summaryrefslogtreecommitdiff
path: root/manifests/agent
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-05-24 10:19:41 -0400
committerMicah <micah@leap.se>2016-05-24 10:19:41 -0400
commitc9d50f333a81c716f3e227e9eb449dc76b6eb6e3 (patch)
tree1a09a2775045f854000f6cba5ee4efb2c3a802b2 /manifests/agent
Squashed 'puppet/modules/check_mk/' content from commit aa02571
git-subtree-dir: puppet/modules/check_mk git-subtree-split: aa02571537af90ac73309e6e216c9417802548c3
Diffstat (limited to 'manifests/agent')
-rw-r--r--manifests/agent/config.pp59
-rw-r--r--manifests/agent/generate_sshkey.pp70
-rw-r--r--manifests/agent/install.pp70
-rw-r--r--manifests/agent/install_local.pp12
-rw-r--r--manifests/agent/local_checks.pp11
-rw-r--r--manifests/agent/mrpe.pp19
-rw-r--r--manifests/agent/ps.pp17
-rw-r--r--manifests/agent/register.pp8
-rw-r--r--manifests/agent/service.pp8
9 files changed, 274 insertions, 0 deletions
diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp
new file mode 100644
index 00000000..8ee5f185
--- /dev/null
+++ b/manifests/agent/config.pp
@@ -0,0 +1,59 @@
+class check_mk::agent::config (
+ $ip_whitelist = '',
+ $port,
+ $server_dir,
+ $keydir,
+ $authdir,
+ $authfile = undef,
+ $use_cache,
+ $user,
+ $method = 'xinetd',
+ $generate_sshkey = false,
+ $sshuser = undef,
+ $hostname = $::fqdn
+) {
+ if $use_cache {
+ $server = "${server_dir}/check_mk_caching_agent"
+ } else {
+ $server = "${server_dir}/check_mk_agent"
+ }
+
+ case $method {
+ 'xinetd': {
+ if $ip_whitelist {
+ $only_from = join($ip_whitelist, ' ')
+ } else {
+ $only_from = undef
+ }
+
+ file { '/etc/xinetd.d/check_mk':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ content => template('check_mk/agent/check_mk.erb'),
+ require => Package['check_mk-agent','check_mk-agent-logwatch'],
+ notify => Class['check_mk::agent::service'],
+ }
+ }
+
+ 'ssh': {
+ if $generate_sshkey {
+ check_mk::agent::generate_sshkey { "check_mk_key_${hostname}":
+ keydir => $keydir,
+ authdir => $authdir,
+ authfile => $authfile,
+ sshuser => $sshuser,
+ hostname => $hostname
+ }
+ }
+
+ # make sure the xinetd method is not configured
+ file { '/etc/xinetd.d/check_mk':
+ ensure => absent;
+ }
+ }
+
+ default : {}
+ }
+}
diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp
new file mode 100644
index 00000000..b00271f5
--- /dev/null
+++ b/manifests/agent/generate_sshkey.pp
@@ -0,0 +1,70 @@
+define check_mk::agent::generate_sshkey (
+ # dir on the check-mk-server where the collected key pairs are stored
+ $keydir,
+ # user/group the key should be owned by on the check-mk-server
+ $keyuser = 'nagios',
+ $keygroup = 'nagios',
+ # dir on the check-mk-agent where the authorized_keys file is stored
+ $authdir,
+ # name of the authorized_keys file
+ $authfile = undef,
+ # dir on the puppetmaster where keys are stored
+ # FIXME: need a way to ensure this dir is setup on the puppetmaster correctly
+ #$ssh_key_basepath = "${common::moduledir::module_dir_path}/check_mk/keys",
+ # for now use a dir we know works
+ $ssh_key_basepath = '/etc/puppet/modules/check_mk/keys',
+ # user on the client the check_mk server will ssh to, to run the agent
+ $sshuser = 'root',
+ $hostname = $::fqdn,
+ $check_mk_tag = 'check_mk_sshkey'
+){
+
+ # generate check-mk ssh keypair, stored on puppetmaster
+ $ssh_key_name = "${hostname}_id_rsa"
+ $ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}")
+ $public = split($ssh_keys[1],' ')
+ $public_type = $public[0]
+ $public_key = $public[1]
+ $secret_key = $ssh_keys[0]
+
+ # if we're not root we need to use sudo
+ if $sshuser != 'root' {
+ $command = 'sudo /usr/bin/check_mk_agent'
+ } else {
+ $command = '/usr/bin/check_mk_agent'
+ }
+
+ # setup the public half of the key in authorized_keys on the agent
+ # and restrict it to running only the agent
+ if $authdir or $authfile {
+ # if $authkey or $authdir are set, override authorized_keys path and file
+ # and also override using the built-in ssh_authorized_key since it may
+ # not be able to write to $authdir
+ sshd::ssh_authorized_key { $ssh_key_name:
+ type => 'ssh-rsa',
+ key => $public_key,
+ user => $sshuser,
+ target => "${authdir}/${authfile}",
+ override_builtin => true,
+ options => "command=\"${command}\"";
+ }
+ } else {
+ # otherwise use the defaults
+ sshd::ssh_authorized_key { $ssh_key_name:
+ type => 'ssh-rsa',
+ key => $public_key,
+ user => $sshuser,
+ options => "command=\"${command}\"";
+ }
+ }
+
+ # resource collector for the private half of the keys, these end up on
+ # the check-mk-server host, and the user running check-mk needs access
+ @@file { "${keydir}/${ssh_key_name}":
+ content => $secret_key,
+ owner => $keyuser,
+ group => $keygroup,
+ mode => '0600',
+ tag => $check_mk_tag;
+ }
+}
diff --git a/manifests/agent/install.pp b/manifests/agent/install.pp
new file mode 100644
index 00000000..5c0b56ef
--- /dev/null
+++ b/manifests/agent/install.pp
@@ -0,0 +1,70 @@
+class check_mk::agent::install (
+ $version = '',
+ $filestore = '',
+ $workspace,
+ $agent_package_name,
+ $agent_logwatch_package_name,
+ $method = 'xinetd',
+) {
+ if $method == 'xinetd' {
+ if ! defined($require_method) {
+ package { 'xinetd':
+ ensure => latest,
+ }
+ }
+ $require_method = 'Package[\'xinetd\']'
+ } else {
+ $require_method = undef
+ }
+
+ if $filestore {
+ if ! defined(File[$workspace]) {
+ file { $workspace:
+ ensure => directory,
+ }
+ }
+ file { "${workspace}/check_mk-agent-${version}.noarch.rpm":
+ ensure => latest,
+ source => "${filestore}/check_mk-agent-${version}.noarch.rpm",
+ require => $require_method,
+ }
+ file { "${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm":
+ ensure => latest,
+ source => "${filestore}/check_mk-agent-logwatch-${version}.noarch.rpm",
+ require => $require_method,
+ }
+ package { 'check_mk-agent':
+ ensure => latest,
+ provider => 'rpm',
+ source => "${workspace}/check_mk-agent-${version}.noarch.rpm",
+ require => File["${workspace}/check_mk-agent-${version}.noarch.rpm"],
+ }
+ package { 'check_mk-agent-logwatch':
+ ensure => latest,
+ provider => 'rpm',
+ source => "${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm",
+ require => [
+ File["${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm"],
+ Package['check_mk-agent'],
+ ],
+ }
+ }
+ else {
+ if $version {
+ $agent_package_version = $version
+ } else {
+ $agent_package_version = latest
+ }
+
+ package { 'check_mk-agent':
+ ensure => $agent_package_version,
+ name => $agent_package_name,
+ require => $require_method,
+ }
+ package { 'check_mk-agent-logwatch':
+ ensure => $agent_package_version,
+ name => $agent_logwatch_package_name,
+ require => Package['check_mk-agent'],
+ }
+ }
+}
diff --git a/manifests/agent/install_local.pp b/manifests/agent/install_local.pp
new file mode 100644
index 00000000..7238440f
--- /dev/null
+++ b/manifests/agent/install_local.pp
@@ -0,0 +1,12 @@
+define check_mk::agent::install_local($source=undef, $content=undef, $ensure='present') {
+ @file { "/usr/lib/check_mk_agent/local/${name}" :
+ ensure => $ensure,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ content => $content,
+ source => $source,
+ tag => 'check_mk::local',
+ require => Package['check-mk-agent'],
+ }
+}
diff --git a/manifests/agent/local_checks.pp b/manifests/agent/local_checks.pp
new file mode 100644
index 00000000..04896b0a
--- /dev/null
+++ b/manifests/agent/local_checks.pp
@@ -0,0 +1,11 @@
+class check_mk::agent::local_checks{
+ file { '/usr/lib/check_mk_agent/local':
+ ensure => directory,
+ source => [
+ 'puppet:///modules/site_check_mk/agent/local_checks/all_hosts',
+ 'puppet:///modules/check_mk/agent/local_checks/all_hosts' ],
+ recurse => true,
+ require => Package['check_mk-agent'],
+ }
+
+}
diff --git a/manifests/agent/mrpe.pp b/manifests/agent/mrpe.pp
new file mode 100644
index 00000000..5bc5f331
--- /dev/null
+++ b/manifests/agent/mrpe.pp
@@ -0,0 +1,19 @@
+class check_mk::agent::mrpe {
+ # check_mk can use standard nagios plugins using
+ # a wrapper called mrpe
+ # see http://mathias-kettner.de/checkmk_mrpe.html
+ # this subclass is provided to be included by checks that use mrpe
+
+ # FIXME: this is Debian specific and should be made more generic
+ if !defined(Package['nagios-plugins-basic']) {
+ package { 'nagios-plugins-basic':
+ ensure => latest,
+ }
+ }
+
+ # ensure the config file exists, individual checks will add lines to it
+ file { '/etc/check_mk/mrpe.cfg':
+ ensure => present,
+ require => Package['check-mk-agent']
+ }
+}
diff --git a/manifests/agent/ps.pp b/manifests/agent/ps.pp
new file mode 100644
index 00000000..67a999f5
--- /dev/null
+++ b/manifests/agent/ps.pp
@@ -0,0 +1,17 @@
+define check_mk::agent::ps (
+ # procname and levels have defaults in check_mk::ps
+ $procname = undef,
+ $levels = undef,
+ # user is optional
+ $user = undef
+) {
+
+ @@check_mk::ps { "${::fqdn}_${name}":
+ desc => $name,
+ host => $::fqdn,
+ procname => $procname,
+ user => $user,
+ levels => $levels,
+ tag => 'check_mk_ps';
+ }
+}
diff --git a/manifests/agent/register.pp b/manifests/agent/register.pp
new file mode 100644
index 00000000..46cdeaee
--- /dev/null
+++ b/manifests/agent/register.pp
@@ -0,0 +1,8 @@
+class check_mk::agent::register (
+ $host_tags = '',
+ $hostname = $::fqdn
+) {
+ @@check_mk::host { $hostname:
+ host_tags => $host_tags,
+ }
+}
diff --git a/manifests/agent/service.pp b/manifests/agent/service.pp
new file mode 100644
index 00000000..0f707082
--- /dev/null
+++ b/manifests/agent/service.pp
@@ -0,0 +1,8 @@
+class check_mk::agent::service {
+ if ! defined(Service['xinetd']) {
+ service { 'xinetd':
+ ensure => 'running',
+ enable => true,
+ }
+ }
+}