Hiding password while using check_vmware_api.pl

[Sargento]

All,

We are hoping to monitor a few VMWare ESXi hosts from Nagios XI. We have the VMWare support compiled in and we had the check working correctly (the checks showed successful for EXSi monitoring).

This is where we now have a problem...

The wizards stores the password in plain text in a file on the xi server.. So our options are to either hard-code, in plain text, a root password for our EXSi host or to leave an admin password in plain text on our server. It is safe to say that this made our VMWare team very uncomfortable and request us take the password out. Is there any way to encrypt this file or hash our password where it cannot be sent in plain text, or decrypted on our servers?

The only other resolution I could think of is to have the VMWare team create another local account with minimal permissions but that seems like a last resort for us, and we would need to know the permissions (which I couldn't find in the official installation document at https://assets.nagios.com/downloads/nag ... ios-XI.pdf).

Thank you.

[ssax]

You should be able to do this:

Code: Select all

su - nagios
/usr/lib/vmware-vcli/apps/session/save_session.pl --savesessionfile /usr/local/nagiosxi/etc/components/vmware_session_file1 --server 192.168.X.X

Then to fix a bug preventing the session file from working, run this command (this only needs to be run once):

Code: Select all

sed -i '629d' /usr/local/nagios/libexec/check_vmware_api.pl

Then test:

Code: Select all

/usr/local/nagios/libexec/check_vmware_api.pl -H 192.168.X.X -S /usr/local/nagiosxi/etc/components/vmware_session_file1 -l CPU

[Sargento]

Running the command below

Code: Select all

/usr/lib/vmware-vcli/apps/session/save_session.pl --savesessionfile=/usr/local/nagiosxi/etc/components/sessionfile --server=server

gave us the desired output.

Thank you.

[ssax]

No problem, let us know when we're okay to lock this up and mark it as resolved.

[Sargento]

After testing the above solution, this will not will not work for us. This solution may work for another user so it's good that this post exists, the issue is that the session file will need to continue being created/remade as XI gets upgraded. We just had an XI update and all the clients I added with session files were no longer usable (said that session didn't exist/could not authenticate). Did I miss something or is that the actual behavior?

After that feel free to close this posting.

[ssax]

Do the session files still exist?

Code: Select all

ls -l /usr/local/nagiosxi/etc/components

Do they still work?

Code: Select all

/usr/local/nagios/libexec/check_vmware_api.pl -H 192.168.X.X -S /usr/local/nagiosxi/etc/components/vmware_session_file1 -l CPU

I'm wondering if the upgrade reverted your command changes in XI or if the session timed out (I'm not sure if there is a timeout on the vmware session files).

[Sargento]

The session files still existed but did not work after the upgrade unless I recreated a new session file. We can't have reliability problems in the future so we may have to use some other options of authentication for these checks.

[ssax]

That's understandable, it was worth a shot, I appreciate the update.

[Sargento]

Thank you for your assistance. Hopefully this will help someone on the forums in the future!

Please close.