Pandora: Documentation en: Omnishell
As a first approach towards infrastructure management, Pandora FMS presents Omnishell .
It is a tool that allows you to define commands or command blocks and select targets where to execute them.
Omnishell allows executing any command or command block on any agent (in 741 versions or later) that has remote configuration enabled.
Omnishell is based on communication between the different components of Pandora FMS through Tentacle, to safely coordinate executions and responses of the commands you wish to program.
To configure it, install the following packages:
On all consoles where you wish to use this feature.
On all Unix agents where you wish to use this feature.
2.1 Tentacle, new options
Once Omnishell is added, new options for Tentacle will be enabled:
- Tentacle needs a setup change to be able to address the ".rcmd" files.
- These files are command definition files. It will be the agent itself the one who downloads the definition and evaluates it.
- There is no possibility to perform "push" operations.
Update file filter definition:
# Filters (regexp:dir,regexp:dir...) filters .*\.conf:conf;.*\.md5:md5;.*\.zip:collections;.*\.lock:trans;.*\.rcmd:commands
You may also use the tentacle_server.conf.new file distributed when installing the pandora_server server.
The .rcmd files will be published in the new folder /var/spool/pandora/data_in/commands
A hash will be used based on certain parameters of the command definition. Security can be improved by securing your installation in Tentacle:
It is important to remember that this folder must have permissions for users that manage the Pandora FMS server and the Apache that manages the console:
chown pandora:apache -R /var/spool/pandora/data_in/commands chown g+s /var/spool/pandora/data_in/commands
2.2 Agent update
This system is present in the Pandora FMS agent as of version 741.
It requires YAML :: Tiny perl library to work properly. If this library is not available, the system ignores this feature and keeps on working normally.
The installation of this library enables this feature. It should not be necessary to restart the agent, rather it should start working right away.
No change is necessary, except for having remote configuration active. The Omnishell system uses a procedure similar to that of file collections.
2.3 Usage example
An example shall be explained to better understand the working process of the new Omnishell tool.
Problem: The objective is configuring the auto-start of the HTTPD service on CentOS 6 systems in a massive way.
- What is the precondition? It is for the service to appear as installed, and install it in case it is not:
[ `rpm -qa | grep -i httpd | wc -l` -lt 1 ] || yum install -y httpd
This line will verify whether the service is installed and will install it in case it is not.
- What is the main goal? To start and configure the auto-start of the HTTPD service.
To that end, the following commands must be used:
/etc/init.d/httpd restart chkconfig httpd on
This will start the service on the remote machine and will configure the system to start it up.
- How to validate what has been done? Verify that the system has activated the service and it is listening.
[ `netstat -lptn | grep 80 | grep LISTEN | wc -l` -gt 0 ]
Once the action the agents must perform is clearly set, create the command in Omnishell:
After creating the command, assign the needed agents.
The progress of the command execution can be seen in the selected agents:
Accessing the view, you will see the estimated time left for command execution:
When mass command execution is applied, the view will be as the following one from the example:
Once the agent's response is received, execution results will be displayed. By clicking on its box, a modal can be obtained with extra information:
- The agent will execute each order of each block.
- If the evaluation of each order is not 0 (error_level !=0), it will stop evaluating and the command will be considered as failed.
- The agent will take retry and timeout parameter values for the number of retries and the maximum amount of execution time, accordingly.
- Regardless of the result, the agent will save an execution mark. Each command is executed only once .
- If you update the name of the command, it will cause the agent to execute it again, since the reference will change.
- You can assign as many commands as desired to the same agent.
- Agent command execution may affect the monitoring. Do not use a timeout higher than the agent interval.