[Users] Fwd: Nagios monitoring plugin check_rhev3 1.2 released

René Koch (ovido) r.koch at ovido.at
Thu May 23 08:30:04 UTC 2013 

On Thu, 2013-05-23 at 11:22 +0300, Itamar Heim wrote:
> On 05/23/2013 11:21 AM, René Koch (ovido) wrote:
> >
> > On Thu, 2013-05-23 at 11:11 +0300, Itamar Heim wrote:
> >> On 05/23/2013 11:07 AM, René Koch (ovido) wrote:
> >>> On Thu, 2013-05-23 at 10:55 +0300, Sasha Chuzhoy wrote:
> >>>> On 05/22/2013 05:18 PM, Itamar Heim wrote:
> >>>>> On 05/22/2013 03:55 PM, René Koch (ovido) wrote:
> >>>>>>
> >>>>>> On Wed, 2013-05-22 at 14:59 +0300, Itamar Heim wrote:
> >>>>>>>> -------- Original Message --------
> >>>>>>>> Subject: [Users] Nagios monitoring plugin check_rhev3 1.2 released
> >>>>>>>> Date: Thu, 16 May 2013 16:31:24 +0200
> >>>>>>>> From: René Koch <r.koch at ovido.at>
> >>>>>>>> To: users <Users at ovirt.org>
> >>>>>>>>
> >>>>>>>> I'm happy to announce version 1.2 of check_rhev3.
> >>>>>>>>
> >>>>>>>> check_rhev3 is a monitoring plugin for Icinga/Nagios and it's forks,
> >>>>>>>> which is
> >>>>>>>> used to monitor datacenters, clusters, hosts, vms, vm pools and
> >>>>>>>> storage
> >>>>>>>> domains
> >>>>>>>> of Red Hat Enterprise Virtualization (RHEV) and oVirt virtualization
> >>>>>>>> environments.
> >>>>>>>>
> >>>>>>>> The download locations are
> >>>>>>>>       *
> >>>>>>>> https://labs.ovido.at/download/check_rhev3/check_rhev3-1.2.tar.gz
> >>>>>>>>       *
> >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.i686.rpm
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>       *
> >>>>>>>> https://labs.ovido.at/download/check_rhev3/nagios-plugins-rhev3-1.2-1.el6.x86_64.rpm
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> For further information on how to install this plugin visit:
> >>>>>>>>
> >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Installation-Documentation
> >>>>>>>>
> >>>>>>>> A detailed usage documentation can be found here:
> >>>>>>>> https://github.com/ovido/check_rhev3/wiki/Usage-Documentation
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Changelog:
> >>>>>>>>
> >>>>>>>> - General:
> >>>>>>>> -   Moved project to github: https://github.com/ovido/check_rhev3
> >>>>>>>>
> >>>>>>>> - New features:
> >>>>>>>> -   Verify RHEV-M certificate
> >>>>>>>> -   Allow authentication sessions for authentication in RHEV >= 3.1
> >>>>>>>> and
> >>>>>>>> oVirt >= 3.1
> >>>>>>>> -   Use option -n <nic> to check a specific nic
> >>>>>>>>
> >>>>>>>> - Bugs fixed:
> >>>>>>>> -   Performance data issue with check_multi
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> If you have any questions or ideas, please drop me an email: ​
> >>>>>>>> r.koch at ovido.at.
> >>>>>>>>
> >>>>>>>> Thank you for using check_rhev3.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>> Hi Rene,
> >>>>>>>
> >>>>>>> we deployed the plugin and noticed its flooding the event log with
> >>>>>>> login
> >>>>>>> events for the user its using via the REST API.
> >>>>>>> can you please add persistent session to the REST API calls so login
> >>>>>>> will happen only once and won't flood the log?
> >>>>>>>
> >>>>>>> http://www.ovirt.org/Features/RESTSessionManagement
> >>>>>>
> >>>>>>
> >>>>>> It's one of the features in the latest version (1.2):
> >>>>>>
> >>>>>>     -o, --cookie
> >>>>>>        Use cookie based authenticated sessions (requires RHEV >= 3.1)
> >>>>>>
> >>>>>>
> >>>>>> I implemented it in the following way:
> >>>>>> - Plugin checks if file with session cookie exists (per default
> >>>>>> in /var/tmp)
> >>>>>> - If not: login with username and password (that's why you need to
> >>>>>> specify auth pair or authfile) and fetch JSESSIONID
> >>>>>> -- Writes ID into session cookie file
> >>>>>> - If cookie file is found: login using JSESSIONID and ignore username
> >>>>>> and password. So you can change username/password and login will still
> >>>>>> work.
> >>>>>> - If login using session ID fails and cookie file exists, it will be
> >>>>>> deleted and a login with username and password is tried the next time
> >>>>>> the plugin is executed
> >>>>>>
> >>>>>> If you start the script with -vvv you can see if login is down with auth
> >>>>>> session or with username/password...
> >>>>>>
> >>>>>> I didn't test it with oVirt 3.2 (yet), but works fine in RHEV 3.1.
> >>>>>
> >>>>> well, we are trying it with next version of RHEV actually :)
> >>>>> sasha - can you please start the script with -vvv to provide the log
> >>>>> for login behavior?
> >>>>>
> >>>> Here is all (I hope) the relevant data:
> >>>> [V] Starting the main script.
> >>>> [V] Checking which component to monitor.
> >>>> [D] check_host: Called function check_host.
> >>>> [V] Host: Checking host .
> >>>> [V] Host: No subcheck is specified, checking memory usage.
> >>>> [D] check_statistics: Called function check_statistics.
> >>>> [V] Statistics: Checking statistics of hosts.
> >>>> [D] check_statistics: Input parameter $component: hosts
> >>>> [D] check_statistics: Input parameter $search:
> >>>> [D] check_statistics: Input parameter $statistics: memory
> >>>> [D] check_statistics: Converting variables.
> >>>> [D] check_statistics: Converted variable $url: hosts
> >>>> [D] get_result: Called function get_result.
> >>>> [D] get_result: Input parameter $_[0]: /hosts?search=
> >>>> [D] get_result: Input parameter $xml: hosts
> >>>> [D] get_result: Input parameter $search: id
> >>>> [D] rhev_connect: Called function rhev_connect.
> >>>> [V] REST-API: Connecting to REST-API.
> >>>> [D] rhev_connect: Input parameter: /hosts?search=.
> >>>> [V] REST-API: RHEVM-API URL: https://<hostname>:8443/api/hosts?search=
> >>>> [V] REST-API: RHEVM-API User: <username>
> >>>> [V] REST-API: RHEVM-API Password: <password>
> >>>> [V] REST-API: cookie filename:
> >>>> bm90dDA0LmVuZy5sYWIudGx2LnJlZGhhdC5jb20tdmlld2VyQG5vdHQwNC5lbmcubGFiLnRsdi5y
> >>>> ZWRoYXQuY29tCg==
> >>>> [D] rhev_connect: Using username and password authentication.
> >>>> [V] REST-API: Cache-Control: no-cache
> >>>> Connection: close
> >>>> Date: Thu, 23 May 2013 07:50:33 GMT
> >>>> Pragma: No-cache
> >>>> Server: Apache-Coyote/1.1
> >>>> Content-Type: application/xml
> >>>> Expires: Thu, 01 Jan 1970 02:00:00 IST
> >>>> Client-Date: Thu, 23 May 2013 07:50:33 GMT
> >>>> Client-Peer: 10.35.16.97:8443
> >>>> Client-Response-Num: 1
> >>>> Client-SSL-Cert-Issuer: /C=US/O=Red Hat TLV/CN=CA-<FQDN>.31149
> >>>> Client-SSL-Cert-Subject: /C=US/O=Red Hat TLV/CN=<FQDN>
> >>>> Client-SSL-Cipher: DHE-RSA-AES256-SHA
> >>>> Client-SSL-Warning: Peer certificate not verified
> >>>> Set-Cookie: JSESSIONID=8gUbxG1-uk8HOi2tq4krw7tq; Path=/api; Secure
> >>>> [D] rhev_connect: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> >>>> <hosts>
> >>>> ##### The output is truncated ########
> >>>
> >>>
> >>> It seems to me that you did start the plugin without "-o" option...
> >>>
> >>> Without -o plugin uses username + password authentication (to be
> >>> compatible with RHEV 3.0, oVirt 3.0 - especially to not break existing
> >>> setups):
> >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv
> >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
> >>> [D] rhev_connect: Using username and password authentication.
> >>>
> >>> With -o a cookie file it uses username + password when the cookie file
> >>> is missing (first call):
> >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o
> >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
> >>> [D] rhev_connect: Using cookie authentication.
> >>> [D] rhev_connect: No cookie file found - using username and password
> >>>
> >>> And uses session cookie if it exists:
> >>> $ ./check_rhev3 -H localhost -f authfile -D -vvv -o
> >>> [V] REST-API: cookie filename: cmhldm0tYWRtaW5AaW50ZXJuYWwK
> >>> [D] rhev_connect: Using cookie authentication.
> >>> [D] rhev_connect: Using cookie: JSESSIONID=wbYehfrValieFzkv6GBWes-g
> >>>
> >>> Please try again with "-o".
> >>>
> >>>
> >>> Regards,
> >>> René
> >>>
> >>>
> >>>>> Thanks,
> >>>>>      Itamar
> >>>>>
> >>>>
> >>>>
> >>>
> >>
> >> Hi Rene,
> >>
> >> I expect most will fail on this -o.
> >> maybe add auto-detection of version or engine capabilities to try and
> >> use it, else failback to use/password?
> >>
> >> Thanks,
> >>      Itamar
> >
> >
> > That sounds like a good idea - thanks!
> > Will think on how I can implement it - either store engine
> > version/capability into a temp file or query version/capability.
> > I think a temp file is the better solutions as I don't need an
> > additional API call...
> >
> >
> > Regards,
> > René
> >
> >
> >
> >
> 
> michael - is there a rest api capability that can be used to test 
> support of user level api?


There's one I could use:

<version major="3" minor="1"
href="/api/capabilities/332e3133-2e31-332e-3133-2e31332e3133"
id="332e3133-2e31-332e-3133-2e31332e3133">
  <current>false</current>
  <feature>
    <name>Session Based Authentication</name>
    <description>Ability to maintain client-server session, to avoid
login per request. Done by providing a header</description>
  </feature>

More information about the Users mailing list