Hi Neal,
Thanks a bunch, I'll look into using your solution. Seems better than just asking 389ds if it's ok ;)
/tony
On Wed, 2018-09-19 at 11:32 +0000, Neal Harrington wrote:
Hi Tony,
I'm monitoring using the following userparameter (basically run "ipactl status" and grep out lines which are known good so only errors are returned):
UserParameter=ipa.status,sudo /usr/sbin/ipactl status 2>&1 | egrep -v "(INFO: The ipactl command was successful$|: RUNNING$)"
ipactl needs root access so I have a file in /etc/sudoers.d/zabbix with these lines to allow the zabbix user to sudo the ipactl status command only without a password:
## Allow zabix to query ipa status Defaults:zabbix !requiretty zabbix ALL = (root) NOPASSWD: /usr/sbin/ipactl status
The final challenge I had was selinux which I had to create a custom rule for (but most people seem to just disable selinux).
Then just create a trigger to alert if the returned value contains any characters. eg this matches on any char apart from whitespace:
{Custom Template IPA Server:ipa.status.regexp([^\s],1200)}=1
If anyone else has a better way to do this I'd be interested to hear it.
Regards,
Neal.
From: Tony Brian Albers via FreeIPA-users <freeipa-users@lists.fedora hosted.org> Sent: 24 August 2018 10:50 To: freeipa-users@lists.fedorahosted.org Cc: Tony Brian Albers Subject: [Freeipa-users] zabbix for monitoring FreeIPA server?
Hi guys,
Anyone got this working?
And if so, how did you do it?
I know I can monitor the components separately, but if you know of anything that can do it easier I'd be happy to know about it.
/tony
-- Tony Albers Systems administrator, IT-development Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark. Tel: +45 2566 2383 / +45 8946 2316 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahoste d.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin es List Archives: https://lists.fedoraproject.org/archives/list/freeipa- users@lists.fedorahosted.org/message/WGYZNKOBXBHHVCGA66GTFVDOG3WJOG5T /
freeipa-users@lists.fedorahosted.org