From dde7b18cc0ad265aa7f7b8ccf4fedd9f0542fc74 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 5 Feb 2014 16:44:23 +0100 Subject: site_nagios::client: install check_mk agent --- puppet/modules/site_nagios/manifests/client.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 puppet/modules/site_nagios/manifests/client.pp (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/client.pp b/puppet/modules/site_nagios/manifests/client.pp new file mode 100644 index 00000000..ea6062a0 --- /dev/null +++ b/puppet/modules/site_nagios/manifests/client.pp @@ -0,0 +1,5 @@ +class site_nagios::client { + package { [ 'check-mk-agent', 'check-mk-agent-logwatch' ]: + ensure => installed, + } +} -- cgit v1.2.3 From 3d22399b2da5fe010ab15de5c641b67f45dc1982 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 5 Feb 2014 17:29:01 +0100 Subject: use check_mk::agent to install check-mk-agent --- puppet/modules/site_nagios/manifests/client.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/client.pp b/puppet/modules/site_nagios/manifests/client.pp index ea6062a0..82063dc3 100644 --- a/puppet/modules/site_nagios/manifests/client.pp +++ b/puppet/modules/site_nagios/manifests/client.pp @@ -1,5 +1,9 @@ class site_nagios::client { - package { [ 'check-mk-agent', 'check-mk-agent-logwatch' ]: - ensure => installed, + class { 'check_mk::agent': + agent_package_name => 'check-mk-agent', + agent_logwatch_package_name => 'check-mk-agent-logwatch', + method => 'ssh', + homedir => '/etc/nagios/check_mk', + register_agent => false } } -- cgit v1.2.3 From 166bf4a33123afe5b17db68c22712408ebfb26ad Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Feb 2014 14:00:42 +0100 Subject: added site_nagios::server::check_mk --- .../site_nagios/manifests/server/check_mk.pp | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 puppet/modules/site_nagios/manifests/server/check_mk.pp (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp new file mode 100644 index 00000000..c6676d76 --- /dev/null +++ b/puppet/modules/site_nagios/manifests/server/check_mk.pp @@ -0,0 +1,24 @@ +class site_nagios::server::check_mk { + + # override paths to use the system check_mk rather than OMD + class { 'check_mk::config': + site => '', + etc_dir => '/etc', + bin_dir => '/usr/bin', + host_groups => undef + } + + file { + '/etc/nagios/check_mk': + ensure => directory, + owner => root, + group => root, + mode => '0755'; + + '/etc/nagios/check_mk/.ssh': + ensure => directory, + owner => root, + group => root, + mode => '0755'; + } +} -- cgit v1.2.3 From f7d12c8b3c31891635f188a37844e33288429a9f Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Feb 2014 14:05:38 +0100 Subject: added site_nagios::server::apache --- puppet/modules/site_nagios/manifests/server.pp | 1 + puppet/modules/site_nagios/manifests/server/apache.pp | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 puppet/modules/site_nagios/manifests/server/apache.pp (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 3e1ef7e7..3cb58f9a 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -37,5 +37,6 @@ class site_nagios::server inherits nagios::base { create_resources ( site_nagios::add_host, $hosts ) + include site_nagios::apache include site_shorewall::monitor } diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp new file mode 100644 index 00000000..8dbc7e9b --- /dev/null +++ b/puppet/modules/site_nagios/manifests/server/apache.pp @@ -0,0 +1,7 @@ +class site_nagios::server::apache { + include x509::variables + include site_config::x509::commercial::cert + include site_config::x509::commercial::key + include site_config::x509::commercial::ca + +} -- cgit v1.2.3 From 36e5202181452c385b52e183e50166dec6c456d9 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Feb 2014 15:36:12 +0100 Subject: move leap_webapp.conf template to common.conf which is included by the nagios and webapp node (#5096) --- puppet/modules/site_nagios/manifests/server.pp | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 3e1ef7e7..9f66c8ea 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -11,18 +11,32 @@ class site_nagios::server inherits nagios::base { include nagios::defaults include nagios::base - #Class ['nagios'] -> Class ['nagios::defaults'] - class {'nagios::apache': + class {'nagios': + # don't manage apache class from nagios, cause we already include + # it in site_apache::common + httpd => 'absent', allow_external_cmd => true, stored_config => false, - #before => Class ['nagios::defaults'] } + # - [monitor2] err: /Stage[main]/Site_nagios::Server/Apache::Config::Global[nagios3.conf]/Apache::Config::File[nagios3.conf]/File[apache_nagios3.conf]/ensure: change from absent to link failed: Cannot create a symlink without a target at /srv/leap/puppet/modules/apache/manifests/config/file.pp:32 + #apache::config::global { 'nagios3.conf': + # ensure => link, + # target => '/usr/share/doc/nagios3-common/examples/apache2.conf', + #} + + file { '/etc/apache2/conf.d/nagios3.conf': + ensure => link, + target => '/usr/share/doc/nagios3-common/examples/apache2.conf', + notify => Service['apache'] + } + + include site_apache::common include site_apache::module::headers File ['nagios_htpasswd'] { source => undef, - content => "nagiosadmin:$nagiosadmin_pw", + content => "nagiosadmin:${nagiosadmin_pw}", mode => '0640', } -- cgit v1.2.3 From d400d271e616f669cc6383a5893dd992a0efada2 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Feb 2014 15:42:12 +0100 Subject: deploy check_mk pubkey on clients --- puppet/modules/site_nagios/manifests/client.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/client.pp b/puppet/modules/site_nagios/manifests/client.pp index 82063dc3..cb72db54 100644 --- a/puppet/modules/site_nagios/manifests/client.pp +++ b/puppet/modules/site_nagios/manifests/client.pp @@ -1,4 +1,9 @@ class site_nagios::client { + + $ssh_hash = hiera('ssh') + $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] + $type = $ssh_hash['authorized_keys']['monitor']['type'] + class { 'check_mk::agent': agent_package_name => 'check-mk-agent', agent_logwatch_package_name => 'check-mk-agent-logwatch', @@ -6,4 +11,12 @@ class site_nagios::client { homedir => '/etc/nagios/check_mk', register_agent => false } + + file { '/root/.ssh/authorized_keys2': + owner => 'root', + group => 'root', + mode => '0600', + content => "command=\"/usr/bin/check_mk_agent\",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ${type} ${pubkey} monitor" + } + } -- cgit v1.2.3 From 65281c7d46a0ebbb7c70eddaef9802ddb1885c65 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Feb 2014 15:42:46 +0100 Subject: deploy check_mk on monitoring server --- puppet/modules/site_nagios/manifests/server.pp | 3 +- .../site_nagios/manifests/server/check_mk.pp | 48 +++++++++++++++------- 2 files changed, 35 insertions(+), 16 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 6ade7d06..59a3bbb0 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -51,6 +51,7 @@ class site_nagios::server inherits nagios::base { create_resources ( site_nagios::add_host, $hosts ) - include site_nagios::apache + include site_nagios::server::apache + include site_nagios::server::check_mk include site_shorewall::monitor } diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp index c6676d76..75bd4538 100644 --- a/puppet/modules/site_nagios/manifests/server/check_mk.pp +++ b/puppet/modules/site_nagios/manifests/server/check_mk.pp @@ -1,24 +1,42 @@ class site_nagios::server::check_mk { + $ssh_hash = hiera('ssh') + $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] + $type = $ssh_hash['authorized_keys']['monitor']['type'] + $seckey = $ssh_hash['monitor']['private_key'] + $all_hosts = '"localhost", "plain1"' + + package { 'check-mk-server': + ensure => installed, + } + # override paths to use the system check_mk rather than OMD class { 'check_mk::config': - site => '', - etc_dir => '/etc', - bin_dir => '/usr/bin', - host_groups => undef + site => '', + etc_dir => '/etc', + nagios_subdir => 'nagios3', + bin_dir => '/usr/bin', + host_groups => undef, + require => Package['check-mk-server'] } file { - '/etc/nagios/check_mk': - ensure => directory, - owner => root, - group => root, - mode => '0755'; - - '/etc/nagios/check_mk/.ssh': - ensure => directory, - owner => root, - group => root, - mode => '0755'; + '/etc/check_mk/conf.d/use_ssh.mk': + source => 'puppet:///modules/site_check_mk/use_ssh.mk', + notify => Exec['check_mk-refresh']; + '/etc/check_mk/all_hosts_static': + content => $all_hosts, + notify => Exec['check_mk-refresh']; + '/etc/check_mk/.ssh': + ensure => directory; + '/etc/check_mk/.ssh/id_rsa': + content => $seckey, + owner => 'nagios', + mode => '0600'; + '/etc/check_mk/.ssh/id_rsa.pub': + content => "${type} ${pubkey} monitor", + owner => 'nagios', + mode => '0644'; } + } -- cgit v1.2.3 From 313b91b77cf4496d7cc31c46ef1e8e69ed53610c Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 8 Feb 2014 00:04:23 +0100 Subject: restricted check_mk ssh login a bit more --- puppet/modules/site_nagios/manifests/client.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/client.pp b/puppet/modules/site_nagios/manifests/client.pp index cb72db54..ff569142 100644 --- a/puppet/modules/site_nagios/manifests/client.pp +++ b/puppet/modules/site_nagios/manifests/client.pp @@ -16,7 +16,7 @@ class site_nagios::client { owner => 'root', group => 'root', mode => '0600', - content => "command=\"/usr/bin/check_mk_agent\",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ${type} ${pubkey} monitor" + content => "command=\"/usr/bin/check_mk_agent\",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty,no-user-rc, ${type} ${pubkey} monitor" } } -- cgit v1.2.3 From f2f019d402345d6133cdfb6274d4b78d44e08ec9 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 8 Feb 2014 13:59:37 +0100 Subject: reload nagios after check_mk --- puppet/modules/site_nagios/manifests/server/check_mk.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp index 75bd4538..02cb8407 100644 --- a/puppet/modules/site_nagios/manifests/server/check_mk.pp +++ b/puppet/modules/site_nagios/manifests/server/check_mk.pp @@ -20,6 +20,8 @@ class site_nagios::server::check_mk { require => Package['check-mk-server'] } + Exec['check_mk-reload'] -> Service['nagios'] + file { '/etc/check_mk/conf.d/use_ssh.mk': source => 'puppet:///modules/site_check_mk/use_ssh.mk', -- cgit v1.2.3 From 6720bdba0c67893de713eee7f753fb582d06aa61 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 8 Feb 2014 14:00:10 +0100 Subject: disable purging of /etc/nagios3 and /etc/nagios3/conf.d --- puppet/modules/site_nagios/manifests/server/purge.pp | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp index 39735cd3..18993586 100644 --- a/puppet/modules/site_nagios/manifests/server/purge.pp +++ b/puppet/modules/site_nagios/manifests/server/purge.pp @@ -1,7 +1,17 @@ -class site_nagios::server::purge { - exec {'purge_conf.d': - command => '/bin/rm -rf /etc/nagios3/conf.d/*', - onlyif => 'test -e /etc/nagios3/conf.d' +class site_nagios::server::purge inherits nagios::base { + # we don't want to get /etc/nagios3 and /etc/nagios3/conf.d + # purged, cause the check-mk-config-nagios3 package + # places its templates in /etc/nagios3/conf.d/check_mk, + # and check_mk -O updated it's nagios config in /etc/nagios3/conf.d/check_mk + File['nagios_cfgdir'] { + purge => false + } + File['nagios_confd'] { + purge => false } + exec {'purge_conf.d': + command => '/bin/rm -f /etc/nagios3/conf.d/nagios_*', + onlyif => 'find /etc/nagios3/conf.d/ | grep -q "/etc/nagios3/conf.d/nagios_"' + } } -- cgit v1.2.3 From df342b1d4a12ea14aaaede6d876cca16028ba9a2 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 10 Feb 2014 18:33:05 +0100 Subject: add all nodes to check_mk main.mk config --- puppet/modules/site_nagios/manifests/server/check_mk.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp index 02cb8407..5e0795c1 100644 --- a/puppet/modules/site_nagios/manifests/server/check_mk.pp +++ b/puppet/modules/site_nagios/manifests/server/check_mk.pp @@ -4,7 +4,10 @@ class site_nagios::server::check_mk { $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] $type = $ssh_hash['authorized_keys']['monitor']['type'] $seckey = $ssh_hash['monitor']['private_key'] - $all_hosts = '"localhost", "plain1"' + + $nagios_hiera = hiera_hash('nagios') + $hosts = $nagios_hiera['hosts'] + $all_hosts = inline_template("<% @hosts.keys.sort.each do |key| -%>\"<%= key %>\", <% end -%>") package { 'check-mk-server': ensure => installed, -- cgit v1.2.3 From 9a13819dbe7c8e8a51f802356e6fbebe32a7a11f Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 11 Feb 2014 17:39:12 +0100 Subject: use use_ssh.mk as template, include ssh port --- puppet/modules/site_nagios/manifests/server/check_mk.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp index 5e0795c1..f0fd3a76 100644 --- a/puppet/modules/site_nagios/manifests/server/check_mk.pp +++ b/puppet/modules/site_nagios/manifests/server/check_mk.pp @@ -4,6 +4,7 @@ class site_nagios::server::check_mk { $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] $type = $ssh_hash['authorized_keys']['monitor']['type'] $seckey = $ssh_hash['monitor']['private_key'] + $ssh_port = $ssh_hash['port'] $nagios_hiera = hiera_hash('nagios') $hosts = $nagios_hiera['hosts'] @@ -27,8 +28,8 @@ class site_nagios::server::check_mk { file { '/etc/check_mk/conf.d/use_ssh.mk': - source => 'puppet:///modules/site_check_mk/use_ssh.mk', - notify => Exec['check_mk-refresh']; + content => template('site_check_mk/use_ssh.mk'), + notify => Exec['check_mk-refresh']; '/etc/check_mk/all_hosts_static': content => $all_hosts, notify => Exec['check_mk-refresh']; -- cgit v1.2.3 From 142eee6d9162c762c35fb79312ec572ce274b6d0 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 11 Feb 2014 17:39:37 +0100 Subject: properly purge nagios3/conf.d dir --- puppet/modules/site_nagios/manifests/server/purge.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp index 18993586..1c12cfb0 100644 --- a/puppet/modules/site_nagios/manifests/server/purge.pp +++ b/puppet/modules/site_nagios/manifests/server/purge.pp @@ -10,8 +10,9 @@ class site_nagios::server::purge inherits nagios::base { purge => false } + # only purge find in the /etc/nagios3/conf.d/ dir, not in any subdir exec {'purge_conf.d': - command => '/bin/rm -f /etc/nagios3/conf.d/nagios_*', - onlyif => 'find /etc/nagios3/conf.d/ | grep -q "/etc/nagios3/conf.d/nagios_"' + command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;', + onlyif => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"' } } -- cgit v1.2.3 From efc3e3eaa0788271cf61155d7e9be4d46e6e9d47 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 12 Feb 2014 16:26:59 +0100 Subject: moved check_mk server and client class to site_check_mk module --- puppet/modules/site_nagios/manifests/client.pp | 22 ---------- puppet/modules/site_nagios/manifests/init.pp | 2 +- puppet/modules/site_nagios/manifests/server.pp | 2 +- .../site_nagios/manifests/server/check_mk.pp | 48 ---------------------- 4 files changed, 2 insertions(+), 72 deletions(-) delete mode 100644 puppet/modules/site_nagios/manifests/client.pp delete mode 100644 puppet/modules/site_nagios/manifests/server/check_mk.pp (limited to 'puppet/modules/site_nagios/manifests') diff --git a/puppet/modules/site_nagios/manifests/client.pp b/puppet/modules/site_nagios/manifests/client.pp deleted file mode 100644 index ff569142..00000000 --- a/puppet/modules/site_nagios/manifests/client.pp +++ /dev/null @@ -1,22 +0,0 @@ -class site_nagios::client { - - $ssh_hash = hiera('ssh') - $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] - $type = $ssh_hash['authorized_keys']['monitor']['type'] - - class { 'check_mk::agent': - agent_package_name => 'check-mk-agent', - agent_logwatch_package_name => 'check-mk-agent-logwatch', - method => 'ssh', - homedir => '/etc/nagios/check_mk', - register_agent => false - } - - file { '/root/.ssh/authorized_keys2': - owner => 'root', - group => 'root', - mode => '0600', - content => "command=\"/usr/bin/check_mk_agent\",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty,no-user-rc, ${type} ${pubkey} monitor" - } - -} diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp index c3cfa02e..eb08cdcb 100644 --- a/puppet/modules/site_nagios/manifests/init.pp +++ b/puppet/modules/site_nagios/manifests/init.pp @@ -1,6 +1,6 @@ class site_nagios { tag 'leap_service' Class['site_config::default'] -> Class['site_nagios'] - + include site_nagios::server } diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index d740d8b7..b1795826 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -46,6 +46,6 @@ class site_nagios::server inherits nagios::base { create_resources ( site_nagios::add_host, $hosts ) include site_nagios::server::apache - include site_nagios::server::check_mk + include site_check_mk::server include site_shorewall::monitor } diff --git a/puppet/modules/site_nagios/manifests/server/check_mk.pp b/puppet/modules/site_nagios/manifests/server/check_mk.pp deleted file mode 100644 index f0fd3a76..00000000 --- a/puppet/modules/site_nagios/manifests/server/check_mk.pp +++ /dev/null @@ -1,48 +0,0 @@ -class site_nagios::server::check_mk { - - $ssh_hash = hiera('ssh') - $pubkey = $ssh_hash['authorized_keys']['monitor']['key'] - $type = $ssh_hash['authorized_keys']['monitor']['type'] - $seckey = $ssh_hash['monitor']['private_key'] - $ssh_port = $ssh_hash['port'] - - $nagios_hiera = hiera_hash('nagios') - $hosts = $nagios_hiera['hosts'] - $all_hosts = inline_template("<% @hosts.keys.sort.each do |key| -%>\"<%= key %>\", <% end -%>") - - package { 'check-mk-server': - ensure => installed, - } - - # override paths to use the system check_mk rather than OMD - class { 'check_mk::config': - site => '', - etc_dir => '/etc', - nagios_subdir => 'nagios3', - bin_dir => '/usr/bin', - host_groups => undef, - require => Package['check-mk-server'] - } - - Exec['check_mk-reload'] -> Service['nagios'] - - file { - '/etc/check_mk/conf.d/use_ssh.mk': - content => template('site_check_mk/use_ssh.mk'), - notify => Exec['check_mk-refresh']; - '/etc/check_mk/all_hosts_static': - content => $all_hosts, - notify => Exec['check_mk-refresh']; - '/etc/check_mk/.ssh': - ensure => directory; - '/etc/check_mk/.ssh/id_rsa': - content => $seckey, - owner => 'nagios', - mode => '0600'; - '/etc/check_mk/.ssh/id_rsa.pub': - content => "${type} ${pubkey} monitor", - owner => 'nagios', - mode => '0644'; - } - -} -- cgit v1.2.3