SAM Doc : SAM-Nagios Administrator Guide
This page last changed on Feb 18, 2014 by mbabik.


Administrator guide for latest release: SAM-Update-22
You can find the release notes at: https://tomtools.cern.ch/confluence/display/SAMDOC/Update-22.

Initial setup

Database backup

In case you would like to keep your existing history of tests results, you can run the following command to backup your database:

mysqldump -u root --routines --events --triggers --password=<MYSQL_ADMIN_PASS> <DB_NAME> | gzip -c > /var/tmp/mrs_`date +%d-%m-%Y_%H:%M:%S`.gz

Starting from UP-22, you can also run a yaim function for the same purpose. Note that automatic backups are no longer performed.

/opt/glite/yaim/bin/yaim -r -s <SITE_INFO> -n sam_nagios -f config_mysql_backup

NCG backup

Please review and backup any local configurations of NCG:

$ /etc/ncg/ncg-localdb.d/ # you can ignore files generated via yaim
$ /etc/ncg/ncg.localdb

In case you have manually created/overridden any metric configurations then please backup your files in this directory as well:
$ /etc/ncg-metric-config.d/*

Host certificate

Install your host certificate to secure the Nagios portal.

$ ls -l /etc/grid-security/host*
-rw-r--r-- 1 root root 2286 Oct 28 19:26 /etc/grid-security/hostcert.pem
-r-------- 1 root root  887 Oct 28 19:25 /etc/grid-security/hostkey.pem

$ openssl x509 -in /etc/grid-security/hostcert.pem -noout -purpose | grep "SSL client"
SSL client : Yes

Disable SELinux

SELINUX needs to be disabled to proceed with the installation. If it is enabled, follow the instructions below and reboot the machine.

$ setenforce 0
$ sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

Configuration of YUM Repositories

Scientific Linux v5 (this release was tested with 5.9): SL5 (note: newer package might be available)

[sl-base]
priority=2
exclude=perl-DBI mysql51*
protect=1

[sl-security]
priority=2
protect=1
exclude=perl-DBI mysql51*

[sl-fastbugs]
priority=2
protect=1
exclude=perl-DBI mysql51*

SAM/EGI repository: SAM repository

[egee-sa1]
name=EGEE Packages from SA1 for CentOS5
...
gpgcheck=0
protect=1
priority=10
metadata_expire=1

Unified Middleware Distribution v2: UMD version 2

[UMD-2-base]
protect=1
priority=40

[UMD-2-updates]
protect=1
priority=40

EPEL: EPEL repository 5.4

[epel]
enabled=1
priority=50

CA: EGI trust anchors repository

Installation

  1. Install required packages 
    $ yum -y install yum-priorities yum-protectbase
$ yum -y install ca-policy-egi-core httpd mysql51 yum-plugin-replace
$ yum -y install nagios.x86_64
  2. Install SAM Nagios package 
    $ yum install sam-nagios
$ yum update --exclude sam-gridmon
  3. For NGIs monitoring ARC or using ARC probes 
    $ yum install nordugrid-arc-plugins-globus

Configuration

A SAM-Nagios instance can be configured in different ways in order to monitor different sets of sites and services:

  • NGI SAM-Nagios: to monitor sites/services from a given region
  • VO SAM-Nagios: to monitor sites/services that support a given VO (optionally using a VO feed)
  • Site SAM-Nagios: to monitor all services from a specific site
  1. Create a YAIM configuration file for your instance. For UP-22 a summary of configuration changes is in the release notes. In order to support transparent migration of SAM to CNRS please add the following yaim variables: 
    ATP_ROOT_URL="http://mon.egi.eu/atp"
POEM_SYNC_URLS="http://mon.egi.eu/poem/api/0.1/json/"

    (no other changes are needed, you can keep your existing site-info.def from UP-20).
    A detailed specification of all SAM configuration parameters is available in the SAM documentation:

    1. Common configuration options
    2. SAM-Nagios specific options
  2. Additional configuration
    SAM releases often provide additional configuration on each release.
    1. Please check the Release Notes of the latest production release.
    2. Check the FAQs for common configurations and problems.
  3. Restore database from backup (optional)
  4. Run yaim 
    $ /opt/glite/yaim/bin/yaim -c -s /etc/yaim/site-info.def -n NAGIOS -n SAM_NAGIOS
  5. Generate MyProxy certificate 
    $ ls -l .globus/
total 16
-rw-r--r-- 1 root root 4908 Sep 18 14:44 usercert.pem
-rw------- 1 root root 4836 Sep 18 14:44 userkey.pem

$ /opt/globus/bin/myproxy-init -c 4320 -k NagiosRetrieve-<hostname>-<VO name> -s MYPROXY -l nagios -x -Z <host DN>

(e.g.)
$ /opt/globus/bin/myproxy-init -l nagios -s myproxy.cern.ch -k NagiosRetrieve-dev-sam-nagios.cern.ch-ops -c 4320 -x -Z "/DC=ch/DC=cern/OU=computers/CN=dev-sam-nagios.cern.ch"

Validation

  1. Check the Nagios web interface and SAM portal are up
    1. https://<hostname>/nagios
    2. https://<hostname>/myegi
  2. Check MyProxy credentials 
    $ nagios-run-check &lt;hostname&gt; hr.srce.GridProxy-Get-VO

Attachments:
egi-trustanchors.repo (application/octet-stream)
Document generated by Confluence on Feb 27, 2014 10:19