gSOAP communication between modules/plugins

[Paul Millar]

Hi Mathieu,

On Friday 27 April 2007 21:14:34 Mathieu Grzybek wrote:
> This is a company with a HQ and several independant sites. The
> monitoring database is hosted in the HQ. The servers running
> Nagios+ndomod in the other sites are behind a firewall and the only way
> to communicate with the world is a web proxy server. This case is very
> common. Everyone can't rent a wide intranet connection and/or a VPN.
> In most cases there is a website hosting by the HQ. No new port needed,
> just mod_soap and ndo2db.

Yup.  Sorry, I now see where you're coming from here.

(more for the humour value, here's a Heath Robinson solution.  You set up an 
ssh-over-http tunnel:
	http://dag.wieers.com/howto/ssh-http-tunneling/
This would allow you to establish an ssh connection from the firewalled remote 
machine to HQ via the remote-site's local http proxy.  You can then either 
configure a normal/static local-port-forwarding rule (with something like "-L 
5668:my-ndodb-box.hq.example.org:5668") or use a dynamic (SOCKS) port 
forwarding using something like tsocks to make Nagios/ndomod SOCKS-aware.

No soap necessary ;-)

[...]
> > If you do want to implement a webservice, I'd do it as a translation
> > service rather than replacing the existing TCP communication.
>
> Do you mean encapsulating the actual protocol ?

Well, I was thinking of "somehow" (in very abstract way) interfacing to the 
existing NDOutils code, rather than rewriting anything.

For example, one way would be to have a single (very simple) method in the 
WSDL that accepts the NDO status string.  The mod_soap implementation would 
dump this to a file and run an unmodified file2sock on the file.  You'd also 
need a simple client to send the line to mod_soap, but I guess that should be 
straight forward.

One could even make file2sock more funky by adding a staging directory option 
(e.g. "--staging-dir=/var/spool/file2sock").  Given this option, file2sock 
would daemonise itself and watch for files being created in that directory 
(via inotify or FAM).  Any files created would be upload automatically.

An alternative would be to use WebDAV (via mod_dav) with either the standard 
filesystem provider (mod_dav_fs) or with a custom fs provider that acts as a 
sink, sending data to NDOdb.

... just a though.

[passing config information]
> > However, do you really want someone to be able to download a new config
> > that defines the "check_pw" command as "cat /etc/passwd /etc/shadow" or a
> > "check_rm" command as "rm -rf /"?
>
> NRPE can be run with limited privileges and use sudo for some event
> handlers. In large structures I think it's more convient than creating a
> new deployment process with OCS Inventory.

I'm not familiar with OCS Inventory (although, as usual, Google was 
forthcoming), so can't really say; but, I think the idea of copying across 
config files over HTTP would give me the willies.  Mutually authenticated 
X509-based security, maybe; but I guess I'm too used to being able to ssh 
into a machine as necessary.

> The IT boss doesn't want to control the servers but wants to know if it
> runs.

Well, best of luck!

Cheers,

Paul.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20070429/11f5862f/attachment.sig>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel