6 files changed, 100 insertions, 65 deletions
diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
index 753d1610..e46ebf62 100644
--- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
+++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg
@@ -1,6 +1,6 @@
 ##############################################################################
 #
-# NAGIOS.CFG - Sample Main Config File for Nagios 
+# NAGIOS.CFG - Sample Main Config File for Nagios
 #
 #
 ##############################################################################
@@ -8,7 +8,7 @@
 
 # LOG FILE
 # This is the main log file where service and host events are logged
-# for historical purposes.  This should be the first option specified 
+# for historical purposes.  This should be the first option specified
 # in the config file!!!
 
 log_file=/var/log/nagios3/nagios.log
@@ -25,6 +25,9 @@ log_file=/var/log/nagios3/nagios.log
 # Puppet-managed configuration files
 cfg_dir=/etc/nagios3/conf.d
 
+# check-mk managed configuration files
+cfg_dir=/etc/nagios3/local
+
 # Debian also defaults to using the check commands defined by the debian
 # nagios-plugins package
 cfg_dir=/etc/nagios-plugins/config
@@ -33,7 +36,7 @@ cfg_dir=/etc/nagios-plugins/config
 
 # OBJECT CACHE FILE
 # This option determines where object definitions are cached when
-# Nagios starts/restarts.  The CGIs read object definitions from 
+# Nagios starts/restarts.  The CGIs read object definitions from
 # this cache file (rather than looking at the object config files
 # directly) in order to prevent inconsistencies that can occur
 # when the config files are modified after Nagios starts.
@@ -49,7 +52,7 @@ object_cache_file=/var/cache/nagios3/objects.cache
 # file.  You can then start Nagios with the -u option to have it read
 # object definitions from this precached file, rather than the standard
 # object configuration files (see the cfg_file and cfg_dir options above).
-# Using a precached object file can speed up the time needed to (re)start 
+# Using a precached object file can speed up the time needed to (re)start
 # the Nagios process if you've got a large and/or complex configuration.
 # Read the documentation section on optimizing Nagios to find our more
 # about how this feature works.
@@ -83,7 +86,7 @@ status_file=/var/cache/nagios3/status.dat
 
 # STATUS FILE UPDATE INTERVAL
 # This option determines the frequency (in seconds) that
-# Nagios will periodically dump program, host, and 
+# Nagios will periodically dump program, host, and
 # service status data.
 
 status_update_interval=10
@@ -91,7 +94,7 @@ status_update_interval=10
 
 
 # NAGIOS USER
-# This determines the effective user that Nagios should run as.  
+# This determines the effective user that Nagios should run as.
 # You can either supply a username or a UID.
 
 nagios_user=nagios
@@ -99,7 +102,7 @@ nagios_user=nagios
 
 
 # NAGIOS GROUP
-# This determines the effective group that Nagios should run as.  
+# This determines the effective group that Nagios should run as.
 # You can either supply a group name or a GID.
 
 nagios_group=nagios
@@ -125,7 +128,7 @@ check_external_commands=1
 # Nagios to check for external commands every minute.  If you specify a
 # number followed by an "s" (i.e. 15s), this will be interpreted to mean
 # actual seconds rather than a multiple of the interval_length variable.
-# Note: In addition to reading the external command file at regularly 
+# Note: In addition to reading the external command file at regularly
 # scheduled intervals, Nagios will also check for external commands after
 # event handlers are executed.
 # NOTE: Setting this value to -1 causes Nagios to check the external
@@ -140,7 +143,7 @@ command_check_interval=-1
 # This is the file that Nagios checks for external command requests.
 # It is also where the command CGI will write commands that are submitted
 # by users, so it must be writeable by the user that the web server
-# is running as (usually 'nobody').  Permissions should be set at the 
+# is running as (usually 'nobody').  Permissions should be set at the
 # directory level instead of on the file, as the file is deleted every
 # time its contents are processed.
 # Debian Users: In case you didn't read README.Debian yet, _NOW_ is the
@@ -152,9 +155,9 @@ command_file=/var/lib/nagios3/rw/nagios.cmd
 
 # EXTERNAL COMMAND BUFFER SLOTS
 # This settings is used to tweak the number of items or "slots" that
-# the Nagios daemon should allocate to the buffer that holds incoming 
-# external commands before they are processed.  As external commands 
-# are processed by the daemon, they are removed from the buffer.  
+# the Nagios daemon should allocate to the buffer that holds incoming
+# external commands before they are processed.  As external commands
+# are processed by the daemon, they are removed from the buffer.
 
 external_command_buffer_slots=4096
 
@@ -232,12 +235,12 @@ event_broker_options=-1
 #	w	= Weekly rotation (midnight on Saturday evening)
 #	m	= Monthly rotation (midnight last day of month)
 
-log_rotation_method=d
+log_rotation_method=n
 
 
 
 # LOG ARCHIVE PATH
-# This is the directory where archived (rotated) log files should be 
+# This is the directory where archived (rotated) log files should be
 # placed (assuming you've chosen to do log rotation).
 
 log_archive_path=/var/log/nagios3/archives
@@ -248,7 +251,7 @@ log_archive_path=/var/log/nagios3/archives
 # If you want messages logged to the syslog facility, as well as the
 # Nagios log file set this option to 1.  If not, set it to 0.
 
-use_syslog=1
+use_syslog=0
 
 
 
@@ -400,7 +403,7 @@ max_host_check_spread=30
 
 
 # MAXIMUM CONCURRENT SERVICE CHECKS
-# This option allows you to specify the maximum number of 
+# This option allows you to specify the maximum number of
 # service checks that can be run in parallel at any given time.
 # Specifying a value of 1 for this variable essentially prevents
 # any service checks from being parallelized.  A value of 0
@@ -422,7 +425,7 @@ check_result_reaper_frequency=10
 
 # MAX CHECK RESULT REAPER TIME
 # This is the max amount of time (in seconds) that  a single
-# check result reaper event will be allowed to run before 
+# check result reaper event will be allowed to run before
 # returning control back to Nagios so it can perform other
 # duties.
 
@@ -436,7 +439,7 @@ max_check_result_reaper_time=30
 # service checks that have not yet been processed.
 #
 # Note: Make sure that only one instance of Nagios has access
-# to this directory!  
+# to this directory!
 
 check_result_path=/var/lib/nagios3/spool/checkresults
 
@@ -445,7 +448,7 @@ check_result_path=/var/lib/nagios3/spool/checkresults
 
 # MAX CHECK RESULT FILE AGE
 # This option determines the maximum age (in seconds) which check
-# result files are considered to be valid.  Files older than this 
+# result files are considered to be valid.  Files older than this
 # threshold will be mercilessly deleted without further processing.
 
 max_check_result_file_age=3600
@@ -507,14 +510,14 @@ enable_predictive_service_dependency_checks=1
 
 
 # SOFT STATE DEPENDENCIES
-# This option determines whether or not Nagios will use soft state 
-# information when checking host and service dependencies. Normally 
-# Nagios will only use the latest hard host or service state when 
+# This option determines whether or not Nagios will use soft state
+# information when checking host and service dependencies. Normally
+# Nagios will only use the latest hard host or service state when
 # checking dependencies. If you want it to use the latest state (regardless
-# of whether its a soft or hard state type), enable this option. 
+# of whether its a soft or hard state type), enable this option.
 # Values:
-#  0 = Don't use soft state dependencies (default) 
-#  1 = Use soft state dependencies 
+#  0 = Don't use soft state dependencies (default)
+#  1 = Use soft state dependencies
 
 soft_state_dependencies=0
 
@@ -532,7 +535,7 @@ soft_state_dependencies=0
 # This option determines whether or not Nagios will attempt to
 # automatically reschedule active host and service checks to
 # "smooth" them out over time.  This can help balance the load on
-# the monitoring server.  
+# the monitoring server.
 # WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE
 # PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY
 
@@ -595,7 +598,7 @@ perfdata_timeout=5
 # This setting determines whether or not Nagios will save state
 # information for services and hosts before it shuts down.  Upon
 # startup Nagios will reload all saved service and host state
-# information before starting to monitor.  This is useful for 
+# information before starting to monitor.  This is useful for
 # maintaining long-term data on state statistics, etc, but will
 # slow Nagios down a bit when it (re)starts.  Since its only
 # a one-time penalty, I think its well worth the additional
@@ -607,7 +610,7 @@ retain_state_information=1
 
 # STATE RETENTION FILE
 # This is the file that Nagios should use to store host and
-# service state information before it shuts down.  The state 
+# service state information before it shuts down.  The state
 # information in this file is also read immediately prior to
 # starting to monitor the network when Nagios is restarted.
 # This file is used only if the preserve_state_information
@@ -630,7 +633,7 @@ retention_update_interval=60
 
 
 # USE RETAINED PROGRAM STATE
-# This setting determines whether or not Nagios will set 
+# This setting determines whether or not Nagios will set
 # program status variables based on the values saved in the
 # retention file.  If you want to use retained program status
 # information, set this value to 1.  If not, set this value
@@ -657,7 +660,7 @@ use_retained_scheduling_info=1
 # program restarts.
 #
 # The values of the masks are bitwise ANDs of values specified
-# by the "MODATTR_" definitions found in include/common.h.  
+# by the "MODATTR_" definitions found in include/common.h.
 # For example, if you do not want the current enabled/disabled state
 # of flap detection and event handlers for hosts to be retained, you
 # would use a value of 24 for the host attribute mask...
@@ -708,7 +711,7 @@ use_aggressive_host_checking=0
 
 # SERVICE CHECK EXECUTION OPTION
 # This determines whether or not Nagios will actively execute
-# service checks when it initially starts.  If this option is 
+# service checks when it initially starts.  If this option is
 # disabled, checks are not actively made, but Nagios can still
 # receive and process passive check results that come in.  Unless
 # you're implementing redundant hosts or have a special need for
@@ -730,7 +733,7 @@ accept_passive_service_checks=1
 
 # HOST CHECK EXECUTION OPTION
 # This determines whether or not Nagios will actively execute
-# host checks when it initially starts.  If this option is 
+# host checks when it initially starts.  If this option is
 # disabled, checks are not actively made, but Nagios can still
 # receive and process passive check results that come in.  Unless
 # you're implementing redundant hosts or have a special need for
@@ -787,7 +790,7 @@ process_performance_data=0
 # These commands are run after every host and service check is
 # performed.  These commands are executed only if the
 # enable_performance_data option (above) is set to 1.  The command
-# argument is the short name of a command definition that you 
+# argument is the short name of a command definition that you
 # define in your host configuration file.  Read the HTML docs for
 # more information on performance data.
 
@@ -867,7 +870,7 @@ obsess_over_services=0
 # OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND
 # This is the command that is run for every service check that is
 # processed by Nagios.  This command is executed only if the
-# obsess_over_services option (above) is set to 1.  The command 
+# obsess_over_services option (above) is set to 1.  The command
 # argument is the short name of a command definition that you
 # define in your host configuration file. Read the HTML docs for
 # more information on implementing distributed monitoring.
@@ -891,7 +894,7 @@ obsess_over_hosts=0
 # OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND
 # This is the command that is run for every host check that is
 # processed by Nagios.  This command is executed only if the
-# obsess_over_hosts option (above) is set to 1.  The command 
+# obsess_over_hosts option (above) is set to 1.  The command
 # argument is the short name of a command definition that you
 # define in your host configuration file. Read the HTML docs for
 # more information on implementing distributed monitoring.
@@ -930,9 +933,9 @@ passive_host_checks_are_soft=0
 
 
 # ORPHANED HOST/SERVICE CHECK OPTIONS
-# These options determine whether or not Nagios will periodically 
+# These options determine whether or not Nagios will periodically
 # check for orphaned host service checks.  Since service checks are
-# not rescheduled until the results of their previous execution 
+# not rescheduled until the results of their previous execution
 # instance are processed, there exists a possibility that some
 # checks may never get rescheduled.  A similar situation exists for
 # host checks, although the exact scheduling details differ a bit
@@ -1000,9 +1003,9 @@ additional_freshness_latency=15
 
 # FLAP DETECTION OPTION
 # This option determines whether or not Nagios will try
-# and detect hosts and services that are "flapping".  
+# and detect hosts and services that are "flapping".
 # Flapping occurs when a host or service changes between
-# states too frequently.  When Nagios detects that a 
+# states too frequently.  When Nagios detects that a
 # host or service is flapping, it will temporarily suppress
 # notifications for that host/service until it stops
 # flapping.  Flap detection is very experimental, so read
@@ -1046,7 +1049,7 @@ date_format=iso8601
 # the system configured timezone.
 #
 # NOTE: In order to display the correct timezone in the CGIs, you
-# will also need to alter the Apache directives for the CGI path 
+# will also need to alter the Apache directives for the CGI path
 # to include your timezone.  Example:
 #
 #   <Directory "/usr/local/nagios/sbin/">
@@ -1083,7 +1086,7 @@ enable_embedded_perl=1
 # This option determines whether or not Nagios will process Perl plugins
 # and scripts with the embedded Perl interpreter if the plugins/scripts
 # do not explicitly indicate whether or not it is okay to do so. Read
-# the HTML documentation on the embedded Perl interpreter for more 
+# the HTML documentation on the embedded Perl interpreter for more
 # information on how this option works.
 
 use_embedded_perl_implicitly=1
@@ -1130,7 +1133,7 @@ use_regexp_matching=0
 
 
 # "TRUE" REGULAR EXPRESSION MATCHING
-# This option controls whether or not "true" regular expression 
+# This option controls whether or not "true" regular expression
 # matching takes place in the object config files.  This option
 # only has an effect if regular expression matching is enabled
 # (see above).  If this option is DISABLED, regular expression
@@ -1183,7 +1186,7 @@ use_large_installation_tweaks=0
 # This option determines whether or not Nagios will make all standard
 # macros available as environment variables when host/service checks
 # and system commands (event handlers, notifications, etc.) are
-# executed.  Enabling this option can cause performance issues in 
+# executed.  Enabling this option can cause performance issues in
 # large installations, as it will consume a bit more memory and (more
 # importantly) consume more CPU.
 # Values: 1 - Enable environment variable macros (default)
@@ -1224,7 +1227,7 @@ enable_environment_macros=1
 # This option determines how much (if any) debugging information will
 # be written to the debug file.  OR values together to log multiple
 # types of information.
-# Values: 
+# Values:
 #          -1 = Everything
 #          0 = Nothing
 #	   1 = Functions
diff --git a/puppet/modules/site_nagios/manifests/add_host.pp b/puppet/modules/site_nagios/manifests/add_host_services.pp
index 94352de4..279809d1 100644
--- a/puppet/modules/site_nagios/manifests/add_host.pp
+++ b/puppet/modules/site_nagios/manifests/add_host_services.pp
@@ -1,17 +1,13 @@
-define site_nagios::add_host (
+define site_nagios::add_host_services (
+  $domain_full_suffix,
   $domain_internal,
   $ip_address,
   $services,
+  $ssh_port,
   $openvpn_gateway_address='' ) {
 
     $nagios_hostname = $domain_internal
 
-    # Add Nagios host
-    nagios_host { $nagios_hostname:
-      address => $ip_address,
-      use     => 'generic-host',
-    }
-
     # Add Nagios service
 
     # First, we need to turn the serice array into hash, using a "hash template"
diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp
index c3cfa02e..eb08cdcb 100644
--- a/puppet/modules/site_nagios/manifests/init.pp
+++ b/puppet/modules/site_nagios/manifests/init.pp
@@ -1,6 +1,6 @@
 class site_nagios  {
   tag 'leap_service'
   Class['site_config::default'] -> Class['site_nagios']
-  
+
   include site_nagios::server
 }
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index 3e1ef7e7..85443917 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -1,28 +1,34 @@
 class site_nagios::server inherits nagios::base {
 
   # First, purge old nagios config (see #1467)
-  class { 'site_nagios::server::purge':
-    stage => setup
-  }
+  class { 'site_nagios::server::purge': }
 
   $nagios_hiera   = hiera('nagios')
   $nagiosadmin_pw = htpasswd_sha1($nagios_hiera['nagiosadmin_pw'])
-  $hosts          = $nagios_hiera['hosts']
+  $nagios_hosts   = $nagios_hiera['hosts']
 
   include nagios::defaults
   include nagios::base
-  #Class ['nagios'] -> Class ['nagios::defaults']
-  class {'nagios::apache':
+  class {'nagios':
+    # don't manage apache class from nagios, cause we already include
+    # it in site_apache::common
+    httpd              => 'absent',
     allow_external_cmd => true,
     stored_config      => false,
-    #before             => Class ['nagios::defaults']
   }
 
+  file { '/etc/apache2/conf.d/nagios3.conf':
+    ensure => link,
+    target => '/usr/share/doc/nagios3-common/examples/apache2.conf',
+    notify => Service['apache']
+  }
+
+  include site_apache::common
   include site_apache::module::headers
 
   File ['nagios_htpasswd'] {
     source  => undef,
-    content => "nagiosadmin:$nagiosadmin_pw",
+    content => "nagiosadmin:${nagiosadmin_pw}",
     mode    => '0640',
   }
 
@@ -35,7 +41,18 @@ class site_nagios::server inherits nagios::base {
     group  => 'nagios',
   }
 
-  create_resources ( site_nagios::add_host, $hosts )
+  create_resources ( site_nagios::add_host_services, $nagios_hosts )
 
+  include site_nagios::server::apache
+  include site_check_mk::server
   include site_shorewall::monitor
+
+  augeas {
+    'logrotate_nagios':
+      context => '/files/etc/logrotate.d/nagios/rule',
+      changes => [ 'set file /var/log/nagios3/nagios.log', 'set rotate 7',
+        'set schedule daily', 'set compress compress',
+        'set missingok missingok', 'set ifempty notifempty',
+        'set copytruncate copytruncate' ]
+  }
 }
diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp
new file mode 100644
index 00000000..8dbc7e9b
--- /dev/null
+++ b/puppet/modules/site_nagios/manifests/server/apache.pp
@@ -0,0 +1,7 @@
+class site_nagios::server::apache {
+  include x509::variables
+  include site_config::x509::commercial::cert
+  include site_config::x509::commercial::key
+  include site_config::x509::commercial::ca
+
+}
diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp
index 39735cd3..6815a703 100644
--- a/puppet/modules/site_nagios/manifests/server/purge.pp
+++ b/puppet/modules/site_nagios/manifests/server/purge.pp
@@ -1,7 +1,19 @@
-class site_nagios::server::purge {
-  exec {'purge_conf.d':
-    command => '/bin/rm -rf /etc/nagios3/conf.d/*',
-    onlyif  => 'test -e /etc/nagios3/conf.d'
+class site_nagios::server::purge inherits nagios::base {
+  # we don't want to get /etc/nagios3 and /etc/nagios3/conf.d
+  # purged, cause the check-mk-config-nagios3 package
+  # places its templates in /etc/nagios3/conf.d/check_mk,
+  # and check_mk -O updated it's nagios config in /etc/nagios3/conf.d/check_mk
+  File['nagios_cfgdir'] {
+    purge => false
+  }
+  File['nagios_confd'] {
+    purge => false
   }
 
+  # only purge files in the /etc/nagios3/conf.d/ dir, not in any subdir
+  exec {'purge_conf.d':
+    command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;',
+    onlyif  => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"',
+    require => Package['nagios']
+  }
 }