From 8b0910f1caf19884b6b46976b72536ee1f570ed5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 15 Sep 2015 11:52:20 -0400 Subject: Fix server-status availability to tor hidden services (#7456) Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb --- puppet/modules/site_nagios/manifests/server.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index cb6c8d95..60a471b7 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -32,6 +32,7 @@ class site_nagios::server inherits nagios::base { } include site_apache::common + include site_webapp::common_vhost include site_apache::module::headers File ['nagios_htpasswd'] { -- cgit v1.2.3 From 19e5d23e3fe34199265117e033acfabc3cff9109 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 12 Oct 2015 16:30:58 +0200 Subject: [feat] Remove tapicero couchdb user - Resolves: #7514 --- puppet/modules/site_nagios/manifests/init.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp index eb08cdcb..40ae4b86 100644 --- a/puppet/modules/site_nagios/manifests/init.pp +++ b/puppet/modules/site_nagios/manifests/init.pp @@ -1,6 +1,10 @@ +# setup nagios on monitoring node class site_nagios { tag 'leap_service' Class['site_config::default'] -> Class['site_nagios'] include site_nagios::server + + # remove leftovers on monitoring nodes + include site_config::remove::monitoring } -- cgit v1.2.3 From eda35dc4f8a9bb5dab84d917c7a9e9a058ba8d2f Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 13 Oct 2015 11:49:20 -0400 Subject: Update resource_file to not include /private/ as this is not used anymore by the nagios module, and our config template has drifted. Fixes: #7527 Change-Id: I56c3492056fcb95c499cf78b893249adcf0ae67f --- puppet/modules/site_nagios/files/configs/Debian/nagios.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg index 0d729b8c..981dc12a 100644 --- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg +++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg @@ -70,7 +70,7 @@ precached_object_file=/var/lib/nagios3/objects.precache # defined as macros in this file and restrictive permissions (600) # can be placed on this file. -resource_file=/etc/nagios3/private/resource.cfg +resource_file=/etc/nagios3/resource.cfg -- cgit v1.2.3 From 20dd8f27004a5dac0ad68113f4b8038cb34bc791 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 5 Nov 2015 21:13:31 +0100 Subject: [bug] [jessie] Load needed modules for apache 2.4 - Related: #6920 --- puppet/modules/site_nagios/manifests/server.pp | 2 +- puppet/modules/site_nagios/manifests/server/apache.pp | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 60a471b7..5c833508 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -33,7 +33,7 @@ class site_nagios::server inherits nagios::base { include site_apache::common include site_webapp::common_vhost - include site_apache::module::headers + include apache::module::headers File ['nagios_htpasswd'] { source => undef, diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp index 8dbc7e9b..7de477cd 100644 --- a/puppet/modules/site_nagios/manifests/server/apache.pp +++ b/puppet/modules/site_nagios/manifests/server/apache.pp @@ -1,7 +1,25 @@ +# set up apache for nagios class site_nagios::server::apache { + include x509::variables + include site_config::x509::commercial::cert include site_config::x509::commercial::key include site_config::x509::commercial::ca + include apache::module::authn_file + # "AuthUserFile" + include apache::module::authz_user + # "AuthType Basic" + include apache::module::auth_basic + # "DirectoryIndex" + include apache::module::dir + include apache::module::php5 + include apache::module::cgi + + # apache >= 2.4, debian jessie + if ( versioncmp($::apache_version, '2.4') >= 0 ) { + include apache::module::authn_core + } + } -- cgit v1.2.3 From 5e78892e07d94d3d3da8d97fef9d67a15297070d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 16 Nov 2015 13:46:35 +0100 Subject: [bug] use $lsbdistcodename to query apache version Using $::apache_version won't work because the facts are evaluated before compiling the catalog and with this, before the installation of apache. so on an install from scratch, this fact won't contain anything. --- puppet/modules/site_nagios/manifests/server/apache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/server/apache.pp b/puppet/modules/site_nagios/manifests/server/apache.pp index 7de477cd..82962e89 100644 --- a/puppet/modules/site_nagios/manifests/server/apache.pp +++ b/puppet/modules/site_nagios/manifests/server/apache.pp @@ -18,7 +18,7 @@ class site_nagios::server::apache { include apache::module::cgi # apache >= 2.4, debian jessie - if ( versioncmp($::apache_version, '2.4') >= 0 ) { + if ( $::lsbdistcodename == 'jessie' ) { include apache::module::authn_core } -- cgit v1.2.3 From 150579fb14716892cc3e4d7d9c0f81b30d56f03a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Apr 2015 23:16:00 +0200 Subject: restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd --- puppet/modules/site_nagios/manifests/init.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/init.pp b/puppet/modules/site_nagios/manifests/init.pp index 40ae4b86..f91bfc26 100644 --- a/puppet/modules/site_nagios/manifests/init.pp +++ b/puppet/modules/site_nagios/manifests/init.pp @@ -1,6 +1,9 @@ # setup nagios on monitoring node class site_nagios { tag 'leap_service' + + include site_config::default + Class['site_config::default'] -> Class['site_nagios'] include site_nagios::server -- cgit v1.2.3 From db3edbb51b2f3617eb97f203e0cc6ac4f51d98c7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Feb 2016 22:30:06 +0100 Subject: [bug] Adopt ncli aliases to new version of icli - Resolves: #7887 --- puppet/modules/site_nagios/templates/icli_aliases.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/templates/icli_aliases.erb b/puppet/modules/site_nagios/templates/icli_aliases.erb index f1428f9e..bcb2abb0 100644 --- a/puppet/modules/site_nagios/templates/icli_aliases.erb +++ b/puppet/modules/site_nagios/templates/icli_aliases.erb @@ -3,5 +3,5 @@ alias ncli_problems='ncli -z '!o,!A'' <% @environments.keys.sort.each do |env_name| %> alias ncli_<%= env_name %>='ncli -z '!o,!A' -g <%= env_name %>' -alias ncli_<%= env_name %>_recheck='ncli -s Check_MK -g <%= env_name %> -r' -<% end -%> \ No newline at end of file +alias ncli_<%= env_name %>_recheck='ncli -s Check_MK -g <%= env_name %> -a R' +<% end -%> -- cgit v1.2.3 From ee4fc33396aa52f9ec797fd431b3027d88fa1aa7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 2 Mar 2016 13:03:12 +0100 Subject: Dont recreate nagios resources on every run Use purging of nagios resources in a way that not all resources are recreated on every puppetrun. Resolves: #2327 --- .../site_nagios/files/configs/Debian/nagios.cfg | 24 ++++++++++++--- puppet/modules/site_nagios/manifests/server.pp | 36 +++++++++++++++++----- .../site_nagios/manifests/server/hostgroup.pp | 5 ++- .../modules/site_nagios/manifests/server/purge.pp | 19 ------------ 4 files changed, 52 insertions(+), 32 deletions(-) delete mode 100644 puppet/modules/site_nagios/manifests/server/purge.pp (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg index 981dc12a..695f437b 100644 --- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg +++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg @@ -22,18 +22,32 @@ log_file=/var/log/nagios3/nagios.log # if you wish (as shown below), or keep them all in a single config file. #cfg_file=/etc/nagios3/commands.cfg -# Puppet-managed configuration files -cfg_dir=/etc/nagios3/conf.d +# Check_mk configuration files +cfg_dir=/etc/nagios3/conf.d/check_mk -# check-mk managed configuration files -cfg_dir=/etc/nagios3/local +# Puppet-managed configuration files +cfg_file=/etc/nagios3/nagios_templates.cfg +cfg_file=/etc/nagios3/nagios_command.cfg +cfg_file=/etc/nagios3/nagios_contact.cfg +cfg_file=/etc/nagios3/nagios_contactgroup.cfg +cfg_file=/etc/nagios3/nagios_host.cfg +cfg_file=/etc/nagios3/nagios_hostdependency.cfg +cfg_file=/etc/nagios3/nagios_hostescalation.cfg +cfg_file=/etc/nagios3/nagios_hostextinfo.cfg +cfg_file=/etc/nagios3/nagios_hostgroup.cfg +cfg_file=/etc/nagios3/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios3/nagios_service.cfg +cfg_file=/etc/nagios3/nagios_servicedependency.cfg +cfg_file=/etc/nagios3/nagios_serviceescalation.cfg +cfg_file=/etc/nagios3/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios3/nagios_servicegroup.cfg +cfg_file=/etc/nagios3/nagios_timeperiod.cfg # Debian also defaults to using the check commands defined by the debian # nagios-plugins package cfg_dir=/etc/nagios-plugins/config - # OBJECT CACHE FILE # This option determines where object definitions are cached when # Nagios starts/restarts. The CGIs read object definitions from diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 5c833508..bb3948c0 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -1,8 +1,7 @@ # configures nagios on monitoring node +# lint:ignore:inherits_across_namespaces class site_nagios::server inherits nagios::base { - - # First, purge old nagios config (see #1467) - class { 'site_nagios::server::purge': } +# lint:endignore $nagios_hiera = hiera('nagios') $nagiosadmin_pw = htpasswd_sha1($nagios_hiera['nagiosadmin_pw']) @@ -25,10 +24,33 @@ class site_nagios::server inherits nagios::base { stored_config => false, } - file { '/etc/apache2/conf.d/nagios3.conf': - ensure => link, - target => '/usr/share/doc/nagios3-common/examples/apache2.conf', - notify => Service['apache'] + # Delete nagios config files provided by packages + # These don't get parsed by nagios.conf, but are + # still irritating duplicates to the real config + # files deployed by puppet in /etc/nagios3/ + file { [ + '/etc/nagios3/conf.d/contacts_nagios2.cfg', + '/etc/nagios3/conf.d/extinfo_nagios2.cfg', + '/etc/nagios3/conf.d/generic-host_nagios2.cfg', + '/etc/nagios3/conf.d/generic-service_nagios2.cfg', + '/etc/nagios3/conf.d/hostgroups_nagios2.cfg', + '/etc/nagios3/conf.d/localhost_nagios2.cfg', + '/etc/nagios3/conf.d/pnp4nagios.cfg', + '/etc/nagios3/conf.d/services_nagios2.cfg', + '/etc/nagios3/conf.d/timeperiods_nagios2.cfg' ]: + ensure => absent; + } + + # deploy apache nagios3 config + # until https://gitlab.com/shared-puppet-modules-group/apache/issues/11 + # is not fixed, we need to manually deploy the config file + file { + '/etc/apache2/conf-available/nagios3.conf': + ensure => present, + source => 'puppet:///modules/nagios/configs/apache2.conf'; + '/etc/apache2/conf-enabled/nagios3.conf': + ensure => link, + target => '/etc/apache2/conf-available/nagios3.conf'; } include site_apache::common diff --git a/puppet/modules/site_nagios/manifests/server/hostgroup.pp b/puppet/modules/site_nagios/manifests/server/hostgroup.pp index 6f85ca6d..25623924 100644 --- a/puppet/modules/site_nagios/manifests/server/hostgroup.pp +++ b/puppet/modules/site_nagios/manifests/server/hostgroup.pp @@ -1,3 +1,6 @@ +# create a nagios hostsgroup define site_nagios::server::hostgroup ($contact_emails) { - nagios_hostgroup { $name: } + nagios_hostgroup { $name: + ensure => present + } } diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp deleted file mode 100644 index 6815a703..00000000 --- a/puppet/modules/site_nagios/manifests/server/purge.pp +++ /dev/null @@ -1,19 +0,0 @@ -class site_nagios::server::purge inherits nagios::base { - # we don't want to get /etc/nagios3 and /etc/nagios3/conf.d - # purged, cause the check-mk-config-nagios3 package - # places its templates in /etc/nagios3/conf.d/check_mk, - # and check_mk -O updated it's nagios config in /etc/nagios3/conf.d/check_mk - File['nagios_cfgdir'] { - purge => false - } - File['nagios_confd'] { - purge => false - } - - # only purge files in the /etc/nagios3/conf.d/ dir, not in any subdir - exec {'purge_conf.d': - command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;', - onlyif => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"', - require => Package['nagios'] - } -} -- cgit v1.2.3 From f8a54119d7b7b3a3e5042c4ed3bfd03ebb88a544 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 9 Mar 2016 18:04:55 +0100 Subject: [bug] Adopt new parameters from nagios and check_mk module --- puppet/modules/site_nagios/manifests/server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index bb3948c0..5939c82b 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -21,7 +21,7 @@ class site_nagios::server inherits nagios::base { # it in site_apache::common httpd => 'absent', allow_external_cmd => true, - stored_config => false, + storeconfigs => false, } # Delete nagios config files provided by packages -- cgit v1.2.3 From 91251fd30a7b1e5baa17aeff932d8bd13c370d8a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Mar 2016 13:52:06 +0100 Subject: Add Dependencies to site_nagios resources --- puppet/modules/site_nagios/manifests/server.pp | 8 +++++--- puppet/modules/site_nagios/manifests/server/add_contacts.pp | 4 +++- puppet/modules/site_nagios/manifests/server/contactgroup.pp | 4 +++- puppet/modules/site_nagios/manifests/server/hostgroup.pp | 3 ++- 4 files changed, 13 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 5939c82b..aa9b956e 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -46,11 +46,13 @@ class site_nagios::server inherits nagios::base { # is not fixed, we need to manually deploy the config file file { '/etc/apache2/conf-available/nagios3.conf': - ensure => present, - source => 'puppet:///modules/nagios/configs/apache2.conf'; + ensure => present, + source => 'puppet:///modules/nagios/configs/apache2.conf', + require => [ Package['nagios3'], Package['apache2'] ]; '/etc/apache2/conf-enabled/nagios3.conf': ensure => link, - target => '/etc/apache2/conf-available/nagios3.conf'; + target => '/etc/apache2/conf-available/nagios3.conf', + require => [ Package['nagios3'], Package['apache2'] ]; } include site_apache::common diff --git a/puppet/modules/site_nagios/manifests/server/add_contacts.pp b/puppet/modules/site_nagios/manifests/server/add_contacts.pp index db507abf..b5c6f0a5 100644 --- a/puppet/modules/site_nagios/manifests/server/add_contacts.pp +++ b/puppet/modules/site_nagios/manifests/server/add_contacts.pp @@ -1,3 +1,4 @@ +# configure a nagios_contact define site_nagios::server::add_contacts ($contact_emails) { $environment = $name @@ -11,6 +12,7 @@ define site_nagios::server::add_contacts ($contact_emails) { host_notification_options => 'd,r', service_notification_commands => 'notify-service-by-email', host_notification_commands => 'notify-host-by-email', - email => join($contact_emails, ', ') + email => join($contact_emails, ', '), + require => Package['nagios'] } } diff --git a/puppet/modules/site_nagios/manifests/server/contactgroup.pp b/puppet/modules/site_nagios/manifests/server/contactgroup.pp index 188c54f1..5e60dd06 100644 --- a/puppet/modules/site_nagios/manifests/server/contactgroup.pp +++ b/puppet/modules/site_nagios/manifests/server/contactgroup.pp @@ -1,6 +1,8 @@ +# configure a contactgroup define site_nagios::server::contactgroup ($contact_emails) { nagios_contactgroup { $name: - members => $name + members => $name, + require => Package['nagios'] } } diff --git a/puppet/modules/site_nagios/manifests/server/hostgroup.pp b/puppet/modules/site_nagios/manifests/server/hostgroup.pp index 25623924..0692fced 100644 --- a/puppet/modules/site_nagios/manifests/server/hostgroup.pp +++ b/puppet/modules/site_nagios/manifests/server/hostgroup.pp @@ -1,6 +1,7 @@ # create a nagios hostsgroup define site_nagios::server::hostgroup ($contact_emails) { nagios_hostgroup { $name: - ensure => present + ensure => present, + require => Package['nagios'] } } -- cgit v1.2.3 From e3112d668a0c8bf334696a251bfc1b5af12ee844 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Mar 2016 21:28:46 +0100 Subject: [feat] add /etc/nagios3/conf.d/local as confdir - Related: #2327 --- puppet/modules/site_nagios/files/configs/Debian/nagios.cfg | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_nagios') diff --git a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg index 695f437b..62f26f2c 100644 --- a/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg +++ b/puppet/modules/site_nagios/files/configs/Debian/nagios.cfg @@ -24,6 +24,7 @@ log_file=/var/log/nagios3/nagios.log # Check_mk configuration files cfg_dir=/etc/nagios3/conf.d/check_mk +cfg_dir=/etc/nagios3/local # Puppet-managed configuration files cfg_file=/etc/nagios3/nagios_templates.cfg -- cgit v1.2.3