summaryrefslogtreecommitdiff
path: root/puppet/modules/nagios/README
blob: 0c42b4a7259a9df0c773a66679a412fd68aee878 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
Introduction/Notes
==================

This modules was inspired and based on the work of David Schmitt
The immerda project group adapted and improved this module.
Mainly we made it using the new native puppet nagios commands
as well we made it more modular to fit for multidistro usage.

In it's current form, this module can be used on CentOS and Debian.


Overview
========

To use the nagios resources in an puppetmaster setup you need to activate
[storeconfigs](https://docs.puppetlabs.com/puppet/latest/reference/configuration.html#storeconfigs) on the puppetmaster.
You can also use this module in a masterless setup, please set the
`storeconfigs` parameter to `false` when declaring the nafios class.

You need to be running version 0.25 or later of puppet.


Monitor
-------

On one node the "nagios" class has to be included. By default this installs
apache using the "apache" module. To use lighttpd instead, set the "httpd"
parameter to the "nagios" class to "lighttpd", or, if the web server is not to
be managed by puppet, set the "httpd" parameter to "absent".


Hosts
-----

On a node which shall be monitored with nagios, include the "nagios::target".
This just creates a host declaration for this host's "$::ipaddress" fact. If
the $::ipaddress of your target is not the one you wish to modify, you can use
"nagios::target::fqdn" instead, which will use the $::fqdn fact of the host instead.

Pass the $parents variable to the target class for enabling the reachability
features of nagios. If a node needs more customisation, use the
native "@@nagios_host" type directly (the double-ampersand declares the object
as an exported resource).

To monitor hosts not managed by puppet, add "nagios_host" objects to the
monitoring node. The required parameters are "alias", "address" and "use". If
you don't specify a proper nagios template with the "use" parameter, some extra
parameters are needed. You may look up the nagios documentation for this.


Services
--------

Services can be monitored by using the "nagios::service" component.

The simplest form is:

    nagios::service { 'check_http':
        check_command => 'http_port!80',
    }

The intention being obviously to put such declarations into a component defining
a service, thereby being automatically applied together with all instances of
the service.

Obviously, the check command must either be defined using nagios_command objects
(some are supplied in nagios::defaults::commands) or in the nagios configuration
files directly.

NRPE client configuration
=========================

To setup a machine as an NRPE client, the class 'nagios::nrpe' should be used:

    class { 'nagios::nrpe':
      allowed_hosts => '10.2.3.4,10.5.6.7',
    }

The class can take the following parameters to change configuration or
configuration directory:

 * $cfg_dir : Defines the path to the NRPE configuration. The default is to use
   the path used by packages per your distro.

 * $pid_file : Sets the path of the PID file. The default value is the path
   used by init script shipped with your distro's packages.

 * $plugin_dir : Defines the path in which nagios plugins that are to be
   executed with NRPE commands are stored. The default value is the path where
   your distro's nagios package stores plugins.

 * $server_address : The IP address to which the NRPE client daemon should
   bind. The default behaviour is to bind to all IPs.

 * $allowed_hosts : A string containing a comma-separated list of host IPs that
   are allowed to request NRPE commands to be run. The default value is to
   allow only 127.0.0.1, so you might want to pass in a list of additional host
   IPs.

 * $dont_blame : A string that enables ('1') or disables ('0') NRPE command
   arguments. Enabling arguments can lead to potentials of shell escapes so it
   should be used with caution and only if absolutely needed. This is disabled
   by default.

NRPE Services
-------------

Some Nagios services need to be checked via NRPE. The following will make the
nagios server define a service that will check the NRPE command 'check_cpu' on
the current node:

    nagios::service { 'CPU Usage':
      use_nrpe => true,
      check_command => "check_cpu",
      nrpe_args => "-t 60"
    }

NRPE Commands
-------------

To be able to call NRPE commands on a host, one needs to define that command
and what it is going to execute:

    nagios::nrpe::command { 'debsums':
      check_command => '/usr/lib/nagios/plugins/check_debsums openssh-server'
    }


Upgrade Notes
=============

The nagios::target bits have been reworked, the notable changes that
may affect an upgrade are:

. previous versions had nagios::target::nat which used the $::fqdn for
the address part of nagios::target, this has been renamed to
nagios::target::fqdn to be more clear. if you were using
nagios::target::nat then you will need to change those references to
::fqdn

. previous versions of this module used $::fqdn for the nagios::target
address, now it is using $::ipaddress. If you need $::fqdn, use
nagios::target::fqdn instead of nagios::target

. previous versions of nagios_host used the parameter named 'ip', that
has been changed to 'address'


IRC bot
=======

Notifications can easily be sent to an IRC channel by using a bot. To do so,
simply include 'nagios::irc_bot' on the nagios server and define the right
$nagios_nsa_* variables (see the 'Variables' section below).

You can then use the notification commands 'notify-by-irc' and
'host-notify-by-irc' with service and host definitions to make them report
state changes over IRC.

Caveats
=======


Consistency/Validation/Verification
-----------------------------------

After convergance of the configuration, the system is obviously consistent.
That is, all defined services are monitored. The problem is though, that it is
neither automatically valid - it is not guaranteed that all components declare a
nagios::service - and even if the configuration is valid it definitly is
unverified, since that is always a judgment call for an external observer.


Removal of nagios objects
-------------------------

This module does not automatically purge nagios objects such as hosts and
services that become absent from the manifests. One must set ensure => absent
to guarantee the removal of nagios objects from the configuration as desired.


Templates not supported using native types
------------------------------------------

Templates of hosts and services cannot yet be defined using native types. In
this module, they are provided using a file resource by the class
nagios::defaults::templates

See : http://projects.reductivelabs.com/issues/1180


Variables
=========

Options to change the behavior of the nagios class:

- allow_external_cmd: Set to true, if you'd like to ensure that your http
                      daemon can write to the external command file. You
                      may also need to flip "check_external_commands" in
                      "nagios.cfg" to enable this functionality.

For the irc_bot class:

- nsa_socket: This optional variable can be used to specify the path to
              the socket file that the IRC daemon should use.

- nsa_server: When using the IRC bot, this defines the server address of
              the IRC network on which the bot will connect.

- nsa_port: Defines the port number on the IRC server on which the bot
            should connect. When this variable is not set, the port used
            by default is 6667.

- nsa_nickname: This is the nickname that the IRC bot will take.

- nsa_password: Some networks require a password to connect to them.
                This defines such a password.

- nsa_channel: The name of the channel that the IRC bot will join and
               will post notifications to.

- nsa_pidfile: This optional variable can be used to define the path to
               the file that will contain the process ID of the IRC bot
               daemon.
- nsa_realname: The IRC bot user's real name that will be displayed. By
                default, the real name is 'Nagios'.

- nsa_usenotices: The IRC bot will by default "say" to the channel the
                  nagios message, but you can switch this variable to
                  'notice' if you would prefer them to be sent as IRC
                  NOTICE messages.

PNP4Nagios integration
======================

For PNP4Nagios integration information, please see README.pnp4nagios

Examples
========

Usage example:

~~~
node nagios {

  class { 'nagios': } -> class { 'nagios::defaults': }

  # Declare another nagios command
  nagios::command { http_port:
     command_line => '/usr/lib/nagios/plugins/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'
  }

  # Declare unmanaged hosts
  nagios_host {
    'router01.mydomain.com':
      alias   => 'router01',
      notes   => 'MyDomain Gateway',
      address => '10.0.0.1',
      use     => 'generic-host';
    'router02.mydomain.com':
      alias   => 'router02',
      address => '192.168.0.1',
      parents => 'router01',
      use     => 'generic-host';
  }

}


node target {

  # Monitor this host
  class{'nagios::target':
   parents = 'router01'
  }

  # monitor a service
  $apache2_port = 8080
  include apache2

  # This actually does this somewhere:
  #nagios::service { "http_${apache2_port}":
  #       check_command => "http_port!${apache2_port}"
  #}

}
~~~

TODO
====

- Provide a default http vhost
- Add facility to deploy nagios plugins
- Add more useful commands and services
- When Puppet will support them, supply nagios templates using native types


License
=======

Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
See the file LICENSE in the top directory for the full license.

Copyright (C) 2010 Riseup Networks <micah@riseup.net>