Pandora: Documentation en: Omnishell

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index


1 Introduction to Omnishell

Info.png

Enterprise version.
Version NG 741 or higher.

 


Omnishell is a Pandora FMS Enterprise features used for IT orchestration/automation. It is a fully native and PAndora FMS console and agent integrated console that allows defining commands or blocks of commands and selecting targets where they can be executed. Learn more about it in our video tutorial «IT automation in Pandora FMS: Omnishell».

Omnishell1.png

Omnishell is based on communication between the different components of Pandora FMS through Tentacle, to safely coordinate executions and responses of the commands you wish to program.

Info.png

You must have installed in Pandora FMS console the dependency php-yaml and in Software GNU/Linux agents, the dependency perl-YAML-Tiny.

 


1.1 Additional Tentacle server settings

Template warning.png

Only for version NG 742 or previous version.

 


  • Tentacle Server needs a change in configuration to be able to redirect files with extension .rcmd.
  • These files contain command definition, which each Software agent downloads and evaluates.
  • Tentacle Server file filter definition must be updated through:
    • Modifying the file /etc/tentacle/tentacle_server.conf:
# Filters (regexp:dir,regexp:dir...)
filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
    • Copy of the file tentacle_server.conf.new, which is distributed when installing Pandora FMS Server.
  • .rcmd files are published in a new directory:
/var/spool/pandora/data_in/commands
  • This folder must have permissions for users that move Pandora FMS server and the Apache that moves the console:
chown pandora:apache -R /var/spool/pandora/data_in/commands
chmod g+s /var/spool/pandora/data_in/commands
  • Note: A hash is used based in certain parameters of the command's definition.

1.2 Performance

An Omnishell task is defined by three elements:

Precondition
Through one or several commands with each sequential execution that must be satisfying for all of them (result errorlevel 0 ).
Commands
To be executed in the target software agent, in a sequential list.
Postcondition
Through one or several commands with each sequential execution that must be satisfying for all of them (result errorlevel 0 ).

Template warning.png

If any of the commands defined in Precondition, Commands or Postconditions goes into interactive mode, blocking the execution flow, the task will be interrupted. The Software agent itself will destroy the process after the timeout configured for that task.

 


1.3 Usage example

1.3.1 Example in GNU Linux


An example shall be explained to better understand the working process of the new Omnishell tool.

Problem: The objective is configuring the auto-start of the HTTPD service on CentOS 6 systems in a massive way.

  • What is the precondition? It is for the service to appear as installed, and install it in case it is not:

For example:

[ `rpm -qa | grep -i httpd | wc -l` -lt 1 ] || yum install -y httpd

This line will verify whether the service is installed and will install it in case it is not.

  • What is the main goal? To start and configure the auto-start of the HTTPD service.

To that end, the following commands must be used:

/etc/init.d/httpd restart
chkconfig httpd on

This will start the service on the remote machine and will configure the system to start it up.

  • How to validate what has been done? Verify that the system has activated the service and it is listening.
[ `netstat -lptn | grep 80 | grep LISTEN | wc -l` -gt 0 ]

Once the action the agents must perform is clearly set, create the command in Omnishell:

Omnishell2.png

After creating the command, assign the needed agents.

Omnishell3.png

The progress of the command execution can be seen in the selected agents:

Omnishell4.png

Accessing the view, you will see the estimated time left for command execution:

Omnishell5.png

When mass command execution is applied, the view will be as the following one from the example:

Omnishell7.png

Once the agent's response is received, execution results will be displayed. By clicking on its box, a modal can be obtained with extra information:

Omnishell6.png


1.3.2 Ejemplo en MS Windows

Template warning.png

For this environment, Omnishell is still in process, so some of its features are still subject to changes or are not available yet. This is only temporarily and we apologize for that.

 


Regarding the configuration process in Pandora FMS console, repeat exactly the same steps carried out with the previous example in GNU/Linux and only the code to be executed will change.

Due to the simplicity of this example, only the precondition and the main task stages are used, respectively:

powershell.exe -command "Start-Sleep -Seconds 1"
powershell.exe -command "$mode = Get-Executionpolicy ; if ( $mode -like "restricted" ) {Write-Error -Message "0"}"

PowerShell is a new Windows shell that has been specifically conceived for system admins. This includes an interactive system symbol and a scripting environment that can be used together or separately. It comes installed with said operating system, although you may install PowerShell Core from its repository in GitHub to get the latest updated version. You may get more interesting information about PowerShell in Pandora FMS blog.

In the precondition it is checked that PowerShell is installed and can be used, otherwise it will return an error and it will not be able to be executed in the next step.

In the main task, it is investigated about the possibilities of executing scripts written in PowerShell. If its properly executed you may add code at the checking stage to use one and carry out longer and more complex tasks. To learn more, check the documentation about how to execute scripts in a module or how tu use a template to create a module that uses PowerShell.

Info.png

During the Software agent installation check the option Enable remote config. If you already have that agent installed, modify the file %PROGRAMFILES%\pandora_agent\pandora_agent.conf with admin rights and add (or modify) the following line: remote_config 1. In the group of the Pandora FMS program from the home menu there is a direct access to the script %PROGRAMFILES%\pandora_agent\scripts\edit_config_file.bat to make things easy.

 


Agente Software 746 Windows 7 32 bits paso 6.png

1.4 Comments


  • The agent will execute each order of each block.
  • If the evaluation of each order is not 0 (error_level !=0), it will stop evaluating and the command will be considered as failed.
  • The agent will take retry and timeout parameter values for the number of retries and the maximum amount of execution time, accordingly.
  • Regardless of the result, the agent will save an execution mark. Each command is executed only once .
  • If you update the name of the command, it will cause the agent to execute it again, since the reference will change.
  • You can assign as many commands as desired to the same agent.
  • Agent command execution may affect the monitoring. Do not use a timeout higher than the agent interval.

Go back to Pandora FMS documentation index