Unlike other monitoring systems Nagios presents a web-based interface which, by default, does not provide a way for directly acessing the monitored hosts.
Would it be nice to access Nagios from Firefox and have it launch SSH (or other connections) with a single click? Definitely. Let's see how it's done.
1. Register the ssh:// protocol on Firefox
In the past external handlers were registered via user preferences. From version 3 onward, Firefox honors whatever is registered with gconf. Run the following commands as regular user:
gconftool-2 -s /desktop/gnome/url-handlers/ssh/command '/usr/local/AS/bin/dossh.sh %s' --type StringUpdate: this will not work on GNOME 3 and Unity based systems, like Ubuntu 12.04. For such systems add a new firefox preference in about:config
gconftool-2 -s /desktop/gnome/url-handlers/ssh/enabled --type Boolean true
gconftool-2 -s /desktop/gnome/url-handlers/ssh/needs_terminal --type Boolean false
network.protocol-handler.expose.ssh=falseThis will allow you to manually choose a handler application the first time an ssh:// URL is clicked.
2) Write a helper script to launch SSH sessions
The first command includes the path to a helper script that launches the SSH session. In our case the dossh.sh script is as follows:
#!/bin/bashYou can adapt the script to use a different terminal (adapting its arguments as well), to assume a predefined user so that the username doesn't have to be typed everytime, to accept arguments for other SSH features (ex: portforwarding) and so on. If you have SSH public key distribution in place, you may even login without being prompted for a password.
ARGS=`echo $@ | sed -e "s/%20/ /g"`
REMOTEHOST=`echo $ARGS | awk '{ print $1 }' |sed -e "s/ssh:\/\///"`
REMOTEPORT=`echo $ARGS | awk '{ print $2 }'`
if [ "x$REMOTEPORT" = "x" ]; then
REMOTEPORT=22
fi
TERMINAL=xterm
ARGS="-fn 9x18 -fg white -bg black -T $REMOTEHOST"
export REMOTEHOST
export REMOTEPORT
$TERMINAL $ARGS -e 'echo -n "Username: " ;read REMOTEUSER; ssh $REMOTEHOST -p $REMOTEPORT -l $REMOTEUSER'
3) Let Nagios add a special ssh:// URL next to the regular host URL
For this to happen your hosts must include the hostexinfo section in their definition. Please refer to the following example to understand how the action_url parameter creates the special URL:
define host {
use generic-host
host_name vmserver01.intranet
alias vmserver01
address vmserver01.intranet
check_command zoneedit-check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}
define hostextinfo{
use server
host_name vmserver01.intranet
notes CentOS 5.4
action_url ssh://$HOSTNAME$ PORT
}
Note that $HOSTNAME$ is actually to be written with the dollar signs around whereas PORT should be replaced by the port sshd runs on on the particular machine. If the port number is not present the script will assume port 22.
Once this is done, and Nagios is restarted a new icon will appear next to each host. This icon represents a link of the form ssh:// which is handled by the script defined in step 2).
4) Prevent Firefox from opening a new TAB each time you try to launch an SSH session
By default Nagios creates the new ssh:// links with a target=_blank parameter. This causes a new tab to open on each click. To fix it, you should be able to add or change the following line in the cgi.cfg configuration file:
action_url_target=_self
This option, even if correct according to Nagios documentation, seems to be ignored in our setup. An alternative solution, that works really well, is installing this Greasemonkey script, that gets rid of all the intruse HTML _blank targets.
5) Conclusion:
Nagios can be integrated with Firefox to automate the startup of SSH sessions. The user experience is certainly much better this way. The idea presented here can be adapted and extended. For example, the dossh.sh script can be tweaked so that certain local ports are automatically forwarded by ssh so that we can connect to hosts behind Linux gateways using rdesktop, Firefox, XWindows, FreeNX, VMWare and so on.
1 comentário:
Ora ai está um conceito interessante, tenho de testar o funcionamento mas admito que parece promissor.
Obrigado pela dica.
Enviar um comentário