diff options
| author | varac <varacanero@zeromail.org> | 2016-03-01 11:59:10 +0100 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2016-03-01 11:59:10 +0100 |
| commit | 53e2db13e5082f09fcee7d34ed83b3dfaef06e52 (patch) | |
| tree | 3f082b3311d08140e29c9ca730cfa3c8061545a8 | |
| parent | 70afab799b8cf720cd12bd225c1c2948fd1597ee (diff) | |
| parent | c0dee4a2393e23b226e123a427898de94b342141 (diff) | |
Merge remote-tracking branch 'shared/master' into leap_master
42 files changed, 1349 insertions, 648 deletions
@@ -75,7 +75,42 @@ Obviously, the check command must either be defined using nagios_command objects (some are supplied in nagios::defaults::commands) or in the nagios configuration files directly. -NRPE Services +NRPE client configuration +========================= + +To setup a machine as an NRPE client, the class 'nagios::nrpe' should be used: + + class { 'nagios::nrpe': + allowed_hosts => '10.2.3.4,10.5.6.7', + } + +The class can take the following parameters to change configuration or +configuration directory: + + * $cfg_dir : Defines the path to the NRPE configuration. The default is to use + the path used by packages per your distro. + + * $pid_file : Sets the path of the PID file. The default value is the path + used by init script shipped with your distro's packages. + + * $plugin_dir : Defines the path in which nagios plugins that are to be + executed with NRPE commands are stored. The default value is the path where + your distro's nagios package stores plugins. + + * $server_address : The IP address to which the NRPE client daemon should + bind. The default behaviour is to bind to all IPs. + + * $allowed_hosts : A string containing a comma-separated list of host IPs that + are allowed to request NRPE commands to be run. The default value is to + allow only 127.0.0.1, so you might want to pass in a list of additional host + IPs. + + * $dont_blame : A string that enables ('1') or disables ('0') NRPE command + arguments. Enabling arguments can lead to potentials of shell escapes so it + should be used with caution and only if absolutely needed. This is disabled + by default. + +NRPE Services ------------- Some Nagios services need to be checked via NRPE. The following will make the diff --git a/files/configs/CentOS/nagios.cfg b/files/configs/CentOS/nagios.cfg index 1354bf8..b88e3db 100644 --- a/files/configs/CentOS/nagios.cfg +++ b/files/configs/CentOS/nagios.cfg @@ -31,9 +31,22 @@ log_file=/var/log/nagios/nagios.log # separate from host and contact definitions... # Puppet-managed configuration files -cfg_dir=/etc/nagios/conf.d - - +cfg_file=/etc/nagios/nagios_templates.cfg +cfg_file=/etc/nagios/nagios_command.cfg +cfg_file=/etc/nagios/nagios_contact.cfg +cfg_file=/etc/nagios/nagios_contactgroup.cfg +cfg_file=/etc/nagios/nagios_host.cfg +cfg_file=/etc/nagios/nagios_hostdependency.cfg +cfg_file=/etc/nagios/nagios_hostescalation.cfg +cfg_file=/etc/nagios/nagios_hostextinfo.cfg +cfg_file=/etc/nagios/nagios_hostgroup.cfg +cfg_file=/etc/nagios/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios/nagios_service.cfg +cfg_file=/etc/nagios/nagios_servicedependency.cfg +cfg_file=/etc/nagios/nagios_serviceescalation.cfg +cfg_file=/etc/nagios/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios/nagios_servicegroup.cfg +cfg_file=/etc/nagios/nagios_timeperiod.cfg # OBJECT CACHE FILE # This option determines where object definitions are cached when diff --git a/files/configs/Debian/nagios.cfg b/files/configs/Debian/nagios.cfg index 68e03bb..291a474 100644 --- a/files/configs/Debian/nagios.cfg +++ b/files/configs/Debian/nagios.cfg @@ -23,7 +23,22 @@ log_file=/var/log/nagios3/nagios.log #cfg_file=/etc/nagios3/commands.cfg # Puppet-managed configuration files -cfg_dir=/etc/nagios3/conf.d +cfg_file=/etc/nagios3/nagios_templates.cfg +cfg_file=/etc/nagios3/nagios_command.cfg +cfg_file=/etc/nagios3/nagios_contact.cfg +cfg_file=/etc/nagios3/nagios_contactgroup.cfg +cfg_file=/etc/nagios3/nagios_host.cfg +cfg_file=/etc/nagios3/nagios_hostdependency.cfg +cfg_file=/etc/nagios3/nagios_hostescalation.cfg +cfg_file=/etc/nagios3/nagios_hostextinfo.cfg +cfg_file=/etc/nagios3/nagios_hostgroup.cfg +cfg_file=/etc/nagios3/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios3/nagios_service.cfg +cfg_file=/etc/nagios3/nagios_servicedependency.cfg +cfg_file=/etc/nagios3/nagios_serviceescalation.cfg +cfg_file=/etc/nagios3/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios3/nagios_servicegroup.cfg +cfg_file=/etc/nagios3/nagios_timeperiod.cfg # Debian also defaults to using the check commands defined by the debian # nagios-plugins package diff --git a/files/configs/apache2.conf b/files/configs/apache2.conf index 14bb38b..f0f8b2f 100644 --- a/files/configs/apache2.conf +++ b/files/configs/apache2.conf @@ -1,8 +1,8 @@ # apache configuration for nagios 3.x # note to users of nagios 1.x and 2.x: -# throughout this file are commented out sections which preserve -# backwards compatibility with bookmarks/config for older nagios versios. -# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. +# throughout this file are commented out sections which preserve +# backwards compatibility with bookmarks/config for older nagios versios. +# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 @@ -28,22 +28,34 @@ Alias /nagios3 /usr/share/nagios3/htdocs #Alias /nagios /usr/share/nagios3/htdocs <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)> - Options FollowSymLinks + Options FollowSymLinks - DirectoryIndex index.php index.html + DirectoryIndex index.php index.html - AllowOverride AuthConfig - Order Allow,Deny - Allow From All + AllowOverride AuthConfig - AuthName "Nagios Access" - AuthType Basic - AuthUserFile /etc/nagios3/htpasswd.users - # nagios 1.x: - #AuthUserFile /etc/nagios/htpasswd.users - require valid-user + + <IfVersion < 2.3> + Order Allow,Deny + Allow From All + </IfVersion> + + <IfVersion >= 2.3> + Require all denied + </IfVersion> + + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios3/htpasswd.users + # nagios 1.x: + #AuthUserFile /etc/nagios/htpasswd.users + require valid-user </DirectoryMatch> +<Directory /usr/share/nagios3/htdocs> + Options +ExecCGI +</Directory> + # Enable this ScriptAlias if you want to enable the grouplist patch. # See http://apan.sourceforge.net/download.html for more info # It allows you to see a clickable list of all hostgroups in the diff --git a/files/plugin_data/sks-keyservers.netCA.pem b/files/plugin_data/sks-keyservers.netCA.pem new file mode 100644 index 0000000..24a2ad2 --- /dev/null +++ b/files/plugin_data/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg new file mode 100644 index 0000000..eb9fa51 --- /dev/null +++ b/files/plugins/check_gpg @@ -0,0 +1,115 @@ +#!/bin/bash +# +# Nagios plugin that checks whether a key ID has expired, or will expire within +# a certain time. +# +# note: the plugin will issue a critical state if the required key has been +# revoked. +# +# usage: check_gpg [-w <num_days>] [--gnupg-homedir <path>] <key_id> +# +# <key_id> is any PGP key ID that GnuPG accepts with "gpg --list-key <key_id>" +# +# The option -w parameter lets you specify the number of days within which key +# expiry will trigger a warning. e.g. if <key_id> expires within <num_days> +# days, make nagios issue a warning. +# +# num_days must be an integer value +# +# optionally, if the keyring directory you want GPG to use is not located in +# the user's ~/.gnupg, you can specify the path to the keyring directory with +# the --gnupg-homedir parameter. +# +# Thanks a bunch to Daniel Kahn Gillmor for providing example commands that +# made up most of the core of this plugin. +# +# Copyleft Gabriel Filion +# +# This plugin is released under the GPL v3+ license. To get a copy of the +# license text visit: https://www.gnu.org/licenses/gpl-3.0.txt +# +SECS_IN_DAY=86400 + +function debug () { + if [ -n "$DEBUG" ]; then + echo "$1" >&2 + fi +} + +debug "got args: $*" + +now=$(date +%s) +debug "current timestamp: $now" + +warning_threshold= +homedir= +homedir_path=~/.gnupg +for arg in $*; do + case $arg in + "-w") + if [ -z "$2" ]; then + echo "UNKNOWN: argument -w got no value. integer needed" + exit 3 + fi + if [ "`echo $2 | egrep ^[[:digit:]]+$`" = "" ]; then + echo "UNKNOWN: invalid value '$2' passed to -w. integer needed" + exit 3 + fi + warning_threshold=$(( $now + ($2*$SECS_IN_DAY) )) + debug "setting warning_threshold to '$warning_threshold'" + + shift 2 + ;; + "--gnupg-homedir") + if [ -z "$2" ]; then + echo "UNKNOWN: argument --gnupg-homedir got no value. path needed" + exit 3 + fi + if [ ! -d "$2" ]; then + echo "UNKNOWN: homedir '$2' does not exist or is not a directory" + exit 3 + fi + homedir_path=$2 + homedir="--homedir ${homedir_path}" + debug "setting homedir to '$homedir_path'" + + shift 2 + ;; + esac +done + +if [ -z "$1" ]; then + echo "UNKNOWN: must provide a key ID" + exit 3 +fi +key="$1" + +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir_path/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + +if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then + echo "CRITICAL: key '$key' has been revoked!" + exit 1 +fi + +for expiry in $(gpg $homedir --with-colons --fixed-list-mode --list-key "$key" 2>/dev/null | awk -F: '/^pub:/{ print $7 }'); +do + debug "expiry value: $expiry" + + if [ "$now" -gt "$expiry" ] ; then + printf "CRITICAL: %s has expired on %s\n" "$key" "$(date -d "$expiry seconds")"; + exit 1; + fi; + if [ -n "$warning_threshold" ] && [ "$warning_threshold" -gt "$expiry" ]; then + remaining=$(( ($expiry-$now) / $SECS_IN_DAY )) + printf "WARNING: %s expires in %s days\n" "$key" "$remaining"; + exit 2; + fi +done + +echo "OK: key '$key' has not expired." diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login new file mode 100644 index 0000000..8c821e4 --- /dev/null +++ b/files/plugins/check_horde_login @@ -0,0 +1,94 @@ +#!/bin/env python +# vi:si:et:sw=4:sts=4:ts=4 +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2015 mh <mh@immerda.ch> + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. +# + +import sys, os, requests, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u username "+ \ + "-p password " + \ + "-s server path" + \ + "[-w warning_in_s] " + \ + "[-c critical_in_s]" + sys.exit(1) + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h:w:c") + except getopt.GetoptError: + usage() + return 3 + + user = url = password = None + warning = 5 + critical = 10 + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-w": + warning = a + elif o == "-c": + critical = a + elif o == "-s": + url = a + "/login.php" + elif o == '-h': + usage() + + if user == None or password == None or url == None: + usage() + + params = { 'horde_user': user, + 'horde_pass': password, + 'horde_select_view': 'auto', + 'anchor_string': '', + 'app': '', + 'login_post': 1, + 'new_lang': 'en_US', + 'url': '', + } + + + timestamp = time() + try: + r = requests.post(url, data=params, allow_redirects=False) + except Exception, e: + print "CRITICAL Horde Login Failed: %s" % e + sys.exit(2) + + timestamp = time() - timestamp + if r.status_code == 302: + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + else: + status = "ERROR" + exitcode = 2 + # on a successfully login we are redirected to the mailbox + print '%s Horde Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + sys.exit(exitcode) + + +if __name__ == "__main__": + sys.exit(main()) + + diff --git a/files/plugins/check_imap_login b/files/plugins/check_imap_login new file mode 100644 index 0000000..d059822 --- /dev/null +++ b/files/plugins/check_imap_login @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro <pietro@bertera.it> +# Response time monitoring with perfdata modification by Ivan Savcic <isavcic@gmail.com> and Milos Buncic, 2012. +# From: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, imaplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u <user> -p <password> -H <host> [-s] -w <warning threshold (sec)> -c <critical threshold (sec)>\n -s is for using IMAPS" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = imaplib.IMAP4_SSL(host=host) + else: + M = imaplib.IMAP4(host) + + timestamp = time() + + try: + M.login(user, password) + except Exception, e: + print "CRITICAL IMAP Login Failed: %s" % e + return 2 + + M.logout() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s IMAP Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/files/plugins/check_pop3_login b/files/plugins/check_pop3_login new file mode 100644 index 0000000..4eb29b8 --- /dev/null +++ b/files/plugins/check_pop3_login @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro <pietro@bertera.it> +# Copyright (C) 2015 mh <mh@immerda.ch> +# Response time monitoring with perfdata modification by Ivan Savcic <isavcic@gmail.com> and Milos Buncic, 2012. +# Derived from: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, poplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u <user> -p <password> -H <host> [-s] -w <warning threshold (sec)> -c <critical threshold (sec)>\n -s is for using POP3s" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = poplib.POP3_SSL(host=host) + else: + M = poplib.POP3(host) + + timestamp = time() + + try: + M.getwelcome() + M.user(user) + M.pass_(password) + except Exception, e: + print "CRITICAL POP3 Login Failed: %s" % e + return 2 + + M.quit() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s POP3 Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifests/apache.pp b/manifests/apache.pp index b1da837..8fa9061 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -1,10 +1,11 @@ +# setup naguis together with apache class nagios::apache( $allow_external_cmd = false, $manage_shorewall = false, $manage_munin = false, $stored_config = true ) { - class{'nagios': + class{'::nagios': httpd => 'apache', allow_external_cmd => $allow_external_cmd, manage_munin => $manage_munin, diff --git a/manifests/base.pp b/manifests/base.pp index 687261d..4922cdb 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,202 +1,182 @@ +# basic stuff for nagios class nagios::base { - # include the variables - include nagios::defaults::vars + # include the variables + include ::nagios::defaults::vars - package { 'nagios': - alias => 'nagios', - ensure => present, - } - - service { 'nagios': - ensure => running, - enable => true, - #hasstatus => true, #fixme! - require => Package['nagios'], - } + package { 'nagios': + ensure => present, + } - # this file should contain all the nagios_puppet-paths: - file { 'nagios_main_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", - "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/site_nagios/configs/nagios.cfg", - "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/nagios/configs/nagios.cfg" ], - notify => Service['nagios'], - require => Package['nagios'], - mode => 0644, owner => root, group => root; - } + service { 'nagios': + ensure => running, + enable => $nagios::service_at_boot, + require => Package['nagios'], + } - file { 'nagios_cgi_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", + $cfg_dir = $nagios::defaults::vars::int_cfgdir + # this file should contain all the nagios_puppet-paths: + file{ + 'nagios_cfgdir': + ensure => directory, + path => $cfg_dir, + alias => nagios_confd, + recurse => true, + purge => true, + force => true, + require => Package['nagios'], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; + 'nagios_main_cfg': + path => "${cfg_dir}/nagios.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", + "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/site_nagios/configs/nagios.cfg', + "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/nagios/configs/nagios.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; + 'nagios_cgi_cfg': + path => "${cfg_dir}/cgi.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/site_nagios/configs/cgi.cfg", + 'puppet:///modules/site_nagios/configs/cgi.cfg', "puppet:///modules/nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/nagios/configs/cgi.cfg" ], - mode => '0644', owner => 'root', group => 0, - notify => Service['apache'], - require => Package['nagios'], - } - - file { 'nagios_htpasswd': - path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", - source => [ "puppet:///modules/site_nagios/htpasswd.users", - "puppet:///modules/nagios/htpasswd.users" ], - require => Package['nagios'], - mode => 0640, owner => root, group => apache; - } - - if $::operatingsystem == 'Centos' { - file { 'nagios_private': - ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/private/", - purge => true, - recurse => true, - mode => '0750', - owner => 'root', - group => 'nagios', - require => Package['nagios'], - notify => Service['nagios'], - } - - $resource_cfg_dir = "${nagios::defaults::vars::int_cfgdir}/private" - } - else { - $resource_cfg_dir = $nagios::defaults::vars::int_cfgdir - } - - file { 'nagios_private_resource_cfg': - path => "${resource_cfg_dir}/resource.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", + 'puppet:///modules/nagios/configs/cgi.cfg' ], + notify => Service['apache'], + owner => 'root', + group => 0, + mode => '0644'; + 'nagios_htpasswd': + path => "${cfg_dir}/htpasswd.users", + source => [ 'puppet:///modules/site_nagios/htpasswd.users', + 'puppet:///modules/nagios/htpasswd.users' ], + owner => root, + group => apache, + mode => '0640'; + 'nagios_resource_cfg': + path => "${cfg_dir}/resource.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], - notify => Service['nagios'], - owner => root, group => nagios, mode => '0640'; - } + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0640'; + } - file { 'nagios_confd': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", - ensure => directory, - purge => true, - recurse => true, - notify => Service['nagios'], - require => Package['nagios'], - mode => '0750', owner => root, group => nagios; + if $cfg_dir == '/etc/nagios3' { + file{'/etc/nagios': + ensure => link, + target => $cfg_dir, + require => Package['nagios'], } - Nagios_command <<||>> - Nagios_contactgroup <<||>> - Nagios_contact <<||>> - Nagios_hostdependency <<||>> - Nagios_hostescalation <<||>> - Nagios_hostextinfo <<||>> - Nagios_hostgroup <<||>> - Nagios_host <<||>> - Nagios_servicedependency <<||>> - Nagios_serviceescalation <<||>> - Nagios_servicegroup <<||>> - Nagios_serviceextinfo <<||>> - Nagios_service <<||>> - Nagios_timeperiod <<||>> + } - Nagios_command <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contact <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contactgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_host <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostdependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - notify => Service['nagios'], - } - Nagios_hostescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - notify => Service['nagios'], - } - Nagios_hostextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_service <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_servicegroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - notify => Service['nagios'], - } - Nagios_servicedependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_timeperiod <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } + Nagios_command <<||>> + Nagios_contactgroup <<||>> + Nagios_contact <<||>> + Nagios_hostdependency <<||>> + Nagios_hostescalation <<||>> + Nagios_hostextinfo <<||>> + Nagios_hostgroup <<||>> + Nagios_host <<||>> + Nagios_servicedependency <<||>> + Nagios_serviceescalation <<||>> + Nagios_servicegroup <<||>> + Nagios_serviceextinfo <<||>> + Nagios_service <<||>> + Nagios_timeperiod <<||>> - file{[ "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: - ensure => file, - replace => false, - notify => Service['nagios'], - require => Package['nagios'], - mode => 0644, owner => root, group => 0; - } + Nagios_command <||> { + notify => Service['nagios'], + } + Nagios_contact <||> { + notify => Service['nagios'], + } + Nagios_contactgroup <||> { + notify => Service['nagios'], + } + Nagios_host <||> { + notify => Service['nagios'], + } + Nagios_hostdependency <||> { + notify => Service['nagios'], + } + Nagios_hostescalation <||> { + notify => Service['nagios'], + } + Nagios_hostextinfo <||> { + notify => Service['nagios'], + } + Nagios_hostgroup <||> { + notify => Service['nagios'], + } + Nagios_service <||> { + notify => Service['nagios'], + } + Nagios_servicegroup <||> { + notify => Service['nagios'], + } + Nagios_servicedependency <||> { + notify => Service['nagios'], + } + Nagios_serviceescalation <||> { + notify => Service['nagios'], + } + Nagios_serviceextinfo <||> { + notify => Service['nagios'], + } + Nagios_timeperiod <||> { + notify => Service['nagios'], + } - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - file { 'nagios_cfgdir': - path => "${nagios::defaults::vars::int_cfgdir}/", - ensure => directory, - recurse => true, - purge => true, - notify => Service['nagios'], - require => Package['nagios'], - mode => 0755, owner => root, group => root; - } + file{ + [ "${cfg_dir}/nagios_command.cfg", + "${cfg_dir}/nagios_contact.cfg", + "${cfg_dir}/nagios_contactgroup.cfg", + "${cfg_dir}/nagios_host.cfg", + "${cfg_dir}/nagios_hostdependency.cfg", + "${cfg_dir}/nagios_hostescalation.cfg", + "${cfg_dir}/nagios_hostextinfo.cfg", + "${cfg_dir}/nagios_hostgroup.cfg", + "${cfg_dir}/nagios_hostgroupescalation.cfg", + "${cfg_dir}/nagios_service.cfg", + "${cfg_dir}/nagios_servicedependency.cfg", + "${cfg_dir}/nagios_serviceescalation.cfg", + "${cfg_dir}/nagios_serviceextinfo.cfg", + "${cfg_dir}/nagios_servicegroup.cfg", + "${cfg_dir}/nagios_timeperiod.cfg" ]: + ensure => file, + replace => false, + notify => Service['nagios'], + owner => root, + group => 0, + mode => '0644'; + } + + if $nagios::purge_resources { + resources { + [ + 'nagios_command', + 'nagios_contactgroup', + 'nagios_contact', + 'nagios_hostdependency', + 'nagios_hostescalation', + 'nagios_hostextinfo', + 'nagios_hostgroup', + 'nagios_host', + 'nagios_servicedependency', + 'nagios_serviceescalation', + 'nagios_servicegroup', + 'nagios_serviceextinfo', + 'nagios_service', + 'nagios_timeperiod', + ]: + notify => Service['nagios'], + purge => true; + } + } } diff --git a/manifests/centos.pp b/manifests/centos.pp index 5a2ba23..f41d46d 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,19 +1,42 @@ +# centos specific changes class nagios::centos inherits nagios::base { - package { [ 'nagios-plugins', 'nagios-plugins-smtp','nagios-plugins-http', 'nagios-plugins-ssh', 'nagios-plugins-tcp', 'nagios-plugins-dig', 'nagios-plugins-nrpe', 'nagios-plugins-load', 'nagios-plugins-dns', 'nagios-plugins-ping', 'nagios-plugins-procs', 'nagios-plugins-users', 'nagios-plugins-ldap', 'nagios-plugins-disk', 'nagios-plugins-swap', 'nagios-plugins-nagios', 'nagios-plugins-perl', 'nagios-plugins-ntp', 'nagios-plugins-snmp' ]: - ensure => 'present', - notify => Service['nagios'], - } + package { [ 'nagios-plugins', 'nagios-plugins-smtp','nagios-plugins-http', + 'nagios-plugins-ssh', 'nagios-plugins-tcp', 'nagios-plugins-dig', + 'nagios-plugins-nrpe', 'nagios-plugins-load', 'nagios-plugins-dns', + 'nagios-plugins-ping', 'nagios-plugins-procs', 'nagios-plugins-users', + 'nagios-plugins-ldap', 'nagios-plugins-disk', 'nagios-plugins-swap', + 'nagios-plugins-nagios', 'nagios-plugins-perl', 'nagios-plugins-ntp', + 'nagios-plugins-snmp' ]: + ensure => 'present', + notify => Service['nagios'], + } - Service[nagios]{ - hasstatus => true, - } + Service['nagios']{ + hasstatus => true, + } - if $nagios::allow_external_cmd { - file { '/var/spool/nagios/cmd': - ensure => 'directory', - require => Package['nagios'], - mode => 2660, owner => apache, group => nagios, - } + file{ + 'nagios_private': + ensure => directory, + path => "${nagios::base::cfg_dir}/private", + purge => true, + recurse => true, + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0750'; + } + File['nagios_resource_cfg']{ + path => "${nagios::base::cfg_dir}/private/resource.cfg", + } + if $nagios::allow_external_cmd { + file{'/var/spool/nagios/cmd': + ensure => 'directory', + require => Package['nagios'], + owner => apache, + group => nagios, + mode => '2660', } + } } diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index 3735136..42e4092 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,6 +1,8 @@ +# manage mail checks class nagios::command::imap_pop3 { - case $operatingsystem { - debian,ubuntu: { } # Debian/Ubuntu already define those checks + require ::nagios::plugins::mail_login + case $::operatingsystem { + 'Debian','Ubuntu': { } # Debian/Ubuntu already define those checks default: { nagios_command { 'check_imap': @@ -17,6 +19,12 @@ class nagios::command::imap_pop3 { 'check_pop3_ssl': command_line => '$USER1$/check_pop -H $ARG1$ -p $ARG2$ -S'; 'check_managesieve': + command_line => '$USER1$/check_tcp -H $ARG1$ -p 4190'; + 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; + 'check_imap_login': + command_line => '$USER1$/check_imap_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; + 'check_pop3_login': + command_line => '$USER1$/check_pop3_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } diff --git a/manifests/command/nrpe_timeout.pp b/manifests/command/nrpe_timeout.pp index 3415566..799f2fc 100644 --- a/manifests/command/nrpe_timeout.pp +++ b/manifests/command/nrpe_timeout.pp @@ -1,11 +1,11 @@ class nagios::command::nrpe_timeout { nagios_command { 'check_nrpe_timeout': - command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$ -a $ARG3$' - } + command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$ -a $ARG3$', + require => Package['nagios-nrpe-server']; - nagios_command { 'check_nrpe_1arg_timeout': - command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$' + command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$', + require => Package['nagios-nrpe-server'] } } diff --git a/manifests/debian.pp b/manifests/debian.pp index f26bd97..b5d6974 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,53 +1,51 @@ +# debian specific things class nagios::debian inherits nagios::base { - Package['nagios'] { name => 'nagios3' } + Package['nagios'] { name => 'nagios3' } - package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: - ensure => 'present', - notify => Service['nagios'], - } + package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: + ensure => 'present', + notify => Service['nagios'], + } - Service['nagios'] { - name => 'nagios3', - hasstatus => true, - } + Service['nagios'] { + name => 'nagios3', + hasstatus => true, + } - File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } + File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } - file { 'nagios_commands_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", - ensure => present, - notify => Service['nagios'], - mode => 0644, owner => root, group => root, - require => Package['nagios'], - } + file{ + 'nagios_commands_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644', + require => Package['nagios']; + "${nagios::defaults::vars::int_cfgdir}/stylesheets": + ensure => directory, + purge => false, + recurse => true, + require => Package['nagios']; + } - file { "${nagios::defaults::vars::int_cfgdir}/stylesheets": - ensure => directory, - purge => false, - recurse => true, - require => Package['nagios'], + if $nagios::allow_external_cmd { + exec { 'nagios_external_cmd_perms_overrides': + command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', + unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', + logoutput => false, + notify => Service['nagios'], } - - if $nagios::allow_external_cmd { - exec { 'nagios_external_cmd_perms_overrides': - command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', - unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', - logoutput => false, - notify => Service['nagios'], - require => Package['nagios'], - } - exec { 'nagios_external_cmd_perms_1': - command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', - notify => Service['nagios'], - require => Package['nagios'], - } - exec { 'nagios_external_cmd_perms_2': - command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', - notify => Service['nagios'], - require => Package['nagios'], - } + exec { 'nagios_external_cmd_perms_1': + command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', + notify => Service['nagios'], + } + exec { 'nagios_external_cmd_perms_2': + command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', + notify => Service['nagios'], } + } } diff --git a/manifests/debian/apache.pp b/manifests/debian/apache.pp index 095091e..17b60c6 100644 --- a/manifests/debian/apache.pp +++ b/manifests/debian/apache.pp @@ -5,10 +5,9 @@ # class nagios::debian::apache { - include nagios::defaults::vars + include ::nagios::defaults::vars file { "${nagios::defaults::vars::int_cfgdir}/apache2.conf": - ensure => present, source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/apache2.conf", 'puppet:///modules/site_nagios/configs/apache2.conf', 'puppet:///modules/nagios/configs/apache2.conf'], diff --git a/manifests/defaults/commands.pp b/manifests/defaults/commands.pp index 18925e1..e80e147 100644 --- a/manifests/defaults/commands.pp +++ b/manifests/defaults/commands.pp @@ -1,12 +1,13 @@ -# configure nagios commands on the server +# defaults commands we wanna have available class nagios::defaults::commands { - include nagios::command::smtp - include nagios::command::imap_pop3 + include ::nagios::command::smtp + include ::nagios::command::imap_pop3 + include ::nagios::plugins::horde_login # common service commands case $::operatingsystem { - debian,ubuntu: { + 'Debian','Ubuntu': { nagios_command { 'check_dummy': command_line => '$USER1$/check_dummy $ARG1$'; @@ -15,7 +16,7 @@ class nagios::defaults::commands { 'check_http_url': command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; 'check_http_url_regex': - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -e $ARG3$'; + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; 'check_https_url': command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; 'check_https_url_regex': @@ -24,10 +25,6 @@ class nagios::defaults::commands { command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; 'check_ntp_time': command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; - 'check_openvpn_server': - command_line => '$USER1$/check_openvpn_server.pl -H $HOSTADDRESS$ -p 1194'; - 'check_openvpn_server_ip_port': - command_line => '$USER1$/check_openvpn_server.pl -H $ARG1$ -p $ARG2$'; 'check_silc': command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; 'check_sobby': @@ -99,16 +96,16 @@ class nagios::defaults::commands { nagios_command { # from apache module 'http_port': - command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; 'check_http_port_url_content': - command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; 'check_https_port_url_content': - command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; 'check_http_url_content': - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; 'check_https_url_content': - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; # from bind module 'check_dig2': @@ -130,14 +127,19 @@ class nagios::defaults::commands { # notification commands $mail_cmd_location = $::operatingsystem ? { - centos => '/bin/mail', - default => '/usr/bin/mail' + 'CentOS' => '/bin/mail', + default => '/usr/bin/mail' } - nagios_command { - 'notify-host-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nHost: \$HOSTNAME\$ (\$HOSTALIAS\$)\\nAddress: \$HOSTADDRESS\$\\nState: \$HOSTSTATE\$\\nDuration: \$HOSTDURATION\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nOutput: \$HOSTOUTPUT\$\" | ${mail_cmd_location} -s \"\$HOSTSTATE\$ - \$HOSTNAME\$\" \$CONTACTEMAIL\$"; - 'notify-service-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nHost: \$HOSTNAME\$ (\$HOSTALIAS\$)\\nAddress: \$HOSTADDRESS\$\\n\\nService: \$SERVICEDESC\$\\nState: \$SERVICESTATE\$\\nDuration: \$SERVICEDURATION\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nOutput: \$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"\$SERVICESTATE\$ - \$HOSTALIAS\$: \$SERVICEDESC\$\" \$CONTACTEMAIL\$"; + case $::lsbdistcodename { + 'wheezy': { } + default: { + nagios_command { + 'notify-host-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\nHost: \$HOSTNAME\$\\nState: \$HOSTSTATE\$\\nAddress: \$HOSTADDRESS\$\\nInfo: \$HOSTOUTPUT\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Host Alert: \$HOSTNAME\$ is \$HOSTSTATE\$ **\" \$CONTACTEMAIL\$"; + 'notify-service-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nService: \$SERVICEDESC\$\\nHost: \$HOSTALIAS\$\\nAddress: \$HOSTADDRESS\$\\nState: \$SERVICESTATE\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nAdditional Info:\\n\\n\$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Service Alert: \$HOSTALIAS\$/\$SERVICEDESC\$ is \$SERVICESTATE\$ **\" \$CONTACTEMAIL\$"; + } + } } } diff --git a/manifests/defaults/service_templates.pp b/manifests/defaults/service_templates.pp index 84740af..e39441a 100644 --- a/manifests/defaults/service_templates.pp +++ b/manifests/defaults/service_templates.pp @@ -1,32 +1,32 @@ +# define the generic service template class nagios::defaults::service_templates { - # this inoperative for the moment, see : - # http://projects.reductivelabs.com/issues/1180 - - nagios_service { - 'generic-service': - active_checks_enabled => '1', - passive_checks_enabled => '1', - parallelize_check => '1', - obsess_over_service => '1', - check_freshness => '0', - notifications_enabled => '1', - event_handler_enabled => '1', - flap_detection_enabled => '1', - failure_prediction_enabled => '1', - process_perf_data => '1', - retain_status_information => '1', - retain_nonstatus_information => '1', - notification_interval => '0', - is_volatile => '0', - check_period => '24x7', - normal_check_interval => '5', - retry_check_interval => '1', - max_check_attempts => '4', - notification_period => '24x7', - notification_options => 'w,u,c,r', - contact_groups => 'admins', - register => '0', - } + # this inoperative for the moment, see : + # http://projects.reductivelabs.com/issues/1180 + nagios_service { + 'generic-service': + active_checks_enabled => '1', + passive_checks_enabled => '1', + parallelize_check => '1', + obsess_over_service => '1', + check_freshness => '0', + notifications_enabled => '1', + event_handler_enabled => '1', + flap_detection_enabled => '1', + failure_prediction_enabled => '1', + process_perf_data => '1', + retain_status_information => '1', + retain_nonstatus_information => '1', + notification_interval => '0', + is_volatile => '0', + check_period => '24x7', + check_interval => '5', + retry_check_interval => '1', + max_check_attempts => '4', + notification_period => '24x7', + notification_options => 'w,u,c,r', + contact_groups => 'admins', + register => '0', + } } diff --git a/manifests/defaults/templates.pp b/manifests/defaults/templates.pp index 9711dd4..5158189 100644 --- a/manifests/defaults/templates.pp +++ b/manifests/defaults/templates.pp @@ -1,14 +1,17 @@ +# manage nagios_templates class nagios::defaults::templates { include nagios::defaults::vars file { 'nagios_templates': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_templates.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", + path => "${nagios::defaults::vars::int_cfgdir}/nagios_templates.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/site_nagios/configs/nagios_templates.cfg", + 'puppet:///modules/site_nagios/configs/nagios_templates.cfg', "puppet:///modules/nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/nagios/configs/nagios_templates.cfg" ], - notify => Service['nagios'], - mode => 0644, owner => root, group => root; + 'puppet:///modules/nagios/configs/nagios_templates.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; } } diff --git a/manifests/defaults/vars.pp b/manifests/defaults/vars.pp index 87f41f8..e1a6224 100644 --- a/manifests/defaults/vars.pp +++ b/manifests/defaults/vars.pp @@ -1,7 +1,8 @@ +# some default vars class nagios::defaults::vars { case $nagios::cfgdir { '': { $int_cfgdir = $::operatingsystem ? { - centos => '/etc/nagios/', + centos => '/etc/nagios', default => '/etc/nagios3' } } diff --git a/manifests/init.pp b/manifests/init.pp index 088286f..c4d7725 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,19 +16,21 @@ # manage nagios class nagios( - $httpd = 'apache', + $httpd = 'apache', $allow_external_cmd = false, - $manage_shorewall = false, - $manage_munin = false, - $stored_config = true + $manage_shorewall = false, + $manage_munin = false, + $service_atboot = true, + $purge_resources = true, + $gpgkey_checks = {}, ) { case $nagios::httpd { 'absent': { } 'lighttpd': { include ::lighttpd } 'apache': { include ::apache - if $::operatingsystem == 'debian' { - include nagios::debian::apache + if $::operatingsystem == 'Debian' { + include ::nagios::debian::apache } } default: { include ::apache } @@ -36,17 +38,18 @@ class nagios( case $::operatingsystem { 'centos': { $cfgdir = '/etc/nagios' - include nagios::centos + include ::nagios::centos } 'debian': { $cfgdir = '/etc/nagios3' - include nagios::debian + include ::nagios::debian } default: { fail("No such operatingsystem: ${::operatingsystem} yet defined") } } if $manage_munin { - include nagios::munin + include ::nagios::munin } + create_resources('nagios::service::gpgkey',$gpgkey_checks) } diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 8482df8..b7984b6 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -1,27 +1,41 @@ -class nagios::nrpe { +# setup nrpe stuff +class nagios::nrpe ( + $cfg_dir = '', + $pid_file = '', + $plugin_dir = '', + $server_address = '', + $allowed_hosts = '', + $dont_blame = '0', +) { - case $operatingsystem { - 'FreeBSD': { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/usr/local/etc' } - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/spool/nagios/nrpe2.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/local/libexec/nagios' } + if !($dont_blame in ['0', '1']) { + fail('Unrecognized value for $dont_blame, must be one of "0", or "1".') + } - include nagios::nrpe::freebsd - } - 'Debian','Ubuntu': { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nagios/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } - include nagios::nrpe::debian - } - default: { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + case $::operatingsystem { + 'FreeBSD': { + if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } + if $pid_file == '' { $real_pid_file = '/var/spool/nagios/nrpe2.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/local/libexec/nagios' } - case $kernel { - linux: { include nagios::nrpe::linux } - default: { include nagios::nrpe::base } - } - } + include ::nagios::nrpe::freebsd } + 'Debian': { + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nagios/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } + include ::nagios::nrpe::linux + } + default: { + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } + + case $::kernel { + 'Linux': { include ::nagios::nrpe::linux } + default: { include ::nagios::nrpe::base } + } + } + } } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index 3412f7e..e48e87b 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,52 +1,58 @@ +# basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } - if $processorcount == '' { $processorcount = 1 } - - # libwww-perl for check_apache - include perl::extensions::libwww - - package { [ 'nagios-nrpe-server', 'nagios-plugins-basic' ]: - ensure => present; - } - - # Special-case lenny. the package doesn't exist - if $::lsbdistcodename != 'lenny' { - package { 'libnagios-plugin-perl': ensure => present; } - } - - file { [ $nagios_nrpe_cfgdir, "$nagios_nrpe_cfgdir/nrpe.d" ]: - ensure => directory } - - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "$nagios_nrpe_cfgdir/nrpe.cfg": - content => template('nagios/nrpe/nrpe.cfg'), - owner => root, group => root, mode => '0644'; - } - - # default commands - nagios::nrpe::command { 'basic_nrpe': - source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", - 'puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg', - 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], - } - # the check for load should be customized for each server based on number - # of CPUs and the type of activity. - $warning_1_threshold = 7 * $processorcount - $warning_5_threshold = 6 * $processorcount - $warning_15_threshold = 5 * $processorcount - $critical_1_threshold = 10 * $processorcount - $critical_5_threshold = 9 * $processorcount - $critical_15_threshold = 8 * $processorcount - nagios::nrpe::command { 'check_load': - command_line => "${::nagios::nrpe::nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", - } - - service { 'nagios-nrpe-server': - ensure => running, - enable => true, - pattern => 'nrpe', - subscribe => File["$nagios_nrpe_cfgdir/nrpe.cfg"], - require => Package['nagios-nrpe-server'], - } + # Import all variables from entry point + $cfg_dir = $::nagios::nrpe::real_cfg_dir + $pid_file = $::nagios::nrpe::real_pid_file + $plugin_dir = $::nagios::nrpe::real_plugin_dir + $server_address = $::nagios::nrpe::server_address + $allowed_hosts = $::nagios::nrpe::allowed_hosts + $dont_blame = $::nagios::nrpe::dont_blame + + package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: + ensure => installed; + } + + # Special-case lenny. the package doesn't exist + if $::lsbdistcodename != 'lenny' { + package{'libnagios-plugin-perl': ensure => installed; } + } + + file{ + [ $cfg_dir, "${cfg_dir}/nrpe.d" ]: + ensure => directory; + } + + file { "${cfg_dir}/nrpe.cfg": + content => template('nagios/nrpe/nrpe.cfg'), + owner => root, + group => 0, + mode => '0644'; + } + + # default commands + nagios::nrpe::command{'basic_nrpe': + source => [ "puppet:///modules/site_nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", + 'puppet:///modules/site_nagios/configs/nrpe/nrpe_commands.cfg', + 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], + } + # the check for load should be customized for each server based on number + # of CPUs and the type of activity. + $warning_1_threshold = 7 * $::processorcount + $warning_5_threshold = 6 * $::processorcount + $warning_15_threshold = 5 * $::processorcount + $critical_1_threshold = 10 * $::processorcount + $critical_5_threshold = 9 * $::processorcount + $critical_15_threshold = 8 * $::processorcount + nagios::nrpe::command {'check_load': + command_line => "${plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + } + + service{'nagios-nrpe-server': + ensure => running, + enable => true, + pattern => 'nrpe', + subscribe => File["${cfg_dir}/nrpe.cfg"], + require => Package['nagios-nrpe-server'], + } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index e6ebdae..bdd89a7 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -1,33 +1,34 @@ +# manage an nrpe command define nagios::nrpe::command ( - $ensure = present, - $command_line = '', - $source = '' ) -{ - if ($command_line == '' and $source == '') { - fail ( "Either one of 'command_line' or 'source' must be given to nagios::nrpe::command." ) - } + $ensure = present, + $command_line = '', + $source = '', +){ + if ($command_line == '' and $source == '') { + fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) + } - if $nagios_nrpe_cfg_dir == '' { - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir - } + $cfg_dir = $nagios::nrpe::real_cfg_dir - file { "$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg": - ensure => $ensure, - mode => 644, owner => root, group => 0, - notify => Service['nagios-nrpe-server'], - require => File [ "$nagios_nrpe_cfgdir/nrpe.d" ] - } + file{"${cfg_dir}/nrpe.d/${name}_command.cfg": + ensure => $ensure, + notify => Service['nagios-nrpe-server'], + require => File ["${cfg_dir}/nrpe.d" ], + owner => 'root', + group => 0, + mode => '0644'; + } - case $source { - '': { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - content => template( "nagios/nrpe/nrpe_command.erb" ), - } - } - default: { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - source => $source, - } - } + case $source { + '': { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { + content => template('nagios/nrpe/nrpe_command.erb'), + } + } + default: { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { + source => $source, + } } + } } diff --git a/manifests/nsca/client.pp b/manifests/nsca/client.pp index e58721d..6aa8c0b 100644 --- a/manifests/nsca/client.pp +++ b/manifests/nsca/client.pp @@ -1,14 +1,18 @@ +# manage nsca client class nagios::nsca::client { - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } - file { '/etc/send_nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/send_nsca.cfg", - "puppet:///modules/site_nagios/nsca/send_nsca.cfg", - "puppet:///modules/nagios/nsca/send_nsca.cfg" ], - owner => 'nagios', - group => 'nogroup', - mode => '400', + file{'/etc/send_nsca.cfg': + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/send_nsca.cfg", + 'puppet:///modules/site_nagios/nsca/send_nsca.cfg', + 'puppet:///modules/nagios/nsca/send_nsca.cfg' ], + owner => 'nagios', + group => 'nogroup', + mode => '0400', + require => Package['nsca']; } } diff --git a/manifests/nsca/server.pp b/manifests/nsca/server.pp index bd5389d..8163eec 100644 --- a/manifests/nsca/server.pp +++ b/manifests/nsca/server.pp @@ -1,21 +1,23 @@ +# an nsca server class nagios::nsca::server { - - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } service { 'nsca': ensure => running, hasstatus => false, hasrestart => true, - require => Package['nsca'], + require => Package['nsca'], } file { '/etc/nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/nsca.cfg", - "puppet:///modules/site_nagios/nsca/nsca.cfg", - "puppet:///modules/nagios/nsca/nsca.cfg" ], + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/nsca.cfg", + 'puppet:///modules/site_nagios/nsca/nsca.cfg', + 'puppet:///modules/nagios/nsca/nsca.cfg' ], owner => 'nagios', group => 'nogroup', - mode => '400', + mode => '0400', notify => Service['nsca'], } diff --git a/manifests/plugin.pp b/manifests/plugin.pp index f2e4ed2..07938cd 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -1,8 +1,9 @@ +# a wrapper for syncing a plugin define nagios::plugin( $source = 'absent', - $ensure = present + $ensure = present, ){ - if $::hardwaremodel == 'x86_64' and $::operatingsystem != 'debian' { + if $::hardwaremodel == 'x86_64' and $::operatingsystem != 'Debian' { $real_path = "/usr/lib64/nagios/plugins/${name}" } else { diff --git a/manifests/plugin/deploy.pp b/manifests/plugin/deploy.pp index 3f2a1a4..7681590 100644 --- a/manifests/plugin/deploy.pp +++ b/manifests/plugin/deploy.pp @@ -1,30 +1,41 @@ -define nagios::plugin::deploy($source = '', $ensure = 'present', $config = '', $require_package = 'nagios-plugins') { - $plugin_src = $ensure ? { - 'present' => $name, - 'absent' => $name, - default => $ensure - } - $real_source = $source ? { - '' => "nagios/plugins/${plugin_src}", - default => $source - } +# deploy a specific plugin +define nagios::plugin::deploy( + $source = '', + $ensure = 'present', + $config = '', + $require_package = 'nagios-plugins' +) { + $plugin_src = $ensure ? { + 'present' => $name, + 'absent' => $name, + default => $ensure + } + $real_source = $source ? { + '' => "nagios/plugins/${plugin_src}", + default => $source + } - if !defined(Package[$require_package]) { - package { $require_package: - ensure => installed, - tag => "nagios::plugin::deploy::package"; - } + if !defined(Package[$require_package]) { + package { $require_package: + ensure => installed, + tag => 'nagios::plugin::deploy::package'; } + } - include nagios::plugin::scriptpaths - file { "nagios_plugin_${name}": - path => "$nagios::plugin::scriptpaths::script_path/${name}", - source => "puppet:///modules/${real_source}", - mode => 0755, owner => root, group => 0, - require => Package[$require_package], - tag => "nagios::plugin::deploy::file"; - } + include ::nagios::plugin::scriptpaths + file{"nagios_plugin_${name}": + path => "${nagios::plugin::scriptpaths::script_path}/${name}", + source => "puppet:///modules/${real_source}", + require => Package[$require_package], + tag => 'nagios::plugin::deploy::file', + owner => root, + group => 0, + mode => '0755'; + } - # register the plugin - nagios::plugin{$name: ensure => $ensure, require => Package['nagios-plugins'] } + # register the plugin + nagios::plugin{$name: + ensure => $ensure, + require => Package['nagios-plugins'] + } } diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp new file mode 100644 index 0000000..a09736a --- /dev/null +++ b/manifests/plugins/gpg.pp @@ -0,0 +1,30 @@ +# check_gpg from +# https://github.com/lelutin/nagios-plugins/blob/master/check_gpg +class nagios::plugins::gpg { + require ::gpg + nagios::plugin{'check_gpg': + source => 'nagios/plugins/check_gpg', + } + + $gpg_home = '/var/local/nagios_gpg_homedir' + file{ + $gpg_home: + ensure => 'directory', + owner => nagios, + group => nagios, + mode => '0600', + require => Nagios::Plugin['check_gpg']; + "${gpg_home}/sks-keyservers.netCA.pem": + source => 'puppet:///modules/nagios/plugin_data/sks-keyservers.netCA.pem', + owner => nagios, + group => 0, + mode => '0400', + before => Nagios_command['check_gpg']; + } + nagios_command { + 'check_gpg': + command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", + require => Nagios::Plugin['check_gpg'], + } +} + diff --git a/manifests/plugins/horde_login.pp b/manifests/plugins/horde_login.pp new file mode 100644 index 0000000..4274b4c --- /dev/null +++ b/manifests/plugins/horde_login.pp @@ -0,0 +1,11 @@ +# check_horde_login +class nagios::plugins::horde_login { + ensure_packages(['python-requests']) + nagios::plugin { 'check_horde_login': + source => 'nagios/plugins/check_horde_login', + require => Package['python-requests'], + } -> nagios_command { + 'check_horde_login': + command_line => "\$USER1\$/check_horde_login -s \$ARG1\$ -u \$ARG2\$ -p \$ARG3\$", + } +} diff --git a/manifests/plugins/mail_login.pp b/manifests/plugins/mail_login.pp new file mode 100644 index 0000000..a86cdc2 --- /dev/null +++ b/manifests/plugins/mail_login.pp @@ -0,0 +1,10 @@ +# simple mail login check +class nagios::plugins::mail_login { + nagios::plugin { + 'check_imap_login': + source => 'nagios/plugins/check_imap_login'; + 'check_pop3_login': + source => 'nagios/plugins/check_pop3_login'; + } +} + diff --git a/manifests/pnp4nagios.pp b/manifests/pnp4nagios.pp index 230772f..a7e1c73 100644 --- a/manifests/pnp4nagios.pp +++ b/manifests/pnp4nagios.pp @@ -1,33 +1,29 @@ +# manage pnp4nagios class nagios::pnp4nagios { include nagios::defaults::pnp4nagios - package { 'pnp4nagios': - ensure => installed, - require => Package['nagios'] - } + package { [ 'pnp4nagios', 'pnp4nagios-web-config-nagios3']: + ensure => installed } - # unfortunatly i didn't find a way to use nagios_host and nagios_service definition, because - # imho puppet can't handle the "name" variable needed in these 2 definitions - # so we need to copy a file here. + # unfortunatly we can't use the nagios_host and nagios_service + # definition to define templates, so we need to copy a file here. + # see http://projects.reductivelabs.com/issues/1180 for this limitation file { 'pnp4nagios-templates.cfg': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/pnp4nagios-templates.cfg", - source => [ - 'puppet:///modules/site-nagios/pnp4nagios/pnp4nagios-templates.cfg', - 'puppet:///modules/nagios/pnp4nagios/pnp4nagios-templates.cfg' ], - mode => '0644', - owner => root, - group => root, - notify => Service['nagios'], - require => Package['pnp4nagios'], + path => "${nagios::defaults::vars::int_cfgdir}/pnp4nagios-templates.cfg", + source => [ 'puppet:///modules/site_nagios/pnp4nagios/pnp4nagios-templates.cfg', + 'puppet:///modules/nagios/pnp4nagios/pnp4nagios-templates.cfg' ], + mode => '0644', + owner => root, + group => root, + notify => Service['nagios'], } file { 'apache.conf': path => '/etc/pnp4nagios/apache.conf', - source => [ - 'puppet:///modules/site-nagios/pnp4nagios/apache.conf', - 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], + source => ['puppet:///modules/site_nagios/pnp4nagios/apache.conf', + 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], mode => '0644', owner => root, group => root, @@ -38,35 +34,31 @@ class nagios::pnp4nagios { # run npcd as daemon file { '/etc/default/npcd': - path => '/etc/default/npcd', - source => [ - 'puppet:///modules/site-nagios/pnp4nagios/npcd', - 'puppet:///modules/nagios/pnp4nagios/npcd' ], - mode => '0644', - owner => root, - group => root, - notify => Service['npcd'], - require => Package['pnp4nagios'], + path => '/etc/default/npcd', + source => [ 'puppet:///modules/site_nagios/pnp4nagios/npcd', + 'puppet:///modules/nagios/pnp4nagios/npcd' ], + mode => '0644', + owner => root, + group => root, + notify => Service['npcd']; } service { 'npcd': - ensure => running, - enable => true, - hasstatus => true, - require => Package['pnp4nagios'], + ensure => running, + enable => true, + hasstatus => true, + require => Package['pnp4nagios'], } # modify action.gif file { '/usr/share/nagios3/htdocs/images/action.gif': - path => '/usr/share/nagios3/htdocs/images/action.gif', - source => [ - 'puppet:///modules/site-nagios/pnp4nagios/action.gif', - 'puppet:///modules/nagios/pnp4nagios/action.gif' ], - mode => '0644', - owner => root, - group => root, - notify => Service['nagios'], - require => Package['pnp4nagios'], + path => '/usr/share/nagios3/htdocs/images/action.gif', + source => [ 'puppet:///modules/site_nagios/pnp4nagios/action.gif', + 'puppet:///modules/nagios/pnp4nagios/action.gif' ], + mode => '0644', + owner => root, + group => root, + notify => Service['nagios']; } } diff --git a/manifests/service.pp b/manifests/service.pp index 9e265a6..e2c08e9 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,89 +1,90 @@ +# a wrapper around nagios_service to make it more convenient and +# also automatically an exported resource. define nagios::service ( - $ensure = present, - $host_name = $::fqdn, - $check_command = 'absent', - $check_period = '', - $normal_check_interval = '', - $retry_check_interval = '', - $max_check_attempts = '', - $notification_interval = '', - $notification_period = '', - $notification_options = '', - $contact_groups = '', - $use = 'generic-service', - $service_description = 'absent', - $use_nrpe = false, - $nrpe_args = '', - $nrpe_timeout = 10 + $ensure = present, + $host_name = $::fqdn, + $check_command = 'absent', + $check_period = undef, + $check_interval = undef, + $retry_check_interval = undef, + $max_check_attempts = undef, + $notification_interval = undef, + $notification_period = undef, + $notification_options = undef, + $contact_groups = undef, + $use = 'generic-service', + $service_description = 'absent', + $use_nrpe = undef, + $nrpe_args = undef, + $nrpe_timeout = 10, ) { # TODO: this resource should normally accept all nagios_host parameters $real_name = "${::hostname}_${name}" - @@nagios_service { "${real_name}": + @@nagios_service {$real_name: ensure => $ensure, - notify => Service[nagios]; + notify => Service['nagios']; } if $ensure != 'absent' { if $check_command == 'absent' { fail("Must pass a check_command to ${name} if it should be present") } - if $use_nrpe == true { - include nagios::command::nrpe_timeout + if str2bool($use_nrpe) { + include ::nagios::command::nrpe_timeout - if ($nrpe_args != '') { - $real_check_command = "check_nrpe_timeout!$nrpe_timeout!$check_command!\"$nrpe_args\"" - } - else { - $real_check_command = "check_nrpe_1arg_timeout!$nrpe_timeout!$check_command" + if $nrpe_args { + $real_check_command = "check_nrpe_timeout!${nrpe_timeout}!${check_command}!\"${nrpe_args}\"" + } else { + $real_check_command = "check_nrpe_1arg_timeout!${nrpe_timeout}!${check_command}" } - } - else { - $real_check_command = "$check_command" + } else { + $real_check_command = $check_command } - Nagios_service["${real_name}"] { - check_command => $real_check_command, - host_name => $host_name, - use => $use, - service_description => $service_description ?{ - 'absent' => $name, - default => $service_description - } + $real_service_description = $service_description ? { + 'absent' => $name, + default => $service_description + } + Nagios_service[$real_name] { + check_command => $check_command, + host_name => $host_name, + use => $use, + service_description => $real_service_description, } - if ($check_period != '') { - Nagios_service["${real_name}"] { check_period => $check_period } + if $check_period { + Nagios_service[$real_name] { check_period => $check_period } } - - if ($normal_check_interval != '') { - Nagios_service["${real_name}"] { normal_check_interval => $normal_check_interval } + + if $check_interval { + Nagios_service[$real_name] { check_interval => $check_interval } } - - if ($retry_check_interval != '') { - Nagios_service["${real_name}"] { retry_check_interval => $retry_check_interval } + + if $retry_check_interval { + Nagios_service[$real_name] { retry_check_interval => $retry_check_interval } } - - if ($max_check_attempts != '') { - Nagios_service["${real_name}"] { max_check_attempts => $max_check_attempts } + + if $max_check_attempts { + Nagios_service[$real_name] { max_check_attempts => $max_check_attempts } } - - if ($notification_interval != '') { - Nagios_service["${real_name}"] { notification_interval => $notification_interval } + + if $notification_interval { + Nagios_service[$real_name] { notification_interval => $notification_interval } } - - if ($notification_period != '') { - Nagios_service["${real_name}"] { notification_period => $notification_period } + + if $notification_period { + Nagios_service[$real_name] { notification_period => $notification_period } } - - if ($notification_options != '') { - Nagios_service["${real_name}"] { notification_options => $notification_options } + + if $notification_options { + Nagios_service[$real_name] { notification_options => $notification_options } } - - if ($contact_groups != '') { - Nagios_service["${real_name}"] { contact_groups => $contact_groups } + + if $contact_groups { + Nagios_service[$real_name] { contact_groups => $contact_groups } } } } diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp new file mode 100644 index 0000000..df13ca8 --- /dev/null +++ b/manifests/service/gpgkey.pp @@ -0,0 +1,49 @@ +# define a gpgkey to be watched +define nagios::service::gpgkey( + $ensure = 'present', + $warning = '14', + $key_info = undef, + $check_interval = 60, +){ + validate_slength($name,40,40) + require ::nagios::plugins::gpg + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_cmd = "gpg --homedir ${gpg_home}" + + exec{"manage_key_${name}": + user => nagios, + group => nagios, + } + nagios::service{ + "check_gpg_${name}": + ensure => $ensure; + } + + if $ensure == 'present' { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}", + unless => "${gpg_cmd} --list-keys ${name}", + before => Nagios::Service["check_gpg_${name}"], + } + + Nagios::Service["check_gpg_${name}"]{ + check_command => "check_gpg!${warning}!${name}", + check_interval => $check_interval, + } + if $key_info { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name} - Info: ${key_info}", + } + } else { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name}", + } + } + } else { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --batch --delete-key ${name}", + onlyif => "${gpg_cmd} --list-keys ${name}", + require => Nagios::Service["check_gpg_${name}"], + } + } +} diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp new file mode 100644 index 0000000..6cab59e --- /dev/null +++ b/manifests/service/horde_login.pp @@ -0,0 +1,18 @@ +# a horde login check +define nagios::service::horde_login( + $password, + $url, + $username = $name, + $ensure = 'present', +){ + nagios::service{ + "horde_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["horde_${name}"]{ + check_command => "check_horde_login!${url}!${username}!${password}", + } + } +} diff --git a/manifests/service/http.pp b/manifests/service/http.pp index ef63abb..b80c140 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -4,43 +4,51 @@ # - force: http is permanent redirect to https # - only: check only https define nagios::service::http( - $ensure = present, - $check_domain = 'absent', - $port = '80', - $check_url = '/', - $check_code = 'OK', - $use = 'generic-service', - $ssl_mode = false + $ensure = present, + $check_domain = 'absent', + $port = '80', + $check_url = '/', + $check_code = '200,301,302', + $use = 'generic-service', + $ssl_mode = false ){ - $real_check_domain = $check_domain ? { - 'absent' => $name, - default => $check_domain + $real_check_domain = $check_domain ? { + 'absent' => $name, + default => $check_domain + } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, } - case $ssl_mode { - 'force',true,'only': { - nagios::service{"https_${name}_${check_code}": - ensure => $ensure, - use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", - } - case $ssl_mode { - 'force': { - nagios::service{"httprd_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", - } - } - } + } + case $ssl_mode { + 'force',true,'only': { + nagios::service{"https_${name}": + ensure => $ensure, + use => $use, + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", + } + case $ssl_mode { + 'force': { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", + } } + } } - case $ssl_mode { - false,true: { - nagios::service{"http_${name}_${check_code}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", - } - } + } + case $ssl_mode { + false,true: { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", + } } + } } diff --git a/manifests/service/imap.pp b/manifests/service/imap.pp index b703db4..45b667a 100644 --- a/manifests/service/imap.pp +++ b/manifests/service/imap.pp @@ -1,24 +1,26 @@ +# check an imap service define nagios::service::imap( - $ensure = 'present', - $host = 'absent', - $port = '143', - $tls = true, - $tls_port = '993' + $ensure = 'present', + $host = 'absent', + $port = '143', + $tls = true, + $tls_port = '993' ){ $real_host = $host ? { 'absent' => $name, - default => $host + default => $host } + $tls_ensure = $tls ? { + true => $ensure, + default => 'absent' + } nagios::service{ "imap_${name}_${port}": ensure => $ensure; "imaps_${name}_${tls_port}": - ensure => $tls ? { - true => $ensure, - default => 'absent' - }; + ensure => $tls_ensure; } if $ensure != 'absent' { diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp new file mode 100644 index 0000000..25303a3 --- /dev/null +++ b/manifests/service/imap_login.pp @@ -0,0 +1,22 @@ +# a imap login check +define nagios::service::imap_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "imap_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["imap_login_${name}"]{ + check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} diff --git a/manifests/service/pop3_login.pp b/manifests/service/pop3_login.pp new file mode 100644 index 0000000..7453528 --- /dev/null +++ b/manifests/service/pop3_login.pp @@ -0,0 +1,22 @@ +# a pop3 login check +define nagios::service::pop3_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "pop3_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["pop3_login_${name}"]{ + check_command => "check_pop3_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} diff --git a/manifests/target.pp b/manifests/target.pp index 40ff18a..760d7d4 100644 --- a/manifests/target.pp +++ b/manifests/target.pp @@ -1,32 +1,32 @@ -# manifests/target.pp - +# a simple nagios target to monitor class nagios::target( - $parents = 'absent', - $address = $::ipaddress, - $nagios_alias = $::false, - $hostgroups = 'absent', - $notes = 'absent' + $parents = 'absent', + $address = $::ipaddress, + $nagios_alias = false, + $hostgroups = 'absent', + $use = 'generic-host', ){ @@nagios_host { $::fqdn: address => $address, - use => 'generic-host', + use => $use, } # Watch out with using aliases: they need to be unique throughout *all* # resources in a given host's catalogue. if $nagios_alias { - Nagios_host[$::fqdn] { - alias => $nagios_alias, + Nagios_host[$::fqdn]{ + alias => $nagios_alias } } if ($parents != 'absent') { - Nagios_host[ $::fqdn ] { parents => $parents } + Nagios_host[$::fqdn]{ + parents => $parents + } } if ($hostgroups != 'absent') { - Nagios_host[ $::fqdn ] { hostgroups => $hostgroups } - } - if ($notes != 'absent') { - Nagios_host[ $::fqdn ] { notes => $notes } + Nagios_host[$::fqdn]{ + hostgroups => $hostgroups + } } } diff --git a/manifests/target/fqdn.pp b/manifests/target/fqdn.pp index 6bb16c1..31fc4b7 100644 --- a/manifests/target/fqdn.pp +++ b/manifests/target/fqdn.pp @@ -1,10 +1,12 @@ +# monitor a host by fqdn class nagios::target::fqdn( + $address = $::fqdn, $hostgroups = 'absent', - $parents = 'absent' + $parents = 'absent' ) { class{'nagios::target': - address => $::fqdn, + address => $address, hostgroups => $hostgroups, - parents => $parents + parents => $parents } } diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 5368bc8..d4ad9a4 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -16,7 +16,7 @@ # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. -pid_file=<%= nagios_nrpe_pid_file %> +pid_file=<%= @pid_file %> @@ -34,10 +34,8 @@ server_port=5666 # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if has_variable?("nagios_nrpe_server_address") then %> -<%- if not nagios_nrpe_server_address.to_s.empty? then %> -server_address=<%= nagios_nrpe_server_address %> -<%- end %> +<%- if not @server_address.to_s.empty? then %> +server_address=<%= @server_address %> <%- end %> @@ -72,10 +70,10 @@ nrpe_group=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if nagios_nrpe_allowed_hosts.to_s.empty? then %> +<%- if @allowed_hosts.to_s.empty? then %> allowed_hosts=127.0.0.1 <%- else %> -allowed_host=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> +allowed_hosts=127.0.0.1,<%= @allowed_hosts %> <%- end %> # COMMAND ARGUMENT PROCESSING @@ -90,7 +88,7 @@ allowed_host=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> # # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=<%= @dont_blame %> # COMMAND PREFIX @@ -157,7 +155,7 @@ command_timeout=60 #include_dir=<somedirectory> #include_dir=<someotherdirectory> -include_dir=<%= nagios_nrpe_cfgdir %>/nrpe.d +include_dir=<%= @cfg_dir %>/nrpe.d |