[Nagiosplug-devel] [Nagios-devel] RFC: Plugins config file (final proposal) (Nagios V3 object macros)
Andreas Ericsson
ae at op5.se
Tue Jan 30 09:50:22 CET 2007
Ethan Galstad wrote:
>
> I prefer using the proposed config file solution to store passwords,
> etc. over the idea of passing this info via stdin. In my opinion, the
> config file option is a much simpler/elegant solution.
>
Agreed.
> It requires no mods to the Nagios daemon or plugin API. Super-secret
> info can be stored in the config file and locked down with standard file
> permissions. And a standard library/function set can be created to
> allow Perl/C plugins to grab their appropriate entries out of the config
> file.
>
Agreed again.
> Now that I'm thinking about it, this type of file format seems like it
> must be used by a number of apps. There's probably a GPL'ed library out
> there that can read/write config entries to a file in the proposed format.
>
Yup, although it's not likely any API needs to actually write the files.
Explaining to a user how to use a tool to configure their other tools
is often harder than it is to just say "make sure your config has
foo = bar
in the nitfol section".
I've got such a library which reads configs in the style of
section-name {
variable = value
}
in a very generic way. I'd be happy to share it if anyone's interested.
> As for loosing the ability to keep private information in the Nagios
> host/service definitions... I guess that's a good reason to make sure
> the monitoring server isn't used by normal users. If its a dedicated
> box, it shouldn't matter what information is being passed on the command
> lines between the daemon and the plugins.
>
There's no real difference between having the private info in the nagios
config or a separate file. If any, it'd be safer to have it in a
separate file, as it'd be clear that that file needs protecting.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
More information about the Devel
mailing list