nrpe built into freenas

[Joshua Parker Ruehlig]

I request nrpe built into freenas (not as an addable plugin). I installed nrpe in a jail but it is much too limited as it can't get to the devices. It could only monitor cpu and memory. When I hack nrpe onto my freenas box (not in a jail) I can get all the needed monitoring. (smart for each disk / diskfree / zpool health / ups_status)
Note - UPS is already well integrated into freenas but some people may want it built into their nagios / icinga monitering system as well.


Most dependencies are already there, though the way freenas is built it doesn't think the dependencies are there. What needs to be added to freenas is..
*gettext, libiconv, and nrpe binaries
*init file to startup nrpe2
*nagios-plugins scripts (many can be removed, some added like check_mem and check_zpool)
*nrpe user
*sudo + sudoers file with entries for nrpe user to run smart stuff (which needs root)
*gui entry to allow editing allowed nagios / icinga servers and nrpe command definitions
*gui entry for starting / stopping the service

PS - I am more than willing to help this added to freenas, not sure about the gui stuff but I can definitly help organize some of the other stuff here. THANKS!!!

 

[ProtoSD]

I'm curious, there are one or more sysctl variables that you can set (/etc/sysctl.conf) that allow devices to be accessed from within a jail. I don't know them off the top of my head, but have you tried that?

 

[Joshua Parker Ruehlig]

I haven't looked into it but I do know you can do that. I can look into it. I just though it might be a little messy / security flaw giving the jail a ton of access to the host os's devices.

Like the host os sees the zpools, but the jail is mounted on a dataset on the zpool. I don't know if the jail should / can know about the zpool which it's only living on a dataset of. Anyway I'll look into it.
If it does work well devices I'd want to pass over would include (disks/zpool/ups) not sure if I need to send anything else for the jail to know about free space, that might be passed over when the zpool is sent over.

___
/etc/defaults/devfs.rules - has some examples
also you add something like the below statement to /etc/rc.conf
jail_YOUR-JAIL-NAME_devfs_ruleset="devfsrules_jail"

Well it definitly seems possible. Wish I had some time to play with this.
___
So it looks like we'd need to mount devfs to /JAILDATASET/dev/
Then allow the jail permissions, for nrpe mostly read access.
The mount option could be a checkbox when creating/editing the jail - something like 'allow jail device access'