Nagios-plugins-zypper
From openSUSE
|
Nagios is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify.
|
|
| |||||||||||||
About
- You like to know which host in your serverfarm lacks security updates?
- You like to know if there are package updates available from software.opensuse.org?
- You already use Nagios to monitor your host?
Then you want to use the Nagios Plugin: "check_zypper".
Configuration
Options
-c, --critical
A patch with this category result in critical status.
Default: security
-f, --releasefile
Use the given file to get informations about the distribution.
Default: /etc/SuSE-release
-h, --help
Print detailed help screen
-i, --ignore <file>
Ignore patches/packages that are mentioned in <file>
Just list one patch/package per line - example:
patch:libtiff-devel
# comment
package:libtiff3
package:libtiff-devel
-o, --ignore_outdated
Don't warn if a repository is outdated.
-r, --refresh_repos
Tries to refresh the repositories before checking for updates.
Note: this maybe needs an entry in /etc/sudoers like:
nagios ALL = NOPASSWD: /usr/bin/zypper ref
(and additional lines for the '-s' Option) if no check-zypp-wrapper is available.
-s, --use_sudo
Zypper needs root privileges on some distributions (known: 10.1 and SLE10).
You can enable the script to use /usr/bin/sudo to start zypper.
But don't forget to enable nopasswd sudo for the user starting check_zypper
Via lines like the two below on in /etc/sudoers:
nagios ALL = NOPASSWD: /usr/bin/zypper sl, \
/usr/bin/zypper --non-interactive --no-gpg-checks --terse list-updates
-t, --timeout
Just in case of problems, let's not hang Nagios and define a timeout.
Default value is: 120 seconds
-v, --verbose_output
Print more information (useful only with Nagios v3.x).
-w, --warning
A patch with this category result in warning status.
Default: recommended,optional
-V, --version
Print version information
Check the local host
For checking the local machine running the nagios daemon, add a command definition like:
define command {
command_name check_zypper
command_line $USER1$/check_zypper -v -t $ARG1$
}
and define a service definition like:
define service{
use generic-service
host_name localhost
service_description Updates
normal_check_interval 1440 # once a day
display_name Updates for this machine
check_command check_zypper!300
}
Check remote hosts
This example uses the Nagios Remote Plugin Executor - you need the nrpe-client package installed on the machine you want to monitor and the nrpe-server package installed on the machine running the nagios daemon for this.
First, define a command definition on your nagios server like:
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
and a service definition like:
define service{
use generic-service
host_name my_client
service_description Updates
check_command check_nrpe!check_zypper -t 120
}
 | Don't run this service check too often.
Normally, you want to check this service only once or twice a day, so it might be a good idea to define an additional service template like: define service {
name one-day-service
use generic-service
normal_check_interval 1440 ; Check the service every day
retry_check_interval 240 ; Re-check every 6 hours
notification_interval 1440 ; Notify about a problem once a day
}
and use this "one-day-service" in your service definition. |
On the client side, add the following line to your /etc/nagios/nrpe.cfg on the client machine:
command[check_updates]=/usr/lib/nagios/plugins/check_zypper
to your nagios configuration.
Refreshing or ignoring outdated repositories
Without any further option, check_zypper returns a warning state if one or more repositories are outdated (as they could contain updated packages). Beside this warning message, check_zypper nevertheless checks for updated packages/patches - but the result of this run is posted in the second line of the output.
If you want to ignore outdated repositories (this is normally the case for Build Service repositories and not for the official online update repositories), just use the Option '-o' resp. '--ignore_outdated'.
If you want to refresh all repositories automatically each time check_zypper is activated, use the Option '-r', resp. '--refresh_repos'. For SLES10, 10.1 and 10.2 based hosts, you need an additional entry in your sudoers file to get this working:
nagios ALL = NOPASSWD: /usr/bin/zypper ref
For all hosts based on openSUSE 10.3 and newer (even SLES11), this isn't necessary. To avoid confusion and to save bandwith, option '-r' has to be enabled for all distributions manually, if you want to get your repositories refreshed automatically.
Running zypper on SLE10 or openSUSE 10.1 based hosts
Running zypper on SLE10 or openSUSE 10.1 needs root privileges. The plugin runs /usr/bin/zypper as the user defined in /etc/nagios/nrpe.cfg (client) or /etc/nagios/nagios.cfg (server) - which is normally the user nagios - and therefore needs root privileges for this command.
You can enable the script to use the command /usr/bin/sudo to start zypper. Enable the usage via the commandline option "-s". But don't forget to enable nopasswd sudo for the user starting check_zypper via a line like this on in /etc/sudoers:
nagios ALL = NOPASSWD: /usr/bin/zypper sl, \
/usr/bin/zypper --non-interactive --no-gpg-checks --terse list-updates
Now you can start and/or test the check via
If you want to refresh your repositories automatically, too, your /etc/sudoers should look like:
nagios ALL = NOPASSWD: /usr/bin/zypper ref, \
/usr/bin/zypper sl, \
/usr/bin/zypper --non-interactive --no-gpg-checks --terse list-updates
Define the return state
You can define the status by patch category. Available categories:
- security
- recommended
- optional
Use a commata to list more than one category to a state.
Ignoring Patches/Package Updates
Sometimes (for whatever reason) you want to stay on a defined version of a package. But check_zypper will warn you every time about an available update for this package or a patch containing this package. To ignore this, just create a file containing patches/packages you want to ignore. You can use the '#' to comment why you've disabled warnings for the patches/packages in this file.
Just add a line like this to ignore warnings about a patch with the name 'libtiff-devel':
patch:libtiff-devel
and a line like this to ignore an updated package with the name 'libtiff3':
package:libtiff3
You can write each patch/package in a separate line or separated by whitespace - just the initial words 'patch:' and 'package:' have to be defined. All other lines not containing one of these words are ignored.
Afterwards use Option '-i', resp. '--ignore' <file> to define the file containing your ignores.
check_zypper will not count any patch/package in this <file>, but the long output of the command will contain lines like:
Ignored Patches : libtiff-devel Ignored Packages: libtiff3
to inform you about the presence of the <file> and it's contents.
Verbose output
If you like to know the names of available patches and packages, use the "-v" option.
Debugging/Bug reporting
If you've problems with this plugin, please turn on Debug-Output by setting the constant "$DEBUG" to "1" in /usr/lib/nagios/plugins/check_zypper.
Note: you can run the command as root via commandline using the same options as in your nagios config. For example:
Please report any bug using https://bugzilla.novell.com/ and assign the bug to lrupp@novell.com
More information
For an up-to date documentation, please use
See Also
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 22:56, 27 March 2009. This page has been accessed 2,136 times.
