I could not find anywhere where the nagios documentation specified whether or not service dependencies using hostgroups use hostgroups in an any-host, same-host, or all-host configuration. Specifically, what about when the dependent hostgroup is the same as the hostgroup that is depended on (and services vary)?
What I mean by this is will any dependended upon host’s service going down stop notifications? Will only the same hosts’ depended service stop notifications? Or do all depended upon services have to go down in order to stop notifications for a dependent service? In other words, if hostgroup A’s service Y depends on hostgroup A’s service X, does any host’s service X going down in hostgroup A prevent notifications from going out for other hosts when service Y goes down?
As it turns out, it is sensible to assume that nagios does not treat service dependencies any differently when the hostgroup is the same as the dependent_hostgroup.
In this scenario, I have redundant LDAP servers. There can be certificate errors, for example, that cause SSL/TLS to fail but unencrypted LDAP queries to be answered, so I want to get alerted when TLS fails. But if an unencrypted LDAP service goes down, it’s almost a guarantee that SSL LDAP and TLS LDAP have gone down too - so there’s no need for nagios to page me separately. In order to silence nagios about LDAPS and TLS if and only if LDAP is down, I could add service dependency objects for every dependent service on every ldap host. 2 dependent service checks (ldaps, ldap tls) on 3 servers means 6 service dependency objects total. Or, I wondered if I could use hostgroups as a shortcut.
It turns out not.
I ran a fairly quick test to figure out what the intended use is:
define servicedependency{
dependent_hostgroup_name ldap-servers
dependent_service_description LDAPS
hostgroup_name ldap-servers
service_description LDAP
execution_failure_criteria n
notification_failure_criteria w,u,c
}
define servicedependency{
dependent_hostgroup_name ldap-servers
dependent_service_description LDAP TLS
hostgroup_name ldap-servers
service_description LDAP
execution_failure_criteria n
notification_failure_criteria w,u,c
}
It turns out that if any host’s LDAP fails, that will silence LDAPS and LDAP TLS notifications for any other host in the ldap-servers hostgroup. Not the behavior I want. So if ldap1’s LDAP goes down, I suddenly won’t get any notifications if ldap2’s LDAP SSL goes down separately.
To get the behavior I want, I’d have to write 6 service dependency object definitions, but we can use object inheritance to cut down on the redundant settings:
define servicedependency{
name ldaps-dependency
register 0
dependent_service_description LDAPS
service_description LDAP
execution_failure_criteria n
notification_failure_criteria w,u,c
}
define servicedependency{
name ldaptls-dependency
register 0
dependent_service_description LDAP TLS
service_description LDAP
execution_failure_criteria n
notification_failure_criteria w,u,c
}
define servicedependency{
use ldaps-dependency
host_name ldap1
dependent_host_name ldap1
}
define servicedependency{
use ldaptls-dependency
host_name ldap1
dependent_host_name ldap1
}
define servicedependency{
use ldaps-dependency
host_name ldap2
dependent_host_name ldap2
}
define servicedependency{
use ldaptls-dependency
host_name ldap2
dependent_host_name ldap2
}
define servicedependency{
use ldaps-dependency
host_name ldap3
dependent_host_name ldap3
}
define servicedependency{
use ldaptls-dependency
host_name ldap3
dependent_host_name ldap3
}
You also may want to enable soft state dependencies in nagios.cfg, otherwise you may get paged about all services if they’ve gone down at the same time and the dependent services happened to get polled first:
soft_state_dependencies=1
Comments
comments powered by Disqus