Date: Fri, 29 Mar 2024 00:56:18 +0000 (UTC) Message-ID: <448200155.3999.1711673778927@skald.opmantek.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_3998_1338672776.1711673778926" ------=_Part_3998_1338672776.1711673778926 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Note: This guide is intend= ed to be for opHA 3, opEvents 3 and NMIS 9. The tool is available for previ= ous versions, but the syntax and some parameters can change.
In order to integrate the poller events int= o the primary server on an opHA environment, we can make use of the create_= remote_event.pl tool.
Usage: create_rem= ote_event.pl -s <base_url> -u <user> -p <passwd> [-i] <= ;no_ssl_validation> [-q] {eventprop=3Dvalue...| < json file} base_url: http://servername:portnumber/omk, API endpoint details are automa= tic. -q: quiet, don't print the new event's id on STDOUT optional, -i: No arguments, use SSL without validation (self-signed certs). you must either provide all required event properties as name=3Dvalue pairs or as JSON hash on STDIN.
We can then create some event actions rules= to send the poller events the the primary server:
PRIMARY-UR= L (this is the Primary server the event will be sent to)
Authority = (this is the button label that will appear on the Primary)
POLLER-URL= (this is the Poller server sending the event, used to link back to the ori= ginating event from the Primary server)
"opevents_primary= " : { "exec" : [ "/usr/local/omk/bin/create_remote_event.pl", "-s", "= http://PRIMARY-URL.opmantek.net/omk", "-u", "USERNAME", "-p", "PASSWORD", "= authority=3D'POLLER HUMAN NAME'" ], "arguments" : [ "location=3Dhttp://POLLER-URL.opmantek.com/en/o= mk/opEvents/events/event._id/event_context", "node=3Dnode.name", "event=3De= vent.event", "details=3Devent.details", "time=3Devent.time", "date=3Devent.= date", "element=3Devent.element", "interface_description=3Devent.interface_= description", "type=3Devent.type", "priority=3Devent.priority", "level=3Dev= ent.level", "nodeType=3Dnode.nodeType", "state=3Devent.state", "stateful=3D= event.stateful" ], "output" : "save", "stderr" : "save", "exitcode" : "save" }
Please note, you can edit the event i=
nformation that you want to send.
Add a new = policy in the Event Actions file:
"100" : { "IF" : "event.priority >=3D 1", "THEN" : "script.opevents_primary()", "BREAK" : "true" }
/usr/local/omk/bi= n/create_remote_event.pl -s http://primary.opmantek.net/omk -u nmis -p pass= word authority=3D'poller nine Poller' location=3Dhttp://primary.opmantek.co= m/en/omk/opEvents/events/600161b500eff2351645be2c/event_context host=3D eve= nt=3D"Node Configuration Change" details=3D"Changed at 140 days 1:00:55" no= de=3D"bnelab-rr1" time=3D1610703283 date=3D element=3D interface_descriptio= n=3D type=3Dnmis_eventlog priority=3D3 level=3DWarning nodeType=3D state=3D= stateful=3D 60016d06891ad2506c49ad72
The raw exit code should be 0:
[Mon Jan 18 07:31= :50 2021] [info] worker.action[6595] 6005396300eff20fc35d55eb method=3D'ope= vents_primary' got raw exitcode=3D0 from pid=3D6602 exec=3D['/usr/local/omk= /bin/create_remote_event.pl','-s','http://primary.opmantek.net/omk','-u','n= mis','-p','password','authority=3D\'poller nine Poller\'','location=3Dhttp:= //primary.opmantek.com/en/omk/opEvents/events/6005396300eff20fc35d55eb/even= t_context','node=3Drbogon344','event=3DNode Configuration Change','details= =3DChanged at 142 days 23:00:55','time=3D1610955103','date=3D','element=3D'= ,'interface_description=3D','type=3Dnmis_eventlog','priority=3D3','level=3D= Warning','nodeType=3D','state=3D','stateful=3D']
When an event is acknowledged, opEvents stops the propagation. That mean= s, that all the rules are not going to run anymore. There are different app= roaches to achieve this, but is a common schema to set up opevents_auto_acknowledge_up to false in= the poller, so the event is not acknowledge and can be sent to the primary= .
More information: https://community.opmantek.com/pages/viewpage.action?pageId=3D2726405= 3#EventActionsandEscalation(opEvents3)-ActionPolicyApplicationandTiming=
Forwarded ev= ents may arrive out of order to the primary server, because of network= congestion or slow action processing.
To enable reorder protection, two steps need to be taken:
state_reorder_window<=
/code>
to a positive number (e.g. 30) on the receiving server.authority
=
property, to denote the event as originating from a remote au=
thoritative source.More information: Deduplicat=
ion and storm control in opEvents#StatefulDeduplication,ForwardedEventsandR=
eorderProtectionreorder_protection
If your poller is sending duplicate events to the primary make sure that= your EventActions.json script does not have any 'or' gates in your 'IF' st= atements - 'AND' and 'and' are fully supported, but 'or' (also 'OR') is not= supported and can lead to unexpected behavior.
It's also best practice to use "BREAK" : "true" whenever possible, for e=
xample:
If we confirm that event.event =3D 'Node Down' there's no need to also chec=
k to see if event.event =3D 'Interface Down' etc.
We have recently rewritten create remote event in Go and have provided t= he option to use token auth skipping out one of the auth requests from the = old Perl version.
We recommend you place this in the current location of create_remote_eve= nt.pl which is in /usr/local/omk/bin
We have retained all arguments from the perl version.
Version 1.1.0 can be downloaded here: https://dl-omk.opmantek.com/remote_event/fast-rem= ote-event-1.1.0-Linux-x86_64.bin
-d int =09Log Level (default 4) -p string =09Password for the remote user -path string =09Path for generate auth token script (default "/usr/local/omk/bin/gen= erate_auth_token.pl") -q=09Quiet level, (1|true|0|false). Don't output anything (default true)= , -q=3D0 to see event id of remote system. -retry int =09Maximum number of retries -s string =09http://servername:portnumber/omk, API endpoint details are automatic= . (default "http://localhost:8042/omk") -t string =09Token for auth -u string =09Username for remote server (default "nmis") -v=09Verify the servers TLs connection (default true) -version =09Print out the version
New in this version is using token auth so you can now skip passing the = username and password and use a token from the master.
More about tokens found here in Delegated Authentication
This is passed using -t
fast-remote-event= -1.0.1-LinuxX86_64.bin -s https://primary-one.opmantek.com/omk -t myexample= token event=3Dtestevent host=3Dlocalhost
If your Opmantek Applications in a non standard location you can use -pa= th to point to the full path of generate_auth_token.pl which is shiped in /= usr/local/omk/bin/generate_auth_token.pl in future versions we aim to remov= e this.
to see debug set value to one i.e. -d 1, debug comes in as stdout (stand= ard output)
for the TLS verify command we support the following flags
1, 0, t, f, T, F, true, false, TRUE, FALSE, True, False
Sometimes the end server is busy but using the flag -retry you can instr= uct the http handler to make X amount of requests to try again, this will p= erform a back off to try and not swamp the end server.
V1.1.0
8th June 2023
Fix issue where fast-remote-event would crash when receiving a a server = response other than JSON.
V1.0.1
Internal Release
V1.0.0
First Release