Nagios via Chef on EC2


#1

I’m bootstrapping a Nagios server via Chef on EC2. I got it up and running
at this point, but I need to fine-tune a few things to get a workable
config. I’m using three different regions (us-west-2, where the Nagios host
is, us-west-1, and us-east-1). The config that Chef built for the hosts
uses all internal IPs for the config. While this could be fine for
us-west-2, where the various security groups have access authorized to the
Operations security group that has the Nagios host in it, but that
obviously doesn’t work for the other two regions.

Is there a way to tune how the config determines which interface is used?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS


#2

use this code in hosts.cfg.erb

<% # decide whether to use internal or external IP addresses for this node
if node[‘cloud’].nil? && !n[‘cloud’].nil?
ip = n[‘cloud’][‘public_ipv4’]
elsif !node[‘cloud’].nil? && !n[‘cloud’].nil? &&
n[‘cloud’][‘provider’] != node[‘cloud’][‘provider’]
ip = n[‘cloud’][‘public_ipv4’]
#S.D. 2013, 2 lines
elsif !node[‘cloud’].nil? && !n[‘ec2’].nil? &&
n[‘ec2’][‘placement_availability_zone’][0…5] !=
node[‘ec2’][‘placement_availability_zone’][0…5]
ip = n[‘cloud’][‘public_ipv4’]
else
ip = n[‘ipaddress’]
end %>

On Wed, May 15, 2013 at 9:07 AM, Morgan Blackthorne
stormerider@gmail.com wrote:

I’m bootstrapping a Nagios server via Chef on EC2. I got it up and running
at this point, but I need to fine-tune a few things to get a workable
config. I’m using three different regions (us-west-2, where the Nagios host
is, us-west-1, and us-east-1). The config that Chef built for the hosts uses
all internal IPs for the config. While this could be fine for us-west-2,
where the various security groups have access authorized to the Operations
security group that has the Nagios host in it, but that obviously doesn’t
work for the other two regions.

Is there a way to tune how the config determines which interface is used?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS


#3

This isn’t quite correct. If I’m reading this right, it only matches the
first 5 characters of the placement_availability_zone value. Which for
something like “us-east-1a” => “us-ea” vs. “us-west-1c” => “us-we”, that’s
fine. But for “us-west-1a” => “us-we” vs. “us-west-2b” => “us-we”, that’s
not ok. As a result, my Nagios host in us-west-2 was trying to reach the
nodes in us-west-1 via the internal IPs, and failing.

I changed this to :

if node[‘cloud’].nil? && !n[‘cloud’].nil?
ip = n[‘cloud’][‘public_ipv4’].include?(’.’) ?
n[‘cloud’][‘public_ipv4’] : n[‘ipaddress’]
elsif !node[‘cloud’].nil? && !n[‘cloud’].nil? && n[‘cloud’][‘provider’]
!= node[‘cloud’][‘provider’]
ip = n[‘cloud’][‘public_ipv4’].include?(’.’) ?
n[‘cloud’][‘public_ipv4’] : n[‘ipaddress’]
#S.D. 2013, 2 lines
elsif !node[‘cloud’].nil? && !n[‘ec2’].nil? &&
n[‘ec2’][‘placement_availability_zone’][0…-2] !=
node[‘ec2’][‘placement_availability_zone’][0…-2]
ip = n[‘cloud’][‘public_ipv4’]
else
ip = n[‘ipaddress’]
end

That strips the last 2 characters (null and the AZ alpha indicator) to
compare the regionality of the two nodes. This seems to work for me,
generating the us-west-2 nodes via the internal IPs and the us-west-1 and
us-east-1 nodes via the public IPs.


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

On Wed, May 15, 2013 at 9:26 AM, Sam Darwin samuel.d.darwin@gmail.comwrote:

use this code in hosts.cfg.erb

<% # decide whether to use internal or external IP addresses for this
node
if node[‘cloud’].nil? && !n[‘cloud’].nil?
ip = n[‘cloud’][‘public_ipv4’]
elsif !node[‘cloud’].nil? && !n[‘cloud’].nil? &&
n[‘cloud’][‘provider’] != node[‘cloud’][‘provider’]
ip = n[‘cloud’][‘public_ipv4’]
#S.D. 2013, 2 lines
elsif !node[‘cloud’].nil? && !n[‘ec2’].nil? &&
n[‘ec2’][‘placement_availability_zone’][0…5] !=
node[‘ec2’][‘placement_availability_zone’][0…5]
ip = n[‘cloud’][‘public_ipv4’]
else
ip = n[‘ipaddress’]
end %>

On Wed, May 15, 2013 at 9:07 AM, Morgan Blackthorne
stormerider@gmail.com wrote:

I’m bootstrapping a Nagios server via Chef on EC2. I got it up and
running
at this point, but I need to fine-tune a few things to get a workable
config. I’m using three different regions (us-west-2, where the Nagios
host
is, us-west-1, and us-east-1). The config that Chef built for the hosts
uses
all internal IPs for the config. While this could be fine for us-west-2,
where the various security groups have access authorized to the
Operations
security group that has the Nagios host in it, but that obviously doesn’t
work for the other two regions.

Is there a way to tune how the config determines which interface is used?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS


#4

good call !

On Thu, May 16, 2013 at 3:25 AM, Morgan Blackthorne
stormerider@gmail.com wrote:

This isn’t quite correct. If I’m reading this right, it only matches the
first 5 characters of the placement_availability_zone value. Which for
something like “us-east-1a” => “us-ea” vs. “us-west-1c” => “us-we”, that’s
fine. But for “us-west-1a” => “us-we” vs. “us-west-2b” => “us-we”, that’s
not ok. As a result, my Nagios host in us-west-2 was trying to reach the
nodes in us-west-1 via the internal IPs, and failing.

I changed this to :

if node[‘cloud’].nil? && !n[‘cloud’].nil?
ip = n[‘cloud’][‘public_ipv4’].include?(’.’) ? n[‘cloud’][‘public_ipv4’]
: n[‘ipaddress’]
elsif !node[‘cloud’].nil? && !n[‘cloud’].nil? && n[‘cloud’][‘provider’] !=
node[‘cloud’][‘provider’]
ip = n[‘cloud’][‘public_ipv4’].include?(’.’) ? n[‘cloud’][‘public_ipv4’]
: n[‘ipaddress’]
#S.D. 2013, 2 lines
elsif !node[‘cloud’].nil? && !n[‘ec2’].nil? &&
n[‘ec2’][‘placement_availability_zone’][0…-2] !=
node[‘ec2’][‘placement_availability_zone’][0…-2]
ip = n[‘cloud’][‘public_ipv4’]
else
ip = n[‘ipaddress’]
end

That strips the last 2 characters (null and the AZ alpha indicator) to
compare the regionality of the two nodes. This seems to work for me,
generating the us-west-2 nodes via the internal IPs and the us-west-1 and
us-east-1 nodes via the public IPs.


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

On Wed, May 15, 2013 at 9:26 AM, Sam Darwin samuel.d.darwin@gmail.com
wrote:

use this code in hosts.cfg.erb

<% # decide whether to use internal or external IP addresses for this
node
if node[‘cloud’].nil? && !n[‘cloud’].nil?
ip = n[‘cloud’][‘public_ipv4’]
elsif !node[‘cloud’].nil? && !n[‘cloud’].nil? &&
n[‘cloud’][‘provider’] != node[‘cloud’][‘provider’]
ip = n[‘cloud’][‘public_ipv4’]
#S.D. 2013, 2 lines
elsif !node[‘cloud’].nil? && !n[‘ec2’].nil? &&
n[‘ec2’][‘placement_availability_zone’][0…5] !=
node[‘ec2’][‘placement_availability_zone’][0…5]
ip = n[‘cloud’][‘public_ipv4’]
else
ip = n[‘ipaddress’]
end %>

On Wed, May 15, 2013 at 9:07 AM, Morgan Blackthorne
stormerider@gmail.com wrote:

I’m bootstrapping a Nagios server via Chef on EC2. I got it up and
running
at this point, but I need to fine-tune a few things to get a workable
config. I’m using three different regions (us-west-2, where the Nagios
host
is, us-west-1, and us-east-1). The config that Chef built for the hosts
uses
all internal IPs for the config. While this could be fine for us-west-2,
where the various security groups have access authorized to the
Operations
security group that has the Nagios host in it, but that obviously
doesn’t
work for the other two regions.

Is there a way to tune how the config determines which interface is
used?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS