Home > Active Directory, Jamf Infrastructure Manager, Jamf Pro, Linux > Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux

Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux

August 23, 2019 Leave a comment Go to comments

A vital component of a Jamf Pro server setup is usually its LDAP connection to a directory service (usually an Active Directory server.) This connection allows the Jamf Pro server to not only leverage the directory service’s users and groups, but also automatically populate information about the owner of the device by doing a lookup in LDAP as part of a computer‘s or mobile device’s inventory update and assist with providing user-specific policies in Self Service.

As more folks move from using self-hosted Jamf Pro servers to now having Jamf host them in Jamf Cloud, this LDAP connection usually requires an LDAP proxy in order to securely connect a Jamf Cloud-hosted Jamf Pro instance to a company’s internally-hosted directory service. Jamf provides an LDAP proxy for this purpose in the form of the Jamf Infrastructure Manager (JIM). 

Because the LDAP connection is so vital, it’s just as vital that the JIM stay up and working all the time. To assist with this, I’ve written some scripts to assist with monitoring and reporting for a JIM running on Red Hat Enterprise Linux. For more details, please see below the jump.

I’ve written three scripts to assist with JIM monitoring:

  • jim_check.sh – monitors the JIM and restarts it if needed.
  • jim_report.sh – sends a report to a designated Slack channel
  • install_jim_check_scripts_and_crontab.sh – installs the jim_check.sh and jim_report.sh scripts into /usr/local/bin and sets up a crontab entry to run the jim_check.sh script every ten minutes.

All three scripts are shown below and are also available on GitHub via the following link:

https://github.com/rtrouton/jamf_infrastructure_manager/tree/master/jim_monitoring

The jim_check.sh script checks the port that the JIM uses for incoming LDAP queries from its Jamf Pro server, to see if the LDAP proxy service is listening on that port. If nothing is listening on that port, the JIM process is automatically stopped and restarted. After the restart completes, the jim_report.sh script is triggered to provide information about the service stoppage.


#!/bin/bash
# Automatically restart the Jamf Infrastructure Manager (JIM) if it stops running
jim_port=8636
# Verify if the JIM is running on the assigned port.
listencheck=$(/bin/netstat -ln | /bin/grep ":$jim_port " | /usr/bin/wc -l)
# If the listencheck returns 0, then the JIM process is not running on its assigned port.
# Stop the process then restart the process and send a report via email.
if [[ "$listencheck" == 0 ]]; then
# Stop the JIM processes
service jamf-im stop
# Wait 5 seconds for JIM process to fully stop
sleep 5
# Start the JIM processes
service jamf-im start
# Pause for 10 seconds to allow the JIM process to start.
sleep 10
/usr/local/bin/jim_report.sh
fi

view raw

jim_check.sh

hosted with ❤ by GitHub

The jim_report.sh script is designed to capture information from the /var/log/jamf-im.log and forward that information along with basic identifying information for the JIM to a Slack channel via a webhook.

Screen Shot 2019 08 22 at 2 31 15 PM

The general idea is that the forwarded log entries should hopefully show whatever problem the JIM’s LDAP proxy service was having before it went offline and needed to be restarted.


#!/bin/bash
# This script will send a specified number of the last lines
# of /var/log/jamf-im.log. To set the number of lines, use the
# jim_log_lines variable below.
#
# For example, setting the jim_log_lines as shown below will send
# the last 60 lines of the log:
#
# jim_log_lines=60
jim_log_lines=60
# Set the port number that the Jamf Infrastructure Manager is using
# to communicate with the Jamf Pro server.
jim_port=8636
# You'll need to set up a Slack webhook to receive the information being sent by the script.
# If you need help with configuring a Slack webhook, please see the links below:
#
# https://api.slack.com/incoming-webhooks
# https://get.slack.help/hc/en-us/articles/115005265063-Incoming-WebHooks-for-Slack
#
# Once a Slack webhook is available, the slack_webhook variable should look similar
# to this:
# slack_webhook="https://hooks.slack.com/services/XXXXXXXXX/YYYYYYYYY/ZZZZZZZZZZ"
slack_webhook=""
# That should be it for the necessary configuration part. The rest can be pretty much as-is
# if your Jamf Infrastructure Manager is running on Linux.
name=$(hostname)
logs="/tmp/JIM-restart.txt"
ipaddress=$(ifconfig eth0 | grep "inet" | awk '{print $2}' | head -1)
# Set script exit status
exit_error=0
# Function for sending multi-line output to a Slack webhook. Original script from here:
#
# http://blog.getpostman.com/2015/12/23/stream-any-log-file-to-slack-using-curl/
SendToSlack(){
cat "$1" | while read LINE; do
(echo "$LINE" | grep -e "$3") && curl -X POST –silent –data-urlencode "payload={\"text\": \"$(echo $LINE | sed "s/\"/'/g")\"}" "$2";
done
}
# Give an introduction.
echo "———————————————————————–" >> $logs
echo "—– Hi. You are receiving this because the" >> $logs
echo "—– Jamf Infrastructure Manager restarted." >> $logs
echo "—– Report is for $name ($ipaddress). " >> $logs
echo "———————————————————————–" >> $logs
echo " " >> $logs
echo " " >> $logs
# This reports on the JIM process after the restart.
echo "REPORT ON JIM PROCESS" >> $logs
echo "——————————–" >> $logs
echo "PROCESS ID:" >> $logs
processcheck=$(ps aux | grep '[j]amf-im')
echo "$processcheck" >> $logs
echo " " >> $logs
echo "NETSTAT LISTENING CHECK:" >> $logs
listencheck=$(netstat –listening –numeric-ports | grep "$jim_port")
echo "$listencheck" >> $logs
echo " " >> $logs
echo " " >> $logs
# This tails /var/log/jamf-im.log and hopefully catches the problem.
echo "LAST $jim_log_lines LINES OF THE JAMF-IM LOG" >> $logs
echo "——————————–" >> $logs
tail –"$jim_log_lines" /var/log/jamf-im.log >> $logs
echo " " >> $logs
echo " " >> $logs
SendToSlack "$logs" ${slack_webhook}
# Get rid of the files.
rm "$logs"
exit "$exit_error"

view raw

jim_report.sh

hosted with ❤ by GitHub

The install_jim_check_scripts_and_crontab.sh script is designed to install both the jim_check.sh and jim_report.sh scripts into /usr/local/bin and also set up a cronjob for regular running on the jim_check.sh script.


#!/bin/bash
# Create scripts to monitor and report on a Jamf Infrastructure Manager (JIM).
# You will need to define the following variables in the scripts being installed:
#
# jim_log_lines (currently set to 60)
# jim_port (currently set to 8636)
# slack_webhook (currently set to nothing)
# Create /usr/local/bin if it doesn't exist
if [[ ! -d /usr/local/bin ]]; then
/usr/bin/mkdir -p /usr/local/bin
fi
# Write jim_check and jim_report scripts into /usr/local/bin
cat > /usr/local/bin/jim_check.sh << 'JIMCheck'
#!/bin/bash
# Automatically restart the Jamf Infrastructure Manager (JIM) if it stops running
jim_port=8636
# Verify if the JIM is running on the assigned port.
listencheck=$(/bin/netstat -ln | /bin/grep ":$jim_port " | /usr/bin/wc -l)
# If the listencheck returns 0, then the JIM process is not running on its assigned port.
# Stop the process then restart the process and send a report via email.
if [[ "$listencheck" == 0 ]]; then
# Stop the JIM processes
service jamf-im stop
# Wait 5 seconds for JIM process to fully stop
sleep 5
# Start the JIM processes
service jamf-im start
# Pause for 10 seconds to allow the JIM process to start.
sleep 10
/usr/local/bin/jim_report.sh
fi
JIMCheck
cat > /usr/local/bin/jim_report.sh << 'JIMReport'
#!/bin/bash
# This script will send a specified number of the last lines
# of /var/log/jamf-im.log. To set the number of lines, use the
# jim_log_lines variable below.
#
# For example, setting the jim_log_lines as shown below will send
# the last 60 lines of the log:
#
# jim_log_lines=60
jim_log_lines=60
# Set the port number that the Jamf Infrastructure Manager is using
# to communicate with the Jamf Pro server.
jim_port=8636
# You'll need to set up a Slack webhook to receive the information being sent by the script.
# If you need help with configuring a Slack webhook, please see the links below:
#
# https://api.slack.com/incoming-webhooks
# https://get.slack.help/hc/en-us/articles/115005265063-Incoming-WebHooks-for-Slack
#
# Once a Slack webhook is available, the slack_webhook variable should look similar
# to this:
# slack_webhook="https://hooks.slack.com/services/XXXXXXXXX/YYYYYYYYY/ZZZZZZZZZZ&quot;
slack_webhook=""
# That should be it for the necessary configuration part. The rest can be pretty much as-is
# if your Jamf Infrastructure Manager is running on Linux.
name=$(hostname)
logs="/tmp/JIM-restart.txt"
ipaddress=$(ifconfig eth0 | grep "inet" | awk '{print $2}' | head -1)
# Set script exit status
exit_error=0
# Function for sending multi-line output to a Slack webhook. Original script from here:
#
# http://blog.getpostman.com/2015/12/23/stream-any-log-file-to-slack-using-curl/
SendToSlack(){
cat "$1" | while read LINE; do
(echo "$LINE" | grep -e "$3") && curl -X POST –silent –data-urlencode "payload={\"text\": \"$(echo $LINE | sed "s/\"/'/g")\"}" "$2";
done
}
# Give an introduction.
echo "———————————————————————–" >> $logs
echo "—– Hi. You are receiving this because the" >> $logs
echo "—– Jamf Infrastructure Manager restarted." >> $logs
echo "—– Report is for $name ($ipaddress). " >> $logs
echo "———————————————————————–" >> $logs
echo " " >> $logs
echo " " >> $logs
# This reports on the JIM process after the restart.
echo "REPORT ON JIM PROCESS" >> $logs
echo "——————————–" >> $logs
echo "PROCESS ID:" >> $logs
processcheck=$(ps aux | grep '[j]amf-im')
echo "$processcheck" >> $logs
echo " " >> $logs
echo "NETSTAT LISTENING CHECK:" >> $logs
listencheck=$(netstat –listening –numeric-ports | grep "$jim_port")
echo "$listencheck" >> $logs
echo " " >> $logs
echo " " >> $logs
# This tails /var/log/jamf-im.log and hopefully catches the problem.
echo "LAST $jim_log_lines LINES OF THE JAMF-IM LOG" >> $logs
echo "——————————–" >> $logs
tail -"$jim_log_lines" /var/log/jamf-im.log >> $logs
echo " " >> $logs
echo " " >> $logs
SendToSlack "$logs" ${slack_webhook}
# Get rid of the files.
rm "$logs"
exit "$exit_error"
JIMReport
# Set correct permissions on the jim_check
# and jim_report scripts
/bin/chmod 755 /usr/local/bin/jim_check.sh
/bin/chmod 755 /usr/local/bin/jim_report.sh
# Create root crontab entry to run database backup
# Export existing crontab
temp_crontab=/tmp/crontab_export
/bin/crontab -l > "$temp_crontab"
# Export new crontab entry to exported crontab file
/bin/echo "## Check JIM service every ten minutes to make sure it's running and restart it if it isn't." >> "$temp_crontab"
/bin/echo "*/10 * * * * /usr/local/bin/jim_check.sh 2>&1" >> "$temp_crontab"
# Install new cron file using exported crontab file
/bin/crontab "$temp_crontab"
# Remove exported crontab file
/bin/rm "$temp_crontab"

view raw

install_jim_check_scripts_and_crontab.sh

hosted with ❤ by GitHub

Categories: Active Directory, Jamf Infrastructure Manager, Jamf Pro, Linux
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: