From a534036c8d036275aa802f86470d67e4ee46db96 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:19:57 -0500 Subject: parametrize nagios::nrpe the current code for configuring NRPE is still relying on global variables. This is not working at all with puppet 3.x and forward, so in order to make this code functional, we need to parametrize values that are used. --- manifests/nrpe.pp | 24 ++++++++++++++++-------- manifests/nrpe/base.pp | 15 ++++++++++----- manifests/nrpe/command.pp | 10 +++++----- templates/nrpe/nrpe.cfg | 14 ++++++-------- 4 files changed, 37 insertions(+), 26 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index ad7dbbb..eb68189 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -1,22 +1,30 @@ # setup nrpe stuff -class nagios::nrpe { +class nagios::nrpe ( + $cfg_dir = '', + $pid_file = '', + $plugin_dir = '', + $server_address = '', + $allowed_hosts = '', +) { case $::operatingsystem { 'FreeBSD': { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/usr/local/etc' } - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/spool/nagios/nrpe2.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/local/libexec/nagios' } + if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } + if $pid_file == '' { $real_pid_file = '/var/spool/nagios/nrpe2.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/local/libexec/nagios' } include ::nagios::nrpe::freebsd } 'Debian': { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nagios/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nagios/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } include ::nagios::nrpe::linux } default: { - if $nagios_nrpe_pid_file == '' { $nagios_nrpe_pid_file = '/var/run/nrpe.pid' } - if $nagios_plugin_dir == '' { $nagios_plugin_dir = '/usr/lib/nagios/plugins' } + if $cfg_dir == '' { $real_cfg_dir = '/etc/nagios' } + if $pid_file == '' { $real_pid_file = '/var/run/nrpe.pid' } + if $plugin_dir == '' { $real_plugin_dir = '/usr/lib/nagios/plugins' } case $::kernel { 'Linux': { include ::nagios::nrpe::linux } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index fe1cd7c..fb62693 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,7 +1,12 @@ # basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } + # Import all variables from entry point + $cfg_dir = $::nagios::nrpe::real_cfg_dir + $pid_file = $::nagios::nrpe::real_pid_file + $plugin_dir = $::nagios::nrpe::real_plugin_dir + $server_address = $::nagios::nrpe::server_address + $allowed_hosts = $::nagios::nrpe::allowed_hosts package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: ensure => installed; @@ -13,12 +18,12 @@ class nagios::nrpe::base { } file{ - [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + [ $cfg_dir, "${cfg_dir}/nrpe.d" ]: ensure => directory; } if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + file { "${cfg_dir}/nrpe.cfg": content => template('nagios/nrpe/nrpe.cfg'), owner => root, group => 0, @@ -40,14 +45,14 @@ class nagios::nrpe::base { $critical_5_threshold = 9 * $::processorcount $critical_15_threshold = 8 * $::processorcount nagios::nrpe::command {'check_load': - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + command_line => "${plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", } service{'nagios-nrpe-server': ensure => running, enable => true, pattern => 'nrpe', - subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + subscribe => File["${cfg_dir}/nrpe.cfg"], require => Package['nagios-nrpe-server'], } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index 196996c..bdd89a7 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -8,12 +8,12 @@ define nagios::nrpe::command ( fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) } - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir + $cfg_dir = $nagios::nrpe::real_cfg_dir - file{"${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg": + file{"${cfg_dir}/nrpe.d/${name}_command.cfg": ensure => $ensure, notify => Service['nagios-nrpe-server'], - require => File ["${nagios_nrpe_cfgdir}/nrpe.d" ], + require => File ["${cfg_dir}/nrpe.d" ], owner => 'root', group => 0, mode => '0644'; @@ -21,12 +21,12 @@ define nagios::nrpe::command ( case $source { '': { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { content => template('nagios/nrpe/nrpe_command.erb'), } } default: { - File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + File["${cfg_dir}/nrpe.d/${name}_command.cfg"] { source => $source, } } diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 2ae2d71..21e1ff8 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -16,7 +16,7 @@ # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. -pid_file=<%= nagios_nrpe_pid_file %> +pid_file=<%= @pid_file %> @@ -34,10 +34,8 @@ server_port=5666 # and you do not want nrpe to bind on all interfaces. # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if has_variable?("nagios_nrpe_server_address") then %> -<%- if not nagios_nrpe_server_address.to_s.empty? then %> -server_address=<%= nagios_nrpe_server_address %> -<%- end %> +<%- if not @server_address.to_s.empty? then %> +server_address=<%= @server_address %> <%- end %> @@ -72,10 +70,10 @@ nrpe_group=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -<%- if nagios_nrpe_allowed_hosts.to_s.empty? then %> +<%- if @allowed_hosts.to_s.empty? then %> allowed_hosts=127.0.0.1 <%- else %> -allowed_hosts=127.0.0.1,<%= nagios_nrpe_allowed_hosts %> +allowed_hosts=127.0.0.1,<%= @allowed_hosts %> <%- end %> # COMMAND ARGUMENT PROCESSING @@ -157,7 +155,7 @@ command_timeout=60 #include_dir= #include_dir= -include_dir=<%= nagios_nrpe_cfgdir %>/nrpe.d +include_dir=<%= @cfg_dir %>/nrpe.d -- cgit v1.2.3 From c6faaaf04cbf33db4430893b6b0eeacfc5f74776 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:21:46 -0500 Subject: nrpe: parametrize dont_blame_nrpe This value is used in order to enable or disable arguments to nrpe commands. Since some ppl might need to enable it, we should parametrize it. --- manifests/nrpe.pp | 5 +++++ manifests/nrpe/base.pp | 2 +- templates/nrpe/nrpe.cfg | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index eb68189..364a2c8 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,8 +5,13 @@ class nagios::nrpe ( $plugin_dir = '', $server_address = '', $allowed_hosts = '', + $dont_blame = '1', ) { + if !($dont_blame in ['0', '1']) { + fail('Unrecognized value for $dont_blame, must be one of "0", or "1".') + } + case $::operatingsystem { 'FreeBSD': { if $cfg_dir == '' { $real_cfg_dir = '/usr/local/etc' } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index fb62693..03ac5ab 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -7,6 +7,7 @@ class nagios::nrpe::base { $plugin_dir = $::nagios::nrpe::real_plugin_dir $server_address = $::nagios::nrpe::server_address $allowed_hosts = $::nagios::nrpe::allowed_hosts + $dont_blame = $::nagios::nrpe::dont_blame package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: ensure => installed; @@ -22,7 +23,6 @@ class nagios::nrpe::base { ensure => directory; } - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } file { "${cfg_dir}/nrpe.cfg": content => template('nagios/nrpe/nrpe.cfg'), owner => root, diff --git a/templates/nrpe/nrpe.cfg b/templates/nrpe/nrpe.cfg index 21e1ff8..d4ad9a4 100644 --- a/templates/nrpe/nrpe.cfg +++ b/templates/nrpe/nrpe.cfg @@ -88,7 +88,7 @@ allowed_hosts=127.0.0.1,<%= @allowed_hosts %> # # Values: 0=do not allow arguments, 1=allow command arguments -dont_blame_nrpe=1 +dont_blame_nrpe=<%= @dont_blame %> # COMMAND PREFIX -- cgit v1.2.3 From f052a673dcbe532860c80c3e7ebf6d393c452473 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:24:18 -0500 Subject: disable NRPE command arguments by default setting dont_blame_nrpe is useful for some, but it's generally dangerous and should be disabled if it's not used. In this sense, it's a better idea to disable this by default. --- manifests/nrpe.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/nrpe.pp b/manifests/nrpe.pp index 364a2c8..b7984b6 100644 --- a/manifests/nrpe.pp +++ b/manifests/nrpe.pp @@ -5,7 +5,7 @@ class nagios::nrpe ( $plugin_dir = '', $server_address = '', $allowed_hosts = '', - $dont_blame = '1', + $dont_blame = '0', ) { if !($dont_blame in ['0', '1']) { -- cgit v1.2.3 From 2892e1795a823c2bee2893bc339854dd4f5e5b94 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Sun, 31 Jan 2016 18:43:05 -0500 Subject: Document how to use the nagios::nrpe class --- README | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/README b/README index 2b3791d..46b2a85 100644 --- a/README +++ b/README @@ -65,7 +65,42 @@ Obviously, the check command must either be defined using nagios_command objects (some are supplied in nagios::defaults::commands) or in the nagios configuration files directly. -NRPE Services +NRPE client configuration +========================= + +To setup a machine as an NRPE client, the class 'nagios::nrpe' should be used: + + class { 'nagios::nrpe': + allowed_hosts => '10.2.3.4,10.5.6.7', + } + +The class can take the following parameters to change configuration or +configuration directory: + + * $cfg_dir : Defines the path to the NRPE configuration. The default is to use + the path used by packages per your distro. + + * $pid_file : Sets the path of the PID file. The default value is the path + used by init script shipped with your distro's packages. + + * $plugin_dir : Defines the path in which nagios plugins that are to be + executed with NRPE commands are stored. The default value is the path where + your distro's nagios package stores plugins. + + * $server_address : The IP address to which the NRPE client daemon should + bind. The default behaviour is to bind to all IPs. + + * $allowed_hosts : A string containing a comma-separated list of host IPs that + are allowed to request NRPE commands to be run. The default value is to + allow only 127.0.0.1, so you might want to pass in a list of additional host + IPs. + + * $dont_blame : A string that enables ('1') or disables ('0') NRPE command + arguments. Enabling arguments can lead to potentials of shell escapes so it + should be used with caution and only if absolutely needed. This is disabled + by default. + +NRPE Services ------------- Some Nagios services need to be checked via NRPE. The following will make the -- cgit v1.2.3