2009年7月27日 星期一

Installing NRPE 2.12 from source as a SMF managed service in Solaris 10

Installing NRPE on Solaris 10 involves just a bit more than your normal './configure && make && make install' routine. However, all the dependencies are likely present on a freshly installed system, you just have to tell NRPE where to find it. There's one file you need to patch, and then it will install. From there it's easy to plug into SMF!

First, let's make sure some directories are present, and create our Nagios user:

# mkdir /usr/local
# groupadd nagios
# useradd -m -c "nagios system user" -d /usr/local/nagios -g nagios -m nagios
Next, download and extract the source code to NRPE:

$ cd /tmp/
$ /usr/sfw/bin/wget http://superb-east.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
$ gzip -dc nrpe-2.12.tar.gz | tar -xvf -
$ cd nrpe-2.12
Now, we need to tell the configure script where to find the openssl libraries, and make sure that GCC is in our path:

$ PATH=$PATH:/usr/sfw/bin:/usr/ccs/bin ./configure --with-ssl=/usr/sfw/ --with-ssl-lib=/usr/sfw/lib/
That should run just fine. Before we build, we need to apply a quick fix to nrpe.c. If you don't do this, you'll get an error from make that says "nrpe.c:617: error: 'LOG_AUTHPRIV' undeclared (first use in this function)".

$ perl -pi -e 's/LOG_AUTHPRIV/LOG_AUTH/; s/LOG_FTP/LOG_DAEMON/' src/nrpe.c
Now, we should be okay to build it:

$ PATH=$PATH:/usr/sfw/bin:/usr/ccs/bin make
Then, install it as root:

# PATH=$PATH:/usr/sfw/bin:/usr/ccs/bin make install
Either copy the nrpe.cfg sample included in the source code, or drop your own into /usr/local/nagios/etc/nrpe.cfg. Now, stay logged in as root for the following, now we'll get NRPE setup to run under SMF.

First, we need to setup the service and present it to inetd:

echo "nrpe 5666/tcp # NRPE" >> /etc/services
echo "nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /usr/local/nagios/bin/nrpe \
-c /usr/local/nagios/etc/nrpe.cfg -i" >> /etc/inet/inetd.conf
Now, tell SMF to pull in the inetd config:

inetconv
At this point, the SMF service is available, but we want to use TCP wrappers so that only our Nagios server can talk to NRPE (substitute $NAGIOS_IP with the IP of your Nagios server):

inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE
echo "nrpe: LOCAL, $NAGIOS_IP" >> /etc/hosts.allow
echo "nrpe: ALL" >> /etc/hosts.deny
Finally, fire up the service:

svcadm enable nrpe/tcp
That's it! Nagios should be able to monitor your Solaris 10 box now. Someday, I'll make a package for this, but you can pretty well copy and paste the code here to get up and running.

沒有留言:

張貼留言