NodePing Authentication with Microsoft Entra OpenID Connect

2024/11/20 by Leave a comment

NodePing supports OpenID Connect (OIDC) authentication, allowing you to leverage SSO and multi-factor authentication by using an authentication provider that supports them. We support Google and Microsoft OpenID authentication as well as (on Premiere plan accounts) custom OIDC providers.

In a previous blog post we shared how you can get started with using OIDC with NodePing using Keycloak. In this blog post, I will share with you how you can get Microsoft Entra set up to handle authentication for you with NodePing’s custom OIDC provider feature.

Entra User Configuration

Before configuring Entra to work with NodePing, it is important to make sure your users have the proper configuration. The NodePing contact must include the same email address as your user has in Entra. To ensure your email address in Entra is correct for your user, go to Identity -> Users -> All users. Select the user you want to update, click Edit properties and go to the Contact Information tab.

Ensure that the Email field matches the email that you have set for your NodePing contact. Note that if the email is present only in the “Other emails” section in Entra, logging into NodePing will fail. On the NodePing side, the contact records can have multiple emails, and the address from Entra just needs to be present as one of them.

Entra Admin Center

Head to the Entra Admin Center and in the left side panel go to Identity -> Applications -> App registrations. There, select “New registration” to create a new registration. Enter a name, such as “nodeping” and select the supported account types. In this example, I chose “Accounts in this organizational directory only”.

Set the Redirect URI https://app.nodeping.com/authredirect/<your-nodeping-account-id&gt; and select Web from the dropdown menu.

Next click “Register” at the bottom of the page.

Afterwards, go to “API permissions” and go down to the “Other permissions granted for” section. You should see a Microsoft Graph Permissions name labeled “email”. Click the 3 dot menu and choose “Add to configured permissions”.

You will be prompted to select “Yes, add”.

If the email permission isn’t in the “Other permission” section, select “Add a permission”, and in the right side panel that pops up select Microsoft Graph, then Delegated Permissions, and check the email checkbox in the OpenId permissions section below, and select “Add permissions”.

Following that, you will need to generate a secret. Go to “Certificates & secrets” and select “New client secret”. Give it a description and expiration according to your organizational needs. You will need the Value for the next step.

NodePing Custom OIDC Configuration

On NodePing, sign in and go to Account Settings -> OpenID Connect.

Here you will need:

  1. The Discovery URL
  2. The Client ID
  3. The Client Secret

The Discovery URL can be found in the Overview section, and selecting Endpoints. You will need the URL labeled “OpenID Connect metadata document”. Paste that into the Discovery URL. For the clientID, you need the Application (client) ID displayed in the overview page of your App registration you made on Entra. Lastly, the clientSecret that was generated earlier in the “Certificates & secrets” page in Entra. Note here that the clientSecret is the “Value,” a long string with special characters. There is also a “Secret ID” listed with the secret, but that is not what you need here.

Once complete, click save.

NodePing User Auth Types

Now, configure your NodePing user to sign in with custom OIDC. In NodePing’s webapp, go to Contacts -> List Contacts. Edit the contact you want to permit OIDC authentication with by selecting “Custom OIDC Authentication” as an allowed auth type and save the contact. This option will only be present for those who have a Premiere account. This NodePing contact will need the same email address that corresponds with the email address of the Entra user.

Logging In

To login to NodePing using Entra, visit https://app.nodeping.com/login/[your NodePing account id] and signed in there. This should direct you to Entra where you can sign in. If everything worked, you should be back at NodePing and signed in. Alternatively, on the login page, change the login method to “Custom OIDC Authentication” in the Login Method dropdown menu and enter your NodePing account ID there.

This blog post isn’t intended to address other policies or settings you may have to set up with Entra, or how to make policies for your users. This basic example configuration is a starting point toward integrating Entra with NodePing. Ensure that your configuration of users and other policies are in alignment with your organization’s requirements and adjust as necessary. For additional information, Microsoft provides some resources here and here to guide you through configuring OpenID Connect authentication with Entra.

If you don’t have a NodePing account yet, give it a try! We offer a free, no-obligation 15-day trial. The best way to see if NodePing meets your needs is to try it out.

Filed under OIDC, SSO, Using NodePing Tagged with , , , , , , ,

NodePing Authentication with Keycloak OpenID Connect

2024/09/10 by Leave a comment

NodePing supports OpenID Connect (OIDC) authentication, allowing you to leverage SSO and multi-factor authentication by using an authentication provider that supports them. We support Google and Microsoft OpenID authentication as well as custom OIDC providers.

In a previous blog post we shared how you can get started with using OIDC with NodePing. In this blog post, I will share with you how you can get Keycloak set up to handle authentication for you with NodePing’s custom OIDC provider feature.

Server Setup

When setting up Keycloak, I chose to install Keycloak on the current Ubuntu LTS, Ubuntu 24.04. I first made sure everything was up to date on the server, then I installed openjdk and postgresql:

$ apt install openjdk-21-jdk postgresql postgresql-contrib

Next, I created the keycloak user:

$ groupadd keycloak
$ useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak

I fetched the latest keycloak tarball and extracted it:

$ wget https://github.com/keycloak/keycloak/releases/download/25.0.4/keycloak-25.0.4.tar.gz
$ mkdir /opt/keycloak
$ tar -zxf keycloak-25.0.4.tar.gz --strip-components=1 -C keycloak/
$ chown -R keycloak: /opt/keycloak

If you have existing SSL certificates, place them on the server. In this tutorial, I am going to assume you already have certificates that Keycloak will use.

PostgreSQL

Next, a database needs to be created for Keycloak. Sign into the postgres user and use psql to access the database. Run these commands in postgres to create the database:

CREATE DATABASE keycloak;
CREATE USER keycloak WITH PASSWORD 'replace-this-with-a-good-password';
GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
\c keycloak
GRANT ALL ON SCHEMA public TO keycloak;

Keycloak Conf

Edit the /opt/keycloak/conf/keycloak.conf file:

db=postgres
db-username=keycloak
db-password=replace-this-with-a-good-password
db-url=jdbc:postgresql://localhost/keycloak
https-certificate-file=/path/to/cert/file.pem
https-certificate-key-file=/path/to/cert/file.key
hostname=example.com

Systemd Service Unit

Since this is on Ubuntu, I created a system unit file to make starting/stopping the server easy. I made this unit file at /etc/systemd/system/keycloak.service

[Unit]
Description=Keycloak Authorization Server
After=network.target

[Service]
User=keycloak
Group=keycloak
ExecStart=/opt/keycloak/bin/kc.sh --config-file=/opt/keycloak/conf/keycloak.conf start
ExecStop=/opt/keycloak/bin/kc.sh stop
Restart=always
RestartSec=3
Environment="KEYCLOAK_ADMIN=admin"
Environment="KEYCLOAK_ADMIN_PASSWORD=very-strong-admin-password"
[Install]
WantedBy=multi-user.target

Then start the server

$ systemctl daemon-reload
$ systemctl enable keycloak.service
$ systemctl start keycloak.service

Once the server is successfully started and you are able to login, go back and edit the keycloak.service file and remove the KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD environment variables, then run the above systemctl commands again to make sure everything is working well.

Configuring Keycloak

By default, Keycloak listens on port 8443 for secure connections. Up to this point, the example server would be accessed at https://example%5Bdot%5Dcom:8443.

Keycloak has a master realm for management of other realms. It is best to create another realm for users to have access to. Create a new realm by clicking the “Keycloak” dropdown menu in the upper left corner and select “Create realm”. I entered the name of the realm as NodePing for this example, but it can be anything. Then I selected “Create” and went to the new realm.

Follow the documentation to create a new user.

Create a Client

To have Keycloak authenticate with NodePing, a new Client needs to be created that can handle all the proper communications. Go to the Clients page and click “Create client”.

Fill out the first page of the new client. The client ID and name can be anything. The Client ID entered here will be part of configuring NodePing.

Click next. On page 2, set “Client authentication” to On.

Here, only “Valid redirect URIs” needs a value. It should look like this:

https://app.nodeping.com/authredirect/[your NodePing account id]

Select “Save”. Keycloak is ready to use with NodePing.

NodePing Custom OIDC Configuration

On NodePing, sign in and go to Account Settings -> OpenID Connect

Here, I need:

  1. The Discovery URL
  2. The Client ID
  3. The Client Secret

The Discovery URL can be found in the “Realm Settings” page. Go down to the Endpoints section. Copy the URL named “OpenID Endpoint Configuration”. It should look something like https://example[dot]com:8443/realms/NodePing/.well-known/openid-configuration.

The Client ID is what I entered on the first configuration page when creating the Client. I called it “nodeping”.

Lastly, I need the secret. This is found in the Client information. Go back to Clients -> nodeping -> Credentials. The Client Secret is there. Paste it into the clientSecret section in NodePing and select Save.

NodePing User Auth Types

Now, I can configure a user to sign in with custom OIDC. In NodePing’s webapp, go to Contacts -> List Contacts. I edited the contact I want to permit OIDC authentication with by selecting “Custom OIDC Authentication” as an allowed auth type and saved my contact. This NodePing contact will need the same email address that corresponds with the email address of the Keycloak user.

Next I have to go to a different URL to do my custom OIDC sign in. I visited https://app.nodeping.com/login/[your NodePing account id] and signed in there. This should direct me to Keycloak where I can sign in. If everything worked, I should be back at NodePing and signed in. Alternatively, on the login page I can change the login method to “Custom OIDC Authentication” in the Login Method dropdown menu and enter my NodePing account ID there.

If you run into any troubles, you can reference the previous blog post for information. Additional information is provided in the custom OpenID Connect page to know what information you need to provide and how to login. If any issues arise in configuring Keycloak, Keycloak has a comprehensive server administration guide available.

If you don’t have a NodePing account yet, give it a try! We offer a free, no-obligation 15-day trial. The best way to see if NodePing meets your needs is to try it out.

Filed under OIDC, SSO, Using NodePing Tagged with , ,

NodePing OpenID Connect Authentication

2024/08/20 by Leave a comment

NodePing supports OpenID Connect (OIDC) authentication, allowing you to leverage SSO and multi-factor authentication by using an authentication provider that supports them. We support Google and Microsoft OpenID authentication as well as custom OIDC providers.

loginLogging in with Google and Microsoft’s general OpenID authentication is available to all accounts. To get started, select Google or Microsoft from the “Login Method” dropdown on our Login page and follow the prompts. The primary requirement for using OIDC to access your NodePing account is that the email address reported by Google or Microsoft matches one of the email addresses listed in your NodePing contact. NodePing contacts can include multiple email addresses, and any of these can be used to login. If you use different email addresses for your OpenID services, simply add those addresses to the appropriate contact in NodePing as the first step.

For Premier plan accounts, we also support custom OIDC providers. This is particularly useful for integrating with your company’s Microsoft Entra setup, where Microsoft includes the tenant ID in the OIDC discovery URL. NodePing supports any OIDC provider that can deliver an authentication response based on a discovery URL, client ID, and secret. These settings are provided by the third-party OIDC provider and can be configured in NodePing under Account Settings > OpenID Connect. Once these settings are configured, users can log in to NodePing by selecting “Custom OIDC Authentication” from the Login Method dropdown on our Login page and entering your NodePing account ID, or by visiting https://app.nodeping.com/login/[your NodePing account id]. If your provider requires you to specify the redirect URL, that should be https://app.nodeping.com/authredirect/[your NodePing account id].

For both general and custom OIDC authentication, the only permission NodePing requires from the OIDC provider account is access to your email address, which must be present on your NodePing contact. NodePing does not request or use any additional information from the OIDC provider. If you are configuring OIDC with a third-party provider, ensure that you do not grant any additional access. For custom OIDC setups, it’s important to restrict access to only our domains or URLs.

Once your OIDC integration is set up, you may want to require your NodePing contacts to use SSO login. This can be configured individually for each contact. Go to Contacts, click Edit for the relevant contact, set the Allowed Auth Types, and then click Save.

If you don’t have a NodePing account yet, give it a try! We offer a free, no-obligation 15-day trial. The best way to see if NodePing meets your needs is to try it out.

Filed under SSO Tagged with , ,

Probe Server Removal [NV]

2024/07/30 by Leave a comment

The following probe server will be removed immediately:

Las Vegas, Nevada (NV) – USA
(72.46.131.14 / 2605:6f80:0:d::100)

Please adjust your firewalls appropriately if you whitelist.

An always current and updated list of all the IP addresses for our probe servers can be found in the FAQ, a text file, and via DNS query, probes.nodeping.com.

Filed under Announcement, IP Change Tagged with ,

Probe Server Addition [TX] and Change [BR]

2024/07/02 by Leave a comment

The following probe server will be added to the North America region on 2024/07/09:

Dallas, Texas (TX) – USA
(38.114.122.106 / 2604:86c0:4001:2::2)

Additionally, we are changing the following probe server on 2024/07/09:

Sao Paulo, Brazil (BR) – BR
(54.232.120.40 / 2600:1f1e:c8d:1c11::100)
will change to
(148.163.220.117 / 2607:f740:1::c85)

Please adjust your firewalls appropriately if you whitelist so your checks do not fail because of the probe IP address changes.

An always current and updated list of all the IP addresses for our probe servers can be found in the FAQ, a text file, and via DNS query, probes.nodeping.com.

[UPDATE – 2024-07-09 12:40GMT-7] – IP changes complete.

Filed under Announcement, IP Change Tagged with , ,

Probe Server Addition [CH] Change [NY] and Removal [TX]

2024/05/30 by Leave a comment

The following probe server will be added to the Europe region on 2024/06/06:

Zurich, Switzerland (CH) – CH
(23.166.88.115 / 2604:86c0:f401:3::2)

Additionally, we are changing the following probe server on 2024/06/06:

New York City, New York (NY) – USA
(185.43.108.84 / 2a01:6c60:1003::2e6a)
will change to
(169.197.141.113 / 2604:86c0:3001:10::2)

Lastly, we are also removing the following probe server from the North America region on 2024/06/06:

Dallas, Texas (TX) – USA
(163.123.204.130 / 2604:fbc0:3f:0:25:90ff:fea5:555c)

Please adjust your firewalls appropriately if you whitelist so your checks do not fail because of the probe IP address changes.

An always current and updated list of all the IP addresses for our probe servers can be found in the FAQ, a text file, and via DNS query, probes.nodeping.com.

[UPDATE – 2024-06-06 14:11GMT-7] – IP changes complete.

Filed under Announcement, IP Change Tagged with , , ,

A NodePing UI Refresh, Finally

2024/05/29 by Leave a comment

For the first time since our launch in 2011, NodePing is rolling out a major user interface update. We’ve continually added features over the years, but now, after 13 years, we’re introducing a completely revamped UI to enhance your experience. At the same time, the UI Refresh also brings a number of often-requested feature enhancements.

Why the Change?

Aside from the obvious fact that the old one looks like it was designed in 2011, our new UI is designed to streamline your workflow and improve usability, and scale better for handle large numbers of checks more easily. That will be particularly important for our customers with thousands of checks.

While the visual design has been updated this isn’t just a visual change. We have taken advantage of the opportunity to add or enhance several features, and implement some features previously only accessible through our API.

Some New Features at a Glance:

  • Dark Mode: For us sysadminy-types that dwell in low light!
  • API Key Management: Easily manage API keys (available on plans with API access).
  • Audit Logging: Keep track of all activities with audit logs (Premiere plan – 60 days retention).
  • Check Tags: Group your checks with customizable tags.
  • Contact Notification Suppression: Disable messages types on a contact method level.
  • Location Templates: Create your own “regions” with location templates.
  • Data Export: Export data easily from most list types.
  • Improved Authentication: Use Google and Microsoft OpenID Connect, plus support for custom OIDC setups (Premiere plan).

We Want Your Feedback

Your input is crucial to us. Let us know your thoughts on performance, user experience, and functionality. And if you happen across a bug, please let us know at support@nodeping.com.

Not a NodePing User Yet?

Sign up now for a 15-day free trial—no credit card required. Experience NodePing’s powerful monitoring with our enhanced user interface.

Filed under Announcement, Using NodePing Tagged with

The New nodepingpy Python Package

2024/03/28 by Leave a comment

NodePing has offered a Python library over the years to support convenient usage with our API in your Python projects. Since our current Python package, nodeping-api, was released, Python 2 has become deprecated and Python 3 has made additions. While looking at using some of those additions and the deprecation of Python 2, we decided it would be better to rewrite a whole new package with an improved design instead of improving the old one. Some improvements include:

  • Using dataclasses where convenient for data being submitted to the API
  • Consistent design across the different modules
  • Changed docstrings to Google Style docstrings from Sphinx style
  • Typing used throughout the package

Like the nodeping-api package, nodepingpy provides feature parity with the NodePing API and can do the following, and more:

  • List, create, update, and delete checks
  • Manage contacts
  • Manage contact groups
  • Manage schedules
  • Get check results and uptime
  • Get notification information
  • Get probe information

You can get the code from our GitHub repository or install it from PyPi via pip. Examples are provided in the README as well as useful information provided by the docstrings that will be shown by your text editor’s completion menus.

Installation

To install nodepingpy, you can use the pip package manager:

python3 -m pip install nodepingpy

Examples

Below I will provide a few code snippets to demonstrate how you can use the nodepingpy package to manage your NodePing account via our API.

Get a list of failing checks:

# -*- coding: utf-8 -*-

from pprint import pprint
from nodepingpy import checks


def main():
    """Get failing checks."""

    token = "my-secret-token"
    failing = checks.get_failing(token)

    pprint(failing)


if __name__ == "__main__":
    main()

With the output from the API:

{'202306261809OGK26-HM723FI3': {'_id': '202306261809OGK26-HM723FI3',
                                'created': 1711487757004,
                                'customer_id': '202306261809OGK26',
                                'enable': 'active',
                                'firstdown': 1711487850335,
                                'interval': 1,
                                'label': 'Test Check',
                                'modified': 1711487833733,
                                'mute': False,
                                'parameters': {'sens': 2,
                                               'target': 'sholudfail.example.com',
                                               'threshold': 5},
                                'queue': 'txWlac7EdV',
                                'runlocations': False,
                                'state': 0,
                                'status': 'assigned',
                                'type': 'PING'}}

The following example will create an HTTP check targeted at ‘https://nodeping.com&#8217;:

# -*- coding: utf-8 -*-

from pprint import pprint
from nodepingpy import checks
from nodepingpy.nptypes import checktypes


def main():
    """Create an HTTP check."""

    token = "my-secret-token"
    args = checktypes.HttpCheck(
        "https://example.com", label="Check NodePing", interval=3, runlocations="nam"
    )
    result = checks.create_check(token, args)

    pprint(result)


if __name__ == "__main__":
    main()

The check was created and I received this from the API as a response:

{'_id': '202306261809OGK26-FFLHP1UX',
 'autodiag': False,
 'change': 1711488209387,
 'created': 1711488209387,
 'customer_id': '202306261809OGK26',
 'dep': False,
 'enable': 'inactive',
 'homeloc': False,
 'interval': 3,
 'label': 'Check NodePing',
 'modified': 1711488209387,
 'mute': False,
 'parameters': {'follow': False,
                'ipv6': False,
                'sens': 2,
                'target': 'https://example.com/',
                'threshold': 5},
 'public': False,
 'runlocations': ['nam'],
 'status': 'modified',
 'type': 'HTTP',
 'uuid': 'vo5r82j8-twkq-4553-8d0t-02wlfhlgy2x7'}

Lastly, an example of creating a contact on your account:

# -*- coding: utf-8 -*-

from pprint import pprint
from nodepingpy import contacts

from nodepingpy import contacts


def main():
    """Create a NodePing account contact."""

    token = "my-secret-token"
    name = "Bob Alice"
    custrole = "edit"
    customerid = "202306261809OGK26"
    newaddresses = [
        {"address": "me@email.com", "type": "email"},
        {"address": "5551238888", "type": "sms"},
    ]
    result = contacts.create(token, customerid, custrole, name, newaddresses)

    pprint(result)


if __name__ == "__main__":
    main()

And the response I received from the API:

 'addresses': {'0CCJ3QUK': {'accountsuppressall': False,
                            'address': 'me@email.com',
                            'type': 'email'},
               '0CIIIE7K': {'accountsuppressall': False,
                            'address': '5551238888',
                            'type': 'sms'}},
 'customer_id': '202306261809OGK26',
 'custrole': 'edit',
 'name': 'Bob Alice',
 'sdomain': 'nodeping.com',
 'type': 'contact'}

This is only a small part of what the library can do, and the documentation is detailed to get you started on integrating NodePing into your Python project. Give it a try and see how you can improve your uptime monitoring in your Python projects. This code is free and available to download. We encourage pull requests for new features so if you make changes or have requests, feel free to share.

If you aren’t using NodePing yet, you can sign up for a free, 15-day trial and test out monitoring your services today and take advantage of our API in your own Python projects.

Filed under Announcement, api Tagged with ,

Monitoring Cron Jobs

2024/01/02 by Leave a comment

NodePing makes monitoring your cron jobs easy with our PUSH checks. Each time your server runs a cron job, you can also have that cron job send results to NodePing to track successes and failures. Ensuring cron jobs are running properly is crucial to reliable operations. It is good to know if the cron jobs on your servers are running as you would expect, and receive alerts when they aren’t.

PUSH checks rely on basic HTTP POST requests to NodePing, which lets you submit data to give you insights into your systems. This method provides a lot of flexibility, since PUSH checks have the option to track numeric values.

Getting Started

To get started, I need to think about the cron jobs that are important to me so I can decide which cron jobs I want to monitor. Most commonly, I like to submit results with backups that I automate. I have a variety of options with how I can integrate my cron jobs for backups with NodePing PUSH monitors. For example:

  1. Insert the heartbeat into a script
  2. Use NodePing’s premade PUSH clients

First, I’m going to create the check for my cron job monitor. I set a label that is easy for me to recognize, set the check type to PUSH. I have a single field I will call “backups” with min/max values of 0 and I also set the check frequency to one day, since this is a daily backup. I set my min/max values to 0 since my backup program returns an exit code of 0 on successful backup, and anything else is some sort of failure. NodePing will see the 0 and mark the check as passing, or if my backup program returns something other than 0, NodePing will mark the check as failing and send me notifications.

After creating that check, I open the check drawer so I can see my ID for the check and Checktoken. I will be using this information in my cron job.

Insert the Heartbeat Into a Script

My first option is that I can add submitting results to an already existing script. I use a program such as curl, netcat, wget, or openssl to do my HTTP POST. I can either insert the one liner at the end of my script and have it POST the same data every time, or, if the job fails, I can write my script to submit a pass or fail value, which I am doing in my backup example using ‘curl’. Below is a snippet of my backup script called do_backup.sh:

#!/usr/bin/env sh

# do backup
...

# Use backup tool's exit codes to decide success/failure
complete=$(echo $?)

curl -X POST -H "Content-Type: application/json" --data "{\"data\":{\"backups\":$complete}}" 'https://push.nodeping.com/v1?id=202306261809OGK26-3IQZJE0H&checktoken=OZS4N4G2-7A6U-4N86-8PV0-067F25B7TFHO'

In my curl command, I submitted the $complete variable’s value to NodePing. When I submit the value 0, the check is marked as passing by NodePing. However, if my backup utility exited with a code of 1, curl would submit that 1 to the NodePing PUSH check, and it would be marked as failing since I configured the check to pass only when the value is 0. This way, I will get a notification right away when a cron monitor fails or starts passes again. My cron job for my backup script runs every day at 1am:

0 1 * * * /bin/sh /usr/local/bin/do_backup.sh

If you do not wish to use curl, you can use something like netcat, wget, or openssl:

With netcat-openbsd

BODY=”{\”data\”:{\”backups\”:$complete}}”
BODY_LEN=$(echo -n “$BODY” | wc -c)

echo -ne “POST /v1?id=202306261809OGK26-3IQZJE0H&checktoken=OZS4N4G2-7A6U-4N86-8PV0-067F25B7TFHO HTTP/1.1\r\nHost: push.nodeping.com\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}” | nc -c push.nodeping.com 443

With openssl

BODY="{\"data\":{\"backups\":$complete}}"
BODY_LEN=$(echo -n "$BODY" | wc -c)

echo -ne "POST /v1?id=202306261809OGK26-3IQZJE0H&checktoken=OZS4N4G2-7A6U-4N86-8PV0-067F25B7TFHO HTTP/1.1\r\nHost: push.nodeping.com\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}" | openssl s_client -connect push.nodeping.com:443

And with wget

wget -q -O- --post-data "{\"data\": {\"backups\":$complete}}" 'https://push.nodeping.com/v1?id=202306261809OGK26-3IQZJE0H&checktoken=OZS4N4G2-7A6U-4N86-8PV0-067F25B7TFHO'

NodePing’s Premade PUSH Clients

On GitHub, NodePing provides a repository with premade clients and modules to get started. NodePing currently provides POSIX shell, Python, and PowerShell client scripts. The premade client gives me the option to create my own module and export the data without having to worry about how to write the HTTP POST part. This means I can submit results, like above, by modifying an existing script to work as a PUSH module. I will create a module with the POSIX client, and modify my script to work with the client.

Configuring the Client

I visited the GitHub page to download a zip file or I can use git to fetch the code directly using the following command:

$ git clone https://github.com/NodePing/PUSH_Clients.git

I then made a copy of the POSIX client. A convention I tend to follow is to create a folder named something like “backup_cron_job_202306261809OGK26-3IQZJE0H” where the name is the label of the PUSH check in NodePing and the check ID that is generated when the check is created.

I created the folders and copied the contents of the POSIX client with these commands:

$ mkdir -p push_clients/backup_cron_job_202306261809OGK26-3IQZJE0H
$ cd push_clients/backup_cron_job_202306261809OGK26-3IQZJE0H
$ cp -r ~/PUSH_Clients/POSIX/NodePingPUSHClient/* ./

The contents are now in the backup_cron_job folder. In the modules folder I created a folder and file called “backups”

~/../backup_cron_job_202306261809OGK26-3IQZJE0H $ mkdir modules/backups
~/../backup_cron_job_202306261809OGK26-3IQZJE0H $ touch modules/backups/backups.sh

The script would contain this snippet:

#!/usr/bin/env sh

# do backup
...

# Use backup tool's exit codes to decide success/failure
complete=$(echo $?)

echo "{\"backups\":$complete}"

The client will handle submitting this result for you. In the moduleconfig file, I removed the default contents and added backups to the file

I added my checkid and checktoken to NodePingPUSH.sh file

Lastly, I made the NodePingPUSH.sh script and my backups/backups.sh script executable. When I run the NodePingPUSH.sh script, it will run my backup, then submit a success or failure to NodePing. After making sure it worked right, I added the client to my crontab to run my backup at 1am, just as before, but using the PUSH client

0 1 * * * /bin/sh /home/backupuser/push_clients/backup_cron_job_202306261809OGK26-3IQZJE0H/NodePingPUSH.sh -l

I added the -l to the end of my cron job to let the client log the successes and failures locally as well.

Conclusion

There is a lot of flexibility with NodePing’s PUSH checks that allows me to monitor my cron jobs. I showed you how I can insert an HTTP POST request into my existing scripts that I run via cron, or I can use the NodePing PUSH clients (or write my own in another language if I chose). Cron job monitoring is possible with any language too, and is not limited to shell scripts. PUSH checks are a very versatile tool NodePing offers, and it can go far beyond monitoring cron jobs.

If you don’t yet have a NodePing account, feel free to try out our 15-day, free trial and get started, having the assurance that your cron jobs are running, and get notified when they are not.

Filed under Monitoring, PUSH, Using NodePing Tagged with ,

Integrate NodePing Alerts with Matrix

2023/10/31 by Leave a comment

In this post, I will show you how you can get NodePing webhook alerts integrated with a Matrix server. In this demonstration, I will be focusing on the matrix-synapse server and Element client, namely, Element’s hosted web client for configuring Matrix to receive NodePing alerts. Matrix comes with some SDKs that can be used to more programmatically handle events and create bots, but I want to provide an option that doesn’t take much effort to set up.

To get started, I created a new account on my home server. This account will be the one that is receiving the webhooks and sending messages to the room. Think of it as a bot, and not a user to use on the daily. I followed the instructions from the synapse documentation to create a new user. For security purposes, I run a home server with registration disabled. I chose the alternate method of running `register_new_matrix_user` to create the new user, that way I did not have to enable registration on my server.

Now that I have the new user created, I signed into Element with the account I created and proceeded to create a private room.

I made the room invite only, and left end-to-end encryption enabled, though end-to-end encryption is optional. After the room is created, I invited the users to the group that I wanted to receive the alerts.

Creating the Webhook Contact

Now that I have my notifications user in place and users invited to the room, it is time to integrate Matrix with NodePing. I need 2 pieces of information:

  1. The room ID
  2. The “bot” user’s access token

Getting the Room ID

The Room ID is created when the room was created. I need to go to the settings menu for that room to get the ID. First, I click on the room’s 3-dot button so I can go to settings

Then, I go to Advanced to get the Internal room ID

Next, I need to get the Access Token for my user. This is a secret token you do not want to share with anyone. However, it will be used as part of my webhook contact. I went to the quick settings menu for my user that will be sending the NodePing alerts and selected “More options”:

I went to the Help & About menu and scrolled down to the bottom to get to the Access Token section. I copied the access token out. I also made note of the Homeserver mentioned below in the Advanced section. The Homeserver, Access Token, and Room ID are going to be needed in the next step to create the webhook.

Creating the Contact

Next, I signed into my NodePing account and selected Contacts, and Add new contact:

I gave my contact a name. Then I clicked the dropdown menu and selected Webhook. That shows another dropdown for Preset Services. I chose Matrix and clicked Apply Template. The default URL should be something like:

https://matrix.org/_matrix/client/r0/rooms/%5Byour encoded internal room id]/send/m.room.message

I am not using the default https://matrix.org home server, so I changed that. However, if you are using the default home server, keep matrix.org. Next I need to replace [your encoded internal room id] with the Room ID. The Room ID needs to be URI encoded. The “!” needs to be changed to “%21” and the “:” to “%3A”, like below

!abcde123456789:matrix.org

%21abcde123456789%3Amatrix.org

The final URL will look something like this:

https://matrix.org/_matrix/client/r0/rooms/%21abcde123456789%3Amatrix.org/send/m.room.message

Next I went to the Headers tab. There is a value with [YOUR AUTH HERE] in the Authorization header that needs to be replaced with the access token. I pasted in my access token. I kept the Body as the default. With the homeserver correctly set, the room ID in the POST URL, and the Authorization header set, I saved the check.

I created a check that I knew would fail intentionally and assigned the Matrix contact to the check and let it fail so I could get the alert and ensure it is working properly.

This confirms that the contact works, and now I can start assigning this contact method to my checks.

Some Useful Uses

Using with Notification Profiles

One thing I like to do is have two identical contact methods, but in one I add “IMPORTANT” to the body like below

{"body": "NodePing IMPORTANT: – {label}: {type} is {event}","msgtype": "m.text"}

This lets me do some tricks with notification schedules and notification sounds in Element. Maybe for some checks, I want to get notifications all the time, but I do not want the sound alert on my phone at certain times of the day. On my checks I have my Matrix contact that does not have “IMPORTANT” in the message send a notification all the time. However, the one that has “IMPORTANT” in the message will send on a certain schedule. In the Notifications settings on Element I created a keyword “IMPORTANT”, and then on the room I set notifications to only happen with Mentions & Keywords. That way, the messages sending all the time will not send an audible notification, but the messages with “IMPORTANT” will send me an audible notification.

Communicating About Incidents

With the Threads feature, when there is an incident, I can start a thread on that notification and communicate with the team about that incident, or I can make comments on the incident for future reference. This allows for convenient communication about an incident while not spamming the timeline where alerts are being displayed.

If you need help getting things working right, please let us know at support@nodeping.com.  If you don’t yet have a NodePing account, please sign up for our free 15-day trial.

Filed under NodePing, Notifications, Using NodePing Tagged with ,

Older posts

Newer posts