diff options
| author | LeLutin <gabster@lelutin.ca> | 2016-02-25 06:59:19 +0000 |
|---|---|---|
| committer | LeLutin <gabster@lelutin.ca> | 2016-02-25 06:59:19 +0000 |
| commit | c0dee4a2393e23b226e123a427898de94b342141 (patch) | |
| tree | 449a726cec957808bdc52fd8e46a6acdaead777c | |
| parent | 5163d89155eec6b6b39994d0cd18e6ceeff8b180 (diff) | |
| parent | 2892e1795a823c2bee2893bc339854dd4f5e5b94 (diff) | |
Merge branch 'nrpe_params' into 'master'
Nrpe params
The nagios::nrpe class is currently completely unusable with puppet 3.x+
This is because it's still relying on global variables. When one tries to setup an nrpe client with nagios::nrpe with puppet 3.x, the following error occurs:
~~~
==> jessiepuppet: Error: Failed to parse template nagios/nrpe/nrpe.cfg:
==> jessiepuppet: Filepath: /usr/lib/ruby/vendor_ruby/puppet/parser/templatewrapper.rb
==> jessiepuppet: Line: 81
==> jessiepuppet: Detail: Could not find value for 'nagios_nrpe_pid_file' at /etc/puppet/modules/nagios/templates/nrpe/nrpe.cfg:19
==> jessiepuppet: at /etc/puppet/modules/nagios/manifests/nrpe/base.pp:22 on node jessie.vagrantup.com
==> jessiepuppet: Error: Failed to parse template nagios/nrpe/nrpe.cfg:
==> jessiepuppet: Filepath: /usr/lib/ruby/vendor_ruby/puppet/parser/templatewrapper.rb
==> jessiepuppet: Line: 81
==> jessiepuppet: Detail: Could not find value for 'nagios_nrpe_pid_file' at /etc/puppet/modules/nagios/templates/nrpe/nrpe.cfg:19
==> jessiepuppet: at /etc/puppet/modules/nagios/manifests/nrpe/base.pp:22 on node jessie.vagrantup.com
~~~
This is because the values of variables defined within nagios::nrpe are not propagated into other classes anymore.
This series also changes a default behaviour for creating saner configurations by default: the dont_blame_nrpe option is changed to disable command arguments by default.
It also adds some documentation for the nagios::nrpe class since it had no explanation whatsoever of how it should be used in the README.
See merge request !18
| -rw-r--r-- | README | 37 | ||||
| -rw-r--r-- | manifests/nrpe.pp | 29 | ||||
| -rw-r--r-- | manifests/nrpe/base.pp | 17 | ||||
| -rw-r--r-- | manifests/nrpe/command.pp | 10 | ||||
| -rw-r--r-- | templates/nrpe/nrpe.cfg | 16 |
5 files changed, 80 insertions, 29 deletions
@@ -65,7 +65,42 @@ Obviously, the check command must either be defined using nagios_command objects (some are supplied in nagios::defaults::commands) or in the nagios configuration files directly. -NRPE Services +NRPE client configuration +========================= + +To setup a machine as an NRPE client, the class 'nagios::nrpe' should be used: + + class { 'nagios::nrpe': + allowed_hosts => '10.2.3.4,10.5.6.7', + } + +The class can take the following parameters to change configuration or +configuration directory: + + * $cfg_dir : Defines the path to the NRPE configuration. The default is to use + the path used by packages per your distro. + + * $pid_file : Sets the path of the PID file. The default value is the path + used by init script shipped with your distro's packages. + + * $plugin_dir : Defines the path in which nagios plugins that are to be + executed with NRPE commands are stored. The default value is the path where + your distro's nagios package stores plugins. + + * $server_address : The IP address to which the NRPE client daemon should + bind. The default behaviour is to bind to all IPs. + + * $allowed_hosts : A string containing a comma-separated list of host IPs that + are allowed to request NRPE commands to be run. The default value is to + allow only 127.0.0.1, so you might want to pass in a list of additional host + IPs. + + * $dont_blame : A string that enables ('1') or disables ('0') NRPE command + arguments. Enabling arguments can lead to potentials of shell escapes so it + should be used with caution and only if absolutely needed. This is disabled + by default. + +NRPE Services ------------- Some Nagios services need to be checked via NRPE. The following will make the diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index ad7dbbb..b7984b6 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -1,22 +1,35 @@ # setup nrpe stuff -class nagios::nrpe { +class nagios::nrpe ( + $cfg_dir = '', + $pid_file = '', + $plugin_dir = '', + $server_address = '', + $allowed_hosts = '', + $dont_blame = '0', +) { + + if !($dont_blame in ['0', '1']) { + fail('Unrecognized value for $dont_blame, must be one of "0", or "1".') + } case $::operatingsystem { 'FreeBSD': { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/usr/local/etc' } - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/spool/nagios/nrpe2.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/local/libexec/nagios' } + if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } + if $pid_file == '' { $real_pid_file = '/var/spool/nagios/nrpe2.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/local/libexec/nagios' } include ::nagios::nrpe::freebsd } 'Debian': { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nagios/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nagios/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } include ::nagios::nrpe::linux } default: { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } case $::kernel { 'Linux': { include ::nagios::nrpe::linux } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index 0a06144..e48e87b 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,7 +1,13 @@ # basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } + # Import all variables from entry point + $cfg_dir = $::nagios::nrpe::real_cfg_dir + $pid_file = $::nagios::nrpe::real_pid_file + $plugin_dir = $::nagios::nrpe::real_plugin_dir + $server_address = $::nagios::nrpe::server_address + $allowed_hosts = $::nagios::nrpe::allowed_hosts + $dont_blame = $::nagios::nrpe::dont_blame package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: ensure => installed; @@ -13,12 +19,11 @@ class nagios::nrpe::base { } file{ - [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + [ $cfg_dir, "${cfg_dir}/nrpe.d" ]: ensure => directory; } - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + file { "${cfg_dir}/nrpe.cfg": content => template('nagios/nrpe/nrpe.cfg'), owner => root, group => 0, @@ -40,14 +45,14 @@ class nagios::nrpe::base { $critical_5_threshold = 9 * $::processorcount $critical_15_threshold = 8 * $::processorcount nagios::nrpe::command {'check_load': - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + command_line => "${plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", } service{'nagios-nrpe-server': ensure => running, enable => true, pattern => 'nrpe', - subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + subscribe => File["${cfg_dir}/nrpe.cfg"], require => Package['nagios-nrpe-server'], } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index 196996c..bdd89a7 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -8,12 +8,12 @@ define nagios::nrpe::command ( fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) } - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir + $cfg_dir = $nagios::nrpe::real_cfg_dir - file{"${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg": + file{"${cfg_dir}/nrpe.d/${name}_command.cfg": ensure => $ensure, notify => Service['nagios-nrpe-server'], - require => File ["${nagios_nrpe_cfgdir}/nrpe.d" ], + require => File ["${cfg_dir}/nrpe.d" ], owner => 'root', group => 0, mode => '0644'; @@ -21,12 +21,12 @@ define nagios::nrpe::command ( case $source { '': { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { content => template('nagios/nrpe/nrpe_command.erb'), } } default: { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { source => $source, } } diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 2ae2d71..d4ad9a4 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -16,7 +16,7 @@ # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. -pid_file=<%= nagios_nrpe_pid_file %> +pid_file=<%= @pid_file %> @@ -34,10 +34,8 @@ server_port=5666 # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if has_variable?("nagios_nrpe_server_address") then %> -<%- if not nagios_nrpe_server_address.to_s.empty? then %> -server_address=<%= nagios_nrpe_server_address %> -<%- end %> +<%- if not @server_address.to_s.empty? then %> +server_address=<%= @server_address %> <%- end %> @@ -72,10 +70,10 @@ nrpe_group=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if nagios_nrpe_allowed_hosts.to_s.empty? then %> +<%- if @allowed_hosts.to_s.empty? then %> allowed_hosts=127.0.0.1 <%- else %> -allowed_hosts=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> +allowed_hosts=127.0.0.1,<%= @allowed_hosts %> <%- end %> # COMMAND ARGUMENT PROCESSING @@ -90,7 +88,7 @@ allowed_hosts=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> # # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=<%= @dont_blame %> # COMMAND PREFIX @@ -157,7 +155,7 @@ command_timeout=60 #include_dir=<somedirectory> #include_dir=<someotherdirectory> -include_dir=<%= nagios_nrpe_cfgdir %>/nrpe.d +include_dir=<%= @cfg_dir %>/nrpe.d |