diff options
author | kwadronaut <kwadronaut@leap.se> | 2018-11-14 11:09:02 +0100 |
---|---|---|
committer | kwadronaut <kwadronaut@leap.se> | 2018-11-14 11:09:02 +0100 |
commit | 06b521b6887d33b4cfa650c0d26850c8d1cc0ef8 (patch) | |
tree | caa0bac49dfd2573462acef06b68d2ea69d8cdb8 /example/site_check_mk/manifests/agent.pp | |
parent | 6ffee2d778992b783bd29a1ddeaab61baf6d47aa (diff) | |
parent | 15aba17d007e076ea09e50c837081ee1bec1b301 (diff) |
Diffstat (limited to 'example/site_check_mk/manifests/agent.pp')
-rw-r--r-- | example/site_check_mk/manifests/agent.pp | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/example/site_check_mk/manifests/agent.pp b/example/site_check_mk/manifests/agent.pp new file mode 100644 index 0000000..056b007 --- /dev/null +++ b/example/site_check_mk/manifests/agent.pp @@ -0,0 +1,50 @@ +class site_check_mk::agent { + + $tags = hiera('check_mk-tags') + + class { 'check_mk::agent': + # FIXME: the check_mk module should be enhanced to detect debian so we + # don't need to set these + agent_package_name => 'check-mk-agent', + agent_logwatch_package_name => 'check-mk-agent-logwatch', + # we use ssh rather than xinetd and have puppet generate and collect keys + method => 'ssh', + generate_sshkey => true, + sshuser => 'checkmk', + # where keys get stored on the check-mk-server (default is an OMD dir) + keydir => '/etc/check_mk/keys', + # we(riseup) override where authorized keys are stored, since we use a + # central directory of user named files rather than + # ~user/.ssh/authorized_keys + authdir => '/etc/ssh/authorized_keys', + authfile => 'checkmk', + host_tags => $tags + } + + # we ssh as the checkmk user and allow checkmk to run check_mk_agent + # with sudo (rather than ssh as root) + if !defined(User[checkmk]) { + user { 'checkmk': + ensure => 'present', + home => '/usr/lib/check_mk_agent', + gid => 'users', + password => '*', + comment => 'check_mk agent'; + } + } + + include site_sudo + + sudo::access { 'checkmk': + user => 'checkmk', + access => 'ALL= NOPASSWD: /usr/bin/check_mk_agent' + } + + # include checks we want on all agents here + # NOTE: we're currently doing this here, it could also be done within + # the actual classes related to the check (as we've done before with munin) + include site_check_mk::agent::apt + + # not enabled yet + #include site_check_mk::agent::logwatch +} |