Multiple Nagios Admins - Solution

Rob King rob.king at wholefoods.com
Tue Nov 5 21:31:03 CET 2002


Hey everyone,
    I'm sorry if this isn't the list to post this to, but I asked the 
other day if anyone else had multiple people administering a single 
Nagios setup.

    I know it sounds insane, but we had a reason for it - At our company 
we insist on decentralized management, so each team gets it's own stuff 
to monitor. However, the central IT helpdesk still has to be able to see 
everything at once. (That's why we couldn't just have multiple Nagios 
setups - the helpdesk still needs to see everything on one screen).

    So, anyway, here's what I ended up doing. This is on a FreeBSD 4.7 
box, and you need 'sudo'. Configuration is in /usr/local/etc/nagios/.

    * Set up a directory, /usr/local/etc/nagios/teams/
    * Create a directory per team in that directory (e.g., 
/usr/local/etc/nagios/teams/network-services, 
/usr/local/etc/nagios/operating-systems)
    * Set up the Unix groups appropriately, so that only the members of 
those groups (network services, operating systems, whatever) can write 
to those directories. In each directory, put whatever Nagios config 
files you need in there.
    * Set up a directory under each team's directory called 'work' or 
whatever. Make that directory writable only by root (or whoever has the 
authority to restart Nagios).
    * Create a copy of the main Nagios config file that references the 
configurations in the team subdirectories.
    * Have a script that, when executed with 'sudo', tests the 2nd 
configuration file (the one from the previous step), and if it tests out 
okay, copies the configuration into the "work" subdirectory. It then 
restarts Nagios using the 1st main config file (the one that references 
the configs stored in the "work" directories).
   
    That way, nobody can screw it up for everyone else. Their configs 
must be tested before they're put into production. You could do more 
with this (like modify the script to only copy the current caller's 
team's config), but this seems to work for the time being.

    I know it's long, convoluted, and ugly-as-sin, but it gets the job 
done...

    Thanks all,
    Rob




-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en




More information about the Users mailing list