box293 vMA certificate question (for failback XI)

[dlukinski]

Hello XI support

Troy's VMWARE plugin (https://exchange.nagios.org/directory/P ... re/details) manual has steps associated with transferring certificates from XI to vMA:

This worked well for the Production XI server, now we are trying to match Production and failback configurations (make sure they got same custom plugins)
- how to transfer certificate to vMA from Failback XI (file names would be the same, something we do not want as it may override Prod certificate?

Code: Select all

Create Certificates
•
Create the certificates to use with vMA
◦
You are creating a certificate that allows the Nagios server to establish an SSH session with the 
vMA without using credentials
◦
Type 
su nagios 
and press Enter 
(this means the following steps will be performed as the 'nagios' 
user, as this is what account is used when the Nagios Monitoring Engine Executes the 
box293_check_vmware pluin)
▪
You will now be presented with: [nagios@localhost nagios-plugins-1.5]$
▪
Type 
cd ~ 
and press Enter 
(puts you in the home directory of the nagios user)
▪
Type 
ssh-keygen -t dsa 
and press Enter
•
Enter file in which to save the key (/home/nagios/.ssh/id_dsa):
◦
You will use the default location so 
press Enter
box293_check_vmware manual
Page 
9
 / 
82
•
Enter passphrase (empty for no passphrase):
◦
You will use an empty passphrase so 
press Enter
•
Enter same passphrase again:
◦
You will use an empty passphrase so 
press Enter
•
A randomart image is displayed, the certificate has been created
▪
Leave this SSH session open, you will use it in the next step
•
Transfer certificates to the vMA
▪
The next command uses the IP Address or DNS name of the 
vMA 
(for example 192.168.1.231)
▪
Type 
cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat 
>>~/.ssh/authorized_keys'
 and press Enter 
(all in one line)
•
An authenticity message is displayed
•
Are you sure you want to continue connecting (yes/no)?
◦
Type 
yes 
and press Enter
•
You are prompted for the vi-admin password 
(for example: A Str0ng P@ssw0rd)
◦
Type 
the password 
and press Enter
•
The certificate file is transferred
▪
Leave this SSH session open, you will use it in the next step

[rkennedy]

You would need to create a SSH certificate on the backup machine, and transfer that to the vMA just as you did the production machine.

[dlukinski]

You would need to create a SSH certificate on the backup machine, and transfer that to the vMA just as you did the production machine.

But it not be the same name file (overwriting previous transfer from production machine)?

[rkennedy]

You will want to append to the authorized_keys file rather then replace it the second time around. This way each server will have their own line of text to use as a SSH key.

[dlukinski]

You will want to append to the authorized_keys file rather then replace it the second time around. This way each server will have their own line of text to use as a SSH key.

How to append?

[rkennedy]

cat ~/.ssh/id_dsa.pub from the Nagios machine, and then copy it to ~/.ssh/authorized_keys on the vma server, on a new line.

[dlukinski]

cat ~/.ssh/id_dsa.pub from the Nagios machine, and then copy it to ~/.ssh/authorized_keys on the vma server, on a new line.

Thank you
Was able to add certificate (now know how)

Please close this support request

[rkennedy]

Sounds good, closing this out.