Table of Contents |
---|
Architecture
This integration sits between and communicates with Open-AudIT and NMIS. It is designed to work as its own unit of software and makes very few assumptions about your unique setup. The integration only requires as much information about NMIS and Open-AudIT as is necessary to communicate with them.
...
As your network grows and you add NMIS pollers, you can continue to integrate with Open-AudIT on a per-poller basis by including the integration software on each poller. Each integration has its own set of rules, so it can point to any Open-AudIT server and request only the devices that poller requires. The diagram below shows an example of this architecture.
Multi Server
Anchor | ||||
---|---|---|---|---|
|
The integration leverages Open-AudIT's query feature as a way of controlling the devices you want to integrate with NMIS. You can create a query specific to your needs, then tell the integration to use that query (by referencing the name or ID). For example, if you wanted to integration only devices running CentOS, you could use the following query in Open-AudIT:
...
You can read about Open-AudIT queries in detail here.
Integration Description
An integration run has the following steps:
- Retrieve devices from Open-AudIT.
- Create a node file suitable for passing into node_admin.pl.
- Create a new node if one does not exist, or update an existing node if it does.
- Update the mapping of Open-AudIT devices to NMIS nodes.
- Update the device on the Open-AudIT server if necessary.
Configuration
The following is a sample configuration file for the integration. The configuration is written in the .nmis format common to other Opmantek products.
...
Key | Type | Description | |||||
---|---|---|---|---|---|---|---|
log_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path for the integration log. This log will contain a summary of actions that are taken for each integration, including system calls to node_admin.pl. | |||||
node_admin_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path to the executable for the node admin tool. All interactions with NMIS are controlled via the node admin tool. | |||||
node_file_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path to the Nodes.nmis file. This will be backed up before every integration run and saved as [filename].integration.bak. | |||||
integration_rules_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path to the rules file for the integration. The rules file defines how values from Open-AudIT devices should translate into NMIS nodes. It is recommended to give this file a .nmis extension, as it is written in the .nmis format. | |||||
open_audit_lookup_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path to the lookup file for the integration. The lookup file stores mappings between Open-AudIT devices and NMIS nodes. It is recommended to give this file a .nmis extension, as it is written in the .nmis format. | |||||
open_audit_query_ids | An array of integers. OR An array of integers and strings. (Open-AudIT 3.0.0+ only.) | The ID/s of the Open-AudIT queries to be used for this integration. See the section about Open-AudIT queries for more. If using Open-AudIT 3.0.0 or greater, you may also specify query names as well as IDs. For example, this value could be
| |||||
open_audit_details.host | A string representing a URL. | The Open-AudIT server you wish to target for the integration. This should include the protocol, but should NOT include any path. | |||||
open_audit_details.user | A string. | The username of the Open-AudIT user the integration will run under. You should ensure the chosen user has access to all the devices you wish to integration with NMIS. | |||||
open_audit_details.password | A string. | The password of the Open-AudIT user. | |||||
open_audit_details.log_path | A string representing either a fully-qualified path or a path relative to the integration's execution. | The path to the Open-AudIT log. This log will contain records of all the requests that are made to the Open-AudIT server (excluding authentication requests). |
Anchor | ||||
---|---|---|---|---|
|
The rules file defines how values from Open-AudIT devices should translate into NMIS nodes. The configuration is written in the .nmis format common to other Opmantek products.
...
Code Block | ||||
---|---|---|---|---|
| ||||
%hash = ( 'nmis' => { # Different rules can be defined for when an NMIS node is created and when # it is updated. This lets you avoid overwriting values the you edit in NMIS. 'create' => { # version will resolve to the 'os_version' field in the device if it exists or # an empty string otherwise. 'version' => ['$DEVICE.os_version'], # roleType and group try to use a value from the device if it exists, but # it will fall back to a constant if it does not. 'roleType' => ['$DEVICE.nmis_role', 'core'], 'group' => ['$DEVICE.nmis_group', 'Open-AudIT'], # host checks multiple fields from the device, choosing the first one # that has a value (or the empty string if no values are found). 'host' => ['$DEVICE.ip', '$DEVICE.hostname','$DEVICE.dns_hostname', '$DEVICE.fqdn'], # active, ping, and model just use a default value when any new node is created. 'active' => ['true'], 'ping' => ['true'], 'model' => ['automatic'], # name uses an array of candidates like all the other fields, but it also applies # a set of transform functions to the value after a candidate is chosen. 'name' => { 'candidates' => ['$DEVICE.name'], 'transforms' => ['trim_whitespace'], } }, # Only the node fields defined here will be considered for an update. 'update' => { 'roleType' => ['$DEVICE.nmis_role', 'core'], 'group' => ['$DEVICE.nmis_group', 'Open-AudIT'], } } ); |
Transform functions
Transform functions provide additional functionality by transforming fields in some predefined way. If an invalid transform function is provided, the integration will fail. A list of valid transform functions are listed below.
...
Open-AudIT Device | Integration Rules | Resulting NMIS node | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
Usage
To run the integration, simply invoke the executable and pass it a configuration file as described in the previous section. You can also invoke the tool by itself, which will look for a configuration file at conf/nmisIntegration.nmis by default.
...