summaryrefslogtreecommitdiff
path: root/puppet/modules/site_nagios
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-04-22 14:13:46 -0400
committerMicah Anderson <micah@leap.se>2014-04-22 14:13:46 -0400
commit327d5c934e408f90011d7949b89ab01fed88998e (patch)
tree77cfefffc8f9ffe160c4413b26dd5ca5cdd6f1e8 /puppet/modules/site_nagios
parentca11482dd7cd4ea8ffa69407ee2fd5b5e1b7981b (diff)
parent4295f334ea4f92d7fb47f7121a42633630c368d1 (diff)
Merge branch 'develop' (0.5.0)
Conflicts: .gitignore Change-Id: I778f3e1f1f4832f5894bc149ead67e9a4becf304
Diffstat (limited to 'puppet/modules/site_nagios')
-rw-r--r--puppet/modules/site_nagios/files/configs/Debian/nagios.cfg91
-rw-r--r--puppet/modules/site_nagios/manifests/add_host.pp31
-rw-r--r--puppet/modules/site_nagios/manifests/add_host_services.pp28
-rw-r--r--puppet/modules/site_nagios/manifests/add_service.pp26
-rw-r--r--puppet/modules/site_nagios/manifests/init.pp2
-rw-r--r--puppet/modules/site_nagios/manifests/server.pp40
-rw-r--r--puppet/modules/site_nagios/manifests/server/apache.pp7
-rw-r--r--puppet/modules/site_nagios/manifests/server/purge.pp20
8 files changed, 143 insertions, 102 deletions
diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
index 753d1610..e46ebf62 100644
--- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
+++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
@@ -1,6 +1,6 @@
##############################################################################
#
-# NAGIOS.CFG - Sample Main Config File for Nagios
+# NAGIOS.CFG - Sample Main Config File for Nagios
#
#
##############################################################################
@@ -8,7 +8,7 @@
# LOG FILE
# This is the main log file where service and host events are logged
-# for historical purposes. This should be the first option specified
+# for historical purposes. This should be the first option specified
# in the config file!!!
log_file=/var/log/nagios3/nagios.log
@@ -25,6 +25,9 @@ log_file=/var/log/nagios3/nagios.log
# Puppet-managed configuration files
cfg_dir=/etc/nagios3/conf.d
+# check-mk managed configuration files
+cfg_dir=/etc/nagios3/local
+
# Debian also defaults to using the check commands defined by the debian
# nagios-plugins package
cfg_dir=/etc/nagios-plugins/config
@@ -33,7 +36,7 @@ cfg_dir=/etc/nagios-plugins/config
# OBJECT CACHE FILE
# This option determines where object definitions are cached when
-# Nagios starts/restarts. The CGIs read object definitions from
+# Nagios starts/restarts. The CGIs read object definitions from
# this cache file (rather than looking at the object config files
# directly) in order to prevent inconsistencies that can occur
# when the config files are modified after Nagios starts.
@@ -49,7 +52,7 @@ object_cache_file=/var/cache/nagios3/objects.cache
# file. You can then start Nagios with the -u option to have it read
# object definitions from this precached file, rather than the standard
# object configuration files (see the cfg_file and cfg_dir options above).
-# Using a precached object file can speed up the time needed to (re)start
+# Using a precached object file can speed up the time needed to (re)start
# the Nagios process if you've got a large and/or complex configuration.
# Read the documentation section on optimizing Nagios to find our more
# about how this feature works.
@@ -83,7 +86,7 @@ status_file=/var/cache/nagios3/status.dat
# STATUS FILE UPDATE INTERVAL
# This option determines the frequency (in seconds) that
-# Nagios will periodically dump program, host, and
+# Nagios will periodically dump program, host, and
# service status data.
status_update_interval=10
@@ -91,7 +94,7 @@ status_update_interval=10
# NAGIOS USER
-# This determines the effective user that Nagios should run as.
+# This determines the effective user that Nagios should run as.
# You can either supply a username or a UID.
nagios_user=nagios
@@ -99,7 +102,7 @@ nagios_user=nagios
# NAGIOS GROUP
-# This determines the effective group that Nagios should run as.
+# This determines the effective group that Nagios should run as.
# You can either supply a group name or a GID.
nagios_group=nagios
@@ -125,7 +128,7 @@ check_external_commands=1
# Nagios to check for external commands every minute. If you specify a
# number followed by an "s" (i.e. 15s), this will be interpreted to mean
# actual seconds rather than a multiple of the interval_length variable.
-# Note: In addition to reading the external command file at regularly
+# Note: In addition to reading the external command file at regularly
# scheduled intervals, Nagios will also check for external commands after
# event handlers are executed.
# NOTE: Setting this value to -1 causes Nagios to check the external
@@ -140,7 +143,7 @@ command_check_interval=-1
# This is the file that Nagios checks for external command requests.
# It is also where the command CGI will write commands that are submitted
# by users, so it must be writeable by the user that the web server
-# is running as (usually 'nobody'). Permissions should be set at the
+# is running as (usually 'nobody'). Permissions should be set at the
# directory level instead of on the file, as the file is deleted every
# time its contents are processed.
# Debian Users: In case you didn't read README.Debian yet, _NOW_ is the
@@ -152,9 +155,9 @@ command_file=/var/lib/nagios3/rw/nagios.cmd
# EXTERNAL COMMAND BUFFER SLOTS
# This settings is used to tweak the number of items or "slots" that
-# the Nagios daemon should allocate to the buffer that holds incoming
-# external commands before they are processed. As external commands
-# are processed by the daemon, they are removed from the buffer.
+# the Nagios daemon should allocate to the buffer that holds incoming
+# external commands before they are processed. As external commands
+# are processed by the daemon, they are removed from the buffer.
external_command_buffer_slots=4096
@@ -232,12 +235,12 @@ event_broker_options=-1
# w = Weekly rotation (midnight on Saturday evening)
# m = Monthly rotation (midnight last day of month)
-log_rotation_method=d
+log_rotation_method=n
# LOG ARCHIVE PATH
-# This is the directory where archived (rotated) log files should be
+# This is the directory where archived (rotated) log files should be
# placed (assuming you've chosen to do log rotation).
log_archive_path=/var/log/nagios3/archives
@@ -248,7 +251,7 @@ log_archive_path=/var/log/nagios3/archives
# If you want messages logged to the syslog facility, as well as the
# Nagios log file set this option to 1. If not, set it to 0.
-use_syslog=1
+use_syslog=0
@@ -400,7 +403,7 @@ max_host_check_spread=30
# MAXIMUM CONCURRENT SERVICE CHECKS
-# This option allows you to specify the maximum number of
+# This option allows you to specify the maximum number of
# service checks that can be run in parallel at any given time.
# Specifying a value of 1 for this variable essentially prevents
# any service checks from being parallelized. A value of 0
@@ -422,7 +425,7 @@ check_result_reaper_frequency=10
# MAX CHECK RESULT REAPER TIME
# This is the max amount of time (in seconds) that a single
-# check result reaper event will be allowed to run before
+# check result reaper event will be allowed to run before
# returning control back to Nagios so it can perform other
# duties.
@@ -436,7 +439,7 @@ max_check_result_reaper_time=30
# service checks that have not yet been processed.
#
# Note: Make sure that only one instance of Nagios has access
-# to this directory!
+# to this directory!
check_result_path=/var/lib/nagios3/spool/checkresults
@@ -445,7 +448,7 @@ check_result_path=/var/lib/nagios3/spool/checkresults
# MAX CHECK RESULT FILE AGE
# This option determines the maximum age (in seconds) which check
-# result files are considered to be valid. Files older than this
+# result files are considered to be valid. Files older than this
# threshold will be mercilessly deleted without further processing.
max_check_result_file_age=3600
@@ -507,14 +510,14 @@ enable_predictive_service_dependency_checks=1
# SOFT STATE DEPENDENCIES
-# This option determines whether or not Nagios will use soft state
-# information when checking host and service dependencies. Normally
-# Nagios will only use the latest hard host or service state when
+# This option determines whether or not Nagios will use soft state
+# information when checking host and service dependencies. Normally
+# Nagios will only use the latest hard host or service state when
# checking dependencies. If you want it to use the latest state (regardless
-# of whether its a soft or hard state type), enable this option.
+# of whether its a soft or hard state type), enable this option.
# Values:
-# 0 = Don't use soft state dependencies (default)
-# 1 = Use soft state dependencies
+# 0 = Don't use soft state dependencies (default)
+# 1 = Use soft state dependencies
soft_state_dependencies=0
@@ -532,7 +535,7 @@ soft_state_dependencies=0
# This option determines whether or not Nagios will attempt to
# automatically reschedule active host and service checks to
# "smooth" them out over time. This can help balance the load on
-# the monitoring server.
+# the monitoring server.
# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE
# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY
@@ -595,7 +598,7 @@ perfdata_timeout=5
# This setting determines whether or not Nagios will save state
# information for services and hosts before it shuts down. Upon
# startup Nagios will reload all saved service and host state
-# information before starting to monitor. This is useful for
+# information before starting to monitor. This is useful for
# maintaining long-term data on state statistics, etc, but will
# slow Nagios down a bit when it (re)starts. Since its only
# a one-time penalty, I think its well worth the additional
@@ -607,7 +610,7 @@ retain_state_information=1
# STATE RETENTION FILE
# This is the file that Nagios should use to store host and
-# service state information before it shuts down. The state
+# service state information before it shuts down. The state
# information in this file is also read immediately prior to
# starting to monitor the network when Nagios is restarted.
# This file is used only if the preserve_state_information
@@ -630,7 +633,7 @@ retention_update_interval=60
# USE RETAINED PROGRAM STATE
-# This setting determines whether or not Nagios will set
+# This setting determines whether or not Nagios will set
# program status variables based on the values saved in the
# retention file. If you want to use retained program status
# information, set this value to 1. If not, set this value
@@ -657,7 +660,7 @@ use_retained_scheduling_info=1
# program restarts.
#
# The values of the masks are bitwise ANDs of values specified
-# by the "MODATTR_" definitions found in include/common.h.
+# by the "MODATTR_" definitions found in include/common.h.
# For example, if you do not want the current enabled/disabled state
# of flap detection and event handlers for hosts to be retained, you
# would use a value of 24 for the host attribute mask...
@@ -708,7 +711,7 @@ use_aggressive_host_checking=0
# SERVICE CHECK EXECUTION OPTION
# This determines whether or not Nagios will actively execute
-# service checks when it initially starts. If this option is
+# service checks when it initially starts. If this option is
# disabled, checks are not actively made, but Nagios can still
# receive and process passive check results that come in. Unless
# you're implementing redundant hosts or have a special need for
@@ -730,7 +733,7 @@ accept_passive_service_checks=1
# HOST CHECK EXECUTION OPTION
# This determines whether or not Nagios will actively execute
-# host checks when it initially starts. If this option is
+# host checks when it initially starts. If this option is
# disabled, checks are not actively made, but Nagios can still
# receive and process passive check results that come in. Unless
# you're implementing redundant hosts or have a special need for
@@ -787,7 +790,7 @@ process_performance_data=0
# These commands are run after every host and service check is
# performed. These commands are executed only if the
# enable_performance_data option (above) is set to 1. The command
-# argument is the short name of a command definition that you
+# argument is the short name of a command definition that you
# define in your host configuration file. Read the HTML docs for
# more information on performance data.
@@ -867,7 +870,7 @@ obsess_over_services=0
# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND
# This is the command that is run for every service check that is
# processed by Nagios. This command is executed only if the
-# obsess_over_services option (above) is set to 1. The command
+# obsess_over_services option (above) is set to 1. The command
# argument is the short name of a command definition that you
# define in your host configuration file. Read the HTML docs for
# more information on implementing distributed monitoring.
@@ -891,7 +894,7 @@ obsess_over_hosts=0
# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND
# This is the command that is run for every host check that is
# processed by Nagios. This command is executed only if the
-# obsess_over_hosts option (above) is set to 1. The command
+# obsess_over_hosts option (above) is set to 1. The command
# argument is the short name of a command definition that you
# define in your host configuration file. Read the HTML docs for
# more information on implementing distributed monitoring.
@@ -930,9 +933,9 @@ passive_host_checks_are_soft=0
# ORPHANED HOST/SERVICE CHECK OPTIONS
-# These options determine whether or not Nagios will periodically
+# These options determine whether or not Nagios will periodically
# check for orphaned host service checks. Since service checks are
-# not rescheduled until the results of their previous execution
+# not rescheduled until the results of their previous execution
# instance are processed, there exists a possibility that some
# checks may never get rescheduled. A similar situation exists for
# host checks, although the exact scheduling details differ a bit
@@ -1000,9 +1003,9 @@ additional_freshness_latency=15
# FLAP DETECTION OPTION
# This option determines whether or not Nagios will try
-# and detect hosts and services that are "flapping".
+# and detect hosts and services that are "flapping".
# Flapping occurs when a host or service changes between
-# states too frequently. When Nagios detects that a
+# states too frequently. When Nagios detects that a
# host or service is flapping, it will temporarily suppress
# notifications for that host/service until it stops
# flapping. Flap detection is very experimental, so read
@@ -1046,7 +1049,7 @@ date_format=iso8601
# the system configured timezone.
#
# NOTE: In order to display the correct timezone in the CGIs, you
-# will also need to alter the Apache directives for the CGI path
+# will also need to alter the Apache directives for the CGI path
# to include your timezone. Example:
#
# <Directory "/usr/local/nagios/sbin/">
@@ -1083,7 +1086,7 @@ enable_embedded_perl=1
# This option determines whether or not Nagios will process Perl plugins
# and scripts with the embedded Perl interpreter if the plugins/scripts
# do not explicitly indicate whether or not it is okay to do so. Read
-# the HTML documentation on the embedded Perl interpreter for more
+# the HTML documentation on the embedded Perl interpreter for more
# information on how this option works.
use_embedded_perl_implicitly=1
@@ -1130,7 +1133,7 @@ use_regexp_matching=0
# "TRUE" REGULAR EXPRESSION MATCHING
-# This option controls whether or not "true" regular expression
+# This option controls whether or not "true" regular expression
# matching takes place in the object config files. This option
# only has an effect if regular expression matching is enabled
# (see above). If this option is DISABLED, regular expression
@@ -1183,7 +1186,7 @@ use_large_installation_tweaks=0
# This option determines whether or not Nagios will make all standard
# macros available as environment variables when host/service checks
# and system commands (event handlers, notifications, etc.) are
-# executed. Enabling this option can cause performance issues in
+# executed. Enabling this option can cause performance issues in
# large installations, as it will consume a bit more memory and (more
# importantly) consume more CPU.
# Values: 1 - Enable environment variable macros (default)
@@ -1224,7 +1227,7 @@ enable_environment_macros=1
# This option determines how much (if any) debugging information will
# be written to the debug file. OR values together to log multiple
# types of information.
-# Values:
+# Values:
# -1 = Everything
# 0 = Nothing
# 1 = Functions
diff --git a/puppet/modules/site_nagios/manifests/add_host.pp b/puppet/modules/site_nagios/manifests/add_host.pp
deleted file mode 100644
index 498552b5..00000000
--- a/puppet/modules/site_nagios/manifests/add_host.pp
+++ /dev/null
@@ -1,31 +0,0 @@
-define site_nagios::add_host {
- $nagios_host = $name
- $nagios_hostname = $name['domain_internal']
- $nagios_ip = $name['ip_address']
- $nagios_services = $name['services']
- $nagios_openvpn_gw = $name['openvpn_gateway_address']
-
- # Add Nagios host
- nagios_host { $nagios_hostname:
- address => $nagios_ip,
- use => 'generic-host',
- }
-
- # Add Nagios service
-
- # First, we need to turn the serice array into hash, using a "hash template"
- # see https://github.com/ashak/puppet-resource-looping
- $nagios_service_hashpart = {
- 'hostname' => $nagios_hostname,
- 'ip_address' => $nagios_ip,
- 'openvpn_gw' => $nagios_openvpn_gw,
- }
- $dynamic_parameters = {
- 'service' => '%s'
- }
- $nagios_servicename = "${nagios_hostname}_%s"
-
- $nagios_service_hash = create_resources_hash_from($nagios_servicename, $nagios_services, $nagios_service_hashpart, $dynamic_parameters)
-
- create_resources ( site_nagios::add_service, $nagios_service_hash )
-}
diff --git a/puppet/modules/site_nagios/manifests/add_host_services.pp b/puppet/modules/site_nagios/manifests/add_host_services.pp
new file mode 100644
index 00000000..279809d1
--- /dev/null
+++ b/puppet/modules/site_nagios/manifests/add_host_services.pp
@@ -0,0 +1,28 @@
+define site_nagios::add_host_services (
+ $domain_full_suffix,
+ $domain_internal,
+ $ip_address,
+ $services,
+ $ssh_port,
+ $openvpn_gateway_address='' ) {
+
+ $nagios_hostname = $domain_internal
+
+ # Add Nagios service
+
+ # First, we need to turn the serice array into hash, using a "hash template"
+ # see https://github.com/ashak/puppet-resource-looping
+ $nagios_service_hashpart = {
+ 'hostname' => $nagios_hostname,
+ 'ip_address' => $ip_address,
+ 'openvpn_gw' => $openvpn_gateway_address,
+ }
+ $dynamic_parameters = {
+ 'service' => '%s'
+ }
+ $nagios_servicename = "${nagios_hostname}_%s"
+
+ $nagios_service_hash = create_resources_hash_from($nagios_servicename, $services, $nagios_service_hashpart, $dynamic_parameters)
+
+ create_resources ( site_nagios::add_service, $nagios_service_hash )
+}
diff --git a/puppet/modules/site_nagios/manifests/add_service.pp b/puppet/modules/site_nagios/manifests/add_service.pp
index 6ef3cbf5..8d2a310b 100644
--- a/puppet/modules/site_nagios/manifests/add_service.pp
+++ b/puppet/modules/site_nagios/manifests/add_service.pp
@@ -3,19 +3,19 @@ define site_nagios::add_service (
case $service {
'webapp': {
- $check_command = 'check_https_cert'
- $service_description = 'Website Certificate'
+ nagios_service {
+ "${name}_cert":
+ use => 'generic-service',
+ check_command => 'check_https_cert',
+ service_description => 'Website Certificate',
+ host_name => $hostname;
+ "${name}_website":
+ use => 'generic-service',
+ check_command => 'check_https',
+ service_description => 'Website',
+ host_name => $hostname
+ }
}
- default: {
- #notice ("No Nagios service check for service \"$service\"")
- }
- }
-
- if ( $check_command != '' ) {
- nagios_service { $name:
- use => 'generic-service',
- check_command => $check_command,
- service_description => $service_description,
- host_name => $hostname }
+ default: {}
}
}
diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp
index cab32905..eb08cdcb 100644
--- a/puppet/modules/site_nagios/manifests/init.pp
+++ b/puppet/modules/site_nagios/manifests/init.pp
@@ -1,4 +1,6 @@
class site_nagios {
tag 'leap_service'
+ Class['site_config::default'] -> Class['site_nagios']
+
include site_nagios::server
}
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index c114a39a..85443917 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -1,26 +1,34 @@
class site_nagios::server inherits nagios::base {
# First, purge old nagios config (see #1467)
- class { 'site_nagios::server::purge':
- stage => setup
- }
+ class { 'site_nagios::server::purge': }
- $nagios_hiera=hiera('nagios')
+ $nagios_hiera = hiera('nagios')
$nagiosadmin_pw = htpasswd_sha1($nagios_hiera['nagiosadmin_pw'])
- $hosts = $nagios_hiera['hosts']
+ $nagios_hosts = $nagios_hiera['hosts']
include nagios::defaults
include nagios::base
- #Class ['nagios'] -> Class ['nagios::defaults']
- class {'nagios::apache':
+ class {'nagios':
+ # don't manage apache class from nagios, cause we already include
+ # it in site_apache::common
+ httpd => 'absent',
allow_external_cmd => true,
stored_config => false,
- #before => Class ['nagios::defaults']
}
+ file { '/etc/apache2/conf.d/nagios3.conf':
+ ensure => link,
+ target => '/usr/share/doc/nagios3-common/examples/apache2.conf',
+ notify => Service['apache']
+ }
+
+ include site_apache::common
+ include site_apache::module::headers
+
File ['nagios_htpasswd'] {
source => undef,
- content => "nagiosadmin:$nagiosadmin_pw",
+ content => "nagiosadmin:${nagiosadmin_pw}",
mode => '0640',
}
@@ -33,6 +41,18 @@ class site_nagios::server inherits nagios::base {
group => 'nagios',
}
- site_nagios::add_host {$hosts:}
+ create_resources ( site_nagios::add_host_services, $nagios_hosts )
+
+ include site_nagios::server::apache
+ include site_check_mk::server
include site_shorewall::monitor
+
+ augeas {
+ 'logrotate_nagios':
+ context => '/files/etc/logrotate.d/nagios/rule',
+ changes => [ 'set file /var/log/nagios3/nagios.log', 'set rotate 7',
+ 'set schedule daily', 'set compress compress',
+ 'set missingok missingok', 'set ifempty notifempty',
+ 'set copytruncate copytruncate' ]
+ }
}
diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp
new file mode 100644
index 00000000..8dbc7e9b
--- /dev/null
+++ b/puppet/modules/site_nagios/manifests/server/apache.pp
@@ -0,0 +1,7 @@
+class site_nagios::server::apache {
+ include x509::variables
+ include site_config::x509::commercial::cert
+ include site_config::x509::commercial::key
+ include site_config::x509::commercial::ca
+
+}
diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp
index 39735cd3..6815a703 100644
--- a/puppet/modules/site_nagios/manifests/server/purge.pp
+++ b/puppet/modules/site_nagios/manifests/server/purge.pp
@@ -1,7 +1,19 @@
-class site_nagios::server::purge {
- exec {'purge_conf.d':
- command => '/bin/rm -rf /etc/nagios3/conf.d/*',
- onlyif => 'test -e /etc/nagios3/conf.d'
+class site_nagios::server::purge inherits nagios::base {
+ # we don't want to get /etc/nagios3 and /etc/nagios3/conf.d
+ # purged, cause the check-mk-config-nagios3 package
+ # places its templates in /etc/nagios3/conf.d/check_mk,
+ # and check_mk -O updated it's nagios config in /etc/nagios3/conf.d/check_mk
+ File['nagios_cfgdir'] {
+ purge => false
+ }
+ File['nagios_confd'] {
+ purge => false
}
+ # only purge files in the /etc/nagios3/conf.d/ dir, not in any subdir
+ exec {'purge_conf.d':
+ command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;',
+ onlyif => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"',
+ require => Package['nagios']
+ }
}