Hi Neal,
Thanks a bunch, I'll look into using your solution. Seems better than
just asking 389ds if it's ok ;)
/tony
On Wed, 2018-09-19 at 11:32 +0000, Neal Harrington wrote:
> Hi Tony,
>
>
> I'm monitoring using the following userparameter (basically run
> "ipactl status" and grep out lines which are known good so only
> errors are returned):
>
>
> UserParameter=ipa.status,sudo /usr/sbin/ipactl status 2>&1 | egrep -v
> "(INFO\: The ipactl command was successful$|: RUNNING$)"
>
>
> ipactl needs root access so I have a file in /etc/sudoers.d/zabbix
> with these lines to allow the zabbix user to sudo the ipactl status
> command only without a password:
>
>
> ## Allow zabix to query ipa status
> Defaults:zabbix !requiretty
> zabbix ALL = (root) NOPASSWD: /usr/sbin/ipactl status
>
> The final challenge I had was selinux which I had to create a custom
> rule for (but most people seem to just disable selinux).
>
>
> Then just create a trigger to alert if the returned value contains
> any characters. eg this matches on any char apart from whitespace:
>
> {Custom Template IPA Server:ipa.status.regexp([^\s],1200)}=1
>
>
> If anyone else has a better way to do this I'd be interested to hear
> it.
>
>
> Regards,
>
> Neal.
>
>
>
>
> ________________________________
> From: Tony Brian Albers via FreeIPA-users <freeipa-users@lists.fedora
> hosted.org>
> Sent: 24 August 2018 10:50
> To: freeipa-users@lists.fedorahosted.org
> Cc: Tony Brian Albers
> Subject: [Freeipa-users] zabbix for monitoring FreeIPA server?
>
> Hi guys,
>
> Anyone got this working?
>
> And if so, how did you do it?
>
> I know I can monitor the components separately, but if you know of
> anything that can do it easier I'd be happy to know about it.
>
> /tony
> --
> --
> Tony Albers
> Systems administrator, IT-development
> Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 2566 2383 / +45 8946 2316
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahoste
> d.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin
> es
> List Archives: https://lists.fedoraproject.org/archives/list/freeipa-
> us...@lists.fedorahosted.org/message/WGYZNKOBXBHHVCGA66GTFVDOG3WJOG5T
> /
--
--
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
