title: My cn=monitor config link: https://onemoretech.wordpress.com/2013/06/05/my-cnmonitor-config/ author: phil2nc description: post_id: 6024 created: 2013/06/05 09:22:21 created_gmt: 2013/06/05 13:22:21 comment_status: closed post_name: my-cnmonitor-config status: publish post_type: post

Following is a short config.xml file for CN=Monitor that I use to keep track of a few important directories. I currently run version 3.2.1-1 of the software, configured to log to a MySQL server backend as detailed in the documentation. On my Red Hat systems installation was by rpm to insure consistency and maintainability. Note: The latest version of cnmonitor is incompatible with the php-snmp module for RHEL 6+ (including Fedora 19+). This is because cnmonitor contains its own implementation of SNMP for php, leading to a "PHP Fatal error: Cannot redeclare class Snmp in /usr/share/cnmonitor/www/objects/snmpobject.php on line 29" error on execution (line 29 begins the Snmp class declaration). Unless you really need php-snmp for something else (like cacti) this shouldn't be a problem. For an rpm install the main configuration file is found at /etc/cnmonitor/config.xml. [code language="xml"] en cnmonitor xxxxxxxx localhost cnmonitor mysql http://ldapmanager.example.com/cnmonitor [email protected] [email protected] Production Enterprise DS eldap.example.com eldap1.example.com cn=directory manager hCl/wMcFj6gboIOgFr4rLw== on eldap2.example.com 1389 1636 cn=directory manager hCl/wMcFj6gboIOgFr4rLw== on Quality Enterprise DS qeldap1.example.com 1389 1636 cn=directory manager hCl/wMcFj6gboIOgFr4rLw== on Development Enterprise DS deldap1.example.com 1389 1636 Exp Production Directory opends pexpdir.example.com 1389 636 cn=directory manager hCl/wMcFj6gboIOgFr4rLw== on Exp Development Directory opends dexpdir.example.com cn=admin,ou=special users,dc=example,dc=com hCl/wMcFj6gboIOgFr4rLw== ldaps [/code] I like this as an example because it shows a couple of useful methods that most admins will be interested in. First, of course, would be the very simple configuration for logging to a MySQL database. I think this is one of the truly great features of the software because it lets me track directory performance over time. Second, my production enterprise environment is load-balanced by a hardware device and the configuration takes advantage of the separate method for displaying and tracking how well load balancing is actually working. Finally, access to my newer, experimental directories based on OpenDJ is restricted to a nonstandard port for LDAP (1389) and the standard LDAPS (636) port (in reality my monitoring station doesn't get a pass from the directory server firewall for LDAP, so the non-secure and secure ports are both set to 636, see this post on how to do that). All examples show how you'd configure to securely bind to the directory with an administrative account that can read the "cn=monitor" tree (password in config file has been encrypted by the included encryptpassword.php script). Note that when setting up the MySQL database backend you need to pay careful attention to the instructions. A couple of tips: 1. The shipping mysql.sql resource file assumed that you will be creating the database by loading it, rather than manually. Unless you feel comfortable modifying the file, I'd recommend you go with the flow. Once the database is created via a

mysql -u root -p < mysql.sql

you can go back and create the requisite cnmonitor database user and assign all privileges over the new database to it. 2. Don't forget to initialize the database by running the collectdb.php, collectservermessage.php and collectsummary.php scripts, and then to add these to the root user's crontab. Here's my root crontab for the box where the monitor runs:

*/30 * * * * /usr/bin/php /usr/share/cnmonitor/bin/collectdb.php > /dev/null 2>&1
*/10 * * * * /usr/bin/php /usr/share/cnmonitor/bin/collectservermessage.php > /dev/null 2>&1
0 4 * * * /usr/bin/php /usr/share/cnmonitor/bin/collectsummary.php > /dev/null 2>&1

Again, the paths indicated are what get set up by an rpm install on Red Hat systems. 3. I usually use a different path for MySQL data files that the /var/lib/mysql default on Red Hat. Mostly it is /data/app/mysql/var, but you can choose whatever works in your environment. The point is that on my systems /data is a separate volume, usually on our enteprise SAN (Storage Area Network) that is separately backed up to ensure preservation of the data (my OpenDJ installs also wind up in /data/app/opendj for the same reason). Even if you do this be sure to include /etc/my.cnf and /etc/cnmonitor in any backup regimen to make sure you can restore the configuration (I don't expect everyone to keep key separate copies of config files in source control the way I do -- although I think it's a good idea).

Copyright 2004-2019 Phil Lembo