[hobbit] New Feature Request: Getting file from client/etc hobbit-clients directory...

Henrik Stoerner henrik at hswn.dk
Thu Aug 31 12:43:13 CEST 2006


On Wed, Aug 30, 2006 at 08:27:27PM +0200, Francesco Duranti wrote:
> A centralized monitor system is really a nice thing to have but it could
> be also a nice feature to be able to get files from clients just like
> the client could get files in the etc directory of hobbit server...

[snip section about using this for server admins to manage the Hobbit config]

I don't like that, for several reasons.

1) Stability. If one of your users makes a mistake in the configuration
   file that is uploaded, it could affect all of your monitoring. Hobbit
   client- and alert-configuration uses pattern-matching a lot, so
   allowing anyone to modify the configuration requires a lot of care;
   they can easily affect the configuration of other hosts.

2) Security. Same reasons as 1), except that you also have to consider
   the possibility of someone deliberately sabotaging your configuration
   instead of just making an accidental mistake. If I want to do
   something bad to your hosts, being able to disable your monitoring
   system is really nice. An anonymous upload function could be abused
   for this purpose.

3) There are lots of other ways of accomplishing this. You can use the
   local client-configuration option (keep all of the client
   configuration files on the client), or there's ftp/rsync/scp/nfs etc.
   to allow exchanging of files between two systems. And they have much
   better access controls than Hobbit does. Unless there's a good reason
   for it, I try not to re-invent things.

If you really want this, there is nothing that stops you from adding a
custom section to the client message - just put it at the bottom of the
Hobbit client script - and then over on the server grab the client
message and extract the configuration file from that.


Regards,
Henrik




More information about the Xymon mailing list