Hi Neal, Thanks a bunch, I'll look into using your solution. Seems better than just asking 389ds if it's ok ;)
/tony On Wed, 2018-09-19 at 11:32 +0000, Neal Harrington wrote: > Hi Tony, > > > I'm monitoring using the following userparameter (basically run > "ipactl status" and grep out lines which are known good so only > errors are returned): > > > UserParameter=ipa.status,sudo /usr/sbin/ipactl status 2>&1 | egrep -v > "(INFO\: The ipactl command was successful$|: RUNNING$)" > > > ipactl needs root access so I have a file in /etc/sudoers.d/zabbix > with these lines to allow the zabbix user to sudo the ipactl status > command only without a password: > > > ## Allow zabix to query ipa status > Defaults:zabbix !requiretty > zabbix ALL = (root) NOPASSWD: /usr/sbin/ipactl status > > The final challenge I had was selinux which I had to create a custom > rule for (but most people seem to just disable selinux). > > > Then just create a trigger to alert if the returned value contains > any characters. eg this matches on any char apart from whitespace: > > {Custom Template IPA Server:ipa.status.regexp([^\s],1200)}=1 > > > If anyone else has a better way to do this I'd be interested to hear > it. > > > Regards, > > Neal. > > > > > ________________________________ > From: Tony Brian Albers via FreeIPA-users <freeipa-users@lists.fedora > hosted.org> > Sent: 24 August 2018 10:50 > To: freeipa-users@lists.fedorahosted.org > Cc: Tony Brian Albers > Subject: [Freeipa-users] zabbix for monitoring FreeIPA server? > > Hi guys, > > Anyone got this working? > > And if so, how did you do it? > > I know I can monitor the components separately, but if you know of > anything that can do it easier I'd be happy to know about it. > > /tony > -- > -- > Tony Albers > Systems administrator, IT-development > Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark. > Tel: +45 2566 2383 / +45 8946 2316 > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-leave@lists.fedorahoste > d.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelin > es > List Archives: https://lists.fedoraproject.org/archives/list/freeipa- > us...@lists.fedorahosted.org/message/WGYZNKOBXBHHVCGA66GTFVDOG3WJOG5T > / -- -- Tony Albers Systems administrator, IT-development Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark. Tel: +45 2566 2383 / +45 8946 2316 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org