From ded0a8765946706262ec3c746864df4d09638292 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Jun 2013 00:37:41 +0200 Subject: force purge, so also subdirectories are removed --- manifests/base.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/base.pp b/manifests/base.pp index 0f8b777..08aefb9 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -180,6 +180,7 @@ class nagios::base { ensure => directory, recurse => true, purge => true, + force => true, notify => Service['nagios'], mode => 0755, owner => root, group => root; } -- cgit v1.2.3 From ea942b34344e2889779e3718c394687607a64c91 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 22 Aug 2013 18:15:55 +0200 Subject: remove silly naming as this anyway only makes it difficult to move checks --- manifests/service/http.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index ef63abb..33921fa 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -18,14 +18,14 @@ define nagios::service::http( } case $ssl_mode { 'force',true,'only': { - nagios::service{"https_${name}_${check_code}": + nagios::service{"https_${name}": ensure => $ensure, use => $use, check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", } case $ssl_mode { 'force': { - nagios::service{"httprd_${name}": + nagios::service{"http_${name}": ensure => $ensure, use => $use, check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", @@ -36,7 +36,7 @@ define nagios::service::http( } case $ssl_mode { false,true: { - nagios::service{"http_${name}_${check_code}": + nagios::service{"http_${name}": ensure => $ensure, use => $use, check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", -- cgit v1.2.3 From bfa099d32fd1155f9fe9d7bde2e927ea31ea3e2b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 22 Aug 2013 18:18:16 +0200 Subject: make it possible to pass two different checks for http and https --- manifests/service/http.pp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 33921fa..f0390be 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -16,12 +16,20 @@ define nagios::service::http( 'absent' => $name, default => $check_domain } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, + } + } case $ssl_mode { 'force',true,'only': { nagios::service{"https_${name}": ensure => $ensure, use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", } case $ssl_mode { 'force': { @@ -39,7 +47,7 @@ define nagios::service::http( nagios::service{"http_${name}": ensure => $ensure, use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", } } } -- cgit v1.2.3 From f596ec1fb06acb70f0b385fc418217556bc35dc2 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Sep 2013 15:18:06 +0200 Subject: check new and legacy ports of managesieve --- manifests/command/imap_pop3.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index 3735136..f3637a7 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,5 +1,6 @@ +# manage mail checks class nagios::command::imap_pop3 { - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { } # Debian/Ubuntu already define those checks default: { nagios_command { @@ -17,6 +18,8 @@ class nagios::command::imap_pop3 { 'check_pop3_ssl': command_line => '$USER1$/check_pop -H $ARG1$ -p $ARG2$ -S'; 'check_managesieve': + command_line => '$USER1$/check_tcp -H $ARG1$ -p 4190'; + 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; } } -- cgit v1.2.3 From 803bfe67b7f214927aa97dde795d84f6d79ce300 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Dec 2013 18:27:07 +0100 Subject: linting --- manifests/base.pp | 366 ++++++++++++++++++++++++++++-------------------------- manifests/init.pp | 7 +- 2 files changed, 191 insertions(+), 182 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 08aefb9..4c4f344 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,187 +1,195 @@ +# basic stuff for nagios class nagios::base { - # include the variables - include nagios::defaults::vars + # include the variables + include nagios::defaults::vars - package { 'nagios': - alias => 'nagios', - ensure => present, - } + package { 'nagios': + ensure => present, + } - service { 'nagios': - ensure => running, - enable => true, - #hasstatus => true, #fixme! - require => Package['nagios'], - } + service { 'nagios': + ensure => running, + enable => $nagios::service_at_boot, + #hasstatus => true, #fixme! + require => Package['nagios'], + } - # this file should contain all the nagios_puppet-paths: - file { 'nagios_main_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", - "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/site_nagios/configs/nagios.cfg", - "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/nagios/configs/nagios.cfg" ], - notify => Service['nagios'], - mode => 0644, owner => root, group => root; - } + # this file should contain all the nagios_puppet-paths: + file{ + 'nagios_main_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", + source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", + "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/site_nagios/configs/nagios.cfg', + "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/nagios/configs/nagios.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; + 'nagios_cgi_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", + "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", + 'puppet:///modules/site_nagios/configs/cgi.cfg', + "puppet:///modules/nagios/configs/${::operatingsystem}/cgi.cfg", + 'puppet:///modules/nagios/configs/cgi.cfg' ], + notify => Service['apache'], + owner => 'root', + group => 0, + mode => '0644'; + 'nagios_htpasswd': + path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", + source => ['puppet:///modules/site_nagios/htpasswd.users', + 'puppet:///modules/nagios/htpasswd.users' ], + owner => root, + group => apache, + mode => '0640'; + 'nagios_private': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/private/", + purge => true, + recurse => true, + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0750'; + 'nagios_private_resource_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", + "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0640'; + 'nagios_confd': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", + purge => true, + recurse => true, + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0750'; + } + Nagios_command <<||>> + Nagios_contactgroup <<||>> + Nagios_contact <<||>> + Nagios_hostdependency <<||>> + Nagios_hostescalation <<||>> + Nagios_hostextinfo <<||>> + Nagios_hostgroup <<||>> + Nagios_host <<||>> + Nagios_servicedependency <<||>> + Nagios_serviceescalation <<||>> + Nagios_servicegroup <<||>> + Nagios_serviceextinfo <<||>> + Nagios_service <<||>> + Nagios_timeperiod <<||>> - file { 'nagios_cgi_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", - "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/site_nagios/configs/cgi.cfg", - "puppet:///modules/nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/nagios/configs/cgi.cfg" ], - mode => '0644', owner => 'root', group => 0, - notify => Service['apache'], - } + Nagios_command <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_contact <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_contactgroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_host <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_hostdependency <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + notify => Service['nagios'], + } + Nagios_hostescalation <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + notify => Service['nagios'], + } + Nagios_hostextinfo <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_hostgroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_service <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_servicegroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + notify => Service['nagios'], + } + Nagios_servicedependency <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_serviceescalation <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_serviceextinfo <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_timeperiod <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } - file { 'nagios_htpasswd': - path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", - source => [ "puppet:///modules/site_nagios/htpasswd.users", - "puppet:///modules/nagios/htpasswd.users" ], - mode => 0640, owner => root, group => apache; - } + file{[ + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: + ensure => file, + replace => false, + notify => Service['nagios'], + owner => root, + group => 0, + mode => '0644'; + } - file { 'nagios_private': - path => "${nagios::defaults::vars::int_cfgdir}/private/", - ensure => directory, - purge => true, - recurse => true, - notify => Service['nagios'], - mode => '0750', owner => root, group => nagios; - } - - file { 'nagios_private_resource_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", - "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], - notify => Service['nagios'], - owner => root, group => nagios, mode => '0640'; - } - - file { 'nagios_confd': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", - ensure => directory, - purge => true, - recurse => true, - notify => Service['nagios'], - mode => '0750', owner => root, group => nagios; - } - Nagios_command <<||>> - Nagios_contactgroup <<||>> - Nagios_contact <<||>> - Nagios_hostdependency <<||>> - Nagios_hostescalation <<||>> - Nagios_hostextinfo <<||>> - Nagios_hostgroup <<||>> - Nagios_host <<||>> - Nagios_servicedependency <<||>> - Nagios_serviceescalation <<||>> - Nagios_servicegroup <<||>> - Nagios_serviceextinfo <<||>> - Nagios_service <<||>> - Nagios_timeperiod <<||>> - - Nagios_command <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contact <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contactgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_host <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostdependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - notify => Service['nagios'], - } - Nagios_hostescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - notify => Service['nagios'], - } - Nagios_hostextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_service <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_servicegroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - notify => Service['nagios'], - } - Nagios_servicedependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_timeperiod <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - - file{[ "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: - ensure => file, - replace => false, - notify => Service['nagios'], - mode => 0644, owner => root, group => 0; - } - - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - file { 'nagios_cfgdir': - path => "${nagios::defaults::vars::int_cfgdir}/", - ensure => directory, - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - mode => 0755, owner => root, group => root; - } + # manage nagios cfg files + # must be defined after exported resource overrides and cfg file defs + file { 'nagios_cfgdir': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/", + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; + } } diff --git a/manifests/init.pp b/manifests/init.pp index 5cbd3f3..efbfd02 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,10 +16,11 @@ # manage nagios class nagios( - $httpd = 'apache', + $httpd = 'apache', $allow_external_cmd = false, - $manage_shorewall = false, - $manage_munin = false + $manage_shorewall = false, + $manage_munin = false, + $service_atboot = true, ) { case $nagios::httpd { 'absent': { } -- cgit v1.2.3 From b3b005dad897be0c2a8fcf056d31623a0a01491e Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Feb 2014 19:41:46 +0100 Subject: better check on the status code as the reason is optional --- manifests/service/http.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index f0390be..1470cac 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -8,7 +8,7 @@ define nagios::service::http( $check_domain = 'absent', $port = '80', $check_url = '/', - $check_code = 'OK', + $check_code = '200', $use = 'generic-service', $ssl_mode = false ){ -- cgit v1.2.3 From c1669419c7644528957a23fa893793efa9cde47d Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Feb 2014 14:45:10 +0100 Subject: linting --- manifests/service/http.pp | 82 +++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 1470cac..502758d 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -4,51 +4,51 @@ # - force: http is permanent redirect to https # - only: check only https define nagios::service::http( - $ensure = present, - $check_domain = 'absent', - $port = '80', - $check_url = '/', - $check_code = '200', - $use = 'generic-service', - $ssl_mode = false + $ensure = present, + $check_domain = 'absent', + $port = '80', + $check_url = '/', + $check_code = '200', + $use = 'generic-service', + $ssl_mode = false ){ - $real_check_domain = $check_domain ? { - 'absent' => $name, - default => $check_domain + $real_check_domain = $check_domain ? { + 'absent' => $name, + default => $check_domain + } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, } - if is_hash($check_code) { - $check_code_hash = $check_code - } else { - $check_code_hash = { - http => $check_code, - https => $check_code, + } + case $ssl_mode { + 'force',true,'only': { + nagios::service{"https_${name}": + ensure => $ensure, + use => $use, + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", } - } - case $ssl_mode { - 'force',true,'only': { - nagios::service{"https_${name}": - ensure => $ensure, - use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", - } - case $ssl_mode { - 'force': { - nagios::service{"http_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", - } - } - } + case $ssl_mode { + 'force': { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", + } } + } } - case $ssl_mode { - false,true: { - nagios::service{"http_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", - } - } + } + case $ssl_mode { + false,true: { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", + } } + } } -- cgit v1.2.3 From af089ee1d1d0e6f7f8a1e543e3d75babfff74245 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:22:32 +0200 Subject: link to the default path to get the resource purging working --- manifests/base.pp | 156 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 100 insertions(+), 56 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 4c4f344..50a302c 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -14,10 +14,11 @@ class nagios::base { require => Package['nagios'], } + $cfg_dir = $nagios::defaults::vars::int_cfgdir # this file should contain all the nagios_puppet-paths: file{ 'nagios_main_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", + path => "${cfg_dir}/nagios.cfg", source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", 'puppet:///modules/site_nagios/configs/nagios.cfg', @@ -28,7 +29,7 @@ class nagios::base { group => root, mode => '0644'; 'nagios_cgi_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", + path => "${cfg_dir}/cgi.cfg", source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", 'puppet:///modules/site_nagios/configs/cgi.cfg', @@ -39,7 +40,7 @@ class nagios::base { group => 0, mode => '0644'; 'nagios_htpasswd': - path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", + path => "${cfg_dir}/htpasswd.users", source => ['puppet:///modules/site_nagios/htpasswd.users', 'puppet:///modules/nagios/htpasswd.users' ], owner => root, @@ -47,7 +48,7 @@ class nagios::base { mode => '0640'; 'nagios_private': ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/private/", + path => "${cfg_dir}/private", purge => true, recurse => true, notify => Service['nagios'], @@ -55,7 +56,7 @@ class nagios::base { group => nagios, mode => '0750'; 'nagios_private_resource_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", + path => "${cfg_dir}/private/resource.cfg", source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], notify => Service['nagios'], @@ -64,7 +65,7 @@ class nagios::base { mode => '0640'; 'nagios_confd': ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", + path => "${cfg_dir}/conf.d", purge => true, recurse => true, notify => Service['nagios'], @@ -88,108 +89,151 @@ class nagios::base { Nagios_timeperiod <<||>> Nagios_command <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + target => "${cfg_dir}/conf.d/nagios_command.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contact <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + target => "${cfg_dir}/conf.d/nagios_contact.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contactgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_host <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + target => "${cfg_dir}/conf.d/nagios_host.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostdependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg", notify => Service['nagios'], } Nagios_hostescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg", notify => Service['nagios'], } Nagios_hostextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_service <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + target => "${cfg_dir}/conf.d/nagios_service.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_servicegroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg", notify => Service['nagios'], } Nagios_servicedependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_timeperiod <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", + target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg", require => File['nagios_confd'], notify => Service['nagios'], } - file{[ - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: - ensure => file, - replace => false, - notify => Service['nagios'], - owner => root, - group => 0, - mode => '0644'; - } - - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - file { 'nagios_cfgdir': - ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/", - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - owner => root, - group => root, - mode => '0755'; + file{ + # manage nagios cfg files + # must be defined after exported resource overrides and cfg file defs + 'nagios_cfgdir': + ensure => directory, + path => $cfg_dir, + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; + ["${cfg_dir}/conf.d/nagios_command.cfg", + "${cfg_dir}/conf.d/nagios_contact.cfg", + "${cfg_dir}/conf.d/nagios_contactgroup.cfg", + "${cfg_dir}/conf.d/nagios_host.cfg", + "${cfg_dir}/conf.d/nagios_hostdependency.cfg", + "${cfg_dir}/conf.d/nagios_hostescalation.cfg", + "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", + "${cfg_dir}/conf.d/nagios_hostgroup.cfg", + "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg", + "${cfg_dir}/conf.d/nagios_service.cfg", + "${cfg_dir}/conf.d/nagios_servicedependency.cfg", + "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", + "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", + "${cfg_dir}/conf.d/nagios_servicegroup.cfg", + "${cfg_dir}/conf.d/nagios_timeperiod.cfg" ]: + ensure => file, + replace => false, + notify => Service['nagios'], + owner => root, + group => 0, + mode => '0644'; + "${cfg_dir}/nagios_command.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_command.cfg"; + "${cfg_dir}/nagios_contact.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_contact.cfg"; + "${cfg_dir}/nagios_contactgroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg"; + "${cfg_dir}/nagios_host.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_host.cfg"; + "${cfg_dir}/nagios_hostdependency.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg"; + "${cfg_dir}/nagios_hostescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg"; + "${cfg_dir}/nagios_hostextinfo.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg"; + "${cfg_dir}/nagios_hostgroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg"; + "${cfg_dir}/nagios_hostgroupescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg"; + "${cfg_dir}/nagios_service.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_service.cfg"; + "${cfg_dir}/nagios_servicedependency.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg"; + "${cfg_dir}/nagios_serviceescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg"; + "${cfg_dir}/nagios_serviceextinfo.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg"; + "${cfg_dir}/nagios_servicegroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg"; + "${cfg_dir}/nagios_timeperiod.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg"; } } -- cgit v1.2.3 From 8eafd6fdca47b6b6ae08b0313c0fcf1e13b4a886 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:28:56 +0200 Subject: purge any unmanaged resources --- manifests/base.pp | 23 +++++++++++++++++++++++ manifests/init.pp | 1 + 2 files changed, 24 insertions(+) diff --git a/manifests/base.pp b/manifests/base.pp index 50a302c..2ef1181 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -87,6 +87,27 @@ class nagios::base { Nagios_serviceextinfo <<||>> Nagios_service <<||>> Nagios_timeperiod <<||>> + if $nagios::purge_resources { + resources { + [ + 'nagios_command', + 'nagios_contactgroup', + 'nagios_contact', + 'nagios_hostdependency', + 'nagios_hostescalation', + 'nagios_hostextinfo', + 'nagios_hostgroup', + 'nagios_host', + 'nagios_servicedependency', + 'nagios_serviceescalation', + 'nagios_servicegroup', + 'nagios_serviceextinfo', + 'nagios_service', + 'nagios_timeperiod', + ]: + purge => true; + } + } Nagios_command <||> { target => "${cfg_dir}/conf.d/nagios_command.cfg", @@ -190,6 +211,8 @@ class nagios::base { owner => root, group => 0, mode => '0644'; + # unfortuantely resource purging only works on the default path and + # because we changed it above -> link the default path "${cfg_dir}/nagios_command.cfg": ensure => link, target => "${cfg_dir}/conf.d/nagios_command.cfg"; diff --git a/manifests/init.pp b/manifests/init.pp index efbfd02..7b747d9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,6 +21,7 @@ class nagios( $manage_shorewall = false, $manage_munin = false, $service_atboot = true, + $purge_resources = true, ) { case $nagios::httpd { 'absent': { } -- cgit v1.2.3 From b1a10d01e4c4682540eab75541845514ea8c4dd0 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:48:22 +0200 Subject: restart after purging --- manifests/base.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/base.pp b/manifests/base.pp index 2ef1181..b93150a 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -105,7 +105,8 @@ class nagios::base { 'nagios_service', 'nagios_timeperiod', ]: - purge => true; + notify => Service['nagios'], + purge => true; } } -- cgit v1.2.3 From b52d91b8fcabf0c6b1cd648cf996b7468be60969 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 12:36:29 +0200 Subject: get auto purging working again That purging resources work correctly, the config files must be at the location that the nagios providers have internally, which is at /etc/nagios/.cfg To ease the config file we used the cfg_dir option so far, which we can't anymore and hence this change requires adoption of your site modules. But auto-purging resources will then finally work. --- files/configs/CentOS/nagios.cfg | 18 +++- files/configs/Debian/nagios.cfg | 16 +++- manifests/base.pp | 176 +++++++++++----------------------------- manifests/defaults/templates.pp | 15 ++-- manifests/defaults/vars.pp | 3 +- manifests/pnp4nagios.pp | 7 +- 6 files changed, 91 insertions(+), 144 deletions(-) diff --git a/files/configs/CentOS/nagios.cfg b/files/configs/CentOS/nagios.cfg index 1354bf8..fc6a391 100644 --- a/files/configs/CentOS/nagios.cfg +++ b/files/configs/CentOS/nagios.cfg @@ -31,9 +31,21 @@ log_file=/var/log/nagios/nagios.log # separate from host and contact definitions... # Puppet-managed configuration files -cfg_dir=/etc/nagios/conf.d - - +cfg_file=/etc/nagios/nagios_command.cfg +cfg_file=/etc/nagios/nagios_contact.cfg +cfg_file=/etc/nagios/nagios_contactgroup.cfg +cfg_file=/etc/nagios/nagios_host.cfg +cfg_file=/etc/nagios/nagios_hostdependency.cfg +cfg_file=/etc/nagios/nagios_hostescalation.cfg +cfg_file=/etc/nagios/nagios_hostextinfo.cfg +cfg_file=/etc/nagios/nagios_hostgroup.cfg +cfg_file=/etc/nagios/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios/nagios_service.cfg +cfg_file=/etc/nagios/nagios_servicedependency.cfg +cfg_file=/etc/nagios/nagios_serviceescalation.cfg +cfg_file=/etc/nagios/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios/nagios_servicegroup.cfg +cfg_file=/etc/nagios/nagios_timeperiod.cfg # OBJECT CACHE FILE # This option determines where object definitions are cached when diff --git a/files/configs/Debian/nagios.cfg b/files/configs/Debian/nagios.cfg index 8eae393..dca295c 100644 --- a/files/configs/Debian/nagios.cfg +++ b/files/configs/Debian/nagios.cfg @@ -23,7 +23,21 @@ log_file=/var/log/nagios3/nagios.log cfg_file=/etc/nagios3/commands.cfg # Puppet-managed configuration files -cfg_dir=/etc/nagios3/conf.d +cfg_file=/etc/nagios3/nagios_command.cfg +cfg_file=/etc/nagios3/nagios_contact.cfg +cfg_file=/etc/nagios3/nagios_contactgroup.cfg +cfg_file=/etc/nagios3/nagios_host.cfg +cfg_file=/etc/nagios3/nagios_hostdependency.cfg +cfg_file=/etc/nagios3/nagios_hostescalation.cfg +cfg_file=/etc/nagios3/nagios_hostextinfo.cfg +cfg_file=/etc/nagios3/nagios_hostgroup.cfg +cfg_file=/etc/nagios3/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios3/nagios_service.cfg +cfg_file=/etc/nagios3/nagios_servicedependency.cfg +cfg_file=/etc/nagios3/nagios_serviceescalation.cfg +cfg_file=/etc/nagios3/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios3/nagios_servicegroup.cfg +cfg_file=/etc/nagios3/nagios_timeperiod.cfg # Debian also defaults to using the check commands defined by the debian # nagios-plugins package diff --git a/manifests/base.pp b/manifests/base.pp index b93150a..c0ebf77 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -63,16 +63,15 @@ class nagios::base { owner => root, group => nagios, mode => '0640'; - 'nagios_confd': - ensure => directory, - path => "${cfg_dir}/conf.d", - purge => true, - recurse => true, - notify => Service['nagios'], - owner => root, - group => nagios, - mode => '0750'; } + + if $cfg_dir == '/etc/nagios3' { + file{'/etc/nagios': + ensure => link, + target => $cfg_dir, + } + } + Nagios_command <<||>> Nagios_contactgroup <<||>> Nagios_contact <<||>> @@ -87,177 +86,94 @@ class nagios::base { Nagios_serviceextinfo <<||>> Nagios_service <<||>> Nagios_timeperiod <<||>> - if $nagios::purge_resources { - resources { - [ - 'nagios_command', - 'nagios_contactgroup', - 'nagios_contact', - 'nagios_hostdependency', - 'nagios_hostescalation', - 'nagios_hostextinfo', - 'nagios_hostgroup', - 'nagios_host', - 'nagios_servicedependency', - 'nagios_serviceescalation', - 'nagios_servicegroup', - 'nagios_serviceextinfo', - 'nagios_service', - 'nagios_timeperiod', - ]: - notify => Service['nagios'], - purge => true; - } - } Nagios_command <||> { - target => "${cfg_dir}/conf.d/nagios_command.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contact <||> { - target => "${cfg_dir}/conf.d/nagios_contact.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contactgroup <||> { - target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_host <||> { - target => "${cfg_dir}/conf.d/nagios_host.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostdependency <||> { - target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg", notify => Service['nagios'], } Nagios_hostescalation <||> { - target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg", notify => Service['nagios'], } Nagios_hostextinfo <||> { - target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostgroup <||> { - target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_service <||> { - target => "${cfg_dir}/conf.d/nagios_service.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_servicegroup <||> { - target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg", notify => Service['nagios'], } Nagios_servicedependency <||> { - target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceescalation <||> { - target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceextinfo <||> { - target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_timeperiod <||> { - target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } file{ - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - 'nagios_cfgdir': - ensure => directory, - path => $cfg_dir, - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - owner => root, - group => root, - mode => '0755'; - ["${cfg_dir}/conf.d/nagios_command.cfg", - "${cfg_dir}/conf.d/nagios_contact.cfg", - "${cfg_dir}/conf.d/nagios_contactgroup.cfg", - "${cfg_dir}/conf.d/nagios_host.cfg", - "${cfg_dir}/conf.d/nagios_hostdependency.cfg", - "${cfg_dir}/conf.d/nagios_hostescalation.cfg", - "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", - "${cfg_dir}/conf.d/nagios_hostgroup.cfg", - "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg", - "${cfg_dir}/conf.d/nagios_service.cfg", - "${cfg_dir}/conf.d/nagios_servicedependency.cfg", - "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", - "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", - "${cfg_dir}/conf.d/nagios_servicegroup.cfg", - "${cfg_dir}/conf.d/nagios_timeperiod.cfg" ]: + ["${cfg_dir}/nagios_command.cfg", + "${cfg_dir}/nagios_contact.cfg", + "${cfg_dir}/nagios_contactgroup.cfg", + "${cfg_dir}/nagios_host.cfg", + "${cfg_dir}/nagios_hostdependency.cfg", + "${cfg_dir}/nagios_hostescalation.cfg", + "${cfg_dir}/nagios_hostextinfo.cfg", + "${cfg_dir}/nagios_hostgroup.cfg", + "${cfg_dir}/nagios_hostgroupescalation.cfg", + "${cfg_dir}/nagios_service.cfg", + "${cfg_dir}/nagios_servicedependency.cfg", + "${cfg_dir}/nagios_serviceescalation.cfg", + "${cfg_dir}/nagios_serviceextinfo.cfg", + "${cfg_dir}/nagios_servicegroup.cfg", + "${cfg_dir}/nagios_timeperiod.cfg" ]: ensure => file, replace => false, notify => Service['nagios'], owner => root, group => 0, mode => '0644'; - # unfortuantely resource purging only works on the default path and - # because we changed it above -> link the default path - "${cfg_dir}/nagios_command.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_command.cfg"; - "${cfg_dir}/nagios_contact.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_contact.cfg"; - "${cfg_dir}/nagios_contactgroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg"; - "${cfg_dir}/nagios_host.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_host.cfg"; - "${cfg_dir}/nagios_hostdependency.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg"; - "${cfg_dir}/nagios_hostescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg"; - "${cfg_dir}/nagios_hostextinfo.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg"; - "${cfg_dir}/nagios_hostgroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg"; - "${cfg_dir}/nagios_hostgroupescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg"; - "${cfg_dir}/nagios_service.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_service.cfg"; - "${cfg_dir}/nagios_servicedependency.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg"; - "${cfg_dir}/nagios_serviceescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg"; - "${cfg_dir}/nagios_serviceextinfo.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg"; - "${cfg_dir}/nagios_servicegroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg"; - "${cfg_dir}/nagios_timeperiod.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg"; + } + + if $nagios::purge_resources { + resources { + [ + 'nagios_command', + 'nagios_contactgroup', + 'nagios_contact', + 'nagios_hostdependency', + 'nagios_hostescalation', + 'nagios_hostextinfo', + 'nagios_hostgroup', + 'nagios_host', + 'nagios_servicedependency', + 'nagios_serviceescalation', + 'nagios_servicegroup', + 'nagios_serviceextinfo', + 'nagios_service', + 'nagios_timeperiod', + ]: + notify => Service['nagios'], + purge => true; + } } } diff --git a/manifests/defaults/templates.pp b/manifests/defaults/templates.pp index 9711dd4..5158189 100644 --- a/manifests/defaults/templates.pp +++ b/manifests/defaults/templates.pp @@ -1,14 +1,17 @@ +# manage nagios_templates class nagios::defaults::templates { include nagios::defaults::vars file { 'nagios_templates': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_templates.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", + path => "${nagios::defaults::vars::int_cfgdir}/nagios_templates.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/site_nagios/configs/nagios_templates.cfg", + 'puppet:///modules/site_nagios/configs/nagios_templates.cfg', "puppet:///modules/nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/nagios/configs/nagios_templates.cfg" ], - notify => Service['nagios'], - mode => 0644, owner => root, group => root; + 'puppet:///modules/nagios/configs/nagios_templates.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; } } diff --git a/manifests/defaults/vars.pp b/manifests/defaults/vars.pp index 87f41f8..e1a6224 100644 --- a/manifests/defaults/vars.pp +++ b/manifests/defaults/vars.pp @@ -1,7 +1,8 @@ +# some default vars class nagios::defaults::vars { case $nagios::cfgdir { '': { $int_cfgdir = $::operatingsystem ? { - centos => '/etc/nagios/', + centos => '/etc/nagios', default => '/etc/nagios3' } } diff --git a/manifests/pnp4nagios.pp b/manifests/pnp4nagios.pp index 5ade74f..3faaae3 100644 --- a/manifests/pnp4nagios.pp +++ b/manifests/pnp4nagios.pp @@ -1,3 +1,4 @@ +# manage pnp4nagios class nagios::pnp4nagios { include nagios::defaults::pnp4nagios @@ -10,7 +11,7 @@ class nagios::pnp4nagios { # see http://projects.reductivelabs.com/issues/1180 for this limitation file { 'pnp4nagios-templates.cfg': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/pnp4nagios-templates.cfg", + path => "${nagios::defaults::vars::int_cfgdir}/pnp4nagios-templates.cfg", source => [ 'puppet:///modules/site_nagios/pnp4nagios/pnp4nagios-templates.cfg', 'puppet:///modules/nagios/pnp4nagios/pnp4nagios-templates.cfg' ], mode => '0644', @@ -21,8 +22,8 @@ class nagios::pnp4nagios { file { 'apache.conf': path => '/etc/pnp4nagios/apache.conf', - source => [ 'puppet:///modules/site_nagios/pnp4nagios/apache.conf', - 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], + source => ['puppet:///modules/site_nagios/pnp4nagios/apache.conf', + 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], mode => '0644', owner => root, group => root, -- cgit v1.2.3 From 885976423b223947215aaac5f32b3ee245e85683 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 12:53:44 +0200 Subject: restore a resource that was deleted too early --- manifests/base.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manifests/base.pp b/manifests/base.pp index c0ebf77..526a8fd 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -17,6 +17,16 @@ class nagios::base { $cfg_dir = $nagios::defaults::vars::int_cfgdir # this file should contain all the nagios_puppet-paths: file{ + 'nagios_cfgdir': + ensure => directory, + path => $cfg_dir, + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; 'nagios_main_cfg': path => "${cfg_dir}/nagios.cfg", source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", -- cgit v1.2.3 From a144f728b98f3783d1d4e99688cd8b95e01d616a Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 13:05:39 +0200 Subject: this is now the confd --- manifests/base.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/base.pp b/manifests/base.pp index 526a8fd..fa28c41 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,6 +20,7 @@ class nagios::base { 'nagios_cfgdir': ensure => directory, path => $cfg_dir, + alias => nagios_confd, recurse => true, purge => true, force => true, -- cgit v1.2.3 From 0941bc8c201bccaffaf40e51e04239fcc9fc0c7c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 13:54:39 +0200 Subject: add the default nagios templates file as well --- files/configs/CentOS/nagios.cfg | 1 + files/configs/Debian/nagios.cfg | 1 + 2 files changed, 2 insertions(+) diff --git a/files/configs/CentOS/nagios.cfg b/files/configs/CentOS/nagios.cfg index fc6a391..b88e3db 100644 --- a/files/configs/CentOS/nagios.cfg +++ b/files/configs/CentOS/nagios.cfg @@ -31,6 +31,7 @@ log_file=/var/log/nagios/nagios.log # separate from host and contact definitions... # Puppet-managed configuration files +cfg_file=/etc/nagios/nagios_templates.cfg cfg_file=/etc/nagios/nagios_command.cfg cfg_file=/etc/nagios/nagios_contact.cfg cfg_file=/etc/nagios/nagios_contactgroup.cfg diff --git a/files/configs/Debian/nagios.cfg b/files/configs/Debian/nagios.cfg index dca295c..ac02f4f 100644 --- a/files/configs/Debian/nagios.cfg +++ b/files/configs/Debian/nagios.cfg @@ -23,6 +23,7 @@ log_file=/var/log/nagios3/nagios.log cfg_file=/etc/nagios3/commands.cfg # Puppet-managed configuration files +cfg_file=/etc/nagios3/nagios_templates.cfg cfg_file=/etc/nagios3/nagios_command.cfg cfg_file=/etc/nagios3/nagios_contact.cfg cfg_file=/etc/nagios3/nagios_contactgroup.cfg -- cgit v1.2.3 From 60a2b8106a9403d786ca03a759035ad54d5976fc Mon Sep 17 00:00:00 2001 From: o Date: Mon, 1 Dec 2014 11:55:27 +0100 Subject: check_http by default also accept 301/302 --- manifests/service/http.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 502758d..b80c140 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -8,7 +8,7 @@ define nagios::service::http( $check_domain = 'absent', $port = '80', $check_url = '/', - $check_code = '200', + $check_code = '200,301,302', $use = 'generic-service', $ssl_mode = false ){ -- cgit v1.2.3 From 4d4119d3c7b47ed34b7e014b3a9f9ff0bddda76c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 7 Jun 2015 11:43:49 +0200 Subject: cleanup things a bit and make it possible to set a different fqdn --- manifests/target.pp | 22 +++++++++++++--------- manifests/target/fqdn.pp | 8 +++++--- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/manifests/target.pp b/manifests/target.pp index f9b7e13..82cf6a1 100644 --- a/manifests/target.pp +++ b/manifests/target.pp @@ -1,22 +1,26 @@ -# manifests/target.pp - +# a simple nagios target to monitor class nagios::target( - $parents = 'absent', - $address = $::ipaddress, + $parents = 'absent', + $address = $::ipaddress, $nagios_alias = $::hostname, - $hostgroups = 'absent' + $hostgroups = 'absent', + $use = 'generic-host', ){ @@nagios_host { $::fqdn: address => $address, - alias => $nagios_alias, - use => 'generic-host', + alias => $nagios_alias, + use => $use, } if ($parents != 'absent') { - Nagios_host["${::fqdn}"] { parents => $parents } + Nagios_host[$::fqdn] { + parents => $parents + } } if ($hostgroups != 'absent') { - Nagios_host["${::fqdn}"] { hostgroups => $hostgroups } + Nagios_host[$::fqdn] { + hostgroups => $hostgroups + } } } diff --git a/manifests/target/fqdn.pp b/manifests/target/fqdn.pp index 6bb16c1..31fc4b7 100644 --- a/manifests/target/fqdn.pp +++ b/manifests/target/fqdn.pp @@ -1,10 +1,12 @@ +# monitor a host by fqdn class nagios::target::fqdn( + $address = $::fqdn, $hostgroups = 'absent', - $parents = 'absent' + $parents = 'absent' ) { class{'nagios::target': - address => $::fqdn, + address => $address, hostgroups => $hostgroups, - parents => $parents + parents => $parents } } -- cgit v1.2.3 From 32760cb4d265a2cf74e6cd0014137b7883ee80a4 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui Date: Wed, 7 Oct 2015 11:29:36 -0400 Subject: Add --sni to check_http --ssl commands --- manifests/defaults/commands.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/defaults/commands.pp b/manifests/defaults/commands.pp index 777a74e..3521d94 100644 --- a/manifests/defaults/commands.pp +++ b/manifests/defaults/commands.pp @@ -10,15 +10,15 @@ class nagios::defaults::commands { check_dummy: command_line => '$USER1$/check_dummy $ARG1$'; check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + command_line => '$USER1$/check_http --ssl --sni -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; check_http_url: command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; check_http_url_regex: command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + command_line => '$USER1$/check_http --ssl --sni -H $ARG1$ -u $ARG2$'; check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + command_line => '$USER1$/check_http --ssl --sni -H $ARG1$ -u $ARG2$ -e $ARG3$'; check_mysql_db: command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; check_ntp_time: @@ -60,17 +60,17 @@ class nagios::defaults::commands { check_http: command_line => '$USER1$/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$'; check_https: - command_line => '$USER1$/check_http --ssl -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + command_line => '$USER1$/check_http --ssl --sni -H $HOSTADDRESS$ -I $HOSTADDRESS$'; check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + command_line => '$USER1$/check_http --ssl --sni -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; check_http_url: command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; check_http_url_regex: command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + command_line => '$USER1$/check_http --ssl --sni -H $ARG1$ -u $ARG2$'; check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + command_line => '$USER1$/check_http --ssl --sni -H $ARG1$ -u $ARG2$ -e $ARG3$'; check_mysql: command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$'; check_mysql_db: -- cgit v1.2.3 From 7cb5f0625c929ccbc6029b6bb12f97f7f2bfe70a Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Thu, 8 Oct 2015 14:51:58 -0700 Subject: update the apache2.conf file updating to the debian 3.5.1.dfsg-2+b1 version of the file. mostly whitespace changes, one 2.2 vs 2.4 change and a change for docs. --- files/configs/apache2.conf | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/files/configs/apache2.conf b/files/configs/apache2.conf index 14bb38b..f0f8b2f 100644 --- a/files/configs/apache2.conf +++ b/files/configs/apache2.conf @@ -1,8 +1,8 @@ # apache configuration for nagios 3.x # note to users of nagios 1.x and 2.x: -# throughout this file are commented out sections which preserve -# backwards compatibility with bookmarks/config for older nagios versios. -# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. +# throughout this file are commented out sections which preserve +# backwards compatibility with bookmarks/config for older nagios versios. +# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 @@ -28,22 +28,34 @@ Alias /nagios3 /usr/share/nagios3/htdocs #Alias /nagios /usr/share/nagios3/htdocs - Options FollowSymLinks + Options FollowSymLinks - DirectoryIndex index.php index.html + DirectoryIndex index.php index.html - AllowOverride AuthConfig - Order Allow,Deny - Allow From All + AllowOverride AuthConfig - AuthName "Nagios Access" - AuthType Basic - AuthUserFile /etc/nagios3/htpasswd.users - # nagios 1.x: - #AuthUserFile /etc/nagios/htpasswd.users - require valid-user + + + Order Allow,Deny + Allow From All + + + = 2.3> + Require all denied + + + AuthName "Nagios Access" + AuthType Basic + AuthUserFile /etc/nagios3/htpasswd.users + # nagios 1.x: + #AuthUserFile /etc/nagios/htpasswd.users + require valid-user + + Options +ExecCGI + + # Enable this ScriptAlias if you want to enable the grouplist patch. # See http://apan.sourceforge.net/download.html for more info # It allows you to see a clickable list of all hostgroups in the -- cgit v1.2.3 From 5e92209e5b284e0f0d99c30e555cc498a39c396e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:23:44 +0200 Subject: introduce gpg checks --- files/plugins/check_gpg | 113 ++++++++++++++++++++++++++++++++++++++++++++ manifests/init.pp | 8 ++-- manifests/plugins/gpg.pp | 43 +++++++++++++++++ manifests/service/gpgkey.pp | 43 +++++++++++++++++ 4 files changed, 204 insertions(+), 3 deletions(-) create mode 100644 files/plugins/check_gpg create mode 100644 manifests/plugins/gpg.pp create mode 100644 manifests/service/gpgkey.pp diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg new file mode 100644 index 0000000..bf4b930 --- /dev/null +++ b/files/plugins/check_gpg @@ -0,0 +1,113 @@ +#!/bin/bash +# +# Nagios plugin that checks whether a key ID has expired, or will expire within +# a certain time. +# +# note: the plugin will issue a critical state if the required key has been +# revoked. +# +# usage: check_gpg [-w ] [--gnupg-homedir ] +# +# is any PGP key ID that GnuPG accepts with "gpg --list-key " +# +# The option -w parameter lets you specify the number of days within which key +# expiry will trigger a warning. e.g. if expires within +# days, make nagios issue a warning. +# +# num_days must be an integer value +# +# optionally, if the keyring directory you want GPG to use is not located in +# the user's ~/.gnupg, you can specify the path to the keyring directory with +# the --gnupg-homedir parameter. +# +# Thanks a bunch to Daniel Kahn Gillmor for providing example commands that +# made up most of the core of this plugin. +# +# Copyleft Gabriel Filion +# +# This plugin is released under the GPL v3+ license. To get a copy of the +# license text visit: https://www.gnu.org/licenses/gpl-3.0.txt +# +SECS_IN_DAY=86400 + +function debug () { + if [ -n "$DEBUG" ]; then + echo "$1" >&2 + fi +} + +debug "got args: $*" + +now=$(date +%s) +debug "current timestamp: $now" + +warning_threshold= +homedir= +for arg in $*; do + case $arg in + "-w") + if [ -z "$2" ]; then + echo "UNKNOWN: argument -w got no value. integer needed" + exit 3 + fi + if [ "`echo $2 | egrep ^[[:digit:]]+$`" = "" ]; then + echo "UNKNOWN: invalid value '$2' passed to -w. integer needed" + exit 3 + fi + warning_threshold=$(( $now + ($2*$SECS_IN_DAY) )) + debug "setting warning_threshold to '$warning_threshold'" + + shift 2 + ;; + "--gnupg-homedir") + if [ -z "$2" ]; then + echo "UNKNOWN: argument --gnupg-homedir got no value. path needed" + exit 3 + fi + if [ ! -d "$2" ]; then + echo "UNKNOWN: homedir '$2' does not exist or is not a directory" + exit 3 + fi + homedir="--homedir $2" + debug "setting homedir to '$homedir'" + + shift 2 + ;; + esac +done + +if [ -z "$1" ]; then + echo "UNKNOWN: must provide a key ID" + exit 3 +fi +key="$1" + +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + +if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then + echo "CRITICAL: key '$key' has been revoked!" + exit 1 +fi + +for expiry in $(gpg $homedir --with-colons --fixed-list-mode --list-key "$key" 2>/dev/null | awk -F: '/^pub:/{ print $7 }'); +do + debug "expiry value: $expiry" + + if [ "$now" -gt "$expiry" ] ; then + printf "CRITICAL: %s has expired on %s\n" "$key" "$(date -d "$expiry seconds")"; + exit 1; + fi; + if [ -n "$warning_threshold" ] && [ "$warning_threshold" -gt "$expiry" ]; then + remaining=$(( ($expiry-$now) / $SECS_IN_DAY )) + printf "WARNING: %s expires in %s days\n" "$key" "$remaining"; + exit 2; + fi +done + +echo "OK: key '$key' has not expired." diff --git a/manifests/init.pp b/manifests/init.pp index 7b747d9..e80525e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,7 @@ class nagios( $manage_munin = false, $service_atboot = true, $purge_resources = true, + $gpgkey_checks = {}, ) { case $nagios::httpd { 'absent': { } @@ -32,15 +33,16 @@ class nagios( case $::operatingsystem { 'centos': { $cfgdir = '/etc/nagios' - include nagios::centos + include ::nagios::centos } 'debian': { $cfgdir = '/etc/nagios3' - include nagios::debian + include ::nagios::debian } default: { fail("No such operatingsystem: ${::operatingsystem} yet defined") } } if $manage_munin { - include nagios::munin + include ::nagios::munin } + create_resources('nagios::service::gpgkey',$gpgkey_checks) } diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp new file mode 100644 index 0000000..d8c1d40 --- /dev/null +++ b/manifests/plugins/gpg.pp @@ -0,0 +1,43 @@ +# check_gpg from +# https://github.com/lelutin/nagios-plugins/blob/master/check_gpg +class nagios::plugins::gpg { + require ::gnupg + nagios::plugin{'check_gpg': + source => 'nagios/plugins/check_gpg', + } + + $gpg_home = '/var/local/nagios_gpg_homedir' + file{ + $gpg_home: + ensure => 'directory', + owner => nagios, + group => nagios, + mode => '0600', + require => Nagios::Plugin['check_gpg']; + '/etc/cron.daily/update_nagios_gpgkeys': + content => "!#/bin/bash +function exec() { + cmd=\$1 + outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') + if [ \$? -gt 0 ]; then + echo \$output + exit 1 + fi +} + +gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg(\"--recv-keys \${key}\") +done +", + owner => root, + group => 0, + mode => '0700', + require => File[$gpg_home]; + } + nagios_command { + 'check_gnupg': + command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", + require => Nagios::Plugin['check_gpg'], + } +} + diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp new file mode 100644 index 0000000..0c271f4 --- /dev/null +++ b/manifests/service/gpgkey.pp @@ -0,0 +1,43 @@ +# define a gpgkey to be watched +define nagios::service::gpgkey( + $ensure = 'present', + $warning = '14', + $key_info = undef, +){ + validate_slength($name,40,40) + require ::nagios::plugins::gpg + $gpg_home = $nagios::plugins::gpg::gpg_home + + exec{"manage_key_${name}": } + nagios::service{ + "check_gpg_${name}": + ensure => $ensure; + } + + if $ensure == 'present' { + Exec["manage_key_${name}"]{ + command => "gpg --homedir ${gpg_home} --recv-keys ${name}", + unless => "gpg --homedir ${gpg_home} --list-keys ${name}", + before => Nagios::Service["check_gpg_${name}"], + } + + Nagios::Service["check_gpg_${name}"]{ + check_command => "check_gpg!${warning}!${name}", + } + if $key_info { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name} - Info: ${key_info}", + } + } else { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name}", + } + } + } else { + Exec["manage_key_${name}"]{ + command => "gpg --batch --homedir ${gpg_home} --delete-key ${name}", + onlyif => "gpg --homedir ${gpg_home} --list-keys ${name}", + require => Nagios::Service["check_gpg_${name}"], + } + } +} -- cgit v1.2.3 From bbda7cef0b0d6d68c9d2c393592cbfbef9f3534e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:26:10 +0200 Subject: introduce horde_login checks --- files/plugins/check_horde_login | 69 ++++++++++++++++++++++++++++++++++++++++ manifests/plugins/horde_login.pp | 9 ++++++ manifests/service/horde_login.pp | 18 +++++++++++ 3 files changed, 96 insertions(+) create mode 100644 files/plugins/check_horde_login create mode 100644 manifests/plugins/horde_login.pp create mode 100644 manifests/service/horde_login.pp diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login new file mode 100644 index 0000000..4c63daa --- /dev/null +++ b/files/plugins/check_horde_login @@ -0,0 +1,69 @@ +#!/bin/env python +# vi:si:et:sw=4:sts=4:ts=4 +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2015 mh + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. +# + +import sys, os, requests, getopt + +def usage(): + print sys.argv[0] + " -u username "+ \ + "-p password " + \ + "-s server path" + sys.exit(1) + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h") + except getopt.GetoptError: + usage() + return 3 + + user = url = password = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + url = a + "/login.php" + elif o == '-h': + usage() + + if user == None or password == None or url == None: + usage() + + params = { 'horde_user': user, + 'horde_pass': password, + 'horde_select_view': 'auto', + 'anchor_string': '', + 'app': '', + 'login_post': 1, + 'new_lang': 'en_US', + 'url': '', + } + + + r = requests.post(url, data=params, allow_redirects=False) + # on a successfully login we are redirected to the mailbox + if r.status_code == 302: + print "OK" + sys.exit(0) + else: + print "Error" + sys.exit(2) + + +if __name__ == "__main__": + sys.exit(main()) + + diff --git a/manifests/plugins/horde_login.pp b/manifests/plugins/horde_login.pp new file mode 100644 index 0000000..908b57b --- /dev/null +++ b/manifests/plugins/horde_login.pp @@ -0,0 +1,9 @@ +# check_horde_login +class nagios::plugins::horde_login { + nagios::plugin { 'check_horde_login': + source => 'nagios/plugins/check_horde_login', + } -> nagios_command { + 'check_horde_login': + command_line => "\$USER1\$/check_horde_login -s \$ARG1\$ -u \$ARG2\$ -p \$ARG3\$", + } +} diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp new file mode 100644 index 0000000..876ce2b --- /dev/null +++ b/manifests/service/horde_login.pp @@ -0,0 +1,18 @@ +# a horde login check +define nagios::service::horde_login( + $username, + $password, + $url, + $ensure = 'present', +){ + nagios::service{ + "horde_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["horde_${name}"]{ + check_command => "check_horde_login!${url}!${username}!${password}", + } + } +} -- cgit v1.2.3 From d85a5924b713143426a59ece9df82bba7534e11b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:29:30 +0200 Subject: ensure we run things with the right user/group --- manifests/service/gpgkey.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index 0c271f4..bea2c57 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -8,7 +8,10 @@ define nagios::service::gpgkey( require ::nagios::plugins::gpg $gpg_home = $nagios::plugins::gpg::gpg_home - exec{"manage_key_${name}": } + exec{"manage_key_${name}": + user => nagios, + group => nagios, + } nagios::service{ "check_gpg_${name}": ensure => $ensure; -- cgit v1.2.3 From c754ec94b331828588b6a3c2423ef9f21c849e18 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:32:28 +0200 Subject: the module is called gpg --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index d8c1d40..3493ff8 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,7 +1,7 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg class nagios::plugins::gpg { - require ::gnupg + require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', } -- cgit v1.2.3 From e0b08c71a7aaa721481a5662dc3c4eef143f32e4 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:52:12 +0200 Subject: make it possible to define the keyserver to fetch from --- manifests/plugins/gpg.pp | 12 +++++++----- manifests/service/gpgkey.pp | 5 +++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 3493ff8..198f5ab 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,6 +1,8 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg { +class nagios::plugins::gpg( + $keyserver = 'hkp://keys.mayfirst.org', +) { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -15,8 +17,8 @@ class nagios::plugins::gpg { mode => '0600', require => Nagios::Plugin['check_gpg']; '/etc/cron.daily/update_nagios_gpgkeys': - content => "!#/bin/bash -function exec() { + content => "#!/bin/bash +function gpg() { cmd=\$1 outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') if [ \$? -gt 0 ]; then @@ -25,8 +27,8 @@ function exec() { fi } -gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg(\"--recv-keys \${key}\") +su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg \"--keyserver ${keyserver} --recv-keys \${key}\" done ", owner => root, diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index bea2c57..08b7473 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -6,7 +6,8 @@ define nagios::service::gpgkey( ){ validate_slength($name,40,40) require ::nagios::plugins::gpg - $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_keyserver = $nagios::plugins::gpg::keyserver exec{"manage_key_${name}": user => nagios, @@ -19,7 +20,7 @@ define nagios::service::gpgkey( if $ensure == 'present' { Exec["manage_key_${name}"]{ - command => "gpg --homedir ${gpg_home} --recv-keys ${name}", + command => "gpg --keyserver ${gpg_keyserver} --homedir ${gpg_home} --recv-keys ${name}", unless => "gpg --homedir ${gpg_home} --list-keys ${name}", before => Nagios::Service["check_gpg_${name}"], } -- cgit v1.2.3 From 1c3e0881ef6a93637a63561f44ec3edc963a7220 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:00:08 +0200 Subject: username can be name --- manifests/service/horde_login.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp index 876ce2b..6cab59e 100644 --- a/manifests/service/horde_login.pp +++ b/manifests/service/horde_login.pp @@ -1,9 +1,9 @@ # a horde login check define nagios::service::horde_login( - $username, $password, $url, - $ensure = 'present', + $username = $name, + $ensure = 'present', ){ nagios::service{ "horde_${name}": -- cgit v1.2.3 From 41cf7666abb78020c7ea3a331bd65f709e73fbf8 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:01:11 +0200 Subject: correct naming --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 198f5ab..632ad1f 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -37,7 +37,7 @@ done require => File[$gpg_home]; } nagios_command { - 'check_gnupg': + 'check_gpg': command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", require => Nagios::Plugin['check_gpg'], } -- cgit v1.2.3 From 11dca77caa10423d8b1d722ff950aa20b1c41080 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:36:27 +0200 Subject: also deploy the plugin on a nagios host --- manifests/defaults/commands.pp | 240 +++++++++++++++++++++-------------------- 1 file changed, 121 insertions(+), 119 deletions(-) diff --git a/manifests/defaults/commands.pp b/manifests/defaults/commands.pp index bb19638..fc552b4 100644 --- a/manifests/defaults/commands.pp +++ b/manifests/defaults/commands.pp @@ -1,139 +1,141 @@ +# defaults commands we wanna have available class nagios::defaults::commands { - include nagios::command::smtp - include nagios::command::imap_pop3 + include ::nagios::command::smtp + include ::nagios::command::imap_pop3 + include ::nagios::plugins::horde_login # common service commands case $::operatingsystem { - debian,ubuntu: { - nagios_command { - check_dummy: - command_line => '$USER1$/check_dummy $ARG1$'; - check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_url: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; - check_http_url_regex: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; - check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_mysql_db: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; - check_ntp_time: - command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; - check_silc: - command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; - check_sobby: - command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; - check_jabber: - command_line => '$USER1$/check_jabber -H $ARG1$'; - check_git: - command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; - } + debian,ubuntu: { + nagios_command { + check_dummy: + command_line => '$USER1$/check_dummy $ARG1$'; + check_https_cert: + command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_http_url: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; + check_http_url_regex: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_https_url: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + check_https_url_regex: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_mysql_db: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; + check_ntp_time: + command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; + check_silc: + command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; + check_sobby: + command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; + check_jabber: + command_line => '$USER1$/check_jabber -H $ARG1$'; + check_git: + command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; } - default: { - nagios_command { - check_dummy: - command_line => '$USER1$/check_dummy $ARG1$'; - check_ping: - command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$'; - check-host-alive: - command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 5000,100% -c 5000,100% -p 1'; - check_tcp: - command_line => '$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$'; - check_udp: - command_line => '$USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$'; - check_load: - command_line => '$USER1$/check_load --warning=$ARG1$,$ARG2$,$ARG3$ --critical=$ARG4$,$ARG5$,$ARG6$'; - check_disk: - command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e -p $ARG3$'; - check_all_disks: - command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e'; - check_ssh: - command_line => '$USER1$/check_ssh $HOSTADDRESS$'; - check_ssh_port: - command_line => '$USER1$/check_ssh -p $ARG1$ $HOSTADDRESS$'; - check_ssh_port_host: - command_line => '$USER1$/check_ssh -p $ARG1$ $ARG2$'; - check_http: - command_line => '$USER1$/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_https: - command_line => '$USER1$/check_http --ssl -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_url: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; - check_http_url_regex: - command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; - check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; - check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_mysql: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$'; - check_mysql_db: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; - check_ntp_time: - command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; - check_silc: - command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; - check_sobby: - command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; - check_jabber: - command_line => '$USER1$/check_jabber -H $ARG1$'; - check_git: - command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; - } + } + default: { + nagios_command { + check_dummy: + command_line => '$USER1$/check_dummy $ARG1$'; + check_ping: + command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$'; + check-host-alive: + command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 5000,100% -c 5000,100% -p 1'; + check_tcp: + command_line => '$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$'; + check_udp: + command_line => '$USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$'; + check_load: + command_line => '$USER1$/check_load --warning=$ARG1$,$ARG2$,$ARG3$ --critical=$ARG4$,$ARG5$,$ARG6$'; + check_disk: + command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e -p $ARG3$'; + check_all_disks: + command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e'; + check_ssh: + command_line => '$USER1$/check_ssh $HOSTADDRESS$'; + check_ssh_port: + command_line => '$USER1$/check_ssh -p $ARG1$ $HOSTADDRESS$'; + check_ssh_port_host: + command_line => '$USER1$/check_ssh -p $ARG1$ $ARG2$'; + check_http: + command_line => '$USER1$/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_https: + command_line => '$USER1$/check_http --ssl -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_https_cert: + command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_http_url: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; + check_http_url_regex: + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; + check_https_url: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + check_https_url_regex: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_mysql: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$'; + check_mysql_db: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; + check_ntp_time: + command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; + check_silc: + command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; + check_sobby: + command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; + check_jabber: + command_line => '$USER1$/check_jabber -H $ARG1$'; + check_git: + command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; } + } } - # commands for services defined by other modules + # commands for services defined by other modules - nagios_command { - # from apache module - http_port: - command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + nagios_command { + # from apache module + http_port: + command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_port_url_content: - command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; - check_https_port_url_content: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; - check_http_url_content: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; - check_https_url_content: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; + check_http_port_url_content: + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + check_https_port_url_content: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + check_http_url_content: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; + check_https_url_content: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; - # from bind module - check_dig2: - command_line => '$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ --record_type=$ARG2$'; + # from bind module + check_dig2: + command_line => '$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ --record_type=$ARG2$'; - # from mysql module - check_mysql_health: - command_line => '$USER1$/check_mysql_health --hostname $ARG1$ --port $ARG2$ --username $ARG3$ --password $ARG4$ --mode $ARG5$ --database $ARG6$ $ARG7$ $ARG8$'; + # from mysql module + check_mysql_health: + command_line => '$USER1$/check_mysql_health --hostname $ARG1$ --port $ARG2$ --username $ARG3$ --password $ARG4$ --mode $ARG5$ --database $ARG6$ $ARG7$ $ARG8$'; - # better check_dns - check_dns2: - command_line => '$USER1$/check_dns2 -c $ARG1$ A $ARG2$'; + # better check_dns + check_dns2: + command_line => '$USER1$/check_dns2 -c $ARG1$ A $ARG2$'; - # dnsbl checking - check_dnsbl: - command_line => '$USER1$/check_dnsbl -H $ARG1$'; - } + # dnsbl checking + check_dnsbl: + command_line => '$USER1$/check_dnsbl -H $ARG1$'; + } - # notification commands + # notification commands - $mail_cmd_location = $::operatingsystem ? { - centos => '/bin/mail', - default => '/usr/bin/mail' - } + $mail_cmd_location = $::operatingsystem ? { + centos => '/bin/mail', + default => '/usr/bin/mail' + } - nagios_command { - 'notify-host-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\nHost: \$HOSTNAME\$\\nState: \$HOSTSTATE\$\\nAddress: \$HOSTADDRESS\$\\nInfo: \$HOSTOUTPUT\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Host Alert: \$HOSTNAME\$ is \$HOSTSTATE\$ **\" \$CONTACTEMAIL\$"; - 'notify-service-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nService: \$SERVICEDESC\$\\nHost: \$HOSTALIAS\$\\nAddress: \$HOSTADDRESS\$\\nState: \$SERVICESTATE\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nAdditional Info:\\n\\n\$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Service Alert: \$HOSTALIAS\$/\$SERVICEDESC\$ is \$SERVICESTATE\$ **\" \$CONTACTEMAIL\$"; - } + nagios_command { + 'notify-host-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\nHost: \$HOSTNAME\$\\nState: \$HOSTSTATE\$\\nAddress: \$HOSTADDRESS\$\\nInfo: \$HOSTOUTPUT\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Host Alert: \$HOSTNAME\$ is \$HOSTSTATE\$ **\" \$CONTACTEMAIL\$"; + 'notify-service-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nService: \$SERVICEDESC\$\\nHost: \$HOSTALIAS\$\\nAddress: \$HOSTADDRESS\$\\nState: \$SERVICESTATE\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nAdditional Info:\\n\\n\$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Service Alert: \$HOSTALIAS\$/\$SERVICEDESC\$ is \$SERVICESTATE\$ **\" \$CONTACTEMAIL\$"; + } } -- cgit v1.2.3 From ffca95a6b0281ab49f4a626a1ee6a68257769388 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:45:01 +0200 Subject: this is handled outside & centrally --- files/plugins/check_gpg | 8 -------- 1 file changed, 8 deletions(-) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index bf4b930..1a8df84 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -82,14 +82,6 @@ if [ -z "$1" ]; then fi key="$1" -# GPG is too stupid to error out when asked to refresh a key that's not in the -# local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) -if [ $? -ne 0 ]; then - echo "UNKNOWN: $output" - exit 3 -fi - if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then echo "CRITICAL: key '$key' has been revoked!" exit 1 -- cgit v1.2.3 From 77419fa626578d14e55042a39b2b87e5c0904ae2 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:57:06 +0200 Subject: install requirements --- manifests/plugins/horde_login.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/horde_login.pp b/manifests/plugins/horde_login.pp index 908b57b..4274b4c 100644 --- a/manifests/plugins/horde_login.pp +++ b/manifests/plugins/horde_login.pp @@ -1,7 +1,9 @@ # check_horde_login class nagios::plugins::horde_login { + ensure_packages(['python-requests']) nagios::plugin { 'check_horde_login': - source => 'nagios/plugins/check_horde_login', + source => 'nagios/plugins/check_horde_login', + require => Package['python-requests'], } -> nagios_command { 'check_horde_login': command_line => "\$USER1\$/check_horde_login -s \$ARG1\$ -u \$ARG2\$ -p \$ARG3\$", -- cgit v1.2.3 From 9a02e527e1803093e25166cdbac753253909065f Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 15:17:48 +0200 Subject: Revert "this is handled outside & centrally" This reverts commit ffca95a6b0281ab49f4a626a1ee6a68257769388. --- files/plugins/check_gpg | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index 1a8df84..bf4b930 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -82,6 +82,14 @@ if [ -z "$1" ]; then fi key="$1" +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then echo "CRITICAL: key '$key' has been revoked!" exit 1 -- cgit v1.2.3 From 3a39c6e693a835d98ed382bdc3ce72eac31ea664 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 15:38:20 +0200 Subject: fetch things over hkps and on every check --- files/plugin_data/sks-keyservers.netCA.pem | 32 ++++++++++++++++++++++++++++++ files/plugins/check_gpg | 2 +- manifests/plugins/gpg.pp | 27 ++++++------------------- manifests/service/gpgkey.pp | 12 +++++------ 4 files changed, 45 insertions(+), 28 deletions(-) create mode 100644 files/plugin_data/sks-keyservers.netCA.pem diff --git a/files/plugin_data/sks-keyservers.netCA.pem b/files/plugin_data/sks-keyservers.netCA.pem new file mode 100644 index 0000000..24a2ad2 --- /dev/null +++ b/files/plugin_data/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index bf4b930..efc17e3 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -84,7 +84,7 @@ key="$1" # GPG is too stupid to error out when asked to refresh a key that's not in the # local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) if [ $? -ne 0 ]; then echo "UNKNOWN: $output" exit 3 diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 632ad1f..a09736a 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,8 +1,6 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg( - $keyserver = 'hkp://keys.mayfirst.org', -) { +class nagios::plugins::gpg { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -16,25 +14,12 @@ class nagios::plugins::gpg( group => nagios, mode => '0600', require => Nagios::Plugin['check_gpg']; - '/etc/cron.daily/update_nagios_gpgkeys': - content => "#!/bin/bash -function gpg() { - cmd=\$1 - outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') - if [ \$? -gt 0 ]; then - echo \$output - exit 1 - fi -} - -su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg \"--keyserver ${keyserver} --recv-keys \${key}\" -done -", - owner => root, + "${gpg_home}/sks-keyservers.netCA.pem": + source => 'puppet:///modules/nagios/plugin_data/sks-keyservers.netCA.pem', + owner => nagios, group => 0, - mode => '0700', - require => File[$gpg_home]; + mode => '0400', + before => Nagios_command['check_gpg']; } nagios_command { 'check_gpg': diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index 08b7473..f04352a 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -6,8 +6,8 @@ define nagios::service::gpgkey( ){ validate_slength($name,40,40) require ::nagios::plugins::gpg - $gpg_home = $nagios::plugins::gpg::gpg_home - $gpg_keyserver = $nagios::plugins::gpg::keyserver + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_cmd = "gpg --homedir ${gpg_home}" exec{"manage_key_${name}": user => nagios, @@ -20,8 +20,8 @@ define nagios::service::gpgkey( if $ensure == 'present' { Exec["manage_key_${name}"]{ - command => "gpg --keyserver ${gpg_keyserver} --homedir ${gpg_home} --recv-keys ${name}", - unless => "gpg --homedir ${gpg_home} --list-keys ${name}", + command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}", + unless => "${gpg_cmd} --list-keys ${name}", before => Nagios::Service["check_gpg_${name}"], } @@ -39,8 +39,8 @@ define nagios::service::gpgkey( } } else { Exec["manage_key_${name}"]{ - command => "gpg --batch --homedir ${gpg_home} --delete-key ${name}", - onlyif => "gpg --homedir ${gpg_home} --list-keys ${name}", + command => "${gpg_cmd} --batch --delete-key ${name}", + onlyif => "${gpg_cmd} --list-keys ${name}", require => Nagios::Service["check_gpg_${name}"], } } -- cgit v1.2.3 From e182d1ba09b9d7689c1dfb137b8ca8771bc00dd0 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 16:10:56 +0200 Subject: fixing path --- files/plugins/check_gpg | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index efc17e3..eb9fa51 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -43,6 +43,7 @@ debug "current timestamp: $now" warning_threshold= homedir= +homedir_path=~/.gnupg for arg in $*; do case $arg in "-w") @@ -68,8 +69,9 @@ for arg in $*; do echo "UNKNOWN: homedir '$2' does not exist or is not a directory" exit 3 fi - homedir="--homedir $2" - debug "setting homedir to '$homedir'" + homedir_path=$2 + homedir="--homedir ${homedir_path}" + debug "setting homedir to '$homedir_path'" shift 2 ;; @@ -84,7 +86,7 @@ key="$1" # GPG is too stupid to error out when asked to refresh a key that's not in the # local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir_path/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) if [ $? -ne 0 ]; then echo "UNKNOWN: $output" exit 3 -- cgit v1.2.3 From cfff7d115e4cff2a4aa5bcfbd01e7ebe265b7a48 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 13:56:24 +0100 Subject: linting --- manifests/service.pp | 119 ++++++++++++++++++++++++++------------------------- 1 file changed, 61 insertions(+), 58 deletions(-) diff --git a/manifests/service.pp b/manifests/service.pp index 134d1f7..d53fd24 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,87 +1,90 @@ +# a wrapper around nagios_service to make it more convenient and +# also automatically an exported resource. define nagios::service ( - $ensure = present, - $host_name = $::fqdn, - $check_command = 'absent', - $check_period = '', - $normal_check_interval = '', - $retry_check_interval = '', - $max_check_attempts = '', - $notification_interval = '', - $notification_period = '', - $notification_options = '', - $contact_groups = '', - $use = 'generic-service', - $service_description = 'absent', - $use_nrpe = '', - $nrpe_args = '', - $nrpe_timeout = 10 + $ensure = present, + $host_name = $::fqdn, + $check_command = 'absent', + $check_period = undef, + $normal_check_interval = undef, + $retry_check_interval = undef, + $max_check_attempts = undef, + $notification_interval = undef, + $notification_period = undef, + $notification_options = undef, + $contact_groups = undef, + $use = 'generic-service', + $service_description = 'absent', + $use_nrpe = undef, + $nrpe_args = undef, + $nrpe_timeout = 10, ) { # TODO: this resource should normally accept all nagios_host parameters $real_name = "${::hostname}_${name}" - @@nagios_service { "${real_name}": + @@nagios_service {$real_name: ensure => $ensure, - notify => Service[nagios]; + notify => Service['nagios']; } if $ensure != 'absent' { - if $check_comand == 'absent' { + if $check_command == 'absent' { fail("Must pass a check_command to ${name} if it should be present") } - if ($use_nrpe == 'true') { - include nagios::command::nrpe_timeout + if str2bool($use_nrpe) { + include ::nagios::command::nrpe_timeout - if ($nrpe_args != '') { - $real_check_command = "check_nrpe_timeout!$nrpe_timeout!$check_command!\"$nrpe_args\"" - } else { - $real_check_command = "check_nrpe_1arg_timeout!$nrpe_timeout!$check_command" - } + if $nrpe_args { + $real_check_command = "check_nrpe_timeout!${nrpe_timeout}!${check_command}!\"${nrpe_args}\"" + } else { + $real_check_command = "check_nrpe_1arg_timeout!${nrpe_timeout}!${check_command}" + } } else { - $real_check_command = "$check_command" + $real_check_command = $check_command } - Nagios_service["${real_name}"] { - check_command => $check_command, - host_name => $host_name, - use => $use, - service_description => $service_description ?{ - 'absent' => $name, - default => $service_description - } + $real_service_description = $service_description ? { + 'absent' => $name, + default => $service_description + } + Nagios_service[$real_name] { + check_command => $check_command, + host_name => $host_name, + use => $use, + service_description => $real_service_description, } - if ($check_period != '') { - Nagios_service["${real_name}"] { check_period => $check_period } + if $check_period { + Nagios_service[$real_name] { check_period => $check_period } } - - if ($normal_check_interval != '') { - Nagios_service["${real_name}"] { normal_check_interval => $normal_check_interval } + + if $normal_check_interval { + Nagios_service[$real_name] { normal_check_interval => $normal_check_interval } } - - if ($retry_check_interval != '') { - Nagios_service["${real_name}"] { retry_check_interval => $retry_check_interval } + + if $retry_check_interval { + Nagios_service[$real_name] { retry_check_interval => $retry_check_interval } } - - if ($max_check_attempts != '') { - Nagios_service["${real_name}"] { max_check_attempts => $max_check_attempts } + + if $max_check_attempts { + Nagios_service[$real_name] { max_check_attempts => $max_check_attempts } } - - if ($notification_interval != '') { - Nagios_service["${real_name}"] { notification_interval => $notification_interval } + + if $notification_interval { + Nagios_service[$real_name] { notification_interval => $notification_interval } } - - if ($notification_period != '') { - Nagios_service["${real_name}"] { notification_period => $notification_period } + + if $notification_period { + Nagios_service[$real_name] { notification_period => $notification_period } } - - if ($notification_options != '') { - Nagios_service["${real_name}"] { notification_options => $notification_options } + + if $notification_options { + Nagios_service[$real_name] { notification_options => $notification_options } } - - if ($contact_groups != '') { - Nagios_service["${real_name}"] { contact_groups => $contact_groups } + + if $contact_groups { + Nagios_service[$real_name] { contact_groups => $contact_groups } } } } -- cgit v1.2.3 From e468d58c85886d00d3b49443fe7cef4e8ed7b2c2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:51:53 +0100 Subject: linting --- manifests/defaults/service_templates.pp | 56 ++++++++++++++++----------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/manifests/defaults/service_templates.pp b/manifests/defaults/service_templates.pp index 84740af..b225455 100644 --- a/manifests/defaults/service_templates.pp +++ b/manifests/defaults/service_templates.pp @@ -1,32 +1,32 @@ +# define the generic service template class nagios::defaults::service_templates { - # this inoperative for the moment, see : - # http://projects.reductivelabs.com/issues/1180 - - nagios_service { - 'generic-service': - active_checks_enabled => '1', - passive_checks_enabled => '1', - parallelize_check => '1', - obsess_over_service => '1', - check_freshness => '0', - notifications_enabled => '1', - event_handler_enabled => '1', - flap_detection_enabled => '1', - failure_prediction_enabled => '1', - process_perf_data => '1', - retain_status_information => '1', - retain_nonstatus_information => '1', - notification_interval => '0', - is_volatile => '0', - check_period => '24x7', - normal_check_interval => '5', - retry_check_interval => '1', - max_check_attempts => '4', - notification_period => '24x7', - notification_options => 'w,u,c,r', - contact_groups => 'admins', - register => '0', - } + # this inoperative for the moment, see : + # http://projects.reductivelabs.com/issues/1180 + nagios_service { + 'generic-service': + active_checks_enabled => '1', + passive_checks_enabled => '1', + parallelize_check => '1', + obsess_over_service => '1', + check_freshness => '0', + notifications_enabled => '1', + event_handler_enabled => '1', + flap_detection_enabled => '1', + failure_prediction_enabled => '1', + process_perf_data => '1', + retain_status_information => '1', + retain_nonstatus_information => '1', + notification_interval => '0', + is_volatile => '0', + check_period => '24x7', + normal_check_interval => '5', + retry_check_interval => '1', + max_check_attempts => '4', + notification_period => '24x7', + notification_options => 'w,u,c,r', + contact_groups => 'admins', + register => '0', + } } -- cgit v1.2.3 From 711cbfdc765b743f476da3027c6b95ba27b1a0c1 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:52:49 +0100 Subject: newer nagios versions use now check_interval --- manifests/defaults/service_templates.pp | 2 +- manifests/service.pp | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/defaults/service_templates.pp b/manifests/defaults/service_templates.pp index b225455..e39441a 100644 --- a/manifests/defaults/service_templates.pp +++ b/manifests/defaults/service_templates.pp @@ -21,7 +21,7 @@ class nagios::defaults::service_templates { notification_interval => '0', is_volatile => '0', check_period => '24x7', - normal_check_interval => '5', + check_interval => '5', retry_check_interval => '1', max_check_attempts => '4', notification_period => '24x7', diff --git a/manifests/service.pp b/manifests/service.pp index d53fd24..e2c08e9 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -5,7 +5,7 @@ define nagios::service ( $host_name = $::fqdn, $check_command = 'absent', $check_period = undef, - $normal_check_interval = undef, + $check_interval = undef, $retry_check_interval = undef, $max_check_attempts = undef, $notification_interval = undef, @@ -59,8 +59,8 @@ define nagios::service ( Nagios_service[$real_name] { check_period => $check_period } } - if $normal_check_interval { - Nagios_service[$real_name] { normal_check_interval => $normal_check_interval } + if $check_interval { + Nagios_service[$real_name] { check_interval => $check_interval } } if $retry_check_interval { -- cgit v1.2.3 From a9a04a8e1aa447d71f8745491da9168c81206392 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:57:27 +0100 Subject: it's sufficient to check it only once an hour --- manifests/service/gpgkey.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index f04352a..df13ca8 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -1,8 +1,9 @@ # define a gpgkey to be watched define nagios::service::gpgkey( - $ensure = 'present', - $warning = '14', - $key_info = undef, + $ensure = 'present', + $warning = '14', + $key_info = undef, + $check_interval = 60, ){ validate_slength($name,40,40) require ::nagios::plugins::gpg @@ -26,7 +27,8 @@ define nagios::service::gpgkey( } Nagios::Service["check_gpg_${name}"]{ - check_command => "check_gpg!${warning}!${name}", + check_command => "check_gpg!${warning}!${name}", + check_interval => $check_interval, } if $key_info { Nagios::Service["check_gpg_${name}"]{ -- cgit v1.2.3 From edd94dd98f53c1066c7bd6253bc910c196f798fc Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 15:06:09 +0100 Subject: linting nagios::service::imap --- manifests/service/imap.pp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/manifests/service/imap.pp b/manifests/service/imap.pp index b703db4..45b667a 100644 --- a/manifests/service/imap.pp +++ b/manifests/service/imap.pp @@ -1,24 +1,26 @@ +# check an imap service define nagios::service::imap( - $ensure = 'present', - $host = 'absent', - $port = '143', - $tls = true, - $tls_port = '993' + $ensure = 'present', + $host = 'absent', + $port = '143', + $tls = true, + $tls_port = '993' ){ $real_host = $host ? { 'absent' => $name, - default => $host + default => $host } + $tls_ensure = $tls ? { + true => $ensure, + default => 'absent' + } nagios::service{ "imap_${name}_${port}": ensure => $ensure; "imaps_${name}_${tls_port}": - ensure => $tls ? { - true => $ensure, - default => 'absent' - }; + ensure => $tls_ensure; } if $ensure != 'absent' { -- cgit v1.2.3 From e66581b620d89e81ec02754005f3e3fa2bc603cf Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 16:28:46 +0100 Subject: add an imap_login check --- files/plugins/check_imap_login | 80 +++++++++++++++++++++++++++++++++++++++++ manifests/command/imap_pop3.pp | 5 ++- manifests/plugins/imap_login.pp | 7 ++++ manifests/service/imap_login.pp | 20 +++++++++++ 4 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 files/plugins/check_imap_login create mode 100644 manifests/plugins/imap_login.pp create mode 100644 manifests/service/imap_login.pp diff --git a/files/plugins/check_imap_login b/files/plugins/check_imap_login new file mode 100644 index 0000000..d059822 --- /dev/null +++ b/files/plugins/check_imap_login @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro +# Response time monitoring with perfdata modification by Ivan Savcic and Milos Buncic, 2012. +# From: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, imaplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u -p -H [-s] -w -c \n -s is for using IMAPS" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = imaplib.IMAP4_SSL(host=host) + else: + M = imaplib.IMAP4(host) + + timestamp = time() + + try: + M.login(user, password) + except Exception, e: + print "CRITICAL IMAP Login Failed: %s" % e + return 2 + + M.logout() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s IMAP Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index f3637a7..fbe4182 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,7 +1,8 @@ # manage mail checks class nagios::command::imap_pop3 { + require ::nagios::plugins::imap_login case $::operatingsystem { - debian,ubuntu: { } # Debian/Ubuntu already define those checks + 'Debian','Ubuntu': { } # Debian/Ubuntu already define those checks default: { nagios_command { 'check_imap': @@ -21,5 +22,7 @@ class nagios::command::imap_pop3 { command_line => '$USER1$/check_tcp -H $ARG1$ -p 4190'; 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; + 'check_imap_login': + command_line => '$USER1$/check_imap_login -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } diff --git a/manifests/plugins/imap_login.pp b/manifests/plugins/imap_login.pp new file mode 100644 index 0000000..bb53b81 --- /dev/null +++ b/manifests/plugins/imap_login.pp @@ -0,0 +1,7 @@ +# a simple imap login check +class nagios::plugins::imap_login { + nagios::plugin { 'check_imap_login': + source => 'nagios/plugins/check_imap_login', + } +} + diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp new file mode 100644 index 0000000..53c432a --- /dev/null +++ b/manifests/service/imap_login.pp @@ -0,0 +1,20 @@ +# a imap login check +define nagios::service::imap_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "imap_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["imap_login_${name}"]{ + check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + } + } +} -- cgit v1.2.3 From 27f65e05ff1120c9432b86a4e964b31f9d41b7b7 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 14:14:22 +0100 Subject: make it possible to also pass down the host_name --- manifests/service/imap_login.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp index 53c432a..25303a3 100644 --- a/manifests/service/imap_login.pp +++ b/manifests/service/imap_login.pp @@ -2,10 +2,11 @@ define nagios::service::imap_login( $username, $password, - $warning = 5, - $critical = 10, - $host = $::fqdn, - $ensure = 'present', + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', ){ nagios::service{ "imap_login_${name}": @@ -15,6 +16,7 @@ define nagios::service::imap_login( if $ensure != 'absent' { Nagios::Service["imap_login_${name}"]{ check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, } } } -- cgit v1.2.3 From 0a0a65f6e84dc65253f54f46e08040c086ff120b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 17:50:44 +0100 Subject: fix nagios_alias --- manifests/target.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/target.pp b/manifests/target.pp index 2036e01..760d7d4 100644 --- a/manifests/target.pp +++ b/manifests/target.pp @@ -8,7 +8,6 @@ class nagios::target( ){ @@nagios_host { $::fqdn: address => $address, - alias => $nagios_alias, use => $use, } # Watch out with using aliases: they need to be unique throughout *all* -- cgit v1.2.3 From ca86ffbabd4e5d56bb25e0037e09a4c7cd9f0f6b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 18:23:21 +0100 Subject: enable ssl login by default --- manifests/command/imap_pop3.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index fbe4182..632b304 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -23,6 +23,6 @@ class nagios::command::imap_pop3 { 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; 'check_imap_login': - command_line => '$USER1$/check_imap_login -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; + command_line => '$USER1$/check_imap_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } -- cgit v1.2.3 From 2c4f69e1ea1656edf7c7d39fa90d200f901404df Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 31 Oct 2015 10:14:18 +0100 Subject: add some metrics to the horde check --- files/plugins/check_horde_login | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login index 4c63daa..8c821e4 100644 --- a/files/plugins/check_horde_login +++ b/files/plugins/check_horde_login @@ -13,27 +13,36 @@ # import sys, os, requests, getopt +from time import time def usage(): print sys.argv[0] + " -u username "+ \ "-p password " + \ - "-s server path" + "-s server path" + \ + "[-w warning_in_s] " + \ + "[-c critical_in_s]" sys.exit(1) def main(): try: - opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h") + opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h:w:c") except getopt.GetoptError: usage() return 3 user = url = password = None + warning = 5 + critical = 10 for o, a in opts: if o == "-u": user = a elif o == "-p": password = a + elif o == "-w": + warning = a + elif o == "-c": + critical = a elif o == "-s": url = a + "/login.php" elif o == '-h': @@ -53,14 +62,30 @@ def main(): } - r = requests.post(url, data=params, allow_redirects=False) - # on a successfully login we are redirected to the mailbox + timestamp = time() + try: + r = requests.post(url, data=params, allow_redirects=False) + except Exception, e: + print "CRITICAL Horde Login Failed: %s" % e + sys.exit(2) + + timestamp = time() - timestamp if r.status_code == 302: - print "OK" - sys.exit(0) + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 else: - print "Error" - sys.exit(2) + status = "ERROR" + exitcode = 2 + # on a successfully login we are redirected to the mailbox + print '%s Horde Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + sys.exit(exitcode) if __name__ == "__main__": -- cgit v1.2.3 From c3ca4ac25d7cdfd5826149445f2946d64d968f97 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 31 Oct 2015 10:26:05 +0100 Subject: also add pop3 login checks --- files/plugins/check_pop3_login | 83 +++++++++++++++++++++++++++++++++++++++++ manifests/command/imap_pop3.pp | 4 +- manifests/plugins/imap_login.pp | 7 ---- manifests/plugins/mail_login.pp | 10 +++++ manifests/service/pop3_login.pp | 22 +++++++++++ 5 files changed, 118 insertions(+), 8 deletions(-) create mode 100644 files/plugins/check_pop3_login delete mode 100644 manifests/plugins/imap_login.pp create mode 100644 manifests/plugins/mail_login.pp create mode 100644 manifests/service/pop3_login.pp diff --git a/files/plugins/check_pop3_login b/files/plugins/check_pop3_login new file mode 100644 index 0000000..4eb29b8 --- /dev/null +++ b/files/plugins/check_pop3_login @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro +# Copyright (C) 2015 mh +# Response time monitoring with perfdata modification by Ivan Savcic and Milos Buncic, 2012. +# Derived from: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, poplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u -p -H [-s] -w -c \n -s is for using POP3s" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = poplib.POP3_SSL(host=host) + else: + M = poplib.POP3(host) + + timestamp = time() + + try: + M.getwelcome() + M.user(user) + M.pass_(password) + except Exception, e: + print "CRITICAL POP3 Login Failed: %s" % e + return 2 + + M.quit() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s POP3 Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index 632b304..42e4092 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,6 +1,6 @@ # manage mail checks class nagios::command::imap_pop3 { - require ::nagios::plugins::imap_login + require ::nagios::plugins::mail_login case $::operatingsystem { 'Debian','Ubuntu': { } # Debian/Ubuntu already define those checks default: { @@ -24,5 +24,7 @@ class nagios::command::imap_pop3 { command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; 'check_imap_login': command_line => '$USER1$/check_imap_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; + 'check_pop3_login': + command_line => '$USER1$/check_pop3_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } diff --git a/manifests/plugins/imap_login.pp b/manifests/plugins/imap_login.pp deleted file mode 100644 index bb53b81..0000000 --- a/manifests/plugins/imap_login.pp +++ /dev/null @@ -1,7 +0,0 @@ -# a simple imap login check -class nagios::plugins::imap_login { - nagios::plugin { 'check_imap_login': - source => 'nagios/plugins/check_imap_login', - } -} - diff --git a/manifests/plugins/mail_login.pp b/manifests/plugins/mail_login.pp new file mode 100644 index 0000000..a86cdc2 --- /dev/null +++ b/manifests/plugins/mail_login.pp @@ -0,0 +1,10 @@ +# simple mail login check +class nagios::plugins::mail_login { + nagios::plugin { + 'check_imap_login': + source => 'nagios/plugins/check_imap_login'; + 'check_pop3_login': + source => 'nagios/plugins/check_pop3_login'; + } +} + diff --git a/manifests/service/pop3_login.pp b/manifests/service/pop3_login.pp new file mode 100644 index 0000000..7453528 --- /dev/null +++ b/manifests/service/pop3_login.pp @@ -0,0 +1,22 @@ +# a pop3 login check +define nagios::service::pop3_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "pop3_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["pop3_login_${name}"]{ + check_command => "check_pop3_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} -- cgit v1.2.3 From 9f2abcf4e8904fb7424772a7d23cd7e87342bf28 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 6 Nov 2015 01:40:04 +0100 Subject: [bug] Install pnp4nagios-web-config-nagios3 .deb On jessie hosts, pnp4nagios-web defaults now to pnp4nagios-web-config-icinga, so we install pnp4nagios-web-config-nagios3 manually. --- manifests/pnp4nagios.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/pnp4nagios.pp b/manifests/pnp4nagios.pp index 5ade74f..bdeb9b4 100644 --- a/manifests/pnp4nagios.pp +++ b/manifests/pnp4nagios.pp @@ -1,8 +1,9 @@ +# configure pnp4nagios class nagios::pnp4nagios { include nagios::defaults::pnp4nagios - package { 'pnp4nagios': - ensure => installed } + package { [ 'pnp4nagios', 'pnp4nagios-web-config-nagios3']: + ensure => installed } # unfortunatly we can't use the nagios_host and nagios_service @@ -21,8 +22,9 @@ class nagios::pnp4nagios { file { 'apache.conf': path => '/etc/pnp4nagios/apache.conf', - source => [ 'puppet:///modules/site_nagios/pnp4nagios/apache.conf', - 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], + source => [ + 'puppet:///modules/site_nagios/pnp4nagios/apache.conf', + 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], mode => '0644', owner => root, group => root, -- cgit v1.2.3 From 94b40fa2975cf537dd97ac2484670bc944fa09f4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Nov 2015 17:41:37 +0100 Subject: linting for future parser --- manifests/debian.pp | 77 ++++++++++++++++++++------------------- manifests/nrpe/base.pp | 91 ++++++++++++++++++++++++---------------------- manifests/nrpe/command.pp | 55 ++++++++++++++-------------- manifests/nsca/client.pp | 20 ++++++---- manifests/nsca/server.pp | 16 ++++---- manifests/plugin/deploy.pp | 61 ++++++++++++++++++------------- 6 files changed, 171 insertions(+), 149 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index 0f451e3..9b1f7e7 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,48 +1,49 @@ +# debian specific things class nagios::debian inherits nagios::base { - Package['nagios'] { name => 'nagios3' } + Package['nagios'] { name => 'nagios3' } - package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: - ensure => 'present', - notify => Service['nagios'], - } + package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: + ensure => 'present', + notify => Service['nagios'], + } - Service['nagios'] { - name => 'nagios3', - hasstatus => true, - } + Service['nagios'] { + name => 'nagios3', + hasstatus => true, + } - File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } + File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } - file { 'nagios_commands_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", - ensure => present, - notify => Service['nagios'], - mode => 0644, owner => root, group => root; - } + file{ + 'nagios_commands_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; + "${nagios::defaults::vars::int_cfgdir}/stylesheets": + ensure => directory, + purge => false, + recurse => true; + } - file { "${nagios::defaults::vars::int_cfgdir}/stylesheets": - ensure => directory, - purge => false, - recurse => true, + if $nagios::allow_external_cmd { + exec { 'nagios_external_cmd_perms_overrides': + command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', + unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', + logoutput => false, + notify => Service['nagios'], } - - if $nagios::allow_external_cmd { - exec { 'nagios_external_cmd_perms_overrides': - command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', - unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', - logoutput => false, - notify => Service['nagios'], - } - exec { 'nagios_external_cmd_perms_1': - command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', - notify => Service['nagios'], - } - exec { 'nagios_external_cmd_perms_2': - command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', - notify => Service['nagios'], - } + exec { 'nagios_external_cmd_perms_1': + command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', + notify => Service['nagios'], + } + exec { 'nagios_external_cmd_perms_2': + command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', + notify => Service['nagios'], } + } } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index 17abb04..fe1cd7c 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,50 +1,53 @@ +# basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } - if $processorcount == '' { $processorcount = 1 } - - package { "nagios-nrpe-server": ensure => present; - "nagios-plugins-basic": ensure => present; - "libwww-perl": ensure => present; # for check_apache - } + if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } - # Special-case lenny. the package doesn't exist - if $lsbdistcodename != 'lenny' { - package { "libnagios-plugin-perl": ensure => present; } - } - - file { [ $nagios_nrpe_cfgdir, "$nagios_nrpe_cfgdir/nrpe.d" ]: - ensure => directory } + package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: + ensure => installed; + } - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "$nagios_nrpe_cfgdir/nrpe.cfg": - content => template('nagios/nrpe/nrpe.cfg'), - owner => root, group => 0, mode => 644; - } - - # default commands - nagios::nrpe::command { "basic_nrpe": - source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${fqdn}.cfg", - "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg", - "puppet:///modules/nagios/nrpe/nrpe_commands.cfg" ], - } - # the check for load should be customized for each server based on number - # of CPUs and the type of activity. - $warning_1_threshold = 7 * $processorcount - $warning_5_threshold = 6 * $processorcount - $warning_15_threshold = 5 * $processorcount - $critical_1_threshold = 10 * $processorcount - $critical_5_threshold = 9 * $processorcount - $critical_15_threshold = 8 * $processorcount - nagios::nrpe::command { "check_load": - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", - } + # Special-case lenny. the package doesn't exist + if $::lsbdistcodename != 'lenny' { + package{'libnagios-plugin-perl': ensure => installed; } + } - service { "nagios-nrpe-server": - ensure => running, - enable => true, - pattern => "nrpe", - subscribe => File["$nagios_nrpe_cfgdir/nrpe.cfg"], - require => Package["nagios-nrpe-server"], - } + file{ + [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + ensure => directory; + } + + if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } + file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + content => template('nagios/nrpe/nrpe.cfg'), + owner => root, + group => 0, + mode => '0644'; + } + + # default commands + nagios::nrpe::command{'basic_nrpe': + source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", + 'puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg', + 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], + } + # the check for load should be customized for each server based on number + # of CPUs and the type of activity. + $warning_1_threshold = 7 * $::processorcount + $warning_5_threshold = 6 * $::processorcount + $warning_15_threshold = 5 * $::processorcount + $critical_1_threshold = 10 * $::processorcount + $critical_5_threshold = 9 * $::processorcount + $critical_15_threshold = 8 * $::processorcount + nagios::nrpe::command {'check_load': + command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + } + + service{'nagios-nrpe-server': + ensure => running, + enable => true, + pattern => 'nrpe', + subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + require => Package['nagios-nrpe-server'], + } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index e6ebdae..196996c 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -1,33 +1,34 @@ +# manage an nrpe command define nagios::nrpe::command ( - $ensure = present, - $command_line = '', - $source = '' ) -{ - if ($command_line == '' and $source == '') { - fail ( "Either one of 'command_line' or 'source' must be given to nagios::nrpe::command." ) - } + $ensure = present, + $command_line = '', + $source = '', +){ + if ($command_line == '' and $source == '') { + fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) + } - if $nagios_nrpe_cfg_dir == '' { - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir - } + $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir - file { "$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg": - ensure => $ensure, - mode => 644, owner => root, group => 0, - notify => Service['nagios-nrpe-server'], - require => File [ "$nagios_nrpe_cfgdir/nrpe.d" ] - } + file{"${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg": + ensure => $ensure, + notify => Service['nagios-nrpe-server'], + require => File ["${nagios_nrpe_cfgdir}/nrpe.d" ], + owner => 'root', + group => 0, + mode => '0644'; + } - case $source { - '': { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - content => template( "nagios/nrpe/nrpe_command.erb" ), - } - } - default: { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - source => $source, - } - } + case $source { + '': { + File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + content => template('nagios/nrpe/nrpe_command.erb'), + } + } + default: { + File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + source => $source, + } } + } } diff --git a/manifests/nsca/client.pp b/manifests/nsca/client.pp index e58721d..6aa8c0b 100644 --- a/manifests/nsca/client.pp +++ b/manifests/nsca/client.pp @@ -1,14 +1,18 @@ +# manage nsca client class nagios::nsca::client { - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } - file { '/etc/send_nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/send_nsca.cfg", - "puppet:///modules/site_nagios/nsca/send_nsca.cfg", - "puppet:///modules/nagios/nsca/send_nsca.cfg" ], - owner => 'nagios', - group => 'nogroup', - mode => '400', + file{'/etc/send_nsca.cfg': + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/send_nsca.cfg", + 'puppet:///modules/site_nagios/nsca/send_nsca.cfg', + 'puppet:///modules/nagios/nsca/send_nsca.cfg' ], + owner => 'nagios', + group => 'nogroup', + mode => '0400', + require => Package['nsca']; } } diff --git a/manifests/nsca/server.pp b/manifests/nsca/server.pp index bd5389d..8163eec 100644 --- a/manifests/nsca/server.pp +++ b/manifests/nsca/server.pp @@ -1,21 +1,23 @@ +# an nsca server class nagios::nsca::server { - - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } service { 'nsca': ensure => running, hasstatus => false, hasrestart => true, - require => Package['nsca'], + require => Package['nsca'], } file { '/etc/nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/nsca.cfg", - "puppet:///modules/site_nagios/nsca/nsca.cfg", - "puppet:///modules/nagios/nsca/nsca.cfg" ], + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/nsca.cfg", + 'puppet:///modules/site_nagios/nsca/nsca.cfg', + 'puppet:///modules/nagios/nsca/nsca.cfg' ], owner => 'nagios', group => 'nogroup', - mode => '400', + mode => '0400', notify => Service['nsca'], } diff --git a/manifests/plugin/deploy.pp b/manifests/plugin/deploy.pp index 3f2a1a4..7681590 100644 --- a/manifests/plugin/deploy.pp +++ b/manifests/plugin/deploy.pp @@ -1,30 +1,41 @@ -define nagios::plugin::deploy($source = '', $ensure = 'present', $config = '', $require_package = 'nagios-plugins') { - $plugin_src = $ensure ? { - 'present' => $name, - 'absent' => $name, - default => $ensure - } - $real_source = $source ? { - '' => "nagios/plugins/${plugin_src}", - default => $source - } +# deploy a specific plugin +define nagios::plugin::deploy( + $source = '', + $ensure = 'present', + $config = '', + $require_package = 'nagios-plugins' +) { + $plugin_src = $ensure ? { + 'present' => $name, + 'absent' => $name, + default => $ensure + } + $real_source = $source ? { + '' => "nagios/plugins/${plugin_src}", + default => $source + } - if !defined(Package[$require_package]) { - package { $require_package: - ensure => installed, - tag => "nagios::plugin::deploy::package"; - } + if !defined(Package[$require_package]) { + package { $require_package: + ensure => installed, + tag => 'nagios::plugin::deploy::package'; } + } - include nagios::plugin::scriptpaths - file { "nagios_plugin_${name}": - path => "$nagios::plugin::scriptpaths::script_path/${name}", - source => "puppet:///modules/${real_source}", - mode => 0755, owner => root, group => 0, - require => Package[$require_package], - tag => "nagios::plugin::deploy::file"; - } + include ::nagios::plugin::scriptpaths + file{"nagios_plugin_${name}": + path => "${nagios::plugin::scriptpaths::script_path}/${name}", + source => "puppet:///modules/${real_source}", + require => Package[$require_package], + tag => 'nagios::plugin::deploy::file', + owner => root, + group => 0, + mode => '0755'; + } - # register the plugin - nagios::plugin{$name: ensure => $ensure, require => Package['nagios-plugins'] } + # register the plugin + nagios::plugin{$name: + ensure => $ensure, + require => Package['nagios-plugins'] + } } -- cgit v1.2.3 From 0eb1a0491e4d59ebca1c8d8bf28ad3299a29e0ad Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 4 Oct 2013 14:17:46 +0200 Subject: Require Package['nagios-nrpe-server'] for nrpe cmds --- manifests/command/nrpe_timeout.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/command/nrpe_timeout.pp b/manifests/command/nrpe_timeout.pp index 3415566..799f2fc 100644 --- a/manifests/command/nrpe_timeout.pp +++ b/manifests/command/nrpe_timeout.pp @@ -1,11 +1,11 @@ class nagios::command::nrpe_timeout { nagios_command { 'check_nrpe_timeout': - command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$ -a $ARG3$' - } + command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$ -a $ARG3$', + require => Package['nagios-nrpe-server']; - nagios_command { 'check_nrpe_1arg_timeout': - command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$' + command_line => '/usr/lib/nagios/plugins/check_nrpe -t $ARG1$ -H $HOSTADDRESS$ -c $ARG2$', + require => Package['nagios-nrpe-server'] } } -- cgit v1.2.3 From d4992d7307e71ebdf4effb0439177e68ce8a415a Mon Sep 17 00:00:00 2001 From: nadir Date: Mon, 25 Oct 2010 15:01:24 +0200 Subject: Fix allowed_hosts typo in templates/nrpe/nrpe.cfg --- templates/nrpe/nrpe.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 5368bc8..2ae2d71 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -75,7 +75,7 @@ nrpe_group=nagios <%- if nagios_nrpe_allowed_hosts.to_s.empty? then %> allowed_hosts=127.0.0.1 <%- else %> -allowed_host=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> +allowed_hosts=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> <%- end %> # COMMAND ARGUMENT PROCESSING -- cgit v1.2.3 From 993b624bd14dc5ef88847b11abc06d2b708c23b6 Mon Sep 17 00:00:00 2001 From: nadir Date: Sat, 27 Oct 2012 10:09:19 +0200 Subject: Lint nagios::nrpe::base --- manifests/nrpe/base.pp | 55 ++++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index 17abb04..7bfa27e 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,32 +1,34 @@ +# install nrpe-server class nagios::nrpe::base { if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } if $processorcount == '' { $processorcount = 1 } - - package { "nagios-nrpe-server": ensure => present; - "nagios-plugins-basic": ensure => present; - "libwww-perl": ensure => present; # for check_apache - } + + package { + 'nagios-nrpe-server': ensure => present; + 'nagios-plugins-basic': ensure => present; + 'libwww-perl': ensure => present; # for check_apache + } # Special-case lenny. the package doesn't exist - if $lsbdistcodename != 'lenny' { - package { "libnagios-plugin-perl": ensure => present; } + if $::lsbdistcodename != 'lenny' { + package { 'libnagios-plugin-perl': ensure => present; } } - - file { [ $nagios_nrpe_cfgdir, "$nagios_nrpe_cfgdir/nrpe.d" ]: - ensure => directory } + + file { [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + ensure => directory } if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "$nagios_nrpe_cfgdir/nrpe.cfg": - content => template('nagios/nrpe/nrpe.cfg'), - owner => root, group => 0, mode => 644; + file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + content => template('nagios/nrpe/nrpe.cfg'), + owner => root, group => 0, mode => '0644'; } - + # default commands - nagios::nrpe::command { "basic_nrpe": - source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${fqdn}.cfg", - "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg", - "puppet:///modules/nagios/nrpe/nrpe_commands.cfg" ], + nagios::nrpe::command { 'basic_nrpe': + source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", + 'puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg', + 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], } # the check for load should be customized for each server based on number # of CPUs and the type of activity. @@ -36,15 +38,16 @@ class nagios::nrpe::base { $critical_1_threshold = 10 * $processorcount $critical_5_threshold = 9 * $processorcount $critical_15_threshold = 8 * $processorcount - nagios::nrpe::command { "check_load": - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + nagios::nrpe::command { 'check_load': + command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", } - service { "nagios-nrpe-server": - ensure => running, - enable => true, - pattern => "nrpe", - subscribe => File["$nagios_nrpe_cfgdir/nrpe.cfg"], - require => Package["nagios-nrpe-server"], + service { 'nagios-nrpe-server': + ensure => running, + enable => true, + pattern => 'nrpe', + hasstatus => false, + subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + require => Package['nagios-nrpe-server'], } } -- cgit v1.2.3 From a534036c8d036275aa802f86470d67e4ee46db96 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:19:57 -0500 Subject: parametrize nagios::nrpe the current code for configuring NRPE is still relying on global variables. This is not working at all with puppet 3.x and forward, so in order to make this code functional, we need to parametrize values that are used. --- manifests/nrpe.pp | 24 ++++++++++++++++-------- manifests/nrpe/base.pp | 15 ++++++++++----- manifests/nrpe/command.pp | 10 +++++----- templates/nrpe/nrpe.cfg | 14 ++++++-------- 4 files changed, 37 insertions(+), 26 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index ad7dbbb..eb68189 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -1,22 +1,30 @@ # setup nrpe stuff -class nagios::nrpe { +class nagios::nrpe ( + $cfg_dir = '', + $pid_file = '', + $plugin_dir = '', + $server_address = '', + $allowed_hosts = '', +) { case $::operatingsystem { 'FreeBSD': { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/usr/local/etc' } - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/spool/nagios/nrpe2.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/local/libexec/nagios' } + if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } + if $pid_file == '' { $real_pid_file = '/var/spool/nagios/nrpe2.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/local/libexec/nagios' } include ::nagios::nrpe::freebsd } 'Debian': { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nagios/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nagios/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } include ::nagios::nrpe::linux } default: { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } case $::kernel { 'Linux': { include ::nagios::nrpe::linux } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index fe1cd7c..fb62693 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,7 +1,12 @@ # basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } + # Import all variables from entry point + $cfg_dir = $::nagios::nrpe::real_cfg_dir + $pid_file = $::nagios::nrpe::real_pid_file + $plugin_dir = $::nagios::nrpe::real_plugin_dir + $server_address = $::nagios::nrpe::server_address + $allowed_hosts = $::nagios::nrpe::allowed_hosts package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: ensure => installed; @@ -13,12 +18,12 @@ class nagios::nrpe::base { } file{ - [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + [ $cfg_dir, "${cfg_dir}/nrpe.d" ]: ensure => directory; } if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + file { "${cfg_dir}/nrpe.cfg": content => template('nagios/nrpe/nrpe.cfg'), owner => root, group => 0, @@ -40,14 +45,14 @@ class nagios::nrpe::base { $critical_5_threshold = 9 * $::processorcount $critical_15_threshold = 8 * $::processorcount nagios::nrpe::command {'check_load': - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + command_line => "${plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", } service{'nagios-nrpe-server': ensure => running, enable => true, pattern => 'nrpe', - subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + subscribe => File["${cfg_dir}/nrpe.cfg"], require => Package['nagios-nrpe-server'], } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index 196996c..bdd89a7 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -8,12 +8,12 @@ define nagios::nrpe::command ( fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) } - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir + $cfg_dir = $nagios::nrpe::real_cfg_dir - file{"${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg": + file{"${cfg_dir}/nrpe.d/${name}_command.cfg": ensure => $ensure, notify => Service['nagios-nrpe-server'], - require => File ["${nagios_nrpe_cfgdir}/nrpe.d" ], + require => File ["${cfg_dir}/nrpe.d" ], owner => 'root', group => 0, mode => '0644'; @@ -21,12 +21,12 @@ define nagios::nrpe::command ( case $source { '': { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { content => template('nagios/nrpe/nrpe_command.erb'), } } default: { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { source => $source, } } diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 2ae2d71..21e1ff8 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -16,7 +16,7 @@ # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. -pid_file=<%= nagios_nrpe_pid_file %> +pid_file=<%= @pid_file %> @@ -34,10 +34,8 @@ server_port=5666 # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if has_variable?("nagios_nrpe_server_address") then %> -<%- if not nagios_nrpe_server_address.to_s.empty? then %> -server_address=<%= nagios_nrpe_server_address %> -<%- end %> +<%- if not @server_address.to_s.empty? then %> +server_address=<%= @server_address %> <%- end %> @@ -72,10 +70,10 @@ nrpe_group=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if nagios_nrpe_allowed_hosts.to_s.empty? then %> +<%- if @allowed_hosts.to_s.empty? then %> allowed_hosts=127.0.0.1 <%- else %> -allowed_hosts=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> +allowed_hosts=127.0.0.1,<%= @allowed_hosts %> <%- end %> # COMMAND ARGUMENT PROCESSING @@ -157,7 +155,7 @@ command_timeout=60 #include_dir= #include_dir= -include_dir=<%= nagios_nrpe_cfgdir %>/nrpe.d +include_dir=<%= @cfg_dir %>/nrpe.d -- cgit v1.2.3 From c6faaaf04cbf33db4430893b6b0eeacfc5f74776 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:21:46 -0500 Subject: nrpe: parametrize dont_blame_nrpe This value is used in order to enable or disable arguments to nrpe commands. Since some ppl might need to enable it, we should parametrize it. --- manifests/nrpe.pp | 5 +++++ manifests/nrpe/base.pp | 2 +- templates/nrpe/nrpe.cfg | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index eb68189..364a2c8 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,13 @@ class nagios::nrpe ( $plugin_dir = '', $server_address = '', $allowed_hosts = '', + $dont_blame = '1', ) { + if !($dont_blame in ['0', '1']) { + fail('Unrecognized value for $dont_blame, must be one of "0", or "1".') + } + case $::operatingsystem { 'FreeBSD': { if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index fb62693..03ac5ab 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -7,6 +7,7 @@ class nagios::nrpe::base { $plugin_dir = $::nagios::nrpe::real_plugin_dir $server_address = $::nagios::nrpe::server_address $allowed_hosts = $::nagios::nrpe::allowed_hosts + $dont_blame = $::nagios::nrpe::dont_blame package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: ensure => installed; @@ -22,7 +23,6 @@ class nagios::nrpe::base { ensure => directory; } - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } file { "${cfg_dir}/nrpe.cfg": content => template('nagios/nrpe/nrpe.cfg'), owner => root, diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 21e1ff8..d4ad9a4 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -88,7 +88,7 @@ allowed_hosts=127.0.0.1,<%= @allowed_hosts %> # # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=<%= @dont_blame %> # COMMAND PREFIX -- cgit v1.2.3 From f052a673dcbe532860c80c3e7ebf6d393c452473 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:24:18 -0500 Subject: disable NRPE command arguments by default setting dont_blame_nrpe is useful for some, but it's generally dangerous and should be disabled if it's not used. In this sense, it's a better idea to disable this by default. --- manifests/nrpe.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 364a2c8..b7984b6 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,7 +5,7 @@ class nagios::nrpe ( $plugin_dir = '', $server_address = '', $allowed_hosts = '', - $dont_blame = '1', + $dont_blame = '0', ) { if !($dont_blame in ['0', '1']) { -- cgit v1.2.3 From 2892e1795a823c2bee2893bc339854dd4f5e5b94 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:43:05 -0500 Subject: Document how to use the nagios::nrpe class --- README | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/README b/README index 2b3791d..46b2a85 100644 --- a/README +++ b/README @@ -65,7 +65,42 @@ Obviously, the check command must either be defined using nagios_command objects (some are supplied in nagios::defaults::commands) or in the nagios configuration files directly. -NRPE Services +NRPE client configuration +========================= + +To setup a machine as an NRPE client, the class 'nagios::nrpe' should be used: + + class { 'nagios::nrpe': + allowed_hosts => '10.2.3.4,10.5.6.7', + } + +The class can take the following parameters to change configuration or +configuration directory: + + * $cfg_dir : Defines the path to the NRPE configuration. The default is to use + the path used by packages per your distro. + + * $pid_file : Sets the path of the PID file. The default value is the path + used by init script shipped with your distro's packages. + + * $plugin_dir : Defines the path in which nagios plugins that are to be + executed with NRPE commands are stored. The default value is the path where + your distro's nagios package stores plugins. + + * $server_address : The IP address to which the NRPE client daemon should + bind. The default behaviour is to bind to all IPs. + + * $allowed_hosts : A string containing a comma-separated list of host IPs that + are allowed to request NRPE commands to be run. The default value is to + allow only 127.0.0.1, so you might want to pass in a list of additional host + IPs. + + * $dont_blame : A string that enables ('1') or disables ('0') NRPE command + arguments. Enabling arguments can lead to potentials of shell escapes so it + should be used with caution and only if absolutely needed. This is disabled + by default. + +NRPE Services ------------- Some Nagios services need to be checked via NRPE. The following will make the -- cgit v1.2.3 From 5163d89155eec6b6b39994d0cd18e6ceeff8b180 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Thu, 25 Feb 2016 01:44:04 -0500 Subject: still a module name left with a dash in it. We missed this module reference. Starting with puppet 3.x, modules with a dash in them are not recognized by puppet anymore, so only the file from the "nagios" module is found. --- manifests/nrpe/base.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index fe1cd7c..0a06144 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -27,8 +27,8 @@ class nagios::nrpe::base { # default commands nagios::nrpe::command{'basic_nrpe': - source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", - 'puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg', + source => [ "puppet:///modules/site_nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", + 'puppet:///modules/site_nagios/configs/nrpe/nrpe_commands.cfg', 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], } # the check for load should be customized for each server based on number -- cgit v1.2.3