Merge branch '4982_check_mk' into 0.6

author: varac <varacanero@zeromail.org> 2014-02-17 12:57:05 +0100
committer: varac <varacanero@zeromail.org> 2014-02-17 12:57:05 +0100
commit: bd7a0f98ce0819fcc06ad8dcf11600a78577750d (patch)
tree: e96f974f962231dc1388260afb3435e5ce99a114 /puppet
parent: 20de385ac787a8a66259bb6fb93a706cbc24d461 (diff)
parent: d0eea33d88a6ffcbe01544678372d80e8c8de51f (diff)
19 files changed, 166 insertions, 6 deletions
diff --git a/puppet/modules/check_mk b/puppet/modules/check_mk
new file mode 160000
+Subproject f9e494265f6c7b83ab9ef418e40cc7aac558956
diff --git a/puppet/modules/site_apt/manifests/preferences/check_mk.pp b/puppet/modules/site_apt/manifests/preferences/check_mk.pp
new file mode 100644
index 00000000..580e0d3f
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/check_mk.pp
@@ -0,0 +1,9 @@
+class site_apt::preferences::check_mk {
+
+  apt::preferences_snippet { 'check-mk':
+    package  => 'check-mk-*',
+    release  => "${::lsbdistcodename}-backports",
+    priority => 999;
+  }
+
+}
diff --git a/puppet/modules/site_check_mk/manifests/agent.pp b/puppet/modules/site_check_mk/manifests/agent.pp
new file mode 100644
index 00000000..75188c7b
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/agent.pp
@@ -0,0 +1,18 @@
+class site_check_mk::agent {
+
+  $ssh_hash = hiera('ssh')
+  $pubkey   = $ssh_hash['authorized_keys']['monitor']['key']
+  $type     = $ssh_hash['authorized_keys']['monitor']['type']
+
+  include site_apt::preferences::check_mk
+
+  class { 'check_mk::agent':
+    agent_package_name          => 'check-mk-agent',
+    agent_logwatch_package_name => 'check-mk-agent-logwatch',
+    method                      => 'ssh',
+    homedir                     => '/etc/nagios/check_mk',
+    register_agent              => false
+  }
+
+  include site_check_mk::agent::mrpe
+}
diff --git a/puppet/modules/site_check_mk/manifests/agent/couchdb.pp b/puppet/modules/site_check_mk/manifests/agent/couchdb.pp
new file mode 100644
index 00000000..5b50e5a9
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/agent/couchdb.pp
@@ -0,0 +1,17 @@
+class site_check_mk::agent::couchdb {
+
+  # local custom checks
+  file { '/usr/lib/check_mk_agent/local/check_bigcouch_errors.sh':
+    ensure  => link,
+    target  => '/srv/leap/couchdb/scripts/tests/check_bigcouch_errors.sh',
+    require => Vcsrepo['/srv/leap/couchdb/scripts']
+  }
+
+  # local nagios plugin checks via mrpe
+  file_line {
+    'Tapicero_Procs':
+      line => 'Tapicero_Procs  /usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero',
+      path => '/etc/check_mk/mrpe.cfg';
+  }
+
+}
diff --git a/puppet/modules/site_check_mk/manifests/agent/mrpe.pp b/puppet/modules/site_check_mk/manifests/agent/mrpe.pp
new file mode 100644
index 00000000..37df7f74
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/agent/mrpe.pp
@@ -0,0 +1,17 @@
+class site_check_mk::agent::mrpe {
+  # check_mk can use standard nagios plugins using
+  # a wrapper called mrpe
+  # see http://mathias-kettner.de/checkmk_mrpe.html
+
+  package { 'nagios-plugins-basic':
+    ensure => latest,
+  }
+
+  file { '/etc/check_mk/mrpe.cfg':
+    ensure => present
+  } ->
+  file_line { 'Apt':
+    line => 'APT    /usr/lib/nagios/plugins/check_apt',
+    path => '/etc/check_mk/mrpe.cfg',
+  }
+}
diff --git a/puppet/modules/site_check_mk/manifests/agent/soledad.pp b/puppet/modules/site_check_mk/manifests/agent/soledad.pp
new file mode 100644
index 00000000..d75ae732
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/agent/soledad.pp
@@ -0,0 +1,10 @@
+class site_check_mk::agent::soledad {
+
+  # local nagios plugin checks via mrpe
+  file_line {
+    'Soledad_Procs':
+      line => 'Soledad_Procs  /usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a soledad',
+      path => '/etc/check_mk/mrpe.cfg';
+  }
+
+}
diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp
new file mode 100644
index 00000000..625fc688
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/server.pp
@@ -0,0 +1,48 @@
+class site_check_mk::server {
+
+  $ssh_hash = hiera('ssh')
+  $pubkey   = $ssh_hash['authorized_keys']['monitor']['key']
+  $type     = $ssh_hash['authorized_keys']['monitor']['type']
+  $seckey   = $ssh_hash['monitor']['private_key']
+  $ssh_port = $ssh_hash['port']
+
+  $nagios_hiera   = hiera_hash('nagios')
+  $hosts          = $nagios_hiera['hosts']
+  $all_hosts = inline_template("<% @hosts.keys.sort.each do |key| -%>\"<%= key %>\", <% end -%>")
+
+  package { 'check-mk-server':
+    ensure => installed,
+  }
+
+  # override paths to use the system check_mk rather than OMD
+  class { 'check_mk::config':
+    site          => '',
+    etc_dir       => '/etc',
+    nagios_subdir => 'nagios3',
+    bin_dir       => '/usr/bin',
+    host_groups   => undef,
+    require       => Package['check-mk-server']
+  }
+
+  Exec['check_mk-reload'] -> Service['nagios']
+
+  file {
+    '/etc/check_mk/conf.d/use_ssh.mk':
+      content => template('site_check_mk/use_ssh.mk'),
+      notify  => Exec['check_mk-refresh'];
+    '/etc/check_mk/all_hosts_static':
+      content => $all_hosts,
+      notify  => Exec['check_mk-refresh'];
+    '/etc/check_mk/.ssh':
+      ensure => directory;
+    '/etc/check_mk/.ssh/id_rsa':
+      content => $seckey,
+      owner   => 'nagios',
+      mode    => '0600';
+    '/etc/check_mk/.ssh/id_rsa.pub':
+      content => "${type} ${pubkey} monitor",
+      owner   => 'nagios',
+      mode    => '0644';
+  }
+  include check_mk::agent::local_checks
+}
diff --git a/puppet/modules/site_check_mk/templates/use_ssh.mk b/puppet/modules/site_check_mk/templates/use_ssh.mk
new file mode 100644
index 00000000..4c5523db
--- /dev/null
+++ b/puppet/modules/site_check_mk/templates/use_ssh.mk
@@ -0,0 +1,5 @@
+# http://mathias-kettner.de/checkmk_datasource_programs.html
+datasource_programs = [
+ ( "ssh -l root -i /etc/check_mk/.ssh/id_rsa -p <%= @ssh_port %> <HOST> check_mk_agent", ALL_HOSTS ),
+]
+
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index d85d9c8f..53cc60f6 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -86,4 +86,6 @@ class site_config::default {
   if defined( '::site_custom') {
     include ::site_custom
   }
+
+  include site_check_mk::agent
 }
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 137b661f..a9512577 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -107,4 +107,6 @@ class site_couchdb {
   }
 
   if $couchdb_backup { include site_couchdb::backup }
+
+  include site_check_mk::agent::couchdb
 }
diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
index 753d1610..61d9f2da 100644
--- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
+++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
@@ -25,6 +25,9 @@ log_file=/var/log/nagios3/nagios.log
 # Puppet-managed configuration files
 cfg_dir=/etc/nagios3/conf.d
 
+# check-mk managed configuration files
+cfg_dir=/etc/nagios3/local
+
 # Debian also defaults to using the check commands defined by the debian
 # nagios-plugins package
 cfg_dir=/etc/nagios-plugins/config
diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp
index c3cfa02e..eb08cdcb 100644
--- a/puppet/modules/site_nagios/manifests/init.pp
+++ b/puppet/modules/site_nagios/manifests/init.pp
@@ -1,6 +1,6 @@
 class site_nagios  {
   tag 'leap_service'
   Class['site_config::default'] -> Class['site_nagios']
-  
+
   include site_nagios::server
 }
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index b1e8a8cb..b1795826 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -45,5 +45,7 @@ class site_nagios::server inherits nagios::base {
 
   create_resources ( site_nagios::add_host, $hosts )
 
+  include site_nagios::server::apache
+  include site_check_mk::server
   include site_shorewall::monitor
 }
diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp
new file mode 100644
index 00000000..8dbc7e9b
--- /dev/null
+++ b/puppet/modules/site_nagios/manifests/server/apache.pp
@@ -0,0 +1,7 @@
+class site_nagios::server::apache {
+  include x509::variables
+  include site_config::x509::commercial::cert
+  include site_config::x509::commercial::key
+  include site_config::x509::commercial::ca
+
+}
diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp
index 39735cd3..1c12cfb0 100644
--- a/puppet/modules/site_nagios/manifests/server/purge.pp
+++ b/puppet/modules/site_nagios/manifests/server/purge.pp
@@ -1,7 +1,18 @@
-class site_nagios::server::purge {
-  exec {'purge_conf.d':
-    command => '/bin/rm -rf /etc/nagios3/conf.d/*',
-    onlyif  => 'test -e /etc/nagios3/conf.d'
+class site_nagios::server::purge inherits nagios::base {
+  # we don't want to get /etc/nagios3 and /etc/nagios3/conf.d
+  # purged, cause the check-mk-config-nagios3 package
+  # places its templates in /etc/nagios3/conf.d/check_mk,
+  # and check_mk -O updated it's nagios config in /etc/nagios3/conf.d/check_mk
+  File['nagios_cfgdir'] {
+    purge => false
+  }
+  File['nagios_confd'] {
+    purge => false
   }
 
+  # only purge find in the /etc/nagios3/conf.d/ dir, not in any subdir
+  exec {'purge_conf.d':
+    command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;',
+    onlyif  => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"'
+  }
 }
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index c18f691c..f36fe20f 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,4 +1,7 @@
 define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
+  # We use a custom define here to deploy the authorized_keys file
+  # cause puppet doesn't allow purgin before populating this file
+  # (see https://tickets.puppetlabs.com/browse/PUP-1174)
   # This line allows default homedir based on $title variable.
   # If $home is empty, the default is used.
   $homedir = $home ? {'' => "/home/${title}", default => $home}
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 2bcde603..d9bc1d51 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,6 +1,6 @@
 class site_sshd {
   $ssh = hiera_hash('ssh')
-  $hosts = hiera_hash('hosts')
+  $hosts = hiera('hosts', '')
 
   ##
   ## SETUP AUTHORIZED KEYS
diff --git a/puppet/modules/site_sshd/templates/authorized_keys.erb b/puppet/modules/site_sshd/templates/authorized_keys.erb
index 3c65e8ab..69f4d8e6 100644
--- a/puppet/modules/site_sshd/templates/authorized_keys.erb
+++ b/puppet/modules/site_sshd/templates/authorized_keys.erb
@@ -2,5 +2,9 @@
 # all manually added keys will be overridden
 
 <% keys.sort.each do |user, hash| -%>
+<% if user == 'monitor' -%>
+command="/usr/bin/check_mk_agent",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty,no-user-rc, <%=hash['type']-%> <%=hash['key']%> <%=user%> 
+<% else -%>
 <%=hash['type']-%> <%=hash['key']%> <%=user%> 
+<% end -%>
 <% end -%> 
diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp
index 7d44c8b4..35adc28e 100644
--- a/puppet/modules/soledad/manifests/init.pp
+++ b/puppet/modules/soledad/manifests/init.pp
@@ -27,4 +27,6 @@ class soledad {
       require => User['soledad'];
   }
 
+  include site_check_mk::agent::soledad
+
 }
author	varac <varacanero@zeromail.org>	2014-02-17 12:57:05 +0100
committer	varac <varacanero@zeromail.org>	2014-02-17 12:57:05 +0100
commit	bd7a0f98ce0819fcc06ad8dcf11600a78577750d (patch)
tree	e96f974f962231dc1388260afb3435e5ce99a114 /puppet
parent	20de385ac787a8a66259bb6fb93a706cbc24d461 (diff)
parent	d0eea33d88a6ffcbe01544678372d80e8c8de51f (diff)