summaryrefslogtreecommitdiff
path: root/example/site_check_mk
diff options
context:
space:
mode:
authorkwadronaut <kwadronaut@leap.se>2018-11-14 11:09:02 +0100
committerkwadronaut <kwadronaut@leap.se>2018-11-14 11:09:02 +0100
commit06b521b6887d33b4cfa650c0d26850c8d1cc0ef8 (patch)
treecaa0bac49dfd2573462acef06b68d2ea69d8cdb8 /example/site_check_mk
parent6ffee2d778992b783bd29a1ddeaab61baf6d47aa (diff)
parent15aba17d007e076ea09e50c837081ee1bec1b301 (diff)
Merge remote-tracking branch 'shared/master'HEADmaster
Diffstat (limited to 'example/site_check_mk')
-rw-r--r--example/site_check_mk/README9
-rw-r--r--example/site_check_mk/files/adjust.mk12
-rw-r--r--example/site_check_mk/files/agent/apt/check_apt15
-rw-r--r--example/site_check_mk/files/agent/logwatch/syslog_header.cfg1
-rw-r--r--example/site_check_mk/files/agent/logwatch/syslog_tail.cfg11
-rw-r--r--example/site_check_mk/files/host_contactgroups.mk3
-rw-r--r--example/site_check_mk/files/ignore.mk97
-rw-r--r--example/site_check_mk/files/nohost.mk3
-rw-r--r--example/site_check_mk/files/parents.mk8
-rw-r--r--example/site_check_mk/files/submission.mk4
-rw-r--r--example/site_check_mk/files/use_ssh.mk4
-rw-r--r--example/site_check_mk/manifests/agent.pp50
-rw-r--r--example/site_check_mk/manifests/agent/apt.pp25
-rw-r--r--example/site_check_mk/manifests/agent/logwatch.pp36
-rw-r--r--example/site_check_mk/manifests/agent/logwatch/syslog.pp18
-rw-r--r--example/site_check_mk/manifests/server.pp96
16 files changed, 392 insertions, 0 deletions
diff --git a/example/site_check_mk/README b/example/site_check_mk/README
new file mode 100644
index 0000000..2cb85a9
--- /dev/null
+++ b/example/site_check_mk/README
@@ -0,0 +1,9 @@
+This is an example site_check_mk module for using the shared check_mk
+module. It is a sterilized version of riseup's site_check_mk, with some
+names changed.
+
+Project page
+ https://labs.riseup.net/code/projects/module-check_mk/
+
+git repo
+ git://labs.riseup.net/module_check_mk
diff --git a/example/site_check_mk/files/adjust.mk b/example/site_check_mk/files/adjust.mk
new file mode 100644
index 0000000..5c0566e
--- /dev/null
+++ b/example/site_check_mk/files/adjust.mk
@@ -0,0 +1,12 @@
+# adjust.mk - checks we need to adjust the defaults
+
+## global defaults
+# memory usage (default 150/200%, float val indicates % of physical RAM)
+memused_default_levels = (90.0, 95.0)
+
+## host overrides
+# some check types cannot be adjusted via check_parameters, so we explicitly
+# create redundant checks using host lists or tags
+checks += [
+ ( ['foo.example.org','bar.example.org'], 'cpu.threads', None, (6000, 7000) ),
+]
diff --git a/example/site_check_mk/files/agent/apt/check_apt b/example/site_check_mk/files/agent/apt/check_apt
new file mode 100644
index 0000000..223dd8a
--- /dev/null
+++ b/example/site_check_mk/files/agent/apt/check_apt
@@ -0,0 +1,15 @@
+#!/bin/sh
+# check_apt wrapper to gather more info about pending packages
+
+# call the original plugin
+MSG=`/usr/lib/nagios/plugins/check_apt $*`
+
+EXIT=$?
+
+echo -n $MSG | sed 's/available for upgrade/upgradable/' | sed 's/ updates//' | sed 's/\./:/'
+
+if [ "$EXIT" != "0" ]
+then
+apt-get -s upgrade|egrep '(^ |wi ll be up|kept back)'|sed 's/The following packages will be upgraded://'| tr '\n' ' ' | sed 's/ */ /g'
+exit $EXIT
+fi
diff --git a/example/site_check_mk/files/agent/logwatch/syslog_header.cfg b/example/site_check_mk/files/agent/logwatch/syslog_header.cfg
new file mode 100644
index 0000000..f60d752
--- /dev/null
+++ b/example/site_check_mk/files/agent/logwatch/syslog_header.cfg
@@ -0,0 +1 @@
+/var/log/syslog
diff --git a/example/site_check_mk/files/agent/logwatch/syslog_tail.cfg b/example/site_check_mk/files/agent/logwatch/syslog_tail.cfg
new file mode 100644
index 0000000..450b9e9
--- /dev/null
+++ b/example/site_check_mk/files/agent/logwatch/syslog_tail.cfg
@@ -0,0 +1,11 @@
+# some general patterns
+ C panic
+ C Oops
+ I Error: Driver 'pcspkr' is already registered, aborting...
+ C Error
+ C error
+ W generic protection rip
+ W .*Unrecovered read error - auto reallocate failed
+# 401 Unauthorized error logged by webapp and possible other
+# applications
+ C Unauthorized
diff --git a/example/site_check_mk/files/host_contactgroups.mk b/example/site_check_mk/files/host_contactgroups.mk
new file mode 100644
index 0000000..aeba291
--- /dev/null
+++ b/example/site_check_mk/files/host_contactgroups.mk
@@ -0,0 +1,3 @@
+host_contactgroups = [
+ ( "sysadmins", ALL_HOSTS ),
+]
diff --git a/example/site_check_mk/files/ignore.mk b/example/site_check_mk/files/ignore.mk
new file mode 100644
index 0000000..33aad11
--- /dev/null
+++ b/example/site_check_mk/files/ignore.mk
@@ -0,0 +1,97 @@
+# ignore.mk - built-in checks we ignore
+ignored_checktypes = [
+# ignored until we can investigate
+"hp_procurve_cpu", "hp_procurve_mem", "hp_procurve_sensors",
+"ipmi", "ipmi_sensors",
+"tcp_conn_stats",
+
+# useful generic types, ignored until we need them
+"if", "if64"
+"local",
+"logwatch",
+
+# postfix_queue is only the full mailq, we have our own check_postfixqueue
+# that can check individual queue (which we filed a feature request for
+# upstream
+"postfix_mailq",
+
+# ignored because we don't want them
+"3ware_disks", "3ware_info", "3ware_units",
+"ad_replication",
+"aironet_clients", "aironet_errors",
+"akcp_sensor_humidity", "akcp_sensor_temp",
+"apc_symmetra", "apc_symmetra_ext_temp", "apc_symmetra_power", "apc_symmetra_temp",
+"bintec_info",
+"blade_bays", "blade_blades", "blade_blowers", "blade_health", "blade_mediatray", "blade_misc", "blade_powerfan", "blade_powermod",
+"bluecoat_diskcpu", "bluecoat_sensors",
+"brocade_fcport",
+"canon_pages",
+"check_mk.only_from",
+"cisco_fan", "cisco_locif", "cisco_power", "cisco_qos", "cisco_temp", "cisco_temp_perf",
+"cmctc.temp",
+"cpsecure_sessions",
+"cups_queues",
+"decru_cpu", "decru_fans", "decru_perf", "decru_power", "decru_temps",
+"dell_powerconnect_cpu", "dell_powerconnect_fans", "dell_powerconnect_psu", "dell_powerconnect_temp",
+"df_netapp", "df_netapp32",
+"dmi_sysinfo",
+"drbd", "drbd.disk", "drbd.net", "drbd.stats",
+"f5_bigip_cluster", "f5_bigip_fans", "f5_bigip_pool", "f5_bigip_psu", "f5_bigip_temp", "f5_bigip_vserver",
+"fc_brocade_port", "fc_brocade_port_detailed",
+"fjdarye60_cadaps", "fjdarye60_cmods", "fjdarye60_cmods_flash",
+"fjdarye60_cmods_mem", "fjdarye60_conencs", "fjdarye60_devencs", "fjdarye60_disks", "fjdarye60_disks.summary", "fjdarye60_expanders", "fjdarye60_inletthmls", "fjdarye60_psus", "fjdarye60_rluns", "fjdarye60_sum", "fjdarye60_syscaps", "fjdarye60_thmls",
+"fsc_fans", "fsc_ipmi_mem_status", "fsc_subsystems", "fsc_temp",
+"h3c_lanswitch_cpu", "h3c_lanswitch_sensors",
+"heartbeat_crm", "heartbeat_crm.resources", "heartbeat_nodes", "heartbeat_rscstatus",
+"hp_blade", "hp_blade_blades", "hp_blade_fan", "hp_blade_manager", "hp_blade_psu",
+"hp_proliant_cpu", "hp_proliant_da_phydrv", "hp_proliant_fans", "hp_proliant_mem", "hp_proliant_psu", "hp_proliant_temp",
+"hpux_cpu", "hpux_if", "hpux_lvm", "hpux_multipath", "hpux_serviceguard",
+"hr_cpu", "hr_fs", "hr_mem",
+"ibm_imm_health", "ibm_rsa_health",
+"if", "if64",
+"ifoperstatus",
+"ironport_misc",
+"j4p_performance.app_sess", "j4p_performance.app_state", "j4p_performance.mem", "j4p_performance.serv_req", "j4p_performance.threads", "j4p_performance.uptime",
+"kernel.util",
+"lparstat_aix",
+"lsi.array", "lsi.disk",
+"mbg_lantime_refclock", "mbg_lantime_state",
+"mcdata_fcport",
+"megaraid_ldisks", "megaraid_pdisks",
+"mem.vmalloc",
+"mem.win",
+"multipath",
+"netapp_cluster", "netapp_vfiler", "netapp_volumes",
+"netctr.combined",
+"netif.link", "netif.params",
+"nfsmounts",
+"ntp", "ntp.time",
+"nvidia.errors", "nvidia.temp",
+"omd_status",
+"oracle_asm_dg", "oracle_asm_disk", "oracle_inst", "oracle_logswitches", "oracle_sessions", "oracle_tablespaces", "oracle_tbs",
+"printer_alerts", "printer_pages", "printer_supply",
+"ps.perf",
+"services",
+"smbios_sel",
+"snia_sml",
+"snmp_info", "snmp_uptime",
+"statgrab_cpu", "statgrab_disk", "statgrab_load", "statgrab_mem", "statgrab_net.ctr", "statgrab_net.link", "statgrab_net.params",
+"steelhead_connections", "steelhead_status",
+"strem1_sensors",
+"superstack3_sensors",
+"sylo",
+"systemtime",
+"tsm_stgpool",
+"ucd_cpu_load", "ucd_cpu_util",
+"ups_capacity", "ups_power",
+"vbox_guest",
+"vms_df", "vms_md", "vms_netif", "vms_sys.mem", "vms_sys.util",
+"vmstat_aix",
+"vmware_state",
+"win_dhcp_pools", "win_dhcp_pools.stats",
+"windows_updates",
+"winperf.cpuusage", "winperf.diskstat", "winperf_msx_queues", "winperf_phydisk", "winperf_processor.util",
+"wmic_process",
+"wut_webtherm",
+"zpool_status"
+]
diff --git a/example/site_check_mk/files/nohost.mk b/example/site_check_mk/files/nohost.mk
new file mode 100644
index 0000000..d0ff73f
--- /dev/null
+++ b/example/site_check_mk/files/nohost.mk
@@ -0,0 +1,3 @@
+# If you want to let nagios define the hosts rather than check_mk,
+# set this to False
+#generate_hostconf = False
diff --git a/example/site_check_mk/files/parents.mk b/example/site_check_mk/files/parents.mk
new file mode 100644
index 0000000..1b54083
--- /dev/null
+++ b/example/site_check_mk/files/parents.mk
@@ -0,0 +1,8 @@
+parents = [
+ # all seattle hosts (except those tagged router) have router.example.org
+ # as a parent
+ ( "router.example.org", ["seattle", "!router"], ALL_HOSTS ),
+
+ # KVM host
+ ( "foo.example.org", [ "vm1.example.org", "vm1.example.org" ] ),
+]
diff --git a/example/site_check_mk/files/submission.mk b/example/site_check_mk/files/submission.mk
new file mode 100644
index 0000000..cead6c3
--- /dev/null
+++ b/example/site_check_mk/files/submission.mk
@@ -0,0 +1,4 @@
+# default is "pipe", but file is more efficient (and default in newer versions)
+check_submission = "file"
+# the default in the debian package is wrong
+check_result_path = "/var/lib/nagios3/spool/checkresults/"
diff --git a/example/site_check_mk/files/use_ssh.mk b/example/site_check_mk/files/use_ssh.mk
new file mode 100644
index 0000000..eee1129
--- /dev/null
+++ b/example/site_check_mk/files/use_ssh.mk
@@ -0,0 +1,4 @@
+# http://mathias-kettner.de/checkmk_datasource_programs.html
+datasource_programs = [
+ ( "ssh -l checkmk -i /etc/check_mk/keys/<HOST>_id_rsa -p 1234 <HOST> sudo /usr/bin/check_mk_agent", ['ssh'], ALL_HOSTS ),
+ ]
diff --git a/example/site_check_mk/manifests/agent.pp b/example/site_check_mk/manifests/agent.pp
new file mode 100644
index 0000000..056b007
--- /dev/null
+++ b/example/site_check_mk/manifests/agent.pp
@@ -0,0 +1,50 @@
+class site_check_mk::agent {
+
+ $tags = hiera('check_mk-tags')
+
+ class { 'check_mk::agent':
+ # FIXME: the check_mk module should be enhanced to detect debian so we
+ # don't need to set these
+ agent_package_name => 'check-mk-agent',
+ agent_logwatch_package_name => 'check-mk-agent-logwatch',
+ # we use ssh rather than xinetd and have puppet generate and collect keys
+ method => 'ssh',
+ generate_sshkey => true,
+ sshuser => 'checkmk',
+ # where keys get stored on the check-mk-server (default is an OMD dir)
+ keydir => '/etc/check_mk/keys',
+ # we(riseup) override where authorized keys are stored, since we use a
+ # central directory of user named files rather than
+ # ~user/.ssh/authorized_keys
+ authdir => '/etc/ssh/authorized_keys',
+ authfile => 'checkmk',
+ host_tags => $tags
+ }
+
+ # we ssh as the checkmk user and allow checkmk to run check_mk_agent
+ # with sudo (rather than ssh as root)
+ if !defined(User[checkmk]) {
+ user { 'checkmk':
+ ensure => 'present',
+ home => '/usr/lib/check_mk_agent',
+ gid => 'users',
+ password => '*',
+ comment => 'check_mk agent';
+ }
+ }
+
+ include site_sudo
+
+ sudo::access { 'checkmk':
+ user => 'checkmk',
+ access => 'ALL= NOPASSWD: /usr/bin/check_mk_agent'
+ }
+
+ # include checks we want on all agents here
+ # NOTE: we're currently doing this here, it could also be done within
+ # the actual classes related to the check (as we've done before with munin)
+ include site_check_mk::agent::apt
+
+ # not enabled yet
+ #include site_check_mk::agent::logwatch
+}
diff --git a/example/site_check_mk/manifests/agent/apt.pp b/example/site_check_mk/manifests/agent/apt.pp
new file mode 100644
index 0000000..a74a906
--- /dev/null
+++ b/example/site_check_mk/manifests/agent/apt.pp
@@ -0,0 +1,25 @@
+class site_check_mk::agent::apt {
+ include check_mk::agent::mrpe
+
+
+ # we deliver a wrapper to check_apt that makes it more useful
+ augeas {
+ "Apt":
+ incl => '/etc/check_mk/mrpe.cfg',
+ lens => 'Spacevars.lns',
+ changes => 'set APT "/usr/local/lib/nagios/plugins/check_apt -t 30"',
+ require => [ File['/usr/local/lib/nagios/plugins' ], Package['check-mk-agent'] ];
+ }
+
+ # installing a local plugin, so include this to get the dirs
+ include site_nagios::localplugin
+
+ file {
+ '/usr/local/lib/nagios/plugins/check_apt':
+ source => 'puppet:///modules/site_check_mk/agent/apt/check_apt',
+ owner => root,
+ group => root,
+ mode => '0750',
+ require => [ File['/usr/local/lib/nagios/plugins' ], Package['nagios-plugins-basic'] ];
+ }
+}
diff --git a/example/site_check_mk/manifests/agent/logwatch.pp b/example/site_check_mk/manifests/agent/logwatch.pp
new file mode 100644
index 0000000..423cace
--- /dev/null
+++ b/example/site_check_mk/manifests/agent/logwatch.pp
@@ -0,0 +1,36 @@
+class site_check_mk::agent::logwatch {
+ # Deploy mk_logwatch 1.2.4 so we can split the config
+ # into multiple config files in /etc/check_mk/logwatch.d
+ # see https://leap.se/code/issues/5135
+
+ file { '/usr/lib/check_mk_agent/plugins/mk_logwatch':
+ source => 'puppet:///modules/site_check_mk/agent/plugins/mk_logwatch.1.2.4',
+ mode => '0755',
+ require => Package['check-mk-agent-logwatch']
+ }
+
+ # only config files that watch a distinct logfile should go in logwatch.d/
+ file { '/etc/check_mk/logwatch.d':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ require => Package['check-mk-agent-logwatch']
+ }
+
+ # service that share a common logfile (i.e. /var/log/syslog) need to get
+ # concanated in one file, otherwise the last file sourced will override
+ # the config before
+ # see mk_logwatch: "logwatch.cfg overwrites config files in logwatch.d",
+ # https://leap.se/code/issues/5155
+
+ # first, we need to deploy a custom logwatch.cfg that doesn't include
+ # a section about /var/log/syslog
+
+ file { '/etc/check_mk/logwatch.cfg':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/logwatch.cfg',
+ require => Package['check_mk-agent-logwatch']
+ }
+
+ include concat::setup
+ include site_check_mk::agent::logwatch::syslog
+}
diff --git a/example/site_check_mk/manifests/agent/logwatch/syslog.pp b/example/site_check_mk/manifests/agent/logwatch/syslog.pp
new file mode 100644
index 0000000..c927780
--- /dev/null
+++ b/example/site_check_mk/manifests/agent/logwatch/syslog.pp
@@ -0,0 +1,18 @@
+class site_check_mk::agent::logwatch::syslog {
+
+ concat { '/etc/check_mk/logwatch.d/syslog.cfg':
+ warn => true
+ }
+
+ concat::fragment { 'syslog_header':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog_header.cfg',
+ target => '/etc/check_mk/logwatch.d/syslog.cfg',
+ order => '01';
+ }
+ concat::fragment { 'syslog_tail':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog_tail.cfg',
+ target => '/etc/check_mk/logwatch.d/syslog.cfg',
+ order => '99';
+ }
+
+}
diff --git a/example/site_check_mk/manifests/server.pp b/example/site_check_mk/manifests/server.pp
new file mode 100644
index 0000000..99fee41
--- /dev/null
+++ b/example/site_check_mk/manifests/server.pp
@@ -0,0 +1,96 @@
+class site_check_mk::server {
+
+ # we don't use the main check_mk class, but call things a la carte. The
+ # main class does:
+ # check_mk::install -> we don't want OMD, we install the debian packages
+ # check_mk::config -> we call below with special settings
+ # check_mk::service -> service checks for http/xinetd/omd, we don't want
+ # check_mk::server::configure_ssh -> we call below
+ # FIXME: if the check_mk module was more generic and less OMD focused,
+ # it would just know what to do for a debian install and we could use
+ # the main check_mk class with the right parameters, rather than a la carte
+
+ # install the server package, this also pulls in check-mk-config-nagios3
+ # FIXME: the check_mk module should be enhanced to better support distro
+ # installs and then we'd just set a $distro parameter and it would
+ # detect debian and install the right packages. But until it does...
+ package { 'check-mk-server':
+ ensure => installed,
+ }
+
+ # the server needs check_icmp (among others)
+ if !defined(Package['nagios-plugins-basic']) {
+ package { 'nagios-plugins-basic': ensure => installed }
+ }
+
+ # flush config for certain config changes
+ # FIXME: after testing, maybe this can go in the generic module
+ exec { 'check_mk-flush':
+ command => "/bin/su -l -c '${bin_dir}/check_mk --flush' ${site}",
+ refreshonly => true,
+ notify => Exec['check_mk-reload'],
+ }
+
+ file {
+ '/etc/check_mk/keys':
+ ensure => directory;
+
+ # don't generate host defines
+ '/etc/check_mk/conf.d/nohost.mk':
+ source => 'puppet:///modules/site_check_mk/nohost.mk',
+ owner => root,
+ group => root,
+ mode => '0644',
+ notify => Exec['check_mk-refresh'];
+
+ # setup parent relationships
+ '/etc/check_mk/conf.d/parents.mk':
+ source => 'puppet:///modules/site_check_mk/parents.mk',
+ owner => root,
+ group => root,
+ mode => '0644',
+ notify => Exec['check_mk-refresh'];
+
+ # checks we ignore (requires a flush to get them to go away)
+ '/etc/check_mk/conf.d/ignore.mk':
+ source => 'puppet:///modules/site_check_mk/ignore.mk',
+ owner => root,
+ group => root,
+ mode => '0644',
+ notify => Exec['check_mk-flush'];
+
+ # checks we adjust (requires reload so checks are recompiled)
+ '/etc/check_mk/conf.d/adjust.mk':
+ source => 'puppet:///modules/site_check_mk/adjust.mk',
+ owner => root,
+ group => root,
+ mode => '0644',
+ notify => Exec['check_mk-reload'];
+
+ # check_icmp must be suid root or called by sudo
+ # see https://leap.se/code/issues/5171
+ '/usr/lib/nagios/plugins/check_icmp':
+ mode => '4755',
+ require => Package['nagios-plugins-basic'];
+ }
+
+ # override paths to use the system check_mk rather than OMD
+ class { 'check_mk::config':
+ # default site is 'monitoring', we set to blank
+ site => '',
+ # etc_dir is an OMD dir by default, we use /etc resulting in /etc/check_mk
+ etc_dir => '/etc',
+ # nagios_subdir is nagios by default, debian uses nagios3
+ nagios_subdir => 'nagios3',
+ # bin_dir is an OMD dir by default, we use the system path for debian
+ bin_dir => '/usr/bin',
+ # all our hosts are in the same group
+ host_groups => undef,
+ # use_storedconfigs default is true, which we want
+ # make sure the check-mk-server is installed or initial config will fail
+ # FIXME: like the above, this should move into the check_mk module
+ require => Package['check-mk-server']
+ }
+
+ class { 'check_mk::server::configure_ssh': }
+}