we have 3 instances running unbound:
unbound-ib01 unbound-tummy01 unbound-telia01
We should monitor that they are up and that the unbound process is running and that it's answering tcp dns queries on ports 80 and 443.
Since i don't have access to these nodes i'll need the following information: The process name (as listed in ps) and the number of processes that are expected to run
What query should i ask (i.e. www.fedoraproject.org)?
Host dependency information (should these hosts have a parent? if so which?)?
If there is anyway to get these answers on my own please let me know.
Christos
Example ps entry:
unbound 6705 0.0 2.2 143340 22852 ? Ssl Feb23 0:32 /usr/sbin/unbound
yeah, they are recursive servers, but we can be sure fedoraproject.org should work, so a query on fedoraproject.org sounds good. Note that it's not on port 53/udp, but 80/tcp and 443/tcp. I don't know off hand if the nagios plugin can query via tcp, but I hope so.
Yes, each of the hosts should have a virthost parent:
unbound-tummy01's parent should be tummy01.fedoraproject.org unbound-ib01's parent should be ibiblilo01.fedoraproject.org unbount-telia01's parent should be telia01.fedoraproject.org.
Attached is a patch that: Adds the 3 new hosts with their defined parents.
Adds a hostgroup for unbound hosts
Adds a check_procs test via NRPE to check if the unbound process is running
Adds a check_dig test to query www.fedoraproject.org A record at port 80/tcp
Adds a check_tcp test to check if port 443 is up (i wasn't able to do query on that port due to fact that it using SSL. I tried using stunnel on my dev node but this was unsuccessful).
Additionally the package nagios-plugins-dig is added to nagios servers.
i'll be glad if someone can guide me on how to correctly check 443 port functionality.
This looks pretty good to me, aside from the 443 port.
I'm adding the unbound/dnssec person here to comment...
How can we monitor the port 443 tls/tcp unbound ? Is there any dig command that will do the trick?
Added a plugin to check the 443 port via stunnel
This looks great. Thanks for working on it.
One slight issue... the patch doesn't apply...
can you make sure your checkout is up to date "git pull" and then make a new patch with 'git diff' ?
Puppet changes for nagios configuration of unbound services. unbound-nagios.patch
This one should work.
Everything working nicely. Thank you for the patches/work!
Login to comment on this ticket.