >= 3.1 and oVirt >= 3.1 - Use option -n <nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
Thanks, Itamar
Hi Rene, I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password? Thanks, Itamar
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
> -------- Original Message -------- > Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released > Date: Thu, 16 May 2013 16:31:24 +0200 > From: René Koch <r.koch@ovido.at> > To: users <Users@ovirt.org> > > I'm happy to announce version 1.2 of check_rhev3. > > check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, > which is > used to monitor datacenters, clusters, hosts, vms, vm pools and > storage > domains > of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization > environments. > > The download locations are > * > https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz > * > https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... > > > * > https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... > > > > For further information on how to install this plugin visit: > > https://github.com/ovido/check_rhev3/wiki/Installation-Documentation > > A detailed usage documentation can be found here: > https://github.com/ovido/check_rhev3/wiki/Usage-Documentation > > > Changelog: > > - General: > - Moved project to github: https://github.com/ovido/check_rhev3 > > - New features: > - Verify RHEV-M certificate > - Allow authentication sessions for authentication in RHEV >= 3.1 > and > oVirt >= 3.1 > - Use option -n <nic> to check a specific nic > > - Bugs fixed: > - Performance data issue with check_multi > > > If you have any questions or ideas, please drop me an email: > r.koch@ovido.at. > > Thank you for using check_rhev3. > > >
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
Thanks, Itamar
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call... Regards, René
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >> -------- Original Message -------- >> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >> Date: Thu, 16 May 2013 16:31:24 +0200 >> From: René Koch <r.koch@ovido.at> >> To: users <Users@ovirt.org> >> >> I'm happy to announce version 1.2 of check_rhev3. >> >> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >> which is >> used to monitor datacenters, clusters, hosts, vms, vm pools and >> storage >> domains >> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >> environments. >> >> The download locations are >> * >> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >> * >> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >> >> >> * >> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >> >> >> >> For further information on how to install this plugin visit: >> >> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >> >> A detailed usage documentation can be found here: >> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >> >> >> Changelog: >> >> - General: >> - Moved project to github: https://github.com/ovido/check_rhev3 >> >> - New features: >> - Verify RHEV-M certificate >> - Allow authentication sessions for authentication in RHEV >= 3.1 >> and >> oVirt >= 3.1 >> - Use option -n <nic> to check a specific nic >> >> - Bugs fixed: >> - Performance data issue with check_multi >> >> >> If you have any questions or ideas, please drop me an email: >> r.koch@ovido.at. >> >> Thank you for using check_rhev3. >> >> >> > > Hi Rene, > > we deployed the plugin and noticed its flooding the event log with > login > events for the user its using via the REST API. > can you please add persistent session to the REST API calls so login > will happen only once and won't flood the log? > > http://www.ovirt.org/Features/RESTSessionManagement
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV >= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
Thanks, Itamar
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
On Thu, 2013-05-23 at 11:22 +0300, Itamar Heim wrote:
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote: > > On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>> -------- Original Message -------- >>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>> Date: Thu, 16 May 2013 16:31:24 +0200 >>> From: René Koch <r.koch@ovido.at> >>> To: users <Users@ovirt.org> >>> >>> I'm happy to announce version 1.2 of check_rhev3. >>> >>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>> which is >>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>> storage >>> domains >>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>> environments. >>> >>> The download locations are >>> * >>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>> * >>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >>> >>> >>> * >>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >>> >>> >>> >>> For further information on how to install this plugin visit: >>> >>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>> >>> A detailed usage documentation can be found here: >>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>> >>> >>> Changelog: >>> >>> - General: >>> - Moved project to github: https://github.com/ovido/check_rhev3 >>> >>> - New features: >>> - Verify RHEV-M certificate >>> - Allow authentication sessions for authentication in RHEV >= 3.1 >>> and >>> oVirt >= 3.1 >>> - Use option -n <nic> to check a specific nic >>> >>> - Bugs fixed: >>> - Performance data issue with check_multi >>> >>> >>> If you have any questions or ideas, please drop me an email: >>> r.koch@ovido.at. >>> >>> Thank you for using check_rhev3. >>> >>> >>> >> >> Hi Rene, >> >> we deployed the plugin and noticed its flooding the event log with >> login >> events for the user its using via the REST API. >> can you please add persistent session to the REST API calls so login >> will happen only once and won't flood the log? >> >> http://www.ovirt.org/Features/RESTSessionManagement > > > It's one of the features in the latest version (1.2): > > -o, --cookie > Use cookie based authenticated sessions (requires RHEV >= 3.1) > > > I implemented it in the following way: > - Plugin checks if file with session cookie exists (per default > in /var/tmp) > - If not: login with username and password (that's why you need to > specify auth pair or authfile) and fetch JSESSIONID > -- Writes ID into session cookie file > - If cookie file is found: login using JSESSIONID and ignore username > and password. So you can change username/password and login will still > work. > - If login using session ID fails and cookie file exists, it will be > deleted and a login with username and password is tried the next time > the plugin is executed > > If you start the script with -vvv you can see if login is down with auth > session or with username/password... > > I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
Thanks, Itamar
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
There's one I could use: <version major="3" minor="1" href="/api/capabilities/332e3133-2e31-332e-3133-2e31332e3133" id="332e3133-2e31-332e-3133-2e31332e3133"> <current>false</current> <feature> <name>Session Based Authentication</name> <description>Ability to maintain client-server session, to avoid login per request. Done by providing a header</description> </feature>
On 05/23/2013 11:22 AM, Itamar Heim wrote:
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote: > > On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>> -------- Original Message -------- >>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>> Date: Thu, 16 May 2013 16:31:24 +0200 >>> From: René Koch <r.koch@ovido.at> >>> To: users <Users@ovirt.org> >>> >>> I'm happy to announce version 1.2 of check_rhev3. >>> >>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>> which is >>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>> storage >>> domains >>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>> environments. >>> >>> The download locations are >>> * >>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>> * >>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >>> >>> >>> * >>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >>> >>> >>> >>> For further information on how to install this plugin visit: >>> >>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>> >>> A detailed usage documentation can be found here: >>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>> >>> >>> Changelog: >>> >>> - General: >>> - Moved project to github: https://github.com/ovido/check_rhev3 >>> >>> - New features: >>> - Verify RHEV-M certificate >>> - Allow authentication sessions for authentication in RHEV >= 3.1 >>> and >>> oVirt >= 3.1 >>> - Use option -n <nic> to check a specific nic >>> >>> - Bugs fixed: >>> - Performance data issue with check_multi >>> >>> >>> If you have any questions or ideas, please drop me an email: >>> r.koch@ovido.at. >>> >>> Thank you for using check_rhev3. >>> >>> >>> >> >> Hi Rene, >> >> we deployed the plugin and noticed its flooding the event log with >> login >> events for the user its using via the REST API. >> can you please add persistent session to the REST API calls so login >> will happen only once and won't flood the log? >> >> http://www.ovirt.org/Features/RESTSessionManagement > > > It's one of the features in the latest version (1.2): > > -o, --cookie > Use cookie based authenticated sessions (requires RHEV >= 3.1) > > > I implemented it in the following way: > - Plugin checks if file with session cookie exists (per default > in /var/tmp) > - If not: login with username and password (that's why you need to > specify auth pair or authfile) and fetch JSESSIONID > -- Writes ID into session cookie file > - If cookie file is found: login using JSESSIONID and ignore username > and password. So you can change username/password and login will still > work. > - If login using session ID fails and cookie file exists, it will be > deleted and a login with username and password is tried the next time > the plugin is executed > > If you start the script with -vvv you can see if login is down with auth > session or with username/password... > > I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
Thanks, Itamar
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
api maintains <features> section for the features been added in the version, check if you see something related to the "user level api" (if you don't, - this is a bug). -- Michael Pasternak RedHat, ENG-Virtualization R&D
On 05/23/2013 12:36 PM, Michael Pasternak wrote:
On 05/23/2013 11:22 AM, Itamar Heim wrote:
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote: > On 05/22/2013 03:55 PM, René Koch (ovido) wrote: >> >> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>>> -------- Original Message -------- >>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>>> Date: Thu, 16 May 2013 16:31:24 +0200 >>>> From: René Koch <r.koch@ovido.at> >>>> To: users <Users@ovirt.org> >>>> >>>> I'm happy to announce version 1.2 of check_rhev3. >>>> >>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>>> which is >>>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>>> storage >>>> domains >>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>>> environments. >>>> >>>> The download locations are >>>> * >>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>>> * >>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >>>> >>>> >>>> * >>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >>>> >>>> >>>> >>>> For further information on how to install this plugin visit: >>>> >>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>>> >>>> A detailed usage documentation can be found here: >>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>>> >>>> >>>> Changelog: >>>> >>>> - General: >>>> - Moved project to github: https://github.com/ovido/check_rhev3 >>>> >>>> - New features: >>>> - Verify RHEV-M certificate >>>> - Allow authentication sessions for authentication in RHEV >= 3.1 >>>> and >>>> oVirt >= 3.1 >>>> - Use option -n <nic> to check a specific nic >>>> >>>> - Bugs fixed: >>>> - Performance data issue with check_multi >>>> >>>> >>>> If you have any questions or ideas, please drop me an email: >>>> r.koch@ovido.at. >>>> >>>> Thank you for using check_rhev3. >>>> >>>> >>>> >>> >>> Hi Rene, >>> >>> we deployed the plugin and noticed its flooding the event log with >>> login >>> events for the user its using via the REST API. >>> can you please add persistent session to the REST API calls so login >>> will happen only once and won't flood the log? >>> >>> http://www.ovirt.org/Features/RESTSessionManagement >> >> >> It's one of the features in the latest version (1.2): >> >> -o, --cookie >> Use cookie based authenticated sessions (requires RHEV >= 3.1) >> >> >> I implemented it in the following way: >> - Plugin checks if file with session cookie exists (per default >> in /var/tmp) >> - If not: login with username and password (that's why you need to >> specify auth pair or authfile) and fetch JSESSIONID >> -- Writes ID into session cookie file >> - If cookie file is found: login using JSESSIONID and ignore username >> and password. So you can change username/password and login will still >> work. >> - If login using session ID fails and cookie file exists, it will be >> deleted and a login with username and password is tried the next time >> the plugin is executed >> >> If you start the script with -vvv you can see if login is down with auth >> session or with username/password... >> >> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. > > well, we are trying it with next version of RHEV actually :) > sasha - can you please start the script with -vvv to provide the log > for login behavior? > Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User: <username> [V] REST-API: RHEVM-API Password: <password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
> Thanks, > Itamar >
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
api maintains <features> section for the features been added in the version, check if you see something related to the "user level api" (if you don't, - this is a bug).
i want persistent session - not user level api?
On 05/23/2013 12:37 PM, Itamar Heim wrote:
On 05/23/2013 12:36 PM, Michael Pasternak wrote:
On 05/23/2013 11:22 AM, Itamar Heim wrote:
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote: > On 05/22/2013 05:18 PM, Itamar Heim wrote: >> On 05/22/2013 03:55 PM, René Koch (ovido) wrote: >>> >>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>>>> -------- Original Message -------- >>>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>>>> Date: Thu, 16 May 2013 16:31:24 +0200 >>>>> From: René Koch <r.koch@ovido.at> >>>>> To: users <Users@ovirt.org> >>>>> >>>>> I'm happy to announce version 1.2 of check_rhev3. >>>>> >>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>>>> which is >>>>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>>>> storage >>>>> domains >>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>>>> environments. >>>>> >>>>> The download locations are >>>>> * >>>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>>>> * >>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >>>>> >>>>> >>>>> * >>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >>>>> >>>>> >>>>> >>>>> For further information on how to install this plugin visit: >>>>> >>>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>>>> >>>>> A detailed usage documentation can be found here: >>>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>>>> >>>>> >>>>> Changelog: >>>>> >>>>> - General: >>>>> - Moved project to github: https://github.com/ovido/check_rhev3 >>>>> >>>>> - New features: >>>>> - Verify RHEV-M certificate >>>>> - Allow authentication sessions for authentication in RHEV >= 3.1 >>>>> and >>>>> oVirt >= 3.1 >>>>> - Use option -n <nic> to check a specific nic >>>>> >>>>> - Bugs fixed: >>>>> - Performance data issue with check_multi >>>>> >>>>> >>>>> If you have any questions or ideas, please drop me an email: >>>>> r.koch@ovido.at. >>>>> >>>>> Thank you for using check_rhev3. >>>>> >>>>> >>>>> >>>> >>>> Hi Rene, >>>> >>>> we deployed the plugin and noticed its flooding the event log with >>>> login >>>> events for the user its using via the REST API. >>>> can you please add persistent session to the REST API calls so login >>>> will happen only once and won't flood the log? >>>> >>>> http://www.ovirt.org/Features/RESTSessionManagement >>> >>> >>> It's one of the features in the latest version (1.2): >>> >>> -o, --cookie >>> Use cookie based authenticated sessions (requires RHEV >= 3.1) >>> >>> >>> I implemented it in the following way: >>> - Plugin checks if file with session cookie exists (per default >>> in /var/tmp) >>> - If not: login with username and password (that's why you need to >>> specify auth pair or authfile) and fetch JSESSIONID >>> -- Writes ID into session cookie file >>> - If cookie file is found: login using JSESSIONID and ignore username >>> and password. So you can change username/password and login will still >>> work. >>> - If login using session ID fails and cookie file exists, it will be >>> deleted and a login with username and password is tried the next time >>> the plugin is executed >>> >>> If you start the script with -vvv you can see if login is down with auth >>> session or with username/password... >>> >>> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. >> >> well, we are trying it with next version of RHEV actually :) >> sasha - can you please start the script with -vvv to provide the log >> for login behavior? >> > Here is all (I hope) the relevant data: > [V] Starting the main script. > [V] Checking which component to monitor. > [D] check_host: Called function check_host. > [V] Host: Checking host . > [V] Host: No subcheck is specified, checking memory usage. > [D] check_statistics: Called function check_statistics. > [V] Statistics: Checking statistics of hosts. > [D] check_statistics: Input parameter $component: hosts > [D] check_statistics: Input parameter $search: > [D] check_statistics: Input parameter $statistics: memory > [D] check_statistics: Converting variables. > [D] check_statistics: Converted variable $url: hosts > [D] get_result: Called function get_result. > [D] get_result: Input parameter $_[0]: /hosts?search= > [D] get_result: Input parameter $xml: hosts > [D] get_result: Input parameter $search: id > [D] rhev_connect: Called function rhev_connect. > [V] REST-API: Connecting to REST-API. > [D] rhev_connect: Input parameter: /hosts?search=. > [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= > [V] REST-API: RHEVM-API User: <username> > [V] REST-API: RHEVM-API Password: <password> > [V] REST-API: cookie filename: > bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y > ZWRoYXQuY29tCg== > [D] rhev_connect: Using username and password authentication. > [V] REST-API: Cache-Control: no-cache > Connection: close > Date: Thu, 23 May 2013 07:50:33 GMT > Pragma: No-cache > Server: Apache-Coyote/1.1 > Content-Type: application/xml > Expires: Thu, 01 Jan 1970 02:00:00 IST > Client-Date: Thu, 23 May 2013 07:50:33 GMT > Client-Peer: 10.35.16.97:8443 > Client-Response-Num: 1 > Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 > Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> > Client-SSL-Cipher: DHE-RSA-AES256-SHA > Client-SSL-Warning: Peer certificate not verified > Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure > [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <hosts> > ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o".
Regards, René
>> Thanks, >> Itamar >> > >
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
api maintains <features> section for the features been added in the version, check if you see something related to the "user level api" (if you don't, - this is a bug).
i want persistent session - not user level api?
my bad, didn't read entire tread, in <version major="3" minor="2"> we have: <feature> <name>Session Based Authentication</name> <description>Ability to maintain client-server session, to avoid login per request. Done by providing a header</description> </feature> -- Michael Pasternak RedHat, ENG-Virtualization R&D
On 05/23/2013 01:04 PM, Michael Pasternak wrote:
On 05/23/2013 12:37 PM, Itamar Heim wrote:
On 05/23/2013 12:36 PM, Michael Pasternak wrote:
On 05/23/2013 11:22 AM, Itamar Heim wrote:
On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote: > On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote: >> On 05/22/2013 05:18 PM, Itamar Heim wrote: >>> On 05/22/2013 03:55 PM, René Koch (ovido) wrote: >>>> >>>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>>>>> -------- Original Message -------- >>>>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>>>>> Date: Thu, 16 May 2013 16:31:24 +0200 >>>>>> From: René Koch <r.koch@ovido.at> >>>>>> To: users <Users@ovirt.org> >>>>>> >>>>>> I'm happy to announce version 1.2 of check_rhev3. >>>>>> >>>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>>>>> which is >>>>>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>>>>> storage >>>>>> domains >>>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>>>>> environments. >>>>>> >>>>>> The download locations are >>>>>> * >>>>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>>>>> * >>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... >>>>>> >>>>>> >>>>>> * >>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... >>>>>> >>>>>> >>>>>> >>>>>> For further information on how to install this plugin visit: >>>>>> >>>>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>>>>> >>>>>> A detailed usage documentation can be found here: >>>>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>>>>> >>>>>> >>>>>> Changelog: >>>>>> >>>>>> - General: >>>>>> - Moved project to github: https://github.com/ovido/check_rhev3 >>>>>> >>>>>> - New features: >>>>>> - Verify RHEV-M certificate >>>>>> - Allow authentication sessions for authentication in RHEV >= 3.1 >>>>>> and >>>>>> oVirt >= 3.1 >>>>>> - Use option -n <nic> to check a specific nic >>>>>> >>>>>> - Bugs fixed: >>>>>> - Performance data issue with check_multi >>>>>> >>>>>> >>>>>> If you have any questions or ideas, please drop me an email: >>>>>> r.koch@ovido.at. >>>>>> >>>>>> Thank you for using check_rhev3. >>>>>> >>>>>> >>>>>> >>>>> >>>>> Hi Rene, >>>>> >>>>> we deployed the plugin and noticed its flooding the event log with >>>>> login >>>>> events for the user its using via the REST API. >>>>> can you please add persistent session to the REST API calls so login >>>>> will happen only once and won't flood the log? >>>>> >>>>> http://www.ovirt.org/Features/RESTSessionManagement >>>> >>>> >>>> It's one of the features in the latest version (1.2): >>>> >>>> -o, --cookie >>>> Use cookie based authenticated sessions (requires RHEV >= 3.1) >>>> >>>> >>>> I implemented it in the following way: >>>> - Plugin checks if file with session cookie exists (per default >>>> in /var/tmp) >>>> - If not: login with username and password (that's why you need to >>>> specify auth pair or authfile) and fetch JSESSIONID >>>> -- Writes ID into session cookie file >>>> - If cookie file is found: login using JSESSIONID and ignore username >>>> and password. So you can change username/password and login will still >>>> work. >>>> - If login using session ID fails and cookie file exists, it will be >>>> deleted and a login with username and password is tried the next time >>>> the plugin is executed >>>> >>>> If you start the script with -vvv you can see if login is down with auth >>>> session or with username/password... >>>> >>>> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. >>> >>> well, we are trying it with next version of RHEV actually :) >>> sasha - can you please start the script with -vvv to provide the log >>> for login behavior? >>> >> Here is all (I hope) the relevant data: >> [V] Starting the main script. >> [V] Checking which component to monitor. >> [D] check_host: Called function check_host. >> [V] Host: Checking host . >> [V] Host: No subcheck is specified, checking memory usage. >> [D] check_statistics: Called function check_statistics. >> [V] Statistics: Checking statistics of hosts. >> [D] check_statistics: Input parameter $component: hosts >> [D] check_statistics: Input parameter $search: >> [D] check_statistics: Input parameter $statistics: memory >> [D] check_statistics: Converting variables. >> [D] check_statistics: Converted variable $url: hosts >> [D] get_result: Called function get_result. >> [D] get_result: Input parameter $_[0]: /hosts?search= >> [D] get_result: Input parameter $xml: hosts >> [D] get_result: Input parameter $search: id >> [D] rhev_connect: Called function rhev_connect. >> [V] REST-API: Connecting to REST-API. >> [D] rhev_connect: Input parameter: /hosts?search=. >> [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= >> [V] REST-API: RHEVM-API User: <username> >> [V] REST-API: RHEVM-API Password: <password> >> [V] REST-API: cookie filename: >> bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y >> ZWRoYXQuY29tCg== >> [D] rhev_connect: Using username and password authentication. >> [V] REST-API: Cache-Control: no-cache >> Connection: close >> Date: Thu, 23 May 2013 07:50:33 GMT >> Pragma: No-cache >> Server: Apache-Coyote/1.1 >> Content-Type: application/xml >> Expires: Thu, 01 Jan 1970 02:00:00 IST >> Client-Date: Thu, 23 May 2013 07:50:33 GMT >> Client-Peer: 10.35.16.97:8443 >> Client-Response-Num: 1 >> Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 >> Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> >> Client-SSL-Cipher: DHE-RSA-AES256-SHA >> Client-SSL-Warning: Peer certificate not verified >> Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure >> [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >> <hosts> >> ##### The output is truncated ######## > > > It seems to me that you did start the plugin without "-o" option... > > Without -o plugin uses username + password authentication (to be > compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing > setups): > $ ./check_rhev3 -H localhost -f authfile -D -vvv > [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > [D] rhev_connect: Using username and password authentication. > > With -o a cookie file it uses username + password when the cookie file > is missing (first call): > $ ./check_rhev3 -H localhost -f authfile -D -vvv -o > [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > [D] rhev_connect: Using cookie authentication. > [D] rhev_connect: No cookie file found - using username and password > > And uses session cookie if it exists: > $ ./check_rhev3 -H localhost -f authfile -D -vvv -o > [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > [D] rhev_connect: Using cookie authentication. > [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g > > Please try again with "-o". > > > Regards, > René > > >>> Thanks, >>> Itamar >>> >> >> >
Hi Rene,
I expect most will fail on this -o. maybe add auto-detection of version or engine capabilities to try and use it, else failback to use/password?
Thanks, Itamar
That sounds like a good idea - thanks! Will think on how I can implement it - either store engine version/capability into a temp file or query version/capability. I think a temp file is the better solutions as I don't need an additional API call...
Regards, René
michael - is there a rest api capability that can be used to test support of user level api?
api maintains <features> section for the features been added in the version, check if you see something related to the "user level api" (if you don't, - this is a bug).
i want persistent session - not user level api?
my bad, didn't read entire tread, in <version major="3" minor="2"> we have:
btw the feature itself was introduced in 3.1
<feature> <name>Session Based Authentication</name> <description>Ability to maintain client-server session, to avoid login per request. Done by providing a header</description> </feature>
-- Michael Pasternak RedHat, ENG-Virtualization R&D
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
-------- Original Message -------- Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released Date: Thu, 16 May 2013 16:31:24 +0200 From: René Koch<r.koch@ovido.at> To: users<Users@ovirt.org>
I'm happy to announce version 1.2 of check_rhev3.
check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, which is used to monitor datacenters, clusters, hosts, vms, vm pools and storage domains of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization environments.
The download locations are * https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz * https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6...
* https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8...
For further information on how to install this plugin visit:
https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
A detailed usage documentation can be found here: https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
Changelog:
- General: - Moved project to github: https://github.com/ovido/check_rhev3
- New features: - Verify RHEV-M certificate - Allow authentication sessions for authentication in RHEV>= 3.1 and oVirt>= 3.1 - Use option -n<nic> to check a specific nic
- Bugs fixed: - Performance data issue with check_multi
If you have any questions or ideas, please drop me an email: r.koch@ovido.at.
Thank you for using check_rhev3.
Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV>= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User:<username> [V] REST-API: RHEVM-API Password:<password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o". Can't connect to the API with -o
Regards, René
Thanks, Itamar
-- Sasha Chuzhoy Engineering Operations Red Hat Israel Ltd
On Thu, 2013-05-23 at 16:22 +0300, Sasha Chuzhoy wrote:
On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
On 05/22/2013 05:18 PM, Itamar Heim wrote:
On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
> -------- Original Message -------- > Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released > Date: Thu, 16 May 2013 16:31:24 +0200 > From: René Koch<r.koch@ovido.at> > To: users<Users@ovirt.org> > > I'm happy to announce version 1.2 of check_rhev3. > > check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, > which is > used to monitor datacenters, clusters, hosts, vms, vm pools and > storage > domains > of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization > environments. > > The download locations are > * > https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz > * > https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i6... > > > * > https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x8... > > > > For further information on how to install this plugin visit: > > https://github.com/ovido/check_rhev3/wiki/Installation-Documentation > > A detailed usage documentation can be found here: > https://github.com/ovido/check_rhev3/wiki/Usage-Documentation > > > Changelog: > > - General: > - Moved project to github: https://github.com/ovido/check_rhev3 > > - New features: > - Verify RHEV-M certificate > - Allow authentication sessions for authentication in RHEV>= 3.1 > and > oVirt>= 3.1 > - Use option -n<nic> to check a specific nic > > - Bugs fixed: > - Performance data issue with check_multi > > > If you have any questions or ideas, please drop me an email: > r.koch@ovido.at. > > Thank you for using check_rhev3. > > > Hi Rene,
we deployed the plugin and noticed its flooding the event log with login events for the user its using via the REST API. can you please add persistent session to the REST API calls so login will happen only once and won't flood the log?
It's one of the features in the latest version (1.2):
-o, --cookie Use cookie based authenticated sessions (requires RHEV>= 3.1)
I implemented it in the following way: - Plugin checks if file with session cookie exists (per default in /var/tmp) - If not: login with username and password (that's why you need to specify auth pair or authfile) and fetch JSESSIONID -- Writes ID into session cookie file - If cookie file is found: login using JSESSIONID and ignore username and password. So you can change username/password and login will still work. - If login using session ID fails and cookie file exists, it will be deleted and a login with username and password is tried the next time the plugin is executed
If you start the script with -vvv you can see if login is down with auth session or with username/password...
I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. well, we are trying it with next version of RHEV actually :) sasha - can you please start the script with -vvv to provide the log for login behavior?
Here is all (I hope) the relevant data: [V] Starting the main script. [V] Checking which component to monitor. [D] check_host: Called function check_host. [V] Host: Checking host . [V] Host: No subcheck is specified, checking memory usage. [D] check_statistics: Called function check_statistics. [V] Statistics: Checking statistics of hosts. [D] check_statistics: Input parameter $component: hosts [D] check_statistics: Input parameter $search: [D] check_statistics: Input parameter $statistics: memory [D] check_statistics: Converting variables. [D] check_statistics: Converted variable $url: hosts [D] get_result: Called function get_result. [D] get_result: Input parameter $_[0]: /hosts?search= [D] get_result: Input parameter $xml: hosts [D] get_result: Input parameter $search: id [D] rhev_connect: Called function rhev_connect. [V] REST-API: Connecting to REST-API. [D] rhev_connect: Input parameter: /hosts?search=. [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= [V] REST-API: RHEVM-API User:<username> [V] REST-API: RHEVM-API Password:<password> [V] REST-API: cookie filename: bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y ZWRoYXQuY29tCg== [D] rhev_connect: Using username and password authentication. [V] REST-API: Cache-Control: no-cache Connection: close Date: Thu, 23 May 2013 07:50:33 GMT Pragma: No-cache Server: Apache-Coyote/1.1 Content-Type: application/xml Expires: Thu, 01 Jan 1970 02:00:00 IST Client-Date: Thu, 23 May 2013 07:50:33 GMT Client-Peer: 10.35.16.97:8443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> Client-SSL-Cipher: DHE-RSA-AES256-SHA Client-SSL-Warning: Peer certificate not verified Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure [D] rhev_connect:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <hosts> ##### The output is truncated ########
It seems to me that you did start the plugin without "-o" option...
Without -o plugin uses username + password authentication (to be compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing setups): $ ./check_rhev3 -H localhost -f authfile -D -vvv [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using username and password authentication.
With -o a cookie file it uses username + password when the cookie file is missing (first call): $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: No cookie file found - using username and password
And uses session cookie if it exists: $ ./check_rhev3 -H localhost -f authfile -D -vvv -o [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK [D] rhev_connect: Using cookie authentication. [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
Please try again with "-o". Can't connect to the API with -o
Sorry for my late response. Can you connect to API with the Session-ID? $ cat /var/tmp/<cookie filename> $ curl -k -b <session-id> -H "Prefer: persistent-auth" -X GET https://<host>:<port>/api e.g. $ cat /var/tmp/cmhldm0tYWRtaW5AaW50ZXJuYWwK JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN $ curl -k -b JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN -H "Prefer: persistent-auth" -X GET https://localhost:8443/api
Regards, René
Thanks, Itamar
On 05/27/2013 10:18 AM, René Koch (ovido) wrote: > On Thu, 2013-05-23 at 16:22 +0300, Sasha Chuzhoy wrote: >> On 05/23/2013 11:07 AM, René Koch (ovido) wrote: >>> On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote: >>>> On 05/22/2013 05:18 PM, Itamar Heim wrote: >>>>> On 05/22/2013 03:55 PM, René Koch (ovido) wrote: >>>>>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: >>>>>>>> -------- Original Message -------- >>>>>>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released >>>>>>>> Date: Thu, 16 May 2013 16:31:24 +0200 >>>>>>>> From: René Koch<r.koch@ovido.at> >>>>>>>> To: users<Users@ovirt.org> >>>>>>>> >>>>>>>> I'm happy to announce version 1.2 of check_rhev3. >>>>>>>> >>>>>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, >>>>>>>> which is >>>>>>>> used to monitor datacenters, clusters, hosts, vms, vm pools and >>>>>>>> storage >>>>>>>> domains >>>>>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization >>>>>>>> environments. >>>>>>>> >>>>>>>> The download locations are >>>>>>>> * >>>>>>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz >>>>>>>> * >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i686.rpm >>>>>>>> >>>>>>>> >>>>>>>> * >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x86_64.rpm >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> For further information on how to install this plugin visit: >>>>>>>> >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation >>>>>>>> >>>>>>>> A detailed usage documentation can be found here: >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation >>>>>>>> >>>>>>>> >>>>>>>> Changelog: >>>>>>>> >>>>>>>> - General: >>>>>>>> - Moved project to github: https://github.com/ovido/check_rhev3 >>>>>>>> >>>>>>>> - New features: >>>>>>>> - Verify RHEV-M certificate >>>>>>>> - Allow authentication sessions for authentication in RHEV>= 3.1 >>>>>>>> and >>>>>>>> oVirt>= 3.1 >>>>>>>> - Use option -n<nic> to check a specific nic >>>>>>>> >>>>>>>> - Bugs fixed: >>>>>>>> - Performance data issue with check_multi >>>>>>>> >>>>>>>> >>>>>>>> If you have any questions or ideas, please drop me an email: >>>>>>>> r.koch@ovido.at. >>>>>>>> >>>>>>>> Thank you for using check_rhev3. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Hi Rene, >>>>>>> >>>>>>> we deployed the plugin and noticed its flooding the event log with >>>>>>> login >>>>>>> events for the user its using via the REST API. >>>>>>> can you please add persistent session to the REST API calls so login >>>>>>> will happen only once and won't flood the log? >>>>>>> >>>>>>> http://www.ovirt.org/Features/RESTSessionManagement >>>>>> It's one of the features in the latest version (1.2): >>>>>> >>>>>> -o, --cookie >>>>>> Use cookie based authenticated sessions (requires RHEV>= 3.1) >>>>>> >>>>>> >>>>>> I implemented it in the following way: >>>>>> - Plugin checks if file with session cookie exists (per default >>>>>> in /var/tmp) >>>>>> - If not: login with username and password (that's why you need to >>>>>> specify auth pair or authfile) and fetch JSESSIONID >>>>>> -- Writes ID into session cookie file >>>>>> - If cookie file is found: login using JSESSIONID and ignore username >>>>>> and password. So you can change username/password and login will still >>>>>> work. >>>>>> - If login using session ID fails and cookie file exists, it will be >>>>>> deleted and a login with username and password is tried the next time >>>>>> the plugin is executed >>>>>> >>>>>> If you start the script with -vvv you can see if login is down with auth >>>>>> session or with username/password... >>>>>> >>>>>> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. >>>>> well, we are trying it with next version of RHEV actually :) >>>>> sasha - can you please start the script with -vvv to provide the log >>>>> for login behavior? >>>>> >>>> Here is all (I hope) the relevant data: >>>> [V] Starting the main script. >>>> [V] Checking which component to monitor. >>>> [D] check_host: Called function check_host. >>>> [V] Host: Checking host . >>>> [V] Host: No subcheck is specified, checking memory usage. >>>> [D] check_statistics: Called function check_statistics. >>>> [V] Statistics: Checking statistics of hosts. >>>> [D] check_statistics: Input parameter $component: hosts >>>> [D] check_statistics: Input parameter $search: >>>> [D] check_statistics: Input parameter $statistics: memory >>>> [D] check_statistics: Converting variables. >>>> [D] check_statistics: Converted variable $url: hosts >>>> [D] get_result: Called function get_result. >>>> [D] get_result: Input parameter $_[0]: /hosts?search= >>>> [D] get_result: Input parameter $xml: hosts >>>> [D] get_result: Input parameter $search: id >>>> [D] rhev_connect: Called function rhev_connect. >>>> [V] REST-API: Connecting to REST-API. >>>> [D] rhev_connect: Input parameter: /hosts?search=. >>>> [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= >>>> [V] REST-API: RHEVM-API User:<username> >>>> [V] REST-API: RHEVM-API Password:<password> >>>> [V] REST-API: cookie filename: >>>> bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y >>>> ZWRoYXQuY29tCg== >>>> [D] rhev_connect: Using username and password authentication. >>>> [V] REST-API: Cache-Control: no-cache >>>> Connection: close >>>> Date: Thu, 23 May 2013 07:50:33 GMT >>>> Pragma: No-cache >>>> Server: Apache-Coyote/1.1 >>>> Content-Type: application/xml >>>> Expires: Thu, 01 Jan 1970 02:00:00 IST >>>> Client-Date: Thu, 23 May 2013 07:50:33 GMT >>>> Client-Peer: 10.35.16.97:8443 >>>> Client-Response-Num: 1 >>>> Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 >>>> Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> >>>> Client-SSL-Cipher: DHE-RSA-AES256-SHA >>>> Client-SSL-Warning: Peer certificate not verified >>>> Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure >>>> [D] rhev_connect:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> >>>> <hosts> >>>> ##### The output is truncated ######## >>> It seems to me that you did start the plugin without "-o" option... >>> >>> Without -o plugin uses username + password authentication (to be >>> compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing >>> setups): >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK >>> [D] rhev_connect: Using username and password authentication. >>> >>> With -o a cookie file it uses username + password when the cookie file >>> is missing (first call): >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK >>> [D] rhev_connect: Using cookie authentication. >>> [D] rhev_connect: No cookie file found - using username and password >>> >>> And uses session cookie if it exists: >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK >>> [D] rhev_connect: Using cookie authentication. >>> [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g >>> >>> Please try again with "-o". >> Can't connect to the API with -o > > Sorry for my late response. > > Can you connect to API with the Session-ID? > $ cat /var/tmp/<cookie filename> > $ curl -k -b<session-id> -H "Prefer: persistent-auth" -X GET https://<host>:<port>/api > > e.g. > $ cat /var/tmp/cmhldm0tYWRtaW5AaW50ZXJuYWwK > JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN > $ curl -k -b JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN -H "Prefer: persistent-auth" -X GET https://localhost:8443/api 1. Where to run "cat /var/tmp/<cookie filename>" ? It's empty on the client I used for all the tests. 2. At this point I have no choice but to disable the check of the RHEV-TLV setup. The 77 checks cause the manager to respond slowly, and it causes (I believe) anomalies, i.e. host goes to non-responsive mode. The file with the checks I used is attached for review/convenience. Thanks. > > >>> >>> Regards, >>> René >>> >>> >>>>> Thanks, >>>>> Itamar >>>>> >> > -- Sasha Chuzhoy Engineering Operations Red Hat Israel Ltd
On Sun, 2013-06-02 at 15:09 +0300, Sasha Chuzhoy wrote: > On 05/27/2013 10:18 AM, René Koch (ovido) wrote: > > On Thu, 2013-05-23 at 16:22 +0300, Sasha Chuzhoy wrote: > >> On 05/23/2013 11:07 AM, René Koch (ovido) wrote: > >>> On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote: > >>>> On 05/22/2013 05:18 PM, Itamar Heim wrote: > >>>>> On 05/22/2013 03:55 PM, René Koch (ovido) wrote: > >>>>>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote: > >>>>>>>> -------- Original Message -------- > >>>>>>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released > >>>>>>>> Date: Thu, 16 May 2013 16:31:24 +0200 > >>>>>>>> From: René Koch<r.koch@ovido.at> > >>>>>>>> To: users<Users@ovirt.org> > >>>>>>>> > >>>>>>>> I'm happy to announce version 1.2 of check_rhev3. > >>>>>>>> > >>>>>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks, > >>>>>>>> which is > >>>>>>>> used to monitor datacenters, clusters, hosts, vms, vm pools and > >>>>>>>> storage > >>>>>>>> domains > >>>>>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization > >>>>>>>> environments. > >>>>>>>> > >>>>>>>> The download locations are > >>>>>>>> * > >>>>>>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz > >>>>>>>> * > >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i686.rpm > >>>>>>>> > >>>>>>>> > >>>>>>>> * > >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x86_64.rpm > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> For further information on how to install this plugin visit: > >>>>>>>> > >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation > >>>>>>>> > >>>>>>>> A detailed usage documentation can be found here: > >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation > >>>>>>>> > >>>>>>>> > >>>>>>>> Changelog: > >>>>>>>> > >>>>>>>> - General: > >>>>>>>> - Moved project to github: https://github.com/ovido/check_rhev3 > >>>>>>>> > >>>>>>>> - New features: > >>>>>>>> - Verify RHEV-M certificate > >>>>>>>> - Allow authentication sessions for authentication in RHEV>= 3.1 > >>>>>>>> and > >>>>>>>> oVirt>= 3.1 > >>>>>>>> - Use option -n<nic> to check a specific nic > >>>>>>>> > >>>>>>>> - Bugs fixed: > >>>>>>>> - Performance data issue with check_multi > >>>>>>>> > >>>>>>>> > >>>>>>>> If you have any questions or ideas, please drop me an email: > >>>>>>>> r.koch@ovido.at. > >>>>>>>> > >>>>>>>> Thank you for using check_rhev3. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> Hi Rene, > >>>>>>> > >>>>>>> we deployed the plugin and noticed its flooding the event log with > >>>>>>> login > >>>>>>> events for the user its using via the REST API. > >>>>>>> can you please add persistent session to the REST API calls so login > >>>>>>> will happen only once and won't flood the log? > >>>>>>> > >>>>>>> http://www.ovirt.org/Features/RESTSessionManagement > >>>>>> It's one of the features in the latest version (1.2): > >>>>>> > >>>>>> -o, --cookie > >>>>>> Use cookie based authenticated sessions (requires RHEV>= 3.1) > >>>>>> > >>>>>> > >>>>>> I implemented it in the following way: > >>>>>> - Plugin checks if file with session cookie exists (per default > >>>>>> in /var/tmp) > >>>>>> - If not: login with username and password (that's why you need to > >>>>>> specify auth pair or authfile) and fetch JSESSIONID > >>>>>> -- Writes ID into session cookie file > >>>>>> - If cookie file is found: login using JSESSIONID and ignore username > >>>>>> and password. So you can change username/password and login will still > >>>>>> work. > >>>>>> - If login using session ID fails and cookie file exists, it will be > >>>>>> deleted and a login with username and password is tried the next time > >>>>>> the plugin is executed > >>>>>> > >>>>>> If you start the script with -vvv you can see if login is down with auth > >>>>>> session or with username/password... > >>>>>> > >>>>>> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1. > >>>>> well, we are trying it with next version of RHEV actually :) > >>>>> sasha - can you please start the script with -vvv to provide the log > >>>>> for login behavior? > >>>>> > >>>> Here is all (I hope) the relevant data: > >>>> [V] Starting the main script. > >>>> [V] Checking which component to monitor. > >>>> [D] check_host: Called function check_host. > >>>> [V] Host: Checking host . > >>>> [V] Host: No subcheck is specified, checking memory usage. > >>>> [D] check_statistics: Called function check_statistics. > >>>> [V] Statistics: Checking statistics of hosts. > >>>> [D] check_statistics: Input parameter $component: hosts > >>>> [D] check_statistics: Input parameter $search: > >>>> [D] check_statistics: Input parameter $statistics: memory > >>>> [D] check_statistics: Converting variables. > >>>> [D] check_statistics: Converted variable $url: hosts > >>>> [D] get_result: Called function get_result. > >>>> [D] get_result: Input parameter $_[0]: /hosts?search= > >>>> [D] get_result: Input parameter $xml: hosts > >>>> [D] get_result: Input parameter $search: id > >>>> [D] rhev_connect: Called function rhev_connect. > >>>> [V] REST-API: Connecting to REST-API. > >>>> [D] rhev_connect: Input parameter: /hosts?search=. > >>>> [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search= > >>>> [V] REST-API: RHEVM-API User:<username> > >>>> [V] REST-API: RHEVM-API Password:<password> > >>>> [V] REST-API: cookie filename: > >>>> bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y > >>>> ZWRoYXQuY29tCg== > >>>> [D] rhev_connect: Using username and password authentication. > >>>> [V] REST-API: Cache-Control: no-cache > >>>> Connection: close > >>>> Date: Thu, 23 May 2013 07:50:33 GMT > >>>> Pragma: No-cache > >>>> Server: Apache-Coyote/1.1 > >>>> Content-Type: application/xml > >>>> Expires: Thu, 01 Jan 1970 02:00:00 IST > >>>> Client-Date: Thu, 23 May 2013 07:50:33 GMT > >>>> Client-Peer: 10.35.16.97:8443 > >>>> Client-Response-Num: 1 > >>>> Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149 > >>>> Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN> > >>>> Client-SSL-Cipher: DHE-RSA-AES256-SHA > >>>> Client-SSL-Warning: Peer certificate not verified > >>>> Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure > >>>> [D] rhev_connect:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> > >>>> <hosts> > >>>> ##### The output is truncated ######## > >>> It seems to me that you did start the plugin without "-o" option... > >>> > >>> Without -o plugin uses username + password authentication (to be > >>> compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing > >>> setups): > >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv > >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > >>> [D] rhev_connect: Using username and password authentication. > >>> > >>> With -o a cookie file it uses username + password when the cookie file > >>> is missing (first call): > >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o > >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > >>> [D] rhev_connect: Using cookie authentication. > >>> [D] rhev_connect: No cookie file found - using username and password > >>> > >>> And uses session cookie if it exists: > >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o > >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK > >>> [D] rhev_connect: Using cookie authentication. > >>> [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g > >>> > >>> Please try again with "-o". > >> Can't connect to the API with -o > > > > Sorry for my late response. > > > > Can you connect to API with the Session-ID? > > $ cat /var/tmp/<cookie filename> > > $ curl -k -b<session-id> -H "Prefer: persistent-auth" -X GET https://<host>:<port>/api > > > > e.g. > > $ cat /var/tmp/cmhldm0tYWRtaW5AaW50ZXJuYWwK > > JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN > > $ curl -k -b JSESSIONID=9WHnBzrv14LFEvGcUlzGNdpN -H "Prefer: persistent-auth" -X GET https://localhost:8443/api > 1. Where to run "cat /var/tmp/<cookie filename>" ? It's empty on the > client I used for all the tests. > 2. At this point I have no choice but to disable the check of the > RHEV-TLV setup. The 77 checks cause the manager to respond slowly, and > it causes (I believe) anomalies, i.e. host goes to non-responsive mode. > The file with the checks I used is attached for review/convenience. > > Thanks. I'll work on the authentication function of the plugin and improve it to avoid these issues. For your slowly RHEV manager: this seems strange to me, as 77 checks (I assume per 5 minutes) are 15 checks/minute is 1 check per 4 seconds (if I did calculate this correct). But nevertheless I'll test this with my RHEV and oVirt setups... > > > > > >>> > >>> Regards, > >>> René > >>> > >>> > >>>>> Thanks, > >>>>> Itamar > >>>>> > >> > > > >
participants (4)
-
Itamar Heim -
Michael Pasternak -
René Koch (ovido) -
Sasha Chuzhoy