Project

General

Profile

Actions
Copy link

tickets #7942

closed

Find a way to provide a "whitelist" for the check_zypper monitoring check

Added by gschlotter almost 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
cboltz
Category:
Configuration management (CM)
Target version:
-
Start date:
2015-06-17
Due date:
% Done:

100%

Estimated time:

Description

Background

We will install the monitoring-plugins-zypper package now on nearly all our hosts this plugin is able to detect if a package comes from a not officially supported repository (like our NPI repo) and will issue a warning in Nagios in that case.

Reason for this:

  • detect unwanted changes on a host (someone installed additional packages)
  • notify the user that there is a package that might never ever see an update as it is not officially supported

If the user/admin is aware of this, he can (per host) define a "whitelist" of packages, that are ignored by the plugin in that case this whitelist can be given as additional option to the call of the plugin in that case, the plugin will NOT warn about the unsupported package any more

and now to the question

As we manage the list of packages via puppet can we define a variable for a package that is clearly not from a supported repo that can then be used by puppet to create the whitelist file ?

Something like packagename { unsupported:true; } ? and puppet will create the file /etc/monitoring-plugins/check_zypper-ignores.txt for us ?

The file itself is a plain text file (permissions: root.root 644) - just have a look on lists.opensuse.org - with entries like:
whitelist:$packagename

/usr/lib/nagios/plugins/check_zypper -h
would give you more information about possible entries in that file - but for us the example with the whitelist should be enough.

Two different ways on how to do this

One is using a metaparameter that puppet has, called tag we collect packages with tag => whitelist and generate the list out of them

The second solution that requires puppetdb is to use the exported resources feature in short, puppetdb has this cool feature, where it collects data from clients when a client finishes a puppet agent run, it sends a full report to the master then the master collects stuff like the ipaddress so we can use it in nagios.

The package whitelist will still be defined by the human, we will define an exported custom resource @@whitelist_package { 'packagename': }

Actions
Copy link

Also available in: Atom PDF