# Icinga2 VMware

Icinga2, monitor vCenter

Updated 22.10.2016

My task; Check the health status of a vCenter Server 6 and the used Storage. I already have an Icinga2 System in place from which I oversee my VMs. My Icinga is running on a Debian 8 system. Depending on the system you are using the following commands can differ.

At the end of this post I summarised my problems during the configuration. If you have any issues, check this section first.

I found this fine little perl script on the web. It will gather all the necessary information for us with the help of the VMware SDK.

Get the Script

We start by downloading the whole "project" to our monitoring server.
It seems to be bad practice to store third party script in the Nagios plugin folder. Let's create our own and put the script there.

mkdir /usr/lib/nagios/plugins/thirdparty/
cd /usr/lib/nagios/plugins/thirdparty/
wget https://github.com/BaldMansMojo/check_vmware_esx/archive/master.zip
unzip master.zip
move check_vmware_esx-master check_vmware_esx

Both the script and the SDK have multiple requirements.

Requirements

Script

The script needs some perl modues

  • File::Basename
  • HTTP::Date
  • Getopt::Long
  • Time::Duration
  • Time::HiRes

Pearl Modules can be installed with CPAN

cpan File::Basename HTTP::Date Getopt::Long Time::Duration Time::HiRes
vSphere SDK

The SDK needs some software

  • rpm
  • perl-doc
  • openssl-devel
  • e2fsprogs
  • uuid
  • uuid-dev
  • libxml-libxml-perl
  • libxml2-dev
  • gcc

Under Debian, the openssl-devel package is called libssl-dev

apt-get install rpm perl-doc libssl-dev e2fsprogs uuid-dev libxml-libxml-perl libxml2-dev gcc

The uuid version from the Debian repo is too old. We can't use apt. We have to install it manually.

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/J/JN/JNH/UUID-0.04.tar.gz
tar -xzvf UUID-0.04.tar.gz
cd UUID-0.04
perl Makefile.PL
User Permission

You need a user to connect to the vCenter server and gather all the data. I created an Active Directory Account, logged in to the vSphere Web interface and gave it Read-only Rights.
vSphere Roles

vSphere Perl SDK

Next step. Downloading and install the vSphere SDK.
It can be downloaded here

The file can't be downloaded with wget. You need to be logged in. If you don't have a VMware Account, you have to create one.

Go to the Download page. At the moment, there are 3 different packages.

  • exe, Windows Systems
  • i386, for x86 only.
  • x86_x64, for x64

Download the package you need

Download

If the file is downloaded, we need to push it on our server. If you have an ssh server installed, use an SFTP application to upload it. I can recommend Cyberduck

Installation

We are ready to install the sdk

  1. Log in as root

  2. cd to the folder where you uploaded the archive file

  3. untar the uploaded file, the files will be moved to the newly created folder vmware-vsphere-cli-distrib

tar -zxvf VMware-vSphere-Perl-SDK-6.0.0-    3561779.x86_64.tar.gz 
  1. As I found out... Debian is not officially supported to use with the SDK. My bad. We have to tweak the installer script a little bit. Hints found here. We have to open the install script
nano vmware-vsphere-cli-distrib/vmware-install.pl

and change ubuntu

if ( direct_command("cat /etc/*-release | grep -i  ubuntu") || direct_command("cat /proc/version | grep -i ubuntu") ) {

to debian

if ( direct_command("cat /etc/*-release | grep -i debian") || direct_command("cat /proc/version | grep -i debian") ) {

Use CTRL+W to find the line quickly, just search for "ubuntu".
Set the proxy variable, only needed for Debian

export ftp_proxy=''
export http_proxy=''
  1. run the installer
vmware-vsphere-cli-distrib/vmware-install.pl

Press Enter to show the Agreements, press Space to move down, write yes and press enter

  1. Accept, some more packages will be installed
    We are done

The installation procedure is documented by VMware and can be found here

Commands

Now we are almost there. If the script and the SDK are in place we can start to create our icinga check commands. Your can do this manually OR use an existing implementation. Check out this repo

cd /etc/icinga2/conf.d
mkdir commands
wget https://raw.githubusercontent.com/ccesario/monitoring/master/icinga2/templates/commands/vmware/custom_vmware.conf

This will automatically download the conf file. Icinga will import it automatically so you can start to use the commands.

For my environement I had to edit the file and change the command path

Services

There are many predefined commands, here's an example to check all of the volumes on a vCenter Server.

object Service "vcenter-volumes" {
  host_name = "VCENTER"
  check_command = "vmware-esx-dc-volumes"
  vars.vmware_datacenter = "vcenter.yourdomain.local"
  vars.vmware_username = "icinga@yourdomain.local"
  vars.vmware_password = "password"
}

Read the custom_vmware.conf file to see which checks are available.

Authentication File

If you don't want to store the username and password in the host files, there is the possibility of storing the credentials in an authentication file. If you create a authentication file, you can reuse it for multiple hosts.

create a new file called, name it as you like, maybe vcenter-auth. Open it and put these 2 lines in it.

username=username@yourdomain.com
password=mypassword

Et voilĂ . We can see the actual usage of our volumes.

now you can use it in the host config file

object Service "vcenter-volumes" {
  host_name = "VCENTER"
  check_command = "vmware-esx-dc-volumes"
  vars.vmware_datacenter = "vcenter.yourdomain.local"
  vars.vmware_authentication = "/etc/icinga2/conf.d/authfiles/vcenter-auth"
}

Restart the icinga2 service and we are done.

Problems

I run into several issues while installing and configure the system.

Setting locale failed

pearl error
Solution

copied from the link:
Stop accepting locale on the server. Do not accept the locale environment variable from your local machine to the server. You can comment out the AcceptEnv LANG LC_* line in the remote /etc/ssh/sshd_config file.

CPAN unable to install

CPAN error
Looks like we have to install the Pearl stuff manually with cpan

cpan Devel::StackTrace Class::Data::Inheritable Convert::ASN1 Crypt::OpenSSL::RSA Crypt::X509 Exception::Class UUID::Random Archive::Zip Crypt::SSLeay Class::MethodMaker Data::Dump SOAP::Lite Socket6 IO::Socket::INET6 Net::INET6Glue 

Run the install script again

can't locate help.pm

help.pm
To resolve this issue I had to change a line in the script. check_vmware_esx.pl. Till this day, I don't know why the original script didn't work. This is the original line

use lib "modules"

I had to change it to

use lib dirname(__FILE__) . "/modules";

and it was finally able to find the modules.

Not enough permissions

Check if the user has enough rights to read from the vCenter

Cisco helper
Linux helper

Share it

Written by

Martin Schmidli

Welcome! My focus these days is mainly on Modern Workplace, based on Microsoft 365 solutions. Feel free to reach out if you have any questions!

Comments