NIS Hosts File Problems
[posted 2001/11/29]
Moving on to the final example: This is one I've wanted to do for a very long time but just never got around to. From our alarms/nis_alarms.cfg:
///////////////////////////////////////////////////////////////////////////////
#if nismaster
NISHostsProblemsWarning
init
status active
level warning
task "Report NIS hosts file problems"
input proc "=grep -v '^#' =nishosts | =sort +0"
dat "^([[:graph:]]+)[[:space:]]+([^#]+)"
rule
set $nisaddr = $1
set $nishosts = $trim($2)
rule
set #problem = #false()
rule // report duplicate nisaddr entries
if $nisaddr eq
output mail "duplicate entries:"
output mail " "
output mail " $inlin"
set #problem = #true()
endif
rule // report reverse DNS resolution mismatches
set $dnsname = $trim($command("=nslookup $nisaddr 2>/dev/null |
=awk -F: '/^Name:/ {print \$2}'"))
if $dnsname eq ""
# ifdef verbose
output mail "$nisaddr not registered in DNS"
set #problem = #true()
# endifdef
else
if $nishosts !~ $dnsname
output mail "$nisaddr reverse DNS resolves to
$dnsname, fails to match any of
$nishosts"
set #problem = #true()
endif
endif
rule // report forward DNS resolution mismatches
set #h = #split($nishosts)
for #i=1 #i<=#h #i+=1
set $dnsaddress = $trim($command("=nslookup $[#i]
2>/dev/null |
=tail +4 |
=awk -F: '/^Address:/
{print \$2}'"))
if $dnsaddress eq ""
# ifdef verbose
output mail "$[#i] not registered in DNS"
set #problem = #true()
# endifdef
else
if $dnsaddress ne $nisaddr
output mail "$[#i] DNS resolves to
$dnsaddress, fails to
match NIS address $nisaddr"
set #problem = #true()
endif
endif
endfor
rule
if #problem
output =newline
endif
#endif // nismaster
///////////////////////////////////////////////////////////////////////////////
This alarm script shouldn't require explanation. (Oh, perhaps it might if you're a PIKT beginner. But try to figure it out yourself.) The first run of this script generated a *12-page* list of NIS hosts file problems like:
nntpserver not registered in DNS 111.222.212.62 not registered in DNS topeka.uppity.edu DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.62 topeka DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.62 111.222.212.63 not registered in DNS flagstaff.uppity.edu DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.63 flagstaff DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.63 crsp DNS resolves to 111.222.125.22, fails to match NIS address 111.222.125.49 111.222.130.1 reverse DNS resolves to v130router.uppity.edu, fails to match any of egbdf2.uppity.edu egbdf2 egbdf2.uppity.edu not registered in DNS egbdf2 not registered in DNS duplicate entries: 111.222.130.1 egbdf2.uppity.edu egbdf2 111.222.130.1 rosenkavalier-gw.uppity.edu rosenkavalier-gw 111.222.130.1 reverse DNS resolves to v130router.uppity.edu, fails to match any of rosenkavalier-gw.uppity.edu rosenkavalier-gw rosenkavalier-gw.uppity.edu not registered in DNS rosenkavalier-gw not registered in DNS 111.222.130.102 reverse DNS resolves to egbdf-dhcp-130102.uppity.edu, fails to match any of egbdfgmcps.uppity.edu egbdfgmcps egbdfgmcps.uppity.edu not registered in DNS egbdfgmcps not registered in DNS ...
Twelve pages (and two-to-a-page, compressed type)!! That reminds me of when we first ran the PIKT checks against our many, many passwd, group, and shadow files (including also their NIS versions). We discovered many, many problems then, also. Fixing those took a good long while!
We have a lot of cleaning up to do!
I hope you appreciate some of this fancy stuff. I'm a firm believer: One needs some of this fanciness for the accurate and efficient monitoring and configuration of the idiosyncratic setups that large-scale Unix establishments are often prone to. One size doesn't really fit all. You need to tailor your system monitoring and configuration management to suit your own peculiarities. More than just a needle and thread, PIKT is like a multi-function, fully customizable, atomic-powered sewing machine!
For more examples, see Developer's Notes.
