NIS Hosts File Problems

[posted 2001/11/29]

Moving on to the final example:  This is one I've wanted to do for a very long time but just never got around to.  From our alarms/nis_alarms.cfg:

///////////////////////////////////////////////////////////////////////////////

#if nismaster

NISHostsProblemsWarning

        init
                status active
                level warning
                task "Report NIS hosts file problems"
                input proc "=grep -v '^#' =nishosts | =sort +0"
                dat "^([[:graph:]]+)[[:space:]]+([^#]+)"

        rule
                set $nisaddr = $1
                set $nishosts = $trim($2)

        rule
                set #problem = #false()

        rule    // report duplicate nisaddr entries
                if $nisaddr eq @nisaddr
                        output mail "duplicate entries:"
                        output mail "  @inlin"
                        output mail "  $inlin"
                        set #problem = #true()
                endif

        rule    // report reverse DNS resolution mismatches
                set $dnsname = $trim($command("=nslookup $nisaddr 2>/dev/null |
                                     =awk -F: '/^Name:/ {print \$2}'"))
                if $dnsname eq ""
#  ifdef verbose
                        output mail "$nisaddr not registered in DNS"
                        set #problem = #true()
#  endifdef
                else
                        if $nishosts !~ $dnsname
                                output mail "$nisaddr reverse DNS resolves to
                                             $dnsname, fails to match any of
                                             $nishosts"
                                set #problem = #true()
                        endif
                endif

        rule    // report forward DNS resolution mismatches
                set #h = #split($nishosts)
                for #i=1 #i<=#h #i+=1
                        set $dnsaddress = $trim($command("=nslookup $[#i]
                                                          2>/dev/null |
                                                          =tail +4 |
                                                          =awk -F: '/^Address:/
                                                               {print \$2}'"))
                        if $dnsaddress eq ""
#  ifdef verbose
                                output mail "$[#i] not registered in DNS"
                                set #problem = #true()
#  endifdef
                        else
                                if $dnsaddress ne $nisaddr
                                        output mail "$[#i] DNS resolves to
                                                     $dnsaddress, fails to
                                                     match NIS address $nisaddr"
                                        set #problem = #true()
                                endif
                        endif
                endfor

        rule
                if #problem
                        output =newline
                endif

#endif  // nismaster

///////////////////////////////////////////////////////////////////////////////

This alarm script shouldn't require explanation.  (Oh, perhaps it might if you're a PIKT beginner.  But try to figure it out yourself.)  The first run of this script generated a *12-page* list of NIS hosts file problems like:

nntpserver not registered in DNS

111.222.212.62 not registered in DNS
topeka.uppity.edu DNS resolves to 111.222.212.7,
  fails to match NIS address 111.222.212.62
topeka DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.62

111.222.212.63 not registered in DNS
flagstaff.uppity.edu DNS resolves to 111.222.212.7,
  fails to match NIS address 111.222.212.63
flagstaff DNS resolves to 111.222.212.7, fails to match NIS address 111.222.212.63

crsp DNS resolves to 111.222.125.22, fails to match NIS address 111.222.125.49

111.222.130.1 reverse DNS resolves to v130router.uppity.edu,
  fails to match any of egbdf2.uppity.edu egbdf2
egbdf2.uppity.edu not registered in DNS
egbdf2 not registered in DNS

duplicate entries:
  111.222.130.1 egbdf2.uppity.edu egbdf2 
  111.222.130.1 rosenkavalier-gw.uppity.edu       rosenkavalier-gw
111.222.130.1 reverse DNS resolves to v130router.uppity.edu,
  fails to match any of rosenkavalier-gw.uppity.edu  rosenkavalier-gw
rosenkavalier-gw.uppity.edu not registered in DNS
rosenkavalier-gw not registered in DNS

111.222.130.102 reverse DNS resolves to egbdf-dhcp-130102.uppity.edu,
  fails to match any of egbdfgmcps.uppity.edu       egbdfgmcps
egbdfgmcps.uppity.edu not registered in DNS
egbdfgmcps not registered in DNS

...

Twelve pages (and two-to-a-page, compressed type)!!  That reminds me of when we first ran the PIKT checks against our many, many passwd, group, and shadow files (including also their NIS versions).  We discovered many, many problems then, also.  Fixing those took a good long while!

We have a lot of cleaning up to do!

I hope you appreciate some of this fancy stuff.  I'm a firm believer:  One needs some of this fanciness for the accurate and efficient monitoring and configuration of the idiosyncratic setups that large-scale Unix establishments are often prone to.  One size doesn't really fit all.  You need to tailor your system monitoring and configuration management to suit your own peculiarities.  More than just a needle and thread, PIKT is like a multi-function, fully customizable, atomic-powered sewing machine!

For more examples, see Developer's Notes.

 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2019-01-12.   This site is PIKT® powered.
Copyright © 1998-2019 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
See how to
automatically report
network service failures