diff options
author | Micah <micah@leap.se> | 2016-05-24 10:19:41 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-05-24 10:19:41 -0400 |
commit | c9d50f333a81c716f3e227e9eb449dc76b6eb6e3 (patch) | |
tree | 1a09a2775045f854000f6cba5ee4efb2c3a802b2 /manifests/agent |
Squashed 'puppet/modules/check_mk/' content from commit aa02571
git-subtree-dir: puppet/modules/check_mk
git-subtree-split: aa02571537af90ac73309e6e216c9417802548c3
Diffstat (limited to 'manifests/agent')
-rw-r--r-- | manifests/agent/config.pp | 59 | ||||
-rw-r--r-- | manifests/agent/generate_sshkey.pp | 70 | ||||
-rw-r--r-- | manifests/agent/install.pp | 70 | ||||
-rw-r--r-- | manifests/agent/install_local.pp | 12 | ||||
-rw-r--r-- | manifests/agent/local_checks.pp | 11 | ||||
-rw-r--r-- | manifests/agent/mrpe.pp | 19 | ||||
-rw-r--r-- | manifests/agent/ps.pp | 17 | ||||
-rw-r--r-- | manifests/agent/register.pp | 8 | ||||
-rw-r--r-- | manifests/agent/service.pp | 8 |
9 files changed, 274 insertions, 0 deletions
diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp new file mode 100644 index 00000000..8ee5f185 --- /dev/null +++ b/manifests/agent/config.pp @@ -0,0 +1,59 @@ +class check_mk::agent::config ( + $ip_whitelist = '', + $port, + $server_dir, + $keydir, + $authdir, + $authfile = undef, + $use_cache, + $user, + $method = 'xinetd', + $generate_sshkey = false, + $sshuser = undef, + $hostname = $::fqdn +) { + if $use_cache { + $server = "${server_dir}/check_mk_caching_agent" + } else { + $server = "${server_dir}/check_mk_agent" + } + + case $method { + 'xinetd': { + if $ip_whitelist { + $only_from = join($ip_whitelist, ' ') + } else { + $only_from = undef + } + + file { '/etc/xinetd.d/check_mk': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => template('check_mk/agent/check_mk.erb'), + require => Package['check_mk-agent','check_mk-agent-logwatch'], + notify => Class['check_mk::agent::service'], + } + } + + 'ssh': { + if $generate_sshkey { + check_mk::agent::generate_sshkey { "check_mk_key_${hostname}": + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + sshuser => $sshuser, + hostname => $hostname + } + } + + # make sure the xinetd method is not configured + file { '/etc/xinetd.d/check_mk': + ensure => absent; + } + } + + default : {} + } +} diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp new file mode 100644 index 00000000..b00271f5 --- /dev/null +++ b/manifests/agent/generate_sshkey.pp @@ -0,0 +1,70 @@ +define check_mk::agent::generate_sshkey ( + # dir on the check-mk-server where the collected key pairs are stored + $keydir, + # user/group the key should be owned by on the check-mk-server + $keyuser = 'nagios', + $keygroup = 'nagios', + # dir on the check-mk-agent where the authorized_keys file is stored + $authdir, + # name of the authorized_keys file + $authfile = undef, + # dir on the puppetmaster where keys are stored + # FIXME: need a way to ensure this dir is setup on the puppetmaster correctly + #$ssh_key_basepath = "${common::moduledir::module_dir_path}/check_mk/keys", + # for now use a dir we know works + $ssh_key_basepath = '/etc/puppet/modules/check_mk/keys', + # user on the client the check_mk server will ssh to, to run the agent + $sshuser = 'root', + $hostname = $::fqdn, + $check_mk_tag = 'check_mk_sshkey' +){ + + # generate check-mk ssh keypair, stored on puppetmaster + $ssh_key_name = "${hostname}_id_rsa" + $ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}") + $public = split($ssh_keys[1],' ') + $public_type = $public[0] + $public_key = $public[1] + $secret_key = $ssh_keys[0] + + # if we're not root we need to use sudo + if $sshuser != 'root' { + $command = 'sudo /usr/bin/check_mk_agent' + } else { + $command = '/usr/bin/check_mk_agent' + } + + # setup the public half of the key in authorized_keys on the agent + # and restrict it to running only the agent + if $authdir or $authfile { + # if $authkey or $authdir are set, override authorized_keys path and file + # and also override using the built-in ssh_authorized_key since it may + # not be able to write to $authdir + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + target => "${authdir}/${authfile}", + override_builtin => true, + options => "command=\"${command}\""; + } + } else { + # otherwise use the defaults + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + options => "command=\"${command}\""; + } + } + + # resource collector for the private half of the keys, these end up on + # the check-mk-server host, and the user running check-mk needs access + @@file { "${keydir}/${ssh_key_name}": + content => $secret_key, + owner => $keyuser, + group => $keygroup, + mode => '0600', + tag => $check_mk_tag; + } +} diff --git a/manifests/agent/install.pp b/manifests/agent/install.pp new file mode 100644 index 00000000..5c0b56ef --- /dev/null +++ b/manifests/agent/install.pp @@ -0,0 +1,70 @@ +class check_mk::agent::install ( + $version = '', + $filestore = '', + $workspace, + $agent_package_name, + $agent_logwatch_package_name, + $method = 'xinetd', +) { + if $method == 'xinetd' { + if ! defined($require_method) { + package { 'xinetd': + ensure => latest, + } + } + $require_method = 'Package[\'xinetd\']' + } else { + $require_method = undef + } + + if $filestore { + if ! defined(File[$workspace]) { + file { $workspace: + ensure => directory, + } + } + file { "${workspace}/check_mk-agent-${version}.noarch.rpm": + ensure => latest, + source => "${filestore}/check_mk-agent-${version}.noarch.rpm", + require => $require_method, + } + file { "${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm": + ensure => latest, + source => "${filestore}/check_mk-agent-logwatch-${version}.noarch.rpm", + require => $require_method, + } + package { 'check_mk-agent': + ensure => latest, + provider => 'rpm', + source => "${workspace}/check_mk-agent-${version}.noarch.rpm", + require => File["${workspace}/check_mk-agent-${version}.noarch.rpm"], + } + package { 'check_mk-agent-logwatch': + ensure => latest, + provider => 'rpm', + source => "${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm", + require => [ + File["${workspace}/check_mk-agent-logwatch-${version}.noarch.rpm"], + Package['check_mk-agent'], + ], + } + } + else { + if $version { + $agent_package_version = $version + } else { + $agent_package_version = latest + } + + package { 'check_mk-agent': + ensure => $agent_package_version, + name => $agent_package_name, + require => $require_method, + } + package { 'check_mk-agent-logwatch': + ensure => $agent_package_version, + name => $agent_logwatch_package_name, + require => Package['check_mk-agent'], + } + } +} diff --git a/manifests/agent/install_local.pp b/manifests/agent/install_local.pp new file mode 100644 index 00000000..7238440f --- /dev/null +++ b/manifests/agent/install_local.pp @@ -0,0 +1,12 @@ +define check_mk::agent::install_local($source=undef, $content=undef, $ensure='present') { + @file { "/usr/lib/check_mk_agent/local/${name}" : + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0755', + content => $content, + source => $source, + tag => 'check_mk::local', + require => Package['check-mk-agent'], + } +} diff --git a/manifests/agent/local_checks.pp b/manifests/agent/local_checks.pp new file mode 100644 index 00000000..04896b0a --- /dev/null +++ b/manifests/agent/local_checks.pp @@ -0,0 +1,11 @@ +class check_mk::agent::local_checks{ + file { '/usr/lib/check_mk_agent/local': + ensure => directory, + source => [ + 'puppet:///modules/site_check_mk/agent/local_checks/all_hosts', + 'puppet:///modules/check_mk/agent/local_checks/all_hosts' ], + recurse => true, + require => Package['check_mk-agent'], + } + +} diff --git a/manifests/agent/mrpe.pp b/manifests/agent/mrpe.pp new file mode 100644 index 00000000..5bc5f331 --- /dev/null +++ b/manifests/agent/mrpe.pp @@ -0,0 +1,19 @@ +class check_mk::agent::mrpe { + # check_mk can use standard nagios plugins using + # a wrapper called mrpe + # see http://mathias-kettner.de/checkmk_mrpe.html + # this subclass is provided to be included by checks that use mrpe + + # FIXME: this is Debian specific and should be made more generic + if !defined(Package['nagios-plugins-basic']) { + package { 'nagios-plugins-basic': + ensure => latest, + } + } + + # ensure the config file exists, individual checks will add lines to it + file { '/etc/check_mk/mrpe.cfg': + ensure => present, + require => Package['check-mk-agent'] + } +} diff --git a/manifests/agent/ps.pp b/manifests/agent/ps.pp new file mode 100644 index 00000000..67a999f5 --- /dev/null +++ b/manifests/agent/ps.pp @@ -0,0 +1,17 @@ +define check_mk::agent::ps ( + # procname and levels have defaults in check_mk::ps + $procname = undef, + $levels = undef, + # user is optional + $user = undef +) { + + @@check_mk::ps { "${::fqdn}_${name}": + desc => $name, + host => $::fqdn, + procname => $procname, + user => $user, + levels => $levels, + tag => 'check_mk_ps'; + } +} diff --git a/manifests/agent/register.pp b/manifests/agent/register.pp new file mode 100644 index 00000000..46cdeaee --- /dev/null +++ b/manifests/agent/register.pp @@ -0,0 +1,8 @@ +class check_mk::agent::register ( + $host_tags = '', + $hostname = $::fqdn +) { + @@check_mk::host { $hostname: + host_tags => $host_tags, + } +} diff --git a/manifests/agent/service.pp b/manifests/agent/service.pp new file mode 100644 index 00000000..0f707082 --- /dev/null +++ b/manifests/agent/service.pp @@ -0,0 +1,8 @@ +class check_mk::agent::service { + if ! defined(Service['xinetd']) { + service { 'xinetd': + ensure => 'running', + enable => true, + } + } +} |