Nagios for WeNMR

WeNMR Nagios web page:

Access permitted for members only using personal certificate (authorized DNs are retrieved by /etc/cron.d/voms-htpasswd and listed in files /etc/nagios/htpasswd.users and /etc/httpd/httpd.users)

This Nagios monitors hosts belonging to NGIs of Belgium, Germany, France, Italy, Spain, Portugal, Netherlands, UK, Poland, Malaysia, Taiwan, Brasil where probes can be executed.

Sites from South Africa and OSG will be soon monitored too.

Detailed documentation about Nagios could be found here

How to add quickly new WeNMR probes

  • 1. In /etc/ncg-metric-config.d create the file wenmr-probes.conf with json formatted directives
  • 2. In /usr/libexec/grid-monitoring/probes/wenmr/wnjob/etc/wn.d/wenmr/ edit the services.cfg and commands.cfg files
  • 3. Implement the probe in the file /usr/libexec/grid-monitoring/probes/wenmr/wnjob/probes/wenmr/probe_name (see e.g. gromacs probe)
  • 4. Ensuring the following:
cat /etc/ncg/ncg-localdb.d/wenmr-custom.conf
/opt/glite/yaim/bin/yaim -s siteinfo/site-info.def -d 6 -c -n glite-UI -n glite-NAGIOS && service nagios restart

Information about latest update 09

Management instructions

For renewing the proxy (it lasts 100 days) used by Nagios, from a EMI UI do execute:

 [emi-ui]$  myproxy-init -l nagios -s -k -c 2400 -x -Z  "/C=IT/O=INFN/OU=Host/L=Padova/"

After a yaim reconfig, do the following instructions:

  • Keep only WMS of CERM, removing the other WMSes from
    • /opt/glite/etc/
    • /opt/glite/etc/

  • Add WeNMR BDII for SRM probes in sites not belonging to EGI-GOCDB
    • add the following line to /etc/ncg/ncg-localdb.d/uncert.conf
      • MODIFY_METRIC_PARAMETER!org.sam.SRM-All!--ldap-uri!ldap://
    • or equally:
 cp /etc/ncg/ncg-localdb.d/uncert.conf.GOOD /etc/ncg/ncg-localdb.d/uncert.conf 

  • Configure ncg to find sites not belonging to EGI-GOCDB on their site-BDII
    • add the following lines to /etc/ncg/ncg.conf.d/uncert.conf for each site outside EGI-GOCDB
      • # <GOCDB/>
      • ADD_HOSTS=1
      • LDAP_ADDRESS=<siteBDII>
    • or equally:
 cp /etc/ncg/ncg.conf.d/uncert.conf-OK-OutOfGOCDB_sites /etc/ncg/ncg.conf.d/uncert.conf 

To add a site:

  • if the site is certified in EGI-GOCDB:
    • edit yaim configuration file adding the NGI of the site (if not already present) in variable NCG_GOCDB_ROC_NAME.
    • reconfigure with yaim
  • if the site is present in EGI-GOCDB but not certified:
    • edit yaim configuration file adding the site name on variable UNCERTIFIED_SITES (it should be present in TopBDII
    • reconfigure with yaim
  • if the site is not present in EGI-GOCDB
    • edit yaim configuration file adding the site name on variable UNCERTIFIED_SITES (it should be present in TopBDII
    • reconfigure with yaim
    • edit grid-monitor03:/etc/ncg/ncg.conf.d/uncert.conf changing:
      • <NCG::SiteInfo SITE_NAME>
      • # <GOCDB/>
      • <LDAP>
      • # ADD_HOSTS=0
      • ADD_HOSTS=1
      • </LDAP>

To authorize a user whose DN isn't automatically retrieved from VOMS to /etc/nagios/htpasswd.users:

  • copy user's DN in a file /etc/voms2htpasswd-static.d/*.conf

To add a custom Nagios probe see here

Installation and configuration instructions

This documentation was followed: VO SAM

Here's the steps executed on


Installed SL5 x86_64

   service yum stop
   chkconfig yum off
  • host certificates (''hostkey.pem'' and ''hostcert.pem'') installed in ''/etc/grid-security/''
   cd /etc/yum.repos.d/

   vi egi-sam.repo
      name=EGI SAM repo

   mv sl.repo sl.repo.disable
   mv sl-security.repo sl-security.repo.disable
   mv sl-fastbugs.repo sl-fastbugs.repo.disable
   mv sl-contrib.repo sl-contrib.repo.disable

   yum clean all
   yum install lcg-CA
   yum install httpd
   yum groupinstall ig_UI_noafs
   yum install yum-priorities
   yum remove mysql-server-5.0.77-4.el5_5.4 mysql-5.0.77-4.el5_5.4 mysql-devel-5.0.77-4.el5_5.4 [necessary because yaim configuration wants a newer version of !MySQL]
  • edited /etc/yum.repos.d/dag.repo because of missing dependencies (why??) with perl-DBD-mysql-4.014-1.el5.rfx (needed by egee-NAGIOS)
   [root@grid-monitor03 ~]# cat /etc/yum.repos.d/dag.repo
      name=DAG rpms
      # To use priorities you must have yum-priorities installed
      name=DAG extras

   yum install egee-NAGIOS
   yum install 'perl(Class::Inspector)' [needed to let Nagios update file /etc/nagios/htpasswd.users, where authorized users are listed]


  • edit file <yaim-conf-dir>/3_2/nodes/grid-monitor03

      NAGIOS_ADMIN_DNS="/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Cristina Aiftimiei,/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Sergio Traldi,/C=IT/O=INFN/OU=Personal Certificate/L=LNL/CN=Simone Badoer,/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Marco Verlato"





      MYEGI_ADMIN_NAME="Simone Badoer"

      # Found from GOCDB:

      # Needed for uncertified sites:

/opt/glite/yaim/bin/ig_yaim -c -d 6 -s /usr/local/nfs/3_2/ig-site-info.def.current -n ig_UI_noafs -n glite-NAGIOS 2>&1 | tee /root/conf_ig_UI_noafs__glite-NAGIOS.`hostname -s`.`date +mHS`.log 

  • on yaim configuration file of prod-ui-02 changed this variables and reconfigured prod-ui-02:
      GRID_AUTHORIZED_RETRIEVERS="'/C=IT/O=INFN/OU=Host/L=Padova/' '/C=IT/O=INFN/OU=Host/L=Padova/' '/C=IT/O=INFN/OU=Host/L=Padova/'"
      GRID_TRUSTED_RETRIEVERS="'/C=IT/O=INFN/OU=Host/L=Padova/' '/C=IT/O=INFN/OU=Host/L=Padova/' '/C=IT/O=INFN/OU=Host/L=Padova/'"

   userdadd badoer
   [badoer@grid-monitor03]#myproxy-init -k ! -s -l nagios -x -Z "/C=IT/O=INFN/OU=Host/L=Padova/"
  • cp /etc/nagios/plugins/send_to_db.ini /etc/nagios/plugins/send_to_db.ini
  • edit /etc/nagios/plugins/send_to_db.ini changing:

Information about old update 07

This Nagios monitors hosts published by Top BDII

Detailed documentation and instructions about Nagios could be found here

Management instructions

Nothing to do about published information, a cron keeps them up-to-date.

After a reconfiguration

  • ''service nagios restart''

Installation and configuration instructions

Initially this documentation was followed:

After a series of problems, due to database name errors (only one database named 'mrs' must be used, while in previous links the names of databases are defined by user as yaim variables - see ticket the following documentation was used to correctly complete the first installation:

"All on one box" configuration (Nagios + NRPE + ig_UI) was installed.

Here's the steps executed on


  • host certificates (''hostkey.pem'' and ''hostcert.pem'') installed in ''/etc/grid-security/''

  • copied repo files in ''/etc/yum.repos.d/'' as described in documentation
    • ''lcg-CA.repo''
    • ''glite-BDII.repo''
    • rpmforge (''rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm'')
    • sa1-release (''sa1-release-3-1.el5.noarch.rpm'')
    • ''ig.repo''
    • ''dag.repo'' (different versions for ig and for glite)
  • disabled (renamed with different extension) ''dag.repo'', ''sl.repo'' and ''sl-security.repo'' because it's used the option
"event-scheduler=1" in file ''/etc/my.cnf'' available only for MySQL > 5.1.6 (default mysql was 5.0.77)

  • ''yum install httpd''
  • ''yum install lcg-CA''
  • ''yum groupinstall ig_UI_noafs''
  • ''yum install egee-NAGIOS''


Nagios specific variables was defined in /opt/nfs_install/3_2/nodes/ In particular:

    • it creates some databases (ATP, MDDB, MS)... don't know if really necessary...
    • it searches voms for the specified VO
    • set the Top BDII where to find sites to be monitored
  • NCG_LDAP_FILTER="GlueSiteUniqueID=*"
    • this is a "false" filter (* implies every site), but this variable must have a value in order to let yaim (config_ncg) to create by its own the correct file ''/etc/ncg/ncg.conf'', in such a way that ncg considers only the Top BDII; if this variable is not set, ncg searches for all sites belonging to other parameters, for example ROC=Italy

A lot of bugs had to be resolved before having a good configuration.

  • hardcoded parameter in ''/usr/share/doc/atp-1.15.6/mysql_schema/ver_1_6/increase_version.sql''
    • line 1: removed ''USE `mrs`;''
      • ATP_DB_NAME is a variable defined in ''site-info.def'' with value 'atp', not hardcoded with value 'mrs', so yaim couldn't create table atp.schema_details
    • no problems using only one DB named 'mrs' (ATP_DB_NAME=`mrs`)

  • wrong comment in ''/opt/glite/yaim/functions/config_mddb_mysql''
    • line 112: uncomment ''#mysqladmin -u root --password=${MYSQL_ADMIN} create $MDDB_DB_NAME > /dev/null 2>&1''
      • MDDB database couldn't be created
    • no problems using only one DB named 'mrs' (MDDB_DB_NAME=`mrs`)

  • wrong parameter in function tableName in file ''/usr/libexec/mddb/synchronizer.php''
    • line 22: changed ''vo'' with ''atp.vo''
      • a test on an inexistent table was tried
    • no problems using only one DB named 'mrs'

  • hardcoded parameters in each file in directory ''/usr/share/doc/nagios2metricstore-1.0.29/DBScripts/initial/1.4/mysql/''
    • removed every instance of ''USE `mrs`;'' on every file
      • MS_DB_NAME is a variable defined in ''site-info.def'' with value 'metricstore', not hardcoded with value 'mrs', so yaim couldn't go on
    • no problems using only one DB named 'mrs' (MS_DB_NAME=`mrs`)

  • undefined tables in ''/usr/share/doc/nagios2metricstore-1.0.29/DBScripts/initial/1.4/mysql/create_structure.sql''
    • created tables ''vo, metrics, service, profile'' and their dipendences copying their definitions from ATP database (is it wrong??)
      • these tables are required from other tables - declared in the same file - because or foreign key, for example:
        • FOREIGN KEY (vo_id )
        • REFERENCES vo (id )
    • no problems using only one DB named 'mrs'

  • undefined field in ''/usr/share/doc/nagios2metricstore-1.0.29/DBScripts/initial/1.4/mysql/create_structure.sql''
    • added field 'db_name' on table 'schema_details' copying from its definition in MDDB database
      • it's used by file ''/usr/share/doc/nagios2metricstore-1.0.29/DBScripts/initial/1.4/mysql/increase_version.sql''
    • no problems using only one DB named 'mrs'

  • LDAP error with some TOPOLOGY definition:
    • set these variables:
    • in the beginning they were inverted, but there was a blocking LDAP error when a host couldn't be connected.
      • Invoking NCG::SiteInfo::LDAP.
      • DEBUG: in NCG::SiteDB::siteName with args:
      • DEBUG: in NCG::SiteDB::siteLDAP with args:
      • Getting info from LDAP:, O=Grid
      • ERROR: Cannot connect to
      • Module NCG::SiteInfo::LDAP hit critical error, stopping NCG

  • exit with error in ''/usr/sbin/''
    • moved 'exit 0' from line 18 to line 19, outside the more internal 'if'.
      • if service nagios is stopped (at the first configuration it is stopped), ''service nagios reload'' gives an error (exit 7: reload implies stop and start, and stopping a stopped service is considered by /etc/init.d/nagios an error); so if exit!=0 yaim failed

  • wrong directory in ''/opt/glite/yaim/functions/config_nagios''
    • line 266: changed ''lock_file=/var/run/'' with ''lock_file=/var/run/nagios/''
      • there was a permission denied error because the deamon nagios is executed by user nagios, but the pid file wasn't created in a directory with write permission for that user

  • short(?) timeout in ''/opt/glite/yaim/functions/config_ncg''
    • lines 299 and 448: changed from ''TIMEOUT=600'' to ''#TIMEOUT=600''
      • error starting ncg; the log in /var/log/ncg.log:
        • ERROR: Could not get results from SAM: 500 Server closed connection without sending any data back
        • ERROR: Could not get list of critical metrics from SAM: 500 Server closed connection without sending any data back

After correcting the bugs, finally the yaim configuration command:

  • /opt/glite/yaim/bin/ig_yaim -c -d 6 -s /usr/local/nfs/3_2/ig-site-info.def.current -n ig_UI_noafs -n glite-NAGIOS 2>&1 | tee /root/yaim38.log

Post configuration

  • changed https port to make site visible outside
    • edited ''/etc/httpd/conf.d/ssl.conf'' changing from 443 to 50080

  • set variable NAGIOS_HTTPD_ENABLE_CONFIG=false in yaim configuration file, in order to avoid https configuration to be reset after every reconfiguration

-- MarcoVerlato - 2014-02-19

Edit | Attach | PDF | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | More topic actions
Topic revision: r9 - 2014-02-19 - MarcoVerlato
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback