summaryrefslogtreecommitdiff
path: root/example/site_check_mk/manifests/agent.pp
diff options
context:
space:
mode:
authorkwadronaut <kwadronaut@leap.se>2018-11-14 11:09:02 +0100
committerkwadronaut <kwadronaut@leap.se>2018-11-14 11:09:02 +0100
commit06b521b6887d33b4cfa650c0d26850c8d1cc0ef8 (patch)
treecaa0bac49dfd2573462acef06b68d2ea69d8cdb8 /example/site_check_mk/manifests/agent.pp
parent6ffee2d778992b783bd29a1ddeaab61baf6d47aa (diff)
parent15aba17d007e076ea09e50c837081ee1bec1b301 (diff)
Merge remote-tracking branch 'shared/master'HEADmaster
Diffstat (limited to 'example/site_check_mk/manifests/agent.pp')
-rw-r--r--example/site_check_mk/manifests/agent.pp50
1 files changed, 50 insertions, 0 deletions
diff --git a/example/site_check_mk/manifests/agent.pp b/example/site_check_mk/manifests/agent.pp
new file mode 100644
index 0000000..056b007
--- /dev/null
+++ b/example/site_check_mk/manifests/agent.pp
@@ -0,0 +1,50 @@
+class site_check_mk::agent {
+
+ $tags = hiera('check_mk-tags')
+
+ class { 'check_mk::agent':
+ # FIXME: the check_mk module should be enhanced to detect debian so we
+ # don't need to set these
+ agent_package_name => 'check-mk-agent',
+ agent_logwatch_package_name => 'check-mk-agent-logwatch',
+ # we use ssh rather than xinetd and have puppet generate and collect keys
+ method => 'ssh',
+ generate_sshkey => true,
+ sshuser => 'checkmk',
+ # where keys get stored on the check-mk-server (default is an OMD dir)
+ keydir => '/etc/check_mk/keys',
+ # we(riseup) override where authorized keys are stored, since we use a
+ # central directory of user named files rather than
+ # ~user/.ssh/authorized_keys
+ authdir => '/etc/ssh/authorized_keys',
+ authfile => 'checkmk',
+ host_tags => $tags
+ }
+
+ # we ssh as the checkmk user and allow checkmk to run check_mk_agent
+ # with sudo (rather than ssh as root)
+ if !defined(User[checkmk]) {
+ user { 'checkmk':
+ ensure => 'present',
+ home => '/usr/lib/check_mk_agent',
+ gid => 'users',
+ password => '*',
+ comment => 'check_mk agent';
+ }
+ }
+
+ include site_sudo
+
+ sudo::access { 'checkmk':
+ user => 'checkmk',
+ access => 'ALL= NOPASSWD: /usr/bin/check_mk_agent'
+ }
+
+ # include checks we want on all agents here
+ # NOTE: we're currently doing this here, it could also be done within
+ # the actual classes related to the check (as we've done before with munin)
+ include site_check_mk::agent::apt
+
+ # not enabled yet
+ #include site_check_mk::agent::logwatch
+}