<div dir="ltr"><div><div>You should be very careful about how you validate this kind of automation. The client should probably do some kind of verification, and use canned scripts rather than just running any command handed to it. For example:<br>
<br></div><div>xymon adds to client-local.cfg for server1: restartapache:`date+%s`<br></div><div>server1 xymon client saves that in $HOME/etc/local.cfg<br></div><div>server1 cron job sees "restartapache", extracts the timestamp, checks that it didn't already do that, then posts that timestamp back to the xymon server, asking what it means;<br>
</div><div>xymon server replies: restartapache<br></div><div>As long as the reply matches, the client kicks apache<br></div><div>Everybody writes log entries<br><br></div><div>The client call-back to verify the command could be done with curl over https with a client-side SSL certificate to validate each party to the other. That may seem like overkill, but when auditors are involved, maybe not... :-)<br>
<br></div><div>Ralph Mitchell<br></div><div><br><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 4, 2013 at 3:21 PM, Another Xymon User <span dir="ltr"><<a href="mailto:xymon@epperson.homelinux.net" target="_blank">xymon@epperson.homelinux.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div style="font-family:Verdana,Geneva,sans-serif">
<p>Thanks, Ralph! I had case 1 working with a PKI trust relationship for root between the Xymon servers and the clients, but when the auditors made us set "NoRootLogin yes" in sshd_config everywhere, it broke and I had not had a chance to figure out how to do it with sudo. Case 2 will let me work up an alternative.</p>
<div><div class="h5">
<p>On 2013-07-04 12:07, Ralph Mitchell wrote:</p>
<blockquote type="cite" style="padding-left:5px;border-left:#1010ff 2px solid;margin-left:5px;width:100%">
<div dir="ltr">It could be done, but it's a bit more complicated than that. Your browser is talking to the Xymon server, not the server where the downed service should be running. Here's a couple of ways it could be done, using your tomcat example:
<div> </div>
<div>1) you would need a cgi script on the Xymon server capable of logging in to the remote tomcat server with enough privilege to be able to restart tomcat or to dump memory, then send back to your browser any restart messages or the memory dump as a file download;</div>
<div>or</div>
<div>2) a cgi script on the xymon server that could add a variable to the client-local.cfg for the tomcat server. Next time the remote checks in with xymon it would pick up that flag and store it in $HOME/etc/local.cfg. A cron job could examine that file occasionally and if the flag shows up, restart or dump memory as appropriate. This cycle could take 10 - 15 minutes to complete.</div>
<div> </div>
<div>I don't know if anyone has such automation currently running.</div>
<div> </div>
<div>Ralph Mitchell</div>
<div> </div>
</div>
<div class="gmail_extra"><br><br>
<div class="gmail_quote">On Thu, Jul 4, 2013 at 7:24 AM, deepak deore <span><<a href="mailto:deepakdeore2004@gmail.com" target="_blank">deepakdeore2004@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Is it possible to execute a command on client from xymon browser?
<div> </div>
<div>eg. </div>
<div> </div>
<div>1.If a service is in RED state, just select that service and fire restart command from browser.</div>
<div> </div>
<div>2. If tomcat not responding then take thread dump from browser by selecting that particular tomcat.</div>
<div> </div>
<div>I can write html for gui.</div>
<div> </div>
<div> </div>
</div>
<br>_______________________________________________<br> Xymon mailing list<br><a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br><a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote>
</div>
</div>
<br>
<pre>_______________________________________________
Xymon mailing list
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a>
</pre>
</blockquote>
<div> </div>
</div></div></div>
<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote></div><br></div>