Lion Server compatability?

[GoogleCodeExporter]

What plans are there for updating this for use with Macs running 10.7 Server?

Port 311 is still open such systems, and as Server Admin can still be used for 
managing some services, it should be possible to at least offer a subset of the 
functionality available for use with 10.6 Server. Do the services managed by 
the new Lion Server App use a significantly different remote management 
communication method, or could these also be supported?

I haven't yet had a chance to try the current version with 10.7 Server.

Original issue reported on code.google.com by joe.carr...@gmail.com on 21 Sep 2011 at 10:24

[GoogleCodeExporter]

Hi Joe,

Yes it's actually in testing now. I've no direct access to a 10.7 server myself 
so I'm relying on you folks to test a few things. If you have access to one I'd 
appreciate you trying some with the DEBUG option. And returning the *.debug 
files it creates in /tmp. Note you might want to obfuscate the IP/User/Password 
in that file in case it is sensitive. You can mail it to me directly if you 
want.

Thanks for your help/interest :)

Félim

Original comment by felimwhiteley on 21 Sep 2011 at 10:31

• Changed state: Started

[GoogleCodeExporter]

Original comment by felimwhiteley on 21 Sep 2011 at 10:40

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Great! I have a test system I'll be working with tomorrow at a customer's 
office, and it's precisely for them that I want to be able to set up robust and 
comprehensive Nagios monitoring. I'll give this a try and send you some 
redacted logs.

Original comment by joe.carr...@gmail.com on 21 Sep 2011 at 11:31

[GoogleCodeExporter]

Didn't have enough time to try this out yesterday but will try again next week.

Original comment by joe.carr...@gmail.com on 23 Sep 2011 at 5:52

[GoogleCodeExporter]

Hi Joe,

Any chance you've had time to look at this again?

Original comment by felimwhiteley on 4 Nov 2011 at 2:35

[GoogleCodeExporter]

Attached is a debug log of .6.3 attempting to check only directory services on 
a 10.7 server.

Nagios returns a 404 in the status information after checking. 

Note: the same check against a 10.6 server runs fine.

Original comment by der...@gmail.com on 8 Nov 2011 at 5:37

Attachments:

• 1.2.3.4_311.debug

[GoogleCodeExporter]

Thanks for the debug deraps. Alas not overly useful messages but that's my 
fault. If you have time I might get you to retest with a new version if you'd 
be ok with that? Thanks for you help so far though!

Original comment by felimwhiteley on 8 Nov 2011 at 7:42

[GoogleCodeExporter]

Sure, let me know when it's ready and I'll give it a try.

Original comment by der...@gmail.com on 8 Nov 2011 at 7:43

[GoogleCodeExporter]

Sorry, no, not since mid-September. There have been other, highter priorities 
at my client's office, but I hope to revisit it at some point this month, 
althought they're switching to SolarWinds at some point, so it will have to be 
in my free time.

Original comment by joe.carr...@gmail.com on 8 Nov 2011 at 8:44

[GoogleCodeExporter]

I have a 10.7 server that I'm happy to test this with. Please let me know how I 
can help.

Original comment by rei...@gmail.com on 13 Nov 2011 at 7:20

[GoogleCodeExporter]

Hi folks, if one, or all of you (lets pretend it's a race and maybe you'll 
respond quicker ;) could retry against 10.7 machine with first getting the 
latest copy of the library here:

http://libsrvrmgrd-osx.googlecode.com/svn/trunk/srvrmgrdIO.py

And replacing your copy. Then run it with the DEBUG option it would be much 
appreciated. This will create a file in /tmp/ with .debug at the end. Again 
make sure you obfuscate any users/passwords/addresses you don't want on the web.

Thanks,

Félim

Original comment by felimwhiteley on 15 Nov 2011 at 11:54

[GoogleCodeExporter]

Any update from you guys?

Original comment by felimwhiteley on 14 Dec 2011 at 10:19

[GoogleCodeExporter]

Hi all. I finalyl have access to a 10.7 box. Apple changed the initial startup 
of the daemon so you need to allow agent-less connecitons. ie. the webadmin 
daemon. So at a command line on the server run:

sudo defaults write /Library/Preferences/com.apple.servermgrd requireUserAgent 
-bool false

sudo killall servermgrd

Then you should be able to run the plugin against the server. Please report any 
bugs if you find them. Given a very brief 5min test most have worked.

Original comment by felimwhiteley on 1 Feb 2012 at 1:16

[GoogleCodeExporter]

I have a Mac mini server running the latest rev. of Lion, so if you want any 
more testing done, I'll be happy to help.

I've tried the plugin and from the command line it works beautifully. However, 
when I start Nagios, it throws up an error, when I have added a service to my 
Nagios server. Given that all this thing with Nagios is somewhat new to me, I 
have a couple of questions, if you do not mind:

1. When you say that the file osx_server.cfg has to be merged into the master 
config, what exactly do you mean? I have no /etc/nagios-plugins/config 
directory, so I am not exactly sure where to add it. I tried adding it in 
/etc/nagios/objects, but it doesn't seem to work, when I start nagios I get a 
CONFIG ERROR.

2. When I try (from the command line) the "webobjects" service, I get an error:

Traceback (most recent call last):
File "./check_osx_server", line 463, in <module>
serviceStatus, criticalCount - getServiceState(serviceData)
File "./check)osx_server", line 239, in getServiceState
serviceState - serviceData['state']
KeyError: 'state'

3. Forgive me, if this is a stupid question, but why aren't there any checks 
for Address Book or mail services (smtp, pop, imap)? Shall I assume that Apple 
doesn't provide those?

Original comment by john.car...@gmail.com on 3 Mar 2012 at 9:12

[GoogleCodeExporter]

Gee, I forgot! Lovely plugin! I love it. I just hope I'll make it work 
completely.

Original comment by john.car...@gmail.com on 3 Mar 2012 at 9:14

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Further command line testing revealed that the same error as above (2) is also 
shown with:

mysql, ftp, print, qtss, teams, softwareupdates, softwareupdatesList

And just to prove that early in the morning is not my best hour, here is my 
network description:

1. Box running Centos 6 fully updated, with nagios, acting as nagios server.
2. Apple Mac Mini Server, running OS-X Lion server 10.7.3, running nrpe.

This plugin is installed in the nagios server (1. above) according to the 
instructions. osx_server.cfg is installed in /etc/nagios/objects and it is 
defined in nagios.cfg with a cfg_file=/etc/nagios/objects/osx_server.cfg line.

Still, if I add a service definition, in my Mac Mini cfg file, for example:

define service{
               use                    generic-service
               host_name              myserver
               service_description    OS X AFP
               check_command          check_osx_afp!311!myadninusername!hispassword
}

nagios wouldn't start and come up with an error.

Original comment by john.car...@gmail.com on 3 Mar 2012 at 10:22

[GoogleCodeExporter]

Hi John,

Absolutely would be great if you can help out. I've ot looked at your bugs 
fully yet, but will do in the next couple of hours, but great to have you 
helping. I think I wrote the install howto a little too tersely in retrospect. 
I'll try make a little clearer. Give me a few hours though, work is imposing ;)

Also glad you like it!

Mail check actually should work, and it includes pop, imap, smtp etc. They are 
sub-services of the mail check. Make sense?

Original comment by felimwhiteley on 5 Mar 2012 at 1:02

[GoogleCodeExporter]

OK, I think I have managed to solve the mail check issues, so do not bother 
with them. What would be nice though, in the mail checks would be to have a 
"shorter" response, if desired. The response returned now is about 2-4 lines 
long. A shorter version (user selectable?) would be nice.

By all means, I would be happy to help, email me directly at your convenience.

Original comment by john.car...@gmail.com on 5 Mar 2012 at 1:17

[GoogleCodeExporter]

Have you an example of output you'd prefer? I've seen some fo them can be quite 
long alright. I could hide everything with a plain OK if every sub-service is 
good. To be honest I'm cleaning up some of this already in an unpublished 
revision. I'll pop you an email with some testing as soon as I get a chance to 
modify the library. Try this evening or tomorrow first thing.

Original comment by felimwhiteley on 5 Mar 2012 at 7:26

[GoogleCodeExporter]

I would say that something like "POP OK - 0.062 sec. response time" would be 
fine. Just like the SMTP response "SMTP OK - 0.279 sec. response time", one 
knows which ports he is monitoring, no need to show them in the response. 

Original comment by john.car...@gmail.com on 5 Mar 2012 at 8:19

[GoogleCodeExporter]

Ok so you'd prefer 4 separate services as such. In reality it's one service 
with 4 separately configurable parts. Not that it's not easy, we already have 
the info, it would be good to cache this (which is built into the library) to 
avoid hitting the server 4 times etc. for each request. 

I'll have a think though, as this would end up with multiple new services being 
required in your main config. Rather than jsuta  "mail" check you'd have to 
have "mail-smtp" "mail-pop" etc.

Anyway I'll have a think but I'll split this off as a new ticket, it's nothing 
to do with 10.7 anyway. Thanks. I'll be in touch. 

Original comment by felimwhiteley on 5 Mar 2012 at 8:30

[GoogleCodeExporter]

I do not care if it will be four services or one. Right now, SMTP response is 
shown fine, it's the other three that I would prefer to be shortened. If you 
need to create 4 services out of it, I do not know, is it worth the trouble? 
Why don't you make it one sercice, which would report something like:

"Mail services: POP3 OK, IMAP DOWN, SMTP OK"

Right now the SMTP response is something like:

IMAP OK - 0.000 second response time on port 143 [* OK [CAPABILITY IMAP4rev1 
LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=CRAM-MD5 
AUTH=X-PLAIN-SUBMIT AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Dovecot ready.]

Is anyone looking for all that information in a service monitoring tool?

I definitely won't like asking the service four separate times, if you can 
extract the info from the first response.

Original comment by john.car...@gmail.com on 5 Mar 2012 at 8:42

[GoogleCodeExporter]

As I said in my email, you can scrap all the discussion about the mail 
services, since check_osx_server doesn't check for them, so I am using NRPE to 
check them. Not your problem, at least not in the state check_osx_server is at 
this moment.

I did some tests and I have managed to add a check for the addressbook service. 
Now, if you can come up with the mail services checks, I could dump NRPE for 
them.

I did some checks with mail, by eliminating the lines which produce an error, 
I've managed to see which services are running, but they are kind of .... 
messed up. Here is the result I got:

RUNNING 
IMAP-INCOMING:POP3-INCOMING:SMTP-INCOMING:SMTP-OUTGOING:LISTSERVER-OUTGOING:(OFF
) Junk_mail_filter-INCOMING:Virus_scanner-INCOMING:

Original comment by john.car...@gmail.com on 8 Mar 2012 at 8:37

[GoogleCodeExporter]

John I'll leave the mail stuff over in issue 14. Which I'll have an update for 
in next 20mins or so. 

Original comment by felimwhiteley on 8 Mar 2012 at 9:11

[GoogleCodeExporter]

The software update status is not returning a value for my Lion Server 10.7.3. 
I have downloaded the latest srvrmgrdIO.py and check_osx_server files and 
attempted again with the same result. Attached is the debug log.

Original comment by putna...@gmail.com on 20 Mar 2012 at 6:59

Attachments:

• 10.7.3_311.debug

[GoogleCodeExporter]

Go to your plugins directory and try:

./check_osx_server swupdate xxx.xxx.xxx.xxx 311 adminname adminpassword

It should report back something like:

RUNNING numOfMirroredPkg: 640

I think the service you are entering (softwareupdates) no longer works. 

Original comment by john.car...@gmail.com on 20 Mar 2012 at 7:31

[GoogleCodeExporter]

Hmm it should work. I'll take a look. It should list what updates that server 
requires if any.

Original comment by felimwhiteley on 21 Mar 2012 at 10:31

[GoogleCodeExporter]

Oh interesting. This had never happened on any of my test machines. Essentially 
you asked for what updates were required and it didn't have the list. So I'm 
modifying it to perform the scan if we don't have an updated list. I'll let you 
know once I've uploaded a new version.

Original comment by felimwhiteley on 21 Mar 2012 at 11:20

[GoogleCodeExporter]

Ok I've just applied a fix for that. You can grab it at 
http://libsrvrmgrd-osx.googlecode.com/svn/trunk/check_osx_server

Original comment by felimwhiteley on 21 Mar 2012 at 11:41

[GoogleCodeExporter]

Felim, I am not sure what you have changed. If I try:

./check_osx_update swupdate 10.0.0.1 311 adminname adminpassword

I still get

RUNNING numOfMirroredPkg: 640

If I try 

./check_osx_update softwareupdates 10.0.0.1 311 adminname adminpassword

I get 

ERROR: Unknown command "softwareupdates"

Original comment by john.car...@gmail.com on 21 Mar 2012 at 12:03

[GoogleCodeExporter]

OK, I think I found it. If I try 

./check_osx_update softwareupdatesList 10.0.0.1 311 adminname adminpassword

I get

totalPatches: 0

Probably because my server is all updated?

Original comment by john.car...@gmail.com on 21 Mar 2012 at 12:06

[GoogleCodeExporter]

Hey John,

swupdate give the right result. It's the software update service which allows 
clients to get a mirrored copy of the patches locally from your own server. The 
one we need to test is the softwareupdates. Can you send me a debug of it? I've 
a lot of unpatched systems (on purpose ;) so I can get results from them. Maybe 
they are changing the format. On pre-10.7 versions it works so maybe they do 
something different when it's updated. 

Original comment by felimwhiteley on 21 Mar 2012 at 12:12

[GoogleCodeExporter]

Here it is.

Original comment by john.car...@gmail.com on 21 Mar 2012 at 1:04

Attachments:

• debug.txt

[GoogleCodeExporter]

I am trying to check the patch status of the server, not if the software update 
service is running (it's not configured on the server in question). It works 
correctly on the 4 10.6.8 servers that I am monitoring as well. 

Original comment by putna...@gmail.com on 21 Mar 2012 at 1:21

[GoogleCodeExporter]

Hmm ok lesson learned. Read your response properly! I didn't see the last line 
"totalPatches:0"... argh yes that is correct, because your system is up to 
date. It gives all the right results. I clearly need some tea! I misread a line 
above where there was an Error message.

Original comment by felimwhiteley on 21 Mar 2012 at 1:26

[GoogleCodeExporter]

Sorry buddy, can't .... downgrade the server! LoRL

Original comment by john.car...@gmail.com on 21 Mar 2012 at 1:29

[GoogleCodeExporter]

Hi putnajoe,

Then the one you want is softwareupdates, which should be working now. See the 
link 

http://libsrvrmgrd-osx.googlecode.com/svn/trunk/check_osx_server

For a new version and overwrite the existing copy and it will have the fixes. 
If you still have problems let me know and attach another debug from this fiel 
if possible. Thanks

Original comment by felimwhiteley on 21 Mar 2012 at 1:31

[GoogleCodeExporter]

I have a question:

Is that supposed to show, how many packages are out of date on your server?

Original comment by john.car...@gmail.com on 21 Mar 2012 at 1:45

[GoogleCodeExporter]

It should show how many updates from Apple are needing to be installed. It will 
only show those that come from Apple. Or if something else ties in with Apple 
Software Updater tool (I have no idea if anything other than the OS/iTunes etc. 
does though).

Original comment by felimwhiteley on 21 Mar 2012 at 1:54

[GoogleCodeExporter]

Yes, the softwareupdates will tell you how many patches are needed for your 
server and softwareupdatesList will list the patches. I find it useful to know 
whether or not these are serious patches or just the latest iTunes update that 
I can acknowledge the warning on and install later.

Original comment by putna...@gmail.com on 21 Mar 2012 at 1:57

[GoogleCodeExporter]

The new check_osx_server has corrected the softwareupdates issue I was having 
with the Lion Server 10.7.3 I am monitoring.  Thank you!

Original comment by putna...@gmail.com on 21 Mar 2012 at 1:59

[GoogleCodeExporter]

Ah yes ok. It actually does tell you that. It will show you how many need to be 
applied then also if any are recommended/required (Apples terminology) then it 
wil highlight that too. It will also flag if a system restart will be required 
to complete the update.

Original comment by felimwhiteley on 21 Mar 2012 at 2:20

[GoogleCodeExporter]

Original comment by felimwhiteley on 15 Aug 2012 at 1:40

• Changed state: Fixed

[GoogleCodeExporter]

Just for those interested, I can say that this works fine with a Mountain Lion 
server too. Been using it for a week or two now, everything works OK.

Original comment by john.car...@gmail.com on 15 Aug 2012 at 2:43

[GoogleCodeExporter]

Oh great, thanks John, you read my mind!

Original comment by felimwhiteley on 15 Aug 2012 at 3:40