From ded0a8765946706262ec3c746864df4d09638292 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Jun 2013 00:37:41 +0200 Subject: force purge, so also subdirectories are removed --- manifests/base.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/base.pp b/manifests/base.pp index 0f8b777..08aefb9 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -180,6 +180,7 @@ class nagios::base { ensure => directory, recurse => true, purge => true, + force => true, notify => Service['nagios'], mode => 0755, owner => root, group => root; } -- cgit v1.2.3 From ea942b34344e2889779e3718c394687607a64c91 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 22 Aug 2013 18:15:55 +0200 Subject: remove silly naming as this anyway only makes it difficult to move checks --- manifests/service/http.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index ef63abb..33921fa 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -18,14 +18,14 @@ define nagios::service::http( } case $ssl_mode { 'force',true,'only': { - nagios::service{"https_${name}_${check_code}": + nagios::service{"https_${name}": ensure => $ensure, use => $use, check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", } case $ssl_mode { 'force': { - nagios::service{"httprd_${name}": + nagios::service{"http_${name}": ensure => $ensure, use => $use, check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", @@ -36,7 +36,7 @@ define nagios::service::http( } case $ssl_mode { false,true: { - nagios::service{"http_${name}_${check_code}": + nagios::service{"http_${name}": ensure => $ensure, use => $use, check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", -- cgit v1.2.3 From bfa099d32fd1155f9fe9d7bde2e927ea31ea3e2b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 22 Aug 2013 18:18:16 +0200 Subject: make it possible to pass two different checks for http and https --- manifests/service/http.pp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 33921fa..f0390be 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -16,12 +16,20 @@ define nagios::service::http( 'absent' => $name, default => $check_domain } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, + } + } case $ssl_mode { 'force',true,'only': { nagios::service{"https_${name}": ensure => $ensure, use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", } case $ssl_mode { 'force': { @@ -39,7 +47,7 @@ define nagios::service::http( nagios::service{"http_${name}": ensure => $ensure, use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", } } } -- cgit v1.2.3 From f596ec1fb06acb70f0b385fc418217556bc35dc2 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Sep 2013 15:18:06 +0200 Subject: check new and legacy ports of managesieve --- manifests/command/imap_pop3.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index 3735136..f3637a7 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,5 +1,6 @@ +# manage mail checks class nagios::command::imap_pop3 { - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { } # Debian/Ubuntu already define those checks default: { nagios_command { @@ -17,6 +18,8 @@ class nagios::command::imap_pop3 { 'check_pop3_ssl': command_line => '$USER1$/check_pop -H $ARG1$ -p $ARG2$ -S'; 'check_managesieve': + command_line => '$USER1$/check_tcp -H $ARG1$ -p 4190'; + 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; } } -- cgit v1.2.3 From 803bfe67b7f214927aa97dde795d84f6d79ce300 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Dec 2013 18:27:07 +0100 Subject: linting --- manifests/base.pp | 366 ++++++++++++++++++++++++++++-------------------------- manifests/init.pp | 7 +- 2 files changed, 191 insertions(+), 182 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 08aefb9..4c4f344 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,187 +1,195 @@ +# basic stuff for nagios class nagios::base { - # include the variables - include nagios::defaults::vars + # include the variables + include nagios::defaults::vars - package { 'nagios': - alias => 'nagios', - ensure => present, - } + package { 'nagios': + ensure => present, + } - service { 'nagios': - ensure => running, - enable => true, - #hasstatus => true, #fixme! - require => Package['nagios'], - } + service { 'nagios': + ensure => running, + enable => $nagios::service_at_boot, + #hasstatus => true, #fixme! + require => Package['nagios'], + } - # this file should contain all the nagios_puppet-paths: - file { 'nagios_main_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", - "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/site_nagios/configs/nagios.cfg", - "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", - "puppet:///modules/nagios/configs/nagios.cfg" ], - notify => Service['nagios'], - mode => 0644, owner => root, group => root; - } + # this file should contain all the nagios_puppet-paths: + file{ + 'nagios_main_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", + source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", + "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/site_nagios/configs/nagios.cfg', + "puppet:///modules/nagios/configs/${::operatingsystem}/nagios.cfg", + 'puppet:///modules/nagios/configs/nagios.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; + 'nagios_cgi_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", + "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", + 'puppet:///modules/site_nagios/configs/cgi.cfg', + "puppet:///modules/nagios/configs/${::operatingsystem}/cgi.cfg", + 'puppet:///modules/nagios/configs/cgi.cfg' ], + notify => Service['apache'], + owner => 'root', + group => 0, + mode => '0644'; + 'nagios_htpasswd': + path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", + source => ['puppet:///modules/site_nagios/htpasswd.users', + 'puppet:///modules/nagios/htpasswd.users' ], + owner => root, + group => apache, + mode => '0640'; + 'nagios_private': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/private/", + purge => true, + recurse => true, + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0750'; + 'nagios_private_resource_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", + "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0640'; + 'nagios_confd': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", + purge => true, + recurse => true, + notify => Service['nagios'], + owner => root, + group => nagios, + mode => '0750'; + } + Nagios_command <<||>> + Nagios_contactgroup <<||>> + Nagios_contact <<||>> + Nagios_hostdependency <<||>> + Nagios_hostescalation <<||>> + Nagios_hostextinfo <<||>> + Nagios_hostgroup <<||>> + Nagios_host <<||>> + Nagios_servicedependency <<||>> + Nagios_serviceescalation <<||>> + Nagios_servicegroup <<||>> + Nagios_serviceextinfo <<||>> + Nagios_service <<||>> + Nagios_timeperiod <<||>> - file { 'nagios_cgi_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", - "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/site_nagios/configs/cgi.cfg", - "puppet:///modules/nagios/configs/${::operatingsystem}/cgi.cfg", - "puppet:///modules/nagios/configs/cgi.cfg" ], - mode => '0644', owner => 'root', group => 0, - notify => Service['apache'], - } + Nagios_command <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_contact <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_contactgroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_host <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_hostdependency <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + notify => Service['nagios'], + } + Nagios_hostescalation <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + notify => Service['nagios'], + } + Nagios_hostextinfo <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_hostgroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_service <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_servicegroup <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + notify => Service['nagios'], + } + Nagios_servicedependency <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_serviceescalation <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_serviceextinfo <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } + Nagios_timeperiod <||> { + target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", + require => File['nagios_confd'], + notify => Service['nagios'], + } - file { 'nagios_htpasswd': - path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", - source => [ "puppet:///modules/site_nagios/htpasswd.users", - "puppet:///modules/nagios/htpasswd.users" ], - mode => 0640, owner => root, group => apache; - } + file{[ + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: + ensure => file, + replace => false, + notify => Service['nagios'], + owner => root, + group => 0, + mode => '0644'; + } - file { 'nagios_private': - path => "${nagios::defaults::vars::int_cfgdir}/private/", - ensure => directory, - purge => true, - recurse => true, - notify => Service['nagios'], - mode => '0750', owner => root, group => nagios; - } - - file { 'nagios_private_resource_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", - "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], - notify => Service['nagios'], - owner => root, group => nagios, mode => '0640'; - } - - file { 'nagios_confd': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", - ensure => directory, - purge => true, - recurse => true, - notify => Service['nagios'], - mode => '0750', owner => root, group => nagios; - } - Nagios_command <<||>> - Nagios_contactgroup <<||>> - Nagios_contact <<||>> - Nagios_hostdependency <<||>> - Nagios_hostescalation <<||>> - Nagios_hostextinfo <<||>> - Nagios_hostgroup <<||>> - Nagios_host <<||>> - Nagios_servicedependency <<||>> - Nagios_serviceescalation <<||>> - Nagios_servicegroup <<||>> - Nagios_serviceextinfo <<||>> - Nagios_service <<||>> - Nagios_timeperiod <<||>> - - Nagios_command <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contact <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_contactgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_host <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostdependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - notify => Service['nagios'], - } - Nagios_hostescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - notify => Service['nagios'], - } - Nagios_hostextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_hostgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_service <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_servicegroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - notify => Service['nagios'], - } - Nagios_servicedependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_serviceextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - Nagios_timeperiod <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", - require => File['nagios_confd'], - notify => Service['nagios'], - } - - file{[ "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: - ensure => file, - replace => false, - notify => Service['nagios'], - mode => 0644, owner => root, group => 0; - } - - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - file { 'nagios_cfgdir': - path => "${nagios::defaults::vars::int_cfgdir}/", - ensure => directory, - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - mode => 0755, owner => root, group => root; - } + # manage nagios cfg files + # must be defined after exported resource overrides and cfg file defs + file { 'nagios_cfgdir': + ensure => directory, + path => "${nagios::defaults::vars::int_cfgdir}/", + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; + } } diff --git a/manifests/init.pp b/manifests/init.pp index 5cbd3f3..efbfd02 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,10 +16,11 @@ # manage nagios class nagios( - $httpd = 'apache', + $httpd = 'apache', $allow_external_cmd = false, - $manage_shorewall = false, - $manage_munin = false + $manage_shorewall = false, + $manage_munin = false, + $service_atboot = true, ) { case $nagios::httpd { 'absent': { } -- cgit v1.2.3 From b3b005dad897be0c2a8fcf056d31623a0a01491e Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Feb 2014 19:41:46 +0100 Subject: better check on the status code as the reason is optional --- manifests/service/http.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index f0390be..1470cac 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -8,7 +8,7 @@ define nagios::service::http( $check_domain = 'absent', $port = '80', $check_url = '/', - $check_code = 'OK', + $check_code = '200', $use = 'generic-service', $ssl_mode = false ){ -- cgit v1.2.3 From c1669419c7644528957a23fa893793efa9cde47d Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Feb 2014 14:45:10 +0100 Subject: linting --- manifests/service/http.pp | 82 +++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 1470cac..502758d 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -4,51 +4,51 @@ # - force: http is permanent redirect to https # - only: check only https define nagios::service::http( - $ensure = present, - $check_domain = 'absent', - $port = '80', - $check_url = '/', - $check_code = '200', - $use = 'generic-service', - $ssl_mode = false + $ensure = present, + $check_domain = 'absent', + $port = '80', + $check_url = '/', + $check_code = '200', + $use = 'generic-service', + $ssl_mode = false ){ - $real_check_domain = $check_domain ? { - 'absent' => $name, - default => $check_domain + $real_check_domain = $check_domain ? { + 'absent' => $name, + default => $check_domain + } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, } - if is_hash($check_code) { - $check_code_hash = $check_code - } else { - $check_code_hash = { - http => $check_code, - https => $check_code, + } + case $ssl_mode { + 'force',true,'only': { + nagios::service{"https_${name}": + ensure => $ensure, + use => $use, + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", } - } - case $ssl_mode { - 'force',true,'only': { - nagios::service{"https_${name}": - ensure => $ensure, - use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", - } - case $ssl_mode { - 'force': { - nagios::service{"http_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", - } - } - } + case $ssl_mode { + 'force': { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", + } } + } } - case $ssl_mode { - false,true: { - nagios::service{"http_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", - } - } + } + case $ssl_mode { + false,true: { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", + } } + } } -- cgit v1.2.3 From af089ee1d1d0e6f7f8a1e543e3d75babfff74245 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:22:32 +0200 Subject: link to the default path to get the resource purging working --- manifests/base.pp | 156 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 100 insertions(+), 56 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 4c4f344..50a302c 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -14,10 +14,11 @@ class nagios::base { require => Package['nagios'], } + $cfg_dir = $nagios::defaults::vars::int_cfgdir # this file should contain all the nagios_puppet-paths: file{ 'nagios_main_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/nagios.cfg", + path => "${cfg_dir}/nagios.cfg", source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios.cfg", 'puppet:///modules/site_nagios/configs/nagios.cfg', @@ -28,7 +29,7 @@ class nagios::base { group => root, mode => '0644'; 'nagios_cgi_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/cgi.cfg", + path => "${cfg_dir}/cgi.cfg", source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/cgi.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/cgi.cfg", 'puppet:///modules/site_nagios/configs/cgi.cfg', @@ -39,7 +40,7 @@ class nagios::base { group => 0, mode => '0644'; 'nagios_htpasswd': - path => "${nagios::defaults::vars::int_cfgdir}/htpasswd.users", + path => "${cfg_dir}/htpasswd.users", source => ['puppet:///modules/site_nagios/htpasswd.users', 'puppet:///modules/nagios/htpasswd.users' ], owner => root, @@ -47,7 +48,7 @@ class nagios::base { mode => '0640'; 'nagios_private': ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/private/", + path => "${cfg_dir}/private", purge => true, recurse => true, notify => Service['nagios'], @@ -55,7 +56,7 @@ class nagios::base { group => nagios, mode => '0750'; 'nagios_private_resource_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/private/resource.cfg", + path => "${cfg_dir}/private/resource.cfg", source => [ "puppet:///modules/site_nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}", "puppet:///modules/nagios/configs/${::operatingsystem}/private/resource.cfg.${::architecture}" ], notify => Service['nagios'], @@ -64,7 +65,7 @@ class nagios::base { mode => '0640'; 'nagios_confd': ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/", + path => "${cfg_dir}/conf.d", purge => true, recurse => true, notify => Service['nagios'], @@ -88,108 +89,151 @@ class nagios::base { Nagios_timeperiod <<||>> Nagios_command <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", + target => "${cfg_dir}/conf.d/nagios_command.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contact <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", + target => "${cfg_dir}/conf.d/nagios_contact.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contactgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", + target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_host <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", + target => "${cfg_dir}/conf.d/nagios_host.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostdependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", + target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg", notify => Service['nagios'], } Nagios_hostescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", + target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg", notify => Service['nagios'], } Nagios_hostextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", + target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostgroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", + target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_service <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", + target => "${cfg_dir}/conf.d/nagios_service.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_servicegroup <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", + target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg", notify => Service['nagios'], } Nagios_servicedependency <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", + target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceescalation <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", + target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceextinfo <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", + target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", require => File['nagios_confd'], notify => Service['nagios'], } Nagios_timeperiod <||> { - target => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg", + target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg", require => File['nagios_confd'], notify => Service['nagios'], } - file{[ - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_command.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contact.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_contactgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_host.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostdependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_hostgroupescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_service.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicedependency.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceescalation.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_serviceextinfo.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_servicegroup.cfg", - "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_timeperiod.cfg" ]: - ensure => file, - replace => false, - notify => Service['nagios'], - owner => root, - group => 0, - mode => '0644'; - } - - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - file { 'nagios_cfgdir': - ensure => directory, - path => "${nagios::defaults::vars::int_cfgdir}/", - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - owner => root, - group => root, - mode => '0755'; + file{ + # manage nagios cfg files + # must be defined after exported resource overrides and cfg file defs + 'nagios_cfgdir': + ensure => directory, + path => $cfg_dir, + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; + ["${cfg_dir}/conf.d/nagios_command.cfg", + "${cfg_dir}/conf.d/nagios_contact.cfg", + "${cfg_dir}/conf.d/nagios_contactgroup.cfg", + "${cfg_dir}/conf.d/nagios_host.cfg", + "${cfg_dir}/conf.d/nagios_hostdependency.cfg", + "${cfg_dir}/conf.d/nagios_hostescalation.cfg", + "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", + "${cfg_dir}/conf.d/nagios_hostgroup.cfg", + "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg", + "${cfg_dir}/conf.d/nagios_service.cfg", + "${cfg_dir}/conf.d/nagios_servicedependency.cfg", + "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", + "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", + "${cfg_dir}/conf.d/nagios_servicegroup.cfg", + "${cfg_dir}/conf.d/nagios_timeperiod.cfg" ]: + ensure => file, + replace => false, + notify => Service['nagios'], + owner => root, + group => 0, + mode => '0644'; + "${cfg_dir}/nagios_command.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_command.cfg"; + "${cfg_dir}/nagios_contact.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_contact.cfg"; + "${cfg_dir}/nagios_contactgroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg"; + "${cfg_dir}/nagios_host.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_host.cfg"; + "${cfg_dir}/nagios_hostdependency.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg"; + "${cfg_dir}/nagios_hostescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg"; + "${cfg_dir}/nagios_hostextinfo.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg"; + "${cfg_dir}/nagios_hostgroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg"; + "${cfg_dir}/nagios_hostgroupescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg"; + "${cfg_dir}/nagios_service.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_service.cfg"; + "${cfg_dir}/nagios_servicedependency.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg"; + "${cfg_dir}/nagios_serviceescalation.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg"; + "${cfg_dir}/nagios_serviceextinfo.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg"; + "${cfg_dir}/nagios_servicegroup.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg"; + "${cfg_dir}/nagios_timeperiod.cfg": + ensure => link, + target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg"; } } -- cgit v1.2.3 From 8eafd6fdca47b6b6ae08b0313c0fcf1e13b4a886 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:28:56 +0200 Subject: purge any unmanaged resources --- manifests/base.pp | 23 +++++++++++++++++++++++ manifests/init.pp | 1 + 2 files changed, 24 insertions(+) diff --git a/manifests/base.pp b/manifests/base.pp index 50a302c..2ef1181 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -87,6 +87,27 @@ class nagios::base { Nagios_serviceextinfo <<||>> Nagios_service <<||>> Nagios_timeperiod <<||>> + if $nagios::purge_resources { + resources { + [ + 'nagios_command', + 'nagios_contactgroup', + 'nagios_contact', + 'nagios_hostdependency', + 'nagios_hostescalation', + 'nagios_hostextinfo', + 'nagios_hostgroup', + 'nagios_host', + 'nagios_servicedependency', + 'nagios_serviceescalation', + 'nagios_servicegroup', + 'nagios_serviceextinfo', + 'nagios_service', + 'nagios_timeperiod', + ]: + purge => true; + } + } Nagios_command <||> { target => "${cfg_dir}/conf.d/nagios_command.cfg", @@ -190,6 +211,8 @@ class nagios::base { owner => root, group => 0, mode => '0644'; + # unfortuantely resource purging only works on the default path and + # because we changed it above -> link the default path "${cfg_dir}/nagios_command.cfg": ensure => link, target => "${cfg_dir}/conf.d/nagios_command.cfg"; diff --git a/manifests/init.pp b/manifests/init.pp index efbfd02..7b747d9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,6 +21,7 @@ class nagios( $manage_shorewall = false, $manage_munin = false, $service_atboot = true, + $purge_resources = true, ) { case $nagios::httpd { 'absent': { } -- cgit v1.2.3 From b1a10d01e4c4682540eab75541845514ea8c4dd0 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 4 Oct 2014 16:48:22 +0200 Subject: restart after purging --- manifests/base.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/base.pp b/manifests/base.pp index 2ef1181..b93150a 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -105,7 +105,8 @@ class nagios::base { 'nagios_service', 'nagios_timeperiod', ]: - purge => true; + notify => Service['nagios'], + purge => true; } } -- cgit v1.2.3 From b52d91b8fcabf0c6b1cd648cf996b7468be60969 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 12:36:29 +0200 Subject: get auto purging working again That purging resources work correctly, the config files must be at the location that the nagios providers have internally, which is at /etc/nagios/.cfg To ease the config file we used the cfg_dir option so far, which we can't anymore and hence this change requires adoption of your site modules. But auto-purging resources will then finally work. --- files/configs/CentOS/nagios.cfg | 18 +++- files/configs/Debian/nagios.cfg | 16 +++- manifests/base.pp | 176 +++++++++++----------------------------- manifests/defaults/templates.pp | 15 ++-- manifests/defaults/vars.pp | 3 +- manifests/pnp4nagios.pp | 7 +- 6 files changed, 91 insertions(+), 144 deletions(-) diff --git a/files/configs/CentOS/nagios.cfg b/files/configs/CentOS/nagios.cfg index 1354bf8..fc6a391 100644 --- a/files/configs/CentOS/nagios.cfg +++ b/files/configs/CentOS/nagios.cfg @@ -31,9 +31,21 @@ log_file=/var/log/nagios/nagios.log # separate from host and contact definitions... # Puppet-managed configuration files -cfg_dir=/etc/nagios/conf.d - - +cfg_file=/etc/nagios/nagios_command.cfg +cfg_file=/etc/nagios/nagios_contact.cfg +cfg_file=/etc/nagios/nagios_contactgroup.cfg +cfg_file=/etc/nagios/nagios_host.cfg +cfg_file=/etc/nagios/nagios_hostdependency.cfg +cfg_file=/etc/nagios/nagios_hostescalation.cfg +cfg_file=/etc/nagios/nagios_hostextinfo.cfg +cfg_file=/etc/nagios/nagios_hostgroup.cfg +cfg_file=/etc/nagios/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios/nagios_service.cfg +cfg_file=/etc/nagios/nagios_servicedependency.cfg +cfg_file=/etc/nagios/nagios_serviceescalation.cfg +cfg_file=/etc/nagios/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios/nagios_servicegroup.cfg +cfg_file=/etc/nagios/nagios_timeperiod.cfg # OBJECT CACHE FILE # This option determines where object definitions are cached when diff --git a/files/configs/Debian/nagios.cfg b/files/configs/Debian/nagios.cfg index 8eae393..dca295c 100644 --- a/files/configs/Debian/nagios.cfg +++ b/files/configs/Debian/nagios.cfg @@ -23,7 +23,21 @@ log_file=/var/log/nagios3/nagios.log cfg_file=/etc/nagios3/commands.cfg # Puppet-managed configuration files -cfg_dir=/etc/nagios3/conf.d +cfg_file=/etc/nagios3/nagios_command.cfg +cfg_file=/etc/nagios3/nagios_contact.cfg +cfg_file=/etc/nagios3/nagios_contactgroup.cfg +cfg_file=/etc/nagios3/nagios_host.cfg +cfg_file=/etc/nagios3/nagios_hostdependency.cfg +cfg_file=/etc/nagios3/nagios_hostescalation.cfg +cfg_file=/etc/nagios3/nagios_hostextinfo.cfg +cfg_file=/etc/nagios3/nagios_hostgroup.cfg +cfg_file=/etc/nagios3/nagios_hostgroupescalation.cfg +cfg_file=/etc/nagios3/nagios_service.cfg +cfg_file=/etc/nagios3/nagios_servicedependency.cfg +cfg_file=/etc/nagios3/nagios_serviceescalation.cfg +cfg_file=/etc/nagios3/nagios_serviceextinfo.cfg +cfg_file=/etc/nagios3/nagios_servicegroup.cfg +cfg_file=/etc/nagios3/nagios_timeperiod.cfg # Debian also defaults to using the check commands defined by the debian # nagios-plugins package diff --git a/manifests/base.pp b/manifests/base.pp index b93150a..c0ebf77 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -63,16 +63,15 @@ class nagios::base { owner => root, group => nagios, mode => '0640'; - 'nagios_confd': - ensure => directory, - path => "${cfg_dir}/conf.d", - purge => true, - recurse => true, - notify => Service['nagios'], - owner => root, - group => nagios, - mode => '0750'; } + + if $cfg_dir == '/etc/nagios3' { + file{'/etc/nagios': + ensure => link, + target => $cfg_dir, + } + } + Nagios_command <<||>> Nagios_contactgroup <<||>> Nagios_contact <<||>> @@ -87,177 +86,94 @@ class nagios::base { Nagios_serviceextinfo <<||>> Nagios_service <<||>> Nagios_timeperiod <<||>> - if $nagios::purge_resources { - resources { - [ - 'nagios_command', - 'nagios_contactgroup', - 'nagios_contact', - 'nagios_hostdependency', - 'nagios_hostescalation', - 'nagios_hostextinfo', - 'nagios_hostgroup', - 'nagios_host', - 'nagios_servicedependency', - 'nagios_serviceescalation', - 'nagios_servicegroup', - 'nagios_serviceextinfo', - 'nagios_service', - 'nagios_timeperiod', - ]: - notify => Service['nagios'], - purge => true; - } - } Nagios_command <||> { - target => "${cfg_dir}/conf.d/nagios_command.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contact <||> { - target => "${cfg_dir}/conf.d/nagios_contact.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_contactgroup <||> { - target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_host <||> { - target => "${cfg_dir}/conf.d/nagios_host.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostdependency <||> { - target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg", notify => Service['nagios'], } Nagios_hostescalation <||> { - target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg", notify => Service['nagios'], } Nagios_hostextinfo <||> { - target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_hostgroup <||> { - target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_service <||> { - target => "${cfg_dir}/conf.d/nagios_service.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_servicegroup <||> { - target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg", notify => Service['nagios'], } Nagios_servicedependency <||> { - target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceescalation <||> { - target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_serviceextinfo <||> { - target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } Nagios_timeperiod <||> { - target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg", - require => File['nagios_confd'], notify => Service['nagios'], } file{ - # manage nagios cfg files - # must be defined after exported resource overrides and cfg file defs - 'nagios_cfgdir': - ensure => directory, - path => $cfg_dir, - recurse => true, - purge => true, - force => true, - notify => Service['nagios'], - owner => root, - group => root, - mode => '0755'; - ["${cfg_dir}/conf.d/nagios_command.cfg", - "${cfg_dir}/conf.d/nagios_contact.cfg", - "${cfg_dir}/conf.d/nagios_contactgroup.cfg", - "${cfg_dir}/conf.d/nagios_host.cfg", - "${cfg_dir}/conf.d/nagios_hostdependency.cfg", - "${cfg_dir}/conf.d/nagios_hostescalation.cfg", - "${cfg_dir}/conf.d/nagios_hostextinfo.cfg", - "${cfg_dir}/conf.d/nagios_hostgroup.cfg", - "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg", - "${cfg_dir}/conf.d/nagios_service.cfg", - "${cfg_dir}/conf.d/nagios_servicedependency.cfg", - "${cfg_dir}/conf.d/nagios_serviceescalation.cfg", - "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg", - "${cfg_dir}/conf.d/nagios_servicegroup.cfg", - "${cfg_dir}/conf.d/nagios_timeperiod.cfg" ]: + ["${cfg_dir}/nagios_command.cfg", + "${cfg_dir}/nagios_contact.cfg", + "${cfg_dir}/nagios_contactgroup.cfg", + "${cfg_dir}/nagios_host.cfg", + "${cfg_dir}/nagios_hostdependency.cfg", + "${cfg_dir}/nagios_hostescalation.cfg", + "${cfg_dir}/nagios_hostextinfo.cfg", + "${cfg_dir}/nagios_hostgroup.cfg", + "${cfg_dir}/nagios_hostgroupescalation.cfg", + "${cfg_dir}/nagios_service.cfg", + "${cfg_dir}/nagios_servicedependency.cfg", + "${cfg_dir}/nagios_serviceescalation.cfg", + "${cfg_dir}/nagios_serviceextinfo.cfg", + "${cfg_dir}/nagios_servicegroup.cfg", + "${cfg_dir}/nagios_timeperiod.cfg" ]: ensure => file, replace => false, notify => Service['nagios'], owner => root, group => 0, mode => '0644'; - # unfortuantely resource purging only works on the default path and - # because we changed it above -> link the default path - "${cfg_dir}/nagios_command.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_command.cfg"; - "${cfg_dir}/nagios_contact.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_contact.cfg"; - "${cfg_dir}/nagios_contactgroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_contactgroup.cfg"; - "${cfg_dir}/nagios_host.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_host.cfg"; - "${cfg_dir}/nagios_hostdependency.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostdependency.cfg"; - "${cfg_dir}/nagios_hostescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostescalation.cfg"; - "${cfg_dir}/nagios_hostextinfo.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostextinfo.cfg"; - "${cfg_dir}/nagios_hostgroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostgroup.cfg"; - "${cfg_dir}/nagios_hostgroupescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_hostgroupescalation.cfg"; - "${cfg_dir}/nagios_service.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_service.cfg"; - "${cfg_dir}/nagios_servicedependency.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_servicedependency.cfg"; - "${cfg_dir}/nagios_serviceescalation.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_serviceescalation.cfg"; - "${cfg_dir}/nagios_serviceextinfo.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_serviceextinfo.cfg"; - "${cfg_dir}/nagios_servicegroup.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_servicegroup.cfg"; - "${cfg_dir}/nagios_timeperiod.cfg": - ensure => link, - target => "${cfg_dir}/conf.d/nagios_timeperiod.cfg"; + } + + if $nagios::purge_resources { + resources { + [ + 'nagios_command', + 'nagios_contactgroup', + 'nagios_contact', + 'nagios_hostdependency', + 'nagios_hostescalation', + 'nagios_hostextinfo', + 'nagios_hostgroup', + 'nagios_host', + 'nagios_servicedependency', + 'nagios_serviceescalation', + 'nagios_servicegroup', + 'nagios_serviceextinfo', + 'nagios_service', + 'nagios_timeperiod', + ]: + notify => Service['nagios'], + purge => true; + } } } diff --git a/manifests/defaults/templates.pp b/manifests/defaults/templates.pp index 9711dd4..5158189 100644 --- a/manifests/defaults/templates.pp +++ b/manifests/defaults/templates.pp @@ -1,14 +1,17 @@ +# manage nagios_templates class nagios::defaults::templates { include nagios::defaults::vars file { 'nagios_templates': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/nagios_templates.cfg", - source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", + path => "${nagios::defaults::vars::int_cfgdir}/nagios_templates.cfg", + source => [ "puppet:///modules/site_nagios/configs/${::fqdn}/nagios_templates.cfg", "puppet:///modules/site_nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/site_nagios/configs/nagios_templates.cfg", + 'puppet:///modules/site_nagios/configs/nagios_templates.cfg', "puppet:///modules/nagios/configs/${::operatingsystem}/nagios_templates.cfg", - "puppet:///modules/nagios/configs/nagios_templates.cfg" ], - notify => Service['nagios'], - mode => 0644, owner => root, group => root; + 'puppet:///modules/nagios/configs/nagios_templates.cfg' ], + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; } } diff --git a/manifests/defaults/vars.pp b/manifests/defaults/vars.pp index 87f41f8..e1a6224 100644 --- a/manifests/defaults/vars.pp +++ b/manifests/defaults/vars.pp @@ -1,7 +1,8 @@ +# some default vars class nagios::defaults::vars { case $nagios::cfgdir { '': { $int_cfgdir = $::operatingsystem ? { - centos => '/etc/nagios/', + centos => '/etc/nagios', default => '/etc/nagios3' } } diff --git a/manifests/pnp4nagios.pp b/manifests/pnp4nagios.pp index 5ade74f..3faaae3 100644 --- a/manifests/pnp4nagios.pp +++ b/manifests/pnp4nagios.pp @@ -1,3 +1,4 @@ +# manage pnp4nagios class nagios::pnp4nagios { include nagios::defaults::pnp4nagios @@ -10,7 +11,7 @@ class nagios::pnp4nagios { # see http://projects.reductivelabs.com/issues/1180 for this limitation file { 'pnp4nagios-templates.cfg': - path => "${nagios::defaults::vars::int_cfgdir}/conf.d/pnp4nagios-templates.cfg", + path => "${nagios::defaults::vars::int_cfgdir}/pnp4nagios-templates.cfg", source => [ 'puppet:///modules/site_nagios/pnp4nagios/pnp4nagios-templates.cfg', 'puppet:///modules/nagios/pnp4nagios/pnp4nagios-templates.cfg' ], mode => '0644', @@ -21,8 +22,8 @@ class nagios::pnp4nagios { file { 'apache.conf': path => '/etc/pnp4nagios/apache.conf', - source => [ 'puppet:///modules/site_nagios/pnp4nagios/apache.conf', - 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], + source => ['puppet:///modules/site_nagios/pnp4nagios/apache.conf', + 'puppet:///modules/nagios/pnp4nagios/apache.conf' ], mode => '0644', owner => root, group => root, -- cgit v1.2.3 From 885976423b223947215aaac5f32b3ee245e85683 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 12:53:44 +0200 Subject: restore a resource that was deleted too early --- manifests/base.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manifests/base.pp b/manifests/base.pp index c0ebf77..526a8fd 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -17,6 +17,16 @@ class nagios::base { $cfg_dir = $nagios::defaults::vars::int_cfgdir # this file should contain all the nagios_puppet-paths: file{ + 'nagios_cfgdir': + ensure => directory, + path => $cfg_dir, + recurse => true, + purge => true, + force => true, + notify => Service['nagios'], + owner => root, + group => root, + mode => '0755'; 'nagios_main_cfg': path => "${cfg_dir}/nagios.cfg", source => ["puppet:///modules/site_nagios/configs/${::fqdn}/nagios.cfg", -- cgit v1.2.3 From a144f728b98f3783d1d4e99688cd8b95e01d616a Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 13:05:39 +0200 Subject: this is now the confd --- manifests/base.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/base.pp b/manifests/base.pp index 526a8fd..fa28c41 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,6 +20,7 @@ class nagios::base { 'nagios_cfgdir': ensure => directory, path => $cfg_dir, + alias => nagios_confd, recurse => true, purge => true, force => true, -- cgit v1.2.3 From 0941bc8c201bccaffaf40e51e04239fcc9fc0c7c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 5 Oct 2014 13:54:39 +0200 Subject: add the default nagios templates file as well --- files/configs/CentOS/nagios.cfg | 1 + files/configs/Debian/nagios.cfg | 1 + 2 files changed, 2 insertions(+) diff --git a/files/configs/CentOS/nagios.cfg b/files/configs/CentOS/nagios.cfg index fc6a391..b88e3db 100644 --- a/files/configs/CentOS/nagios.cfg +++ b/files/configs/CentOS/nagios.cfg @@ -31,6 +31,7 @@ log_file=/var/log/nagios/nagios.log # separate from host and contact definitions... # Puppet-managed configuration files +cfg_file=/etc/nagios/nagios_templates.cfg cfg_file=/etc/nagios/nagios_command.cfg cfg_file=/etc/nagios/nagios_contact.cfg cfg_file=/etc/nagios/nagios_contactgroup.cfg diff --git a/files/configs/Debian/nagios.cfg b/files/configs/Debian/nagios.cfg index dca295c..ac02f4f 100644 --- a/files/configs/Debian/nagios.cfg +++ b/files/configs/Debian/nagios.cfg @@ -23,6 +23,7 @@ log_file=/var/log/nagios3/nagios.log cfg_file=/etc/nagios3/commands.cfg # Puppet-managed configuration files +cfg_file=/etc/nagios3/nagios_templates.cfg cfg_file=/etc/nagios3/nagios_command.cfg cfg_file=/etc/nagios3/nagios_contact.cfg cfg_file=/etc/nagios3/nagios_contactgroup.cfg -- cgit v1.2.3 From 60a2b8106a9403d786ca03a759035ad54d5976fc Mon Sep 17 00:00:00 2001 From: o Date: Mon, 1 Dec 2014 11:55:27 +0100 Subject: check_http by default also accept 301/302 --- manifests/service/http.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/service/http.pp b/manifests/service/http.pp index 502758d..b80c140 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -8,7 +8,7 @@ define nagios::service::http( $check_domain = 'absent', $port = '80', $check_url = '/', - $check_code = '200', + $check_code = '200,301,302', $use = 'generic-service', $ssl_mode = false ){ -- cgit v1.2.3 From 4d4119d3c7b47ed34b7e014b3a9f9ff0bddda76c Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 7 Jun 2015 11:43:49 +0200 Subject: cleanup things a bit and make it possible to set a different fqdn --- manifests/target.pp | 22 +++++++++++++--------- manifests/target/fqdn.pp | 8 +++++--- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/manifests/target.pp b/manifests/target.pp index f9b7e13..82cf6a1 100644 --- a/manifests/target.pp +++ b/manifests/target.pp @@ -1,22 +1,26 @@ -# manifests/target.pp - +# a simple nagios target to monitor class nagios::target( - $parents = 'absent', - $address = $::ipaddress, + $parents = 'absent', + $address = $::ipaddress, $nagios_alias = $::hostname, - $hostgroups = 'absent' + $hostgroups = 'absent', + $use = 'generic-host', ){ @@nagios_host { $::fqdn: address => $address, - alias => $nagios_alias, - use => 'generic-host', + alias => $nagios_alias, + use => $use, } if ($parents != 'absent') { - Nagios_host["${::fqdn}"] { parents => $parents } + Nagios_host[$::fqdn] { + parents => $parents + } } if ($hostgroups != 'absent') { - Nagios_host["${::fqdn}"] { hostgroups => $hostgroups } + Nagios_host[$::fqdn] { + hostgroups => $hostgroups + } } } diff --git a/manifests/target/fqdn.pp b/manifests/target/fqdn.pp index 6bb16c1..31fc4b7 100644 --- a/manifests/target/fqdn.pp +++ b/manifests/target/fqdn.pp @@ -1,10 +1,12 @@ +# monitor a host by fqdn class nagios::target::fqdn( + $address = $::fqdn, $hostgroups = 'absent', - $parents = 'absent' + $parents = 'absent' ) { class{'nagios::target': - address => $::fqdn, + address => $address, hostgroups => $hostgroups, - parents => $parents + parents => $parents } } -- cgit v1.2.3 From 5e92209e5b284e0f0d99c30e555cc498a39c396e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:23:44 +0200 Subject: introduce gpg checks --- files/plugins/check_gpg | 113 ++++++++++++++++++++++++++++++++++++++++++++ manifests/init.pp | 8 ++-- manifests/plugins/gpg.pp | 43 +++++++++++++++++ manifests/service/gpgkey.pp | 43 +++++++++++++++++ 4 files changed, 204 insertions(+), 3 deletions(-) create mode 100644 files/plugins/check_gpg create mode 100644 manifests/plugins/gpg.pp create mode 100644 manifests/service/gpgkey.pp diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg new file mode 100644 index 0000000..bf4b930 --- /dev/null +++ b/files/plugins/check_gpg @@ -0,0 +1,113 @@ +#!/bin/bash +# +# Nagios plugin that checks whether a key ID has expired, or will expire within +# a certain time. +# +# note: the plugin will issue a critical state if the required key has been +# revoked. +# +# usage: check_gpg [-w ] [--gnupg-homedir ] +# +# is any PGP key ID that GnuPG accepts with "gpg --list-key " +# +# The option -w parameter lets you specify the number of days within which key +# expiry will trigger a warning. e.g. if expires within +# days, make nagios issue a warning. +# +# num_days must be an integer value +# +# optionally, if the keyring directory you want GPG to use is not located in +# the user's ~/.gnupg, you can specify the path to the keyring directory with +# the --gnupg-homedir parameter. +# +# Thanks a bunch to Daniel Kahn Gillmor for providing example commands that +# made up most of the core of this plugin. +# +# Copyleft Gabriel Filion +# +# This plugin is released under the GPL v3+ license. To get a copy of the +# license text visit: https://www.gnu.org/licenses/gpl-3.0.txt +# +SECS_IN_DAY=86400 + +function debug () { + if [ -n "$DEBUG" ]; then + echo "$1" >&2 + fi +} + +debug "got args: $*" + +now=$(date +%s) +debug "current timestamp: $now" + +warning_threshold= +homedir= +for arg in $*; do + case $arg in + "-w") + if [ -z "$2" ]; then + echo "UNKNOWN: argument -w got no value. integer needed" + exit 3 + fi + if [ "`echo $2 | egrep ^[[:digit:]]+$`" = "" ]; then + echo "UNKNOWN: invalid value '$2' passed to -w. integer needed" + exit 3 + fi + warning_threshold=$(( $now + ($2*$SECS_IN_DAY) )) + debug "setting warning_threshold to '$warning_threshold'" + + shift 2 + ;; + "--gnupg-homedir") + if [ -z "$2" ]; then + echo "UNKNOWN: argument --gnupg-homedir got no value. path needed" + exit 3 + fi + if [ ! -d "$2" ]; then + echo "UNKNOWN: homedir '$2' does not exist or is not a directory" + exit 3 + fi + homedir="--homedir $2" + debug "setting homedir to '$homedir'" + + shift 2 + ;; + esac +done + +if [ -z "$1" ]; then + echo "UNKNOWN: must provide a key ID" + exit 3 +fi +key="$1" + +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + +if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then + echo "CRITICAL: key '$key' has been revoked!" + exit 1 +fi + +for expiry in $(gpg $homedir --with-colons --fixed-list-mode --list-key "$key" 2>/dev/null | awk -F: '/^pub:/{ print $7 }'); +do + debug "expiry value: $expiry" + + if [ "$now" -gt "$expiry" ] ; then + printf "CRITICAL: %s has expired on %s\n" "$key" "$(date -d "$expiry seconds")"; + exit 1; + fi; + if [ -n "$warning_threshold" ] && [ "$warning_threshold" -gt "$expiry" ]; then + remaining=$(( ($expiry-$now) / $SECS_IN_DAY )) + printf "WARNING: %s expires in %s days\n" "$key" "$remaining"; + exit 2; + fi +done + +echo "OK: key '$key' has not expired." diff --git a/manifests/init.pp b/manifests/init.pp index 7b747d9..e80525e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,7 @@ class nagios( $manage_munin = false, $service_atboot = true, $purge_resources = true, + $gpgkey_checks = {}, ) { case $nagios::httpd { 'absent': { } @@ -32,15 +33,16 @@ class nagios( case $::operatingsystem { 'centos': { $cfgdir = '/etc/nagios' - include nagios::centos + include ::nagios::centos } 'debian': { $cfgdir = '/etc/nagios3' - include nagios::debian + include ::nagios::debian } default: { fail("No such operatingsystem: ${::operatingsystem} yet defined") } } if $manage_munin { - include nagios::munin + include ::nagios::munin } + create_resources('nagios::service::gpgkey',$gpgkey_checks) } diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp new file mode 100644 index 0000000..d8c1d40 --- /dev/null +++ b/manifests/plugins/gpg.pp @@ -0,0 +1,43 @@ +# check_gpg from +# https://github.com/lelutin/nagios-plugins/blob/master/check_gpg +class nagios::plugins::gpg { + require ::gnupg + nagios::plugin{'check_gpg': + source => 'nagios/plugins/check_gpg', + } + + $gpg_home = '/var/local/nagios_gpg_homedir' + file{ + $gpg_home: + ensure => 'directory', + owner => nagios, + group => nagios, + mode => '0600', + require => Nagios::Plugin['check_gpg']; + '/etc/cron.daily/update_nagios_gpgkeys': + content => "!#/bin/bash +function exec() { + cmd=\$1 + outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') + if [ \$? -gt 0 ]; then + echo \$output + exit 1 + fi +} + +gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg(\"--recv-keys \${key}\") +done +", + owner => root, + group => 0, + mode => '0700', + require => File[$gpg_home]; + } + nagios_command { + 'check_gnupg': + command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", + require => Nagios::Plugin['check_gpg'], + } +} + diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp new file mode 100644 index 0000000..0c271f4 --- /dev/null +++ b/manifests/service/gpgkey.pp @@ -0,0 +1,43 @@ +# define a gpgkey to be watched +define nagios::service::gpgkey( + $ensure = 'present', + $warning = '14', + $key_info = undef, +){ + validate_slength($name,40,40) + require ::nagios::plugins::gpg + $gpg_home = $nagios::plugins::gpg::gpg_home + + exec{"manage_key_${name}": } + nagios::service{ + "check_gpg_${name}": + ensure => $ensure; + } + + if $ensure == 'present' { + Exec["manage_key_${name}"]{ + command => "gpg --homedir ${gpg_home} --recv-keys ${name}", + unless => "gpg --homedir ${gpg_home} --list-keys ${name}", + before => Nagios::Service["check_gpg_${name}"], + } + + Nagios::Service["check_gpg_${name}"]{ + check_command => "check_gpg!${warning}!${name}", + } + if $key_info { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name} - Info: ${key_info}", + } + } else { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name}", + } + } + } else { + Exec["manage_key_${name}"]{ + command => "gpg --batch --homedir ${gpg_home} --delete-key ${name}", + onlyif => "gpg --homedir ${gpg_home} --list-keys ${name}", + require => Nagios::Service["check_gpg_${name}"], + } + } +} -- cgit v1.2.3 From bbda7cef0b0d6d68c9d2c393592cbfbef9f3534e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:26:10 +0200 Subject: introduce horde_login checks --- files/plugins/check_horde_login | 69 ++++++++++++++++++++++++++++++++++++++++ manifests/plugins/horde_login.pp | 9 ++++++ manifests/service/horde_login.pp | 18 +++++++++++ 3 files changed, 96 insertions(+) create mode 100644 files/plugins/check_horde_login create mode 100644 manifests/plugins/horde_login.pp create mode 100644 manifests/service/horde_login.pp diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login new file mode 100644 index 0000000..4c63daa --- /dev/null +++ b/files/plugins/check_horde_login @@ -0,0 +1,69 @@ +#!/bin/env python +# vi:si:et:sw=4:sts=4:ts=4 +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2015 mh + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. +# + +import sys, os, requests, getopt + +def usage(): + print sys.argv[0] + " -u username "+ \ + "-p password " + \ + "-s server path" + sys.exit(1) + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h") + except getopt.GetoptError: + usage() + return 3 + + user = url = password = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + url = a + "/login.php" + elif o == '-h': + usage() + + if user == None or password == None or url == None: + usage() + + params = { 'horde_user': user, + 'horde_pass': password, + 'horde_select_view': 'auto', + 'anchor_string': '', + 'app': '', + 'login_post': 1, + 'new_lang': 'en_US', + 'url': '', + } + + + r = requests.post(url, data=params, allow_redirects=False) + # on a successfully login we are redirected to the mailbox + if r.status_code == 302: + print "OK" + sys.exit(0) + else: + print "Error" + sys.exit(2) + + +if __name__ == "__main__": + sys.exit(main()) + + diff --git a/manifests/plugins/horde_login.pp b/manifests/plugins/horde_login.pp new file mode 100644 index 0000000..908b57b --- /dev/null +++ b/manifests/plugins/horde_login.pp @@ -0,0 +1,9 @@ +# check_horde_login +class nagios::plugins::horde_login { + nagios::plugin { 'check_horde_login': + source => 'nagios/plugins/check_horde_login', + } -> nagios_command { + 'check_horde_login': + command_line => "\$USER1\$/check_horde_login -s \$ARG1\$ -u \$ARG2\$ -p \$ARG3\$", + } +} diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp new file mode 100644 index 0000000..876ce2b --- /dev/null +++ b/manifests/service/horde_login.pp @@ -0,0 +1,18 @@ +# a horde login check +define nagios::service::horde_login( + $username, + $password, + $url, + $ensure = 'present', +){ + nagios::service{ + "horde_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["horde_${name}"]{ + check_command => "check_horde_login!${url}!${username}!${password}", + } + } +} -- cgit v1.2.3 From d85a5924b713143426a59ece9df82bba7534e11b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:29:30 +0200 Subject: ensure we run things with the right user/group --- manifests/service/gpgkey.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index 0c271f4..bea2c57 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -8,7 +8,10 @@ define nagios::service::gpgkey( require ::nagios::plugins::gpg $gpg_home = $nagios::plugins::gpg::gpg_home - exec{"manage_key_${name}": } + exec{"manage_key_${name}": + user => nagios, + group => nagios, + } nagios::service{ "check_gpg_${name}": ensure => $ensure; -- cgit v1.2.3 From c754ec94b331828588b6a3c2423ef9f21c849e18 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:32:28 +0200 Subject: the module is called gpg --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index d8c1d40..3493ff8 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,7 +1,7 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg class nagios::plugins::gpg { - require ::gnupg + require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', } -- cgit v1.2.3 From e0b08c71a7aaa721481a5662dc3c4eef143f32e4 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 12 Oct 2015 23:52:12 +0200 Subject: make it possible to define the keyserver to fetch from --- manifests/plugins/gpg.pp | 12 +++++++----- manifests/service/gpgkey.pp | 5 +++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 3493ff8..198f5ab 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,6 +1,8 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg { +class nagios::plugins::gpg( + $keyserver = 'hkp://keys.mayfirst.org', +) { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -15,8 +17,8 @@ class nagios::plugins::gpg { mode => '0600', require => Nagios::Plugin['check_gpg']; '/etc/cron.daily/update_nagios_gpgkeys': - content => "!#/bin/bash -function exec() { + content => "#!/bin/bash +function gpg() { cmd=\$1 outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') if [ \$? -gt 0 ]; then @@ -25,8 +27,8 @@ function exec() { fi } -gpg('--with-fingerprint --list-keys --with-colons') | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg(\"--recv-keys \${key}\") +su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do + gpg \"--keyserver ${keyserver} --recv-keys \${key}\" done ", owner => root, diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index bea2c57..08b7473 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -6,7 +6,8 @@ define nagios::service::gpgkey( ){ validate_slength($name,40,40) require ::nagios::plugins::gpg - $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_keyserver = $nagios::plugins::gpg::keyserver exec{"manage_key_${name}": user => nagios, @@ -19,7 +20,7 @@ define nagios::service::gpgkey( if $ensure == 'present' { Exec["manage_key_${name}"]{ - command => "gpg --homedir ${gpg_home} --recv-keys ${name}", + command => "gpg --keyserver ${gpg_keyserver} --homedir ${gpg_home} --recv-keys ${name}", unless => "gpg --homedir ${gpg_home} --list-keys ${name}", before => Nagios::Service["check_gpg_${name}"], } -- cgit v1.2.3 From 1c3e0881ef6a93637a63561f44ec3edc963a7220 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:00:08 +0200 Subject: username can be name --- manifests/service/horde_login.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp index 876ce2b..6cab59e 100644 --- a/manifests/service/horde_login.pp +++ b/manifests/service/horde_login.pp @@ -1,9 +1,9 @@ # a horde login check define nagios::service::horde_login( - $username, $password, $url, - $ensure = 'present', + $username = $name, + $ensure = 'present', ){ nagios::service{ "horde_${name}": -- cgit v1.2.3 From 41cf7666abb78020c7ea3a331bd65f709e73fbf8 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:01:11 +0200 Subject: correct naming --- manifests/plugins/gpg.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 198f5ab..632ad1f 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -37,7 +37,7 @@ done require => File[$gpg_home]; } nagios_command { - 'check_gnupg': + 'check_gpg': command_line => "\$USER1\$/check_gpg --gnupg-homedir ${gpg_home} -w \$ARG1\$ \$ARG2\$", require => Nagios::Plugin['check_gpg'], } -- cgit v1.2.3 From 11dca77caa10423d8b1d722ff950aa20b1c41080 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:36:27 +0200 Subject: also deploy the plugin on a nagios host --- manifests/defaults/commands.pp | 240 +++++++++++++++++++++-------------------- 1 file changed, 121 insertions(+), 119 deletions(-) diff --git a/manifests/defaults/commands.pp b/manifests/defaults/commands.pp index bb19638..fc552b4 100644 --- a/manifests/defaults/commands.pp +++ b/manifests/defaults/commands.pp @@ -1,139 +1,141 @@ +# defaults commands we wanna have available class nagios::defaults::commands { - include nagios::command::smtp - include nagios::command::imap_pop3 + include ::nagios::command::smtp + include ::nagios::command::imap_pop3 + include ::nagios::plugins::horde_login # common service commands case $::operatingsystem { - debian,ubuntu: { - nagios_command { - check_dummy: - command_line => '$USER1$/check_dummy $ARG1$'; - check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_url: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; - check_http_url_regex: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; - check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_mysql_db: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; - check_ntp_time: - command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; - check_silc: - command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; - check_sobby: - command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; - check_jabber: - command_line => '$USER1$/check_jabber -H $ARG1$'; - check_git: - command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; - } + debian,ubuntu: { + nagios_command { + check_dummy: + command_line => '$USER1$/check_dummy $ARG1$'; + check_https_cert: + command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_http_url: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; + check_http_url_regex: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_https_url: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + check_https_url_regex: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_mysql_db: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; + check_ntp_time: + command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; + check_silc: + command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; + check_sobby: + command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; + check_jabber: + command_line => '$USER1$/check_jabber -H $ARG1$'; + check_git: + command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; } - default: { - nagios_command { - check_dummy: - command_line => '$USER1$/check_dummy $ARG1$'; - check_ping: - command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$'; - check-host-alive: - command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 5000,100% -c 5000,100% -p 1'; - check_tcp: - command_line => '$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$'; - check_udp: - command_line => '$USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$'; - check_load: - command_line => '$USER1$/check_load --warning=$ARG1$,$ARG2$,$ARG3$ --critical=$ARG4$,$ARG5$,$ARG6$'; - check_disk: - command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e -p $ARG3$'; - check_all_disks: - command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e'; - check_ssh: - command_line => '$USER1$/check_ssh $HOSTADDRESS$'; - check_ssh_port: - command_line => '$USER1$/check_ssh -p $ARG1$ $HOSTADDRESS$'; - check_ssh_port_host: - command_line => '$USER1$/check_ssh -p $ARG1$ $ARG2$'; - check_http: - command_line => '$USER1$/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_https: - command_line => '$USER1$/check_http --ssl -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_https_cert: - command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_url: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; - check_http_url_regex: - command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; - check_https_url: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; - check_https_url_regex: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; - check_mysql: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$'; - check_mysql_db: - command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; - check_ntp_time: - command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; - check_silc: - command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; - check_sobby: - command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; - check_jabber: - command_line => '$USER1$/check_jabber -H $ARG1$'; - check_git: - command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; - } + } + default: { + nagios_command { + check_dummy: + command_line => '$USER1$/check_dummy $ARG1$'; + check_ping: + command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$'; + check-host-alive: + command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 5000,100% -c 5000,100% -p 1'; + check_tcp: + command_line => '$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$'; + check_udp: + command_line => '$USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$'; + check_load: + command_line => '$USER1$/check_load --warning=$ARG1$,$ARG2$,$ARG3$ --critical=$ARG4$,$ARG5$,$ARG6$'; + check_disk: + command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e -p $ARG3$'; + check_all_disks: + command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -e'; + check_ssh: + command_line => '$USER1$/check_ssh $HOSTADDRESS$'; + check_ssh_port: + command_line => '$USER1$/check_ssh -p $ARG1$ $HOSTADDRESS$'; + check_ssh_port_host: + command_line => '$USER1$/check_ssh -p $ARG1$ $ARG2$'; + check_http: + command_line => '$USER1$/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_https: + command_line => '$USER1$/check_http --ssl -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_https_cert: + command_line => '$USER1$/check_http --ssl -C 20 -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + check_http_url: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$'; + check_http_url_regex: + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -e $ARG4$'; + check_https_url: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$'; + check_https_url_regex: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -e $ARG3$'; + check_mysql: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$'; + check_mysql_db: + command_line => '$USER1$/check_mysql -H $ARG1$ -P $ARG2$ -u $ARG3$ -p $ARG4$ -d $ARG5$'; + check_ntp_time: + command_line => '$USER1$/check_ntp_time -H $HOSTADDRESS$ -w 0.5 -c 1'; + check_silc: + command_line => '$USER1$/check_tcp -p 706 -H $ARG1$'; + check_sobby: + command_line => '$USER1$/check_tcp -H $ARG1$ -p $ARG2$'; + check_jabber: + command_line => '$USER1$/check_jabber -H $ARG1$'; + check_git: + command_line => '$USER1$/check_tcp -H $ARG1$ -p 9418'; } + } } - # commands for services defined by other modules + # commands for services defined by other modules - nagios_command { - # from apache module - http_port: - command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; + nagios_command { + # from apache module + http_port: + command_line => '$USER1$/check_http -p $ARG1$ -H $HOSTADDRESS$ -I $HOSTADDRESS$'; - check_http_port_url_content: - command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; - check_https_port_url_content: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; - check_http_url_content: - command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; - check_https_url_content: - command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; + check_http_port_url_content: + command_line => '$USER1$/check_http -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + check_https_port_url_content: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -p $ARG2$ -u $ARG3$ -s $ARG4$'; + check_http_url_content: + command_line => '$USER1$/check_http -H $ARG1$ -u $ARG2$ -s $ARG3$'; + check_https_url_content: + command_line => '$USER1$/check_http --ssl -H $ARG1$ -u $ARG2$ -s $ARG3$'; - # from bind module - check_dig2: - command_line => '$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ --record_type=$ARG2$'; + # from bind module + check_dig2: + command_line => '$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ --record_type=$ARG2$'; - # from mysql module - check_mysql_health: - command_line => '$USER1$/check_mysql_health --hostname $ARG1$ --port $ARG2$ --username $ARG3$ --password $ARG4$ --mode $ARG5$ --database $ARG6$ $ARG7$ $ARG8$'; + # from mysql module + check_mysql_health: + command_line => '$USER1$/check_mysql_health --hostname $ARG1$ --port $ARG2$ --username $ARG3$ --password $ARG4$ --mode $ARG5$ --database $ARG6$ $ARG7$ $ARG8$'; - # better check_dns - check_dns2: - command_line => '$USER1$/check_dns2 -c $ARG1$ A $ARG2$'; + # better check_dns + check_dns2: + command_line => '$USER1$/check_dns2 -c $ARG1$ A $ARG2$'; - # dnsbl checking - check_dnsbl: - command_line => '$USER1$/check_dnsbl -H $ARG1$'; - } + # dnsbl checking + check_dnsbl: + command_line => '$USER1$/check_dnsbl -H $ARG1$'; + } - # notification commands + # notification commands - $mail_cmd_location = $::operatingsystem ? { - centos => '/bin/mail', - default => '/usr/bin/mail' - } + $mail_cmd_location = $::operatingsystem ? { + centos => '/bin/mail', + default => '/usr/bin/mail' + } - nagios_command { - 'notify-host-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\nHost: \$HOSTNAME\$\\nState: \$HOSTSTATE\$\\nAddress: \$HOSTADDRESS\$\\nInfo: \$HOSTOUTPUT\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Host Alert: \$HOSTNAME\$ is \$HOSTSTATE\$ **\" \$CONTACTEMAIL\$"; - 'notify-service-by-email': - command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nService: \$SERVICEDESC\$\\nHost: \$HOSTALIAS\$\\nAddress: \$HOSTADDRESS\$\\nState: \$SERVICESTATE\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nAdditional Info:\\n\\n\$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Service Alert: \$HOSTALIAS\$/\$SERVICEDESC\$ is \$SERVICESTATE\$ **\" \$CONTACTEMAIL\$"; - } + nagios_command { + 'notify-host-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\nHost: \$HOSTNAME\$\\nState: \$HOSTSTATE\$\\nAddress: \$HOSTADDRESS\$\\nInfo: \$HOSTOUTPUT\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Host Alert: \$HOSTNAME\$ is \$HOSTSTATE\$ **\" \$CONTACTEMAIL\$"; + 'notify-service-by-email': + command_line => "/usr/bin/printf \"%b\" \"***** Nagios *****\\n\\nNotification Type: \$NOTIFICATIONTYPE\$\\n\\nService: \$SERVICEDESC\$\\nHost: \$HOSTALIAS\$\\nAddress: \$HOSTADDRESS\$\\nState: \$SERVICESTATE\$\\n\\nDate/Time: \$LONGDATETIME\$\\n\\nAdditional Info:\\n\\n\$SERVICEOUTPUT\$\" | ${mail_cmd_location} -s \"** \$NOTIFICATIONTYPE\$ Service Alert: \$HOSTALIAS\$/\$SERVICEDESC\$ is \$SERVICESTATE\$ **\" \$CONTACTEMAIL\$"; + } } -- cgit v1.2.3 From ffca95a6b0281ab49f4a626a1ee6a68257769388 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:45:01 +0200 Subject: this is handled outside & centrally --- files/plugins/check_gpg | 8 -------- 1 file changed, 8 deletions(-) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index bf4b930..1a8df84 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -82,14 +82,6 @@ if [ -z "$1" ]; then fi key="$1" -# GPG is too stupid to error out when asked to refresh a key that's not in the -# local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) -if [ $? -ne 0 ]; then - echo "UNKNOWN: $output" - exit 3 -fi - if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then echo "CRITICAL: key '$key' has been revoked!" exit 1 -- cgit v1.2.3 From 77419fa626578d14e55042a39b2b87e5c0904ae2 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 13 Oct 2015 00:57:06 +0200 Subject: install requirements --- manifests/plugins/horde_login.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/horde_login.pp b/manifests/plugins/horde_login.pp index 908b57b..4274b4c 100644 --- a/manifests/plugins/horde_login.pp +++ b/manifests/plugins/horde_login.pp @@ -1,7 +1,9 @@ # check_horde_login class nagios::plugins::horde_login { + ensure_packages(['python-requests']) nagios::plugin { 'check_horde_login': - source => 'nagios/plugins/check_horde_login', + source => 'nagios/plugins/check_horde_login', + require => Package['python-requests'], } -> nagios_command { 'check_horde_login': command_line => "\$USER1\$/check_horde_login -s \$ARG1\$ -u \$ARG2\$ -p \$ARG3\$", -- cgit v1.2.3 From 9a02e527e1803093e25166cdbac753253909065f Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 15:17:48 +0200 Subject: Revert "this is handled outside & centrally" This reverts commit ffca95a6b0281ab49f4a626a1ee6a68257769388. --- files/plugins/check_gpg | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index 1a8df84..bf4b930 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -82,6 +82,14 @@ if [ -z "$1" ]; then fi key="$1" +# GPG is too stupid to error out when asked to refresh a key that's not in the +# local keyring so we need to perform another call to verify this first. +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +if [ $? -ne 0 ]; then + echo "UNKNOWN: $output" + exit 3 +fi + if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then echo "CRITICAL: key '$key' has been revoked!" exit 1 -- cgit v1.2.3 From 3a39c6e693a835d98ed382bdc3ce72eac31ea664 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 15:38:20 +0200 Subject: fetch things over hkps and on every check --- files/plugin_data/sks-keyservers.netCA.pem | 32 ++++++++++++++++++++++++++++++ files/plugins/check_gpg | 2 +- manifests/plugins/gpg.pp | 27 ++++++------------------- manifests/service/gpgkey.pp | 12 +++++------ 4 files changed, 45 insertions(+), 28 deletions(-) create mode 100644 files/plugin_data/sks-keyservers.netCA.pem diff --git a/files/plugin_data/sks-keyservers.netCA.pem b/files/plugin_data/sks-keyservers.netCA.pem new file mode 100644 index 0000000..24a2ad2 --- /dev/null +++ b/files/plugin_data/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index bf4b930..efc17e3 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -84,7 +84,7 @@ key="$1" # GPG is too stupid to error out when asked to refresh a key that's not in the # local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh "$key" >/dev/null; } 2>&1 ) +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) if [ $? -ne 0 ]; then echo "UNKNOWN: $output" exit 3 diff --git a/manifests/plugins/gpg.pp b/manifests/plugins/gpg.pp index 632ad1f..a09736a 100644 --- a/manifests/plugins/gpg.pp +++ b/manifests/plugins/gpg.pp @@ -1,8 +1,6 @@ # check_gpg from # https://github.com/lelutin/nagios-plugins/blob/master/check_gpg -class nagios::plugins::gpg( - $keyserver = 'hkp://keys.mayfirst.org', -) { +class nagios::plugins::gpg { require ::gpg nagios::plugin{'check_gpg': source => 'nagios/plugins/check_gpg', @@ -16,25 +14,12 @@ class nagios::plugins::gpg( group => nagios, mode => '0600', require => Nagios::Plugin['check_gpg']; - '/etc/cron.daily/update_nagios_gpgkeys': - content => "#!/bin/bash -function gpg() { - cmd=\$1 - outout=\$(su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --logger-fd 1 \${cmd}') - if [ \$? -gt 0 ]; then - echo \$output - exit 1 - fi -} - -su - nagios -s /bin/bash -c 'gpg --homedir ${gpg_home} --with-fingerprint --list-keys --with-colons | grep \"^pub\" -A 1 | tail -n 1 | cut -f10 -d\":\" | sort --random-sort | while read key; do - gpg \"--keyserver ${keyserver} --recv-keys \${key}\" -done -", - owner => root, + "${gpg_home}/sks-keyservers.netCA.pem": + source => 'puppet:///modules/nagios/plugin_data/sks-keyservers.netCA.pem', + owner => nagios, group => 0, - mode => '0700', - require => File[$gpg_home]; + mode => '0400', + before => Nagios_command['check_gpg']; } nagios_command { 'check_gpg': diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index 08b7473..f04352a 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -6,8 +6,8 @@ define nagios::service::gpgkey( ){ validate_slength($name,40,40) require ::nagios::plugins::gpg - $gpg_home = $nagios::plugins::gpg::gpg_home - $gpg_keyserver = $nagios::plugins::gpg::keyserver + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_cmd = "gpg --homedir ${gpg_home}" exec{"manage_key_${name}": user => nagios, @@ -20,8 +20,8 @@ define nagios::service::gpgkey( if $ensure == 'present' { Exec["manage_key_${name}"]{ - command => "gpg --keyserver ${gpg_keyserver} --homedir ${gpg_home} --recv-keys ${name}", - unless => "gpg --homedir ${gpg_home} --list-keys ${name}", + command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}", + unless => "${gpg_cmd} --list-keys ${name}", before => Nagios::Service["check_gpg_${name}"], } @@ -39,8 +39,8 @@ define nagios::service::gpgkey( } } else { Exec["manage_key_${name}"]{ - command => "gpg --batch --homedir ${gpg_home} --delete-key ${name}", - onlyif => "gpg --homedir ${gpg_home} --list-keys ${name}", + command => "${gpg_cmd} --batch --delete-key ${name}", + onlyif => "${gpg_cmd} --list-keys ${name}", require => Nagios::Service["check_gpg_${name}"], } } -- cgit v1.2.3 From e182d1ba09b9d7689c1dfb137b8ca8771bc00dd0 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 16 Oct 2015 16:10:56 +0200 Subject: fixing path --- files/plugins/check_gpg | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg index efc17e3..eb9fa51 100644 --- a/files/plugins/check_gpg +++ b/files/plugins/check_gpg @@ -43,6 +43,7 @@ debug "current timestamp: $now" warning_threshold= homedir= +homedir_path=~/.gnupg for arg in $*; do case $arg in "-w") @@ -68,8 +69,9 @@ for arg in $*; do echo "UNKNOWN: homedir '$2' does not exist or is not a directory" exit 3 fi - homedir="--homedir $2" - debug "setting homedir to '$homedir'" + homedir_path=$2 + homedir="--homedir ${homedir_path}" + debug "setting homedir to '$homedir_path'" shift 2 ;; @@ -84,7 +86,7 @@ key="$1" # GPG is too stupid to error out when asked to refresh a key that's not in the # local keyring so we need to perform another call to verify this first. -output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) +output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir_path/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 ) if [ $? -ne 0 ]; then echo "UNKNOWN: $output" exit 3 -- cgit v1.2.3 From cfff7d115e4cff2a4aa5bcfbd01e7ebe265b7a48 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 13:56:24 +0100 Subject: linting --- manifests/service.pp | 119 ++++++++++++++++++++++++++------------------------- 1 file changed, 61 insertions(+), 58 deletions(-) diff --git a/manifests/service.pp b/manifests/service.pp index 134d1f7..d53fd24 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,87 +1,90 @@ +# a wrapper around nagios_service to make it more convenient and +# also automatically an exported resource. define nagios::service ( - $ensure = present, - $host_name = $::fqdn, - $check_command = 'absent', - $check_period = '', - $normal_check_interval = '', - $retry_check_interval = '', - $max_check_attempts = '', - $notification_interval = '', - $notification_period = '', - $notification_options = '', - $contact_groups = '', - $use = 'generic-service', - $service_description = 'absent', - $use_nrpe = '', - $nrpe_args = '', - $nrpe_timeout = 10 + $ensure = present, + $host_name = $::fqdn, + $check_command = 'absent', + $check_period = undef, + $normal_check_interval = undef, + $retry_check_interval = undef, + $max_check_attempts = undef, + $notification_interval = undef, + $notification_period = undef, + $notification_options = undef, + $contact_groups = undef, + $use = 'generic-service', + $service_description = 'absent', + $use_nrpe = undef, + $nrpe_args = undef, + $nrpe_timeout = 10, ) { # TODO: this resource should normally accept all nagios_host parameters $real_name = "${::hostname}_${name}" - @@nagios_service { "${real_name}": + @@nagios_service {$real_name: ensure => $ensure, - notify => Service[nagios]; + notify => Service['nagios']; } if $ensure != 'absent' { - if $check_comand == 'absent' { + if $check_command == 'absent' { fail("Must pass a check_command to ${name} if it should be present") } - if ($use_nrpe == 'true') { - include nagios::command::nrpe_timeout + if str2bool($use_nrpe) { + include ::nagios::command::nrpe_timeout - if ($nrpe_args != '') { - $real_check_command = "check_nrpe_timeout!$nrpe_timeout!$check_command!\"$nrpe_args\"" - } else { - $real_check_command = "check_nrpe_1arg_timeout!$nrpe_timeout!$check_command" - } + if $nrpe_args { + $real_check_command = "check_nrpe_timeout!${nrpe_timeout}!${check_command}!\"${nrpe_args}\"" + } else { + $real_check_command = "check_nrpe_1arg_timeout!${nrpe_timeout}!${check_command}" + } } else { - $real_check_command = "$check_command" + $real_check_command = $check_command } - Nagios_service["${real_name}"] { - check_command => $check_command, - host_name => $host_name, - use => $use, - service_description => $service_description ?{ - 'absent' => $name, - default => $service_description - } + $real_service_description = $service_description ? { + 'absent' => $name, + default => $service_description + } + Nagios_service[$real_name] { + check_command => $check_command, + host_name => $host_name, + use => $use, + service_description => $real_service_description, } - if ($check_period != '') { - Nagios_service["${real_name}"] { check_period => $check_period } + if $check_period { + Nagios_service[$real_name] { check_period => $check_period } } - - if ($normal_check_interval != '') { - Nagios_service["${real_name}"] { normal_check_interval => $normal_check_interval } + + if $normal_check_interval { + Nagios_service[$real_name] { normal_check_interval => $normal_check_interval } } - - if ($retry_check_interval != '') { - Nagios_service["${real_name}"] { retry_check_interval => $retry_check_interval } + + if $retry_check_interval { + Nagios_service[$real_name] { retry_check_interval => $retry_check_interval } } - - if ($max_check_attempts != '') { - Nagios_service["${real_name}"] { max_check_attempts => $max_check_attempts } + + if $max_check_attempts { + Nagios_service[$real_name] { max_check_attempts => $max_check_attempts } } - - if ($notification_interval != '') { - Nagios_service["${real_name}"] { notification_interval => $notification_interval } + + if $notification_interval { + Nagios_service[$real_name] { notification_interval => $notification_interval } } - - if ($notification_period != '') { - Nagios_service["${real_name}"] { notification_period => $notification_period } + + if $notification_period { + Nagios_service[$real_name] { notification_period => $notification_period } } - - if ($notification_options != '') { - Nagios_service["${real_name}"] { notification_options => $notification_options } + + if $notification_options { + Nagios_service[$real_name] { notification_options => $notification_options } } - - if ($contact_groups != '') { - Nagios_service["${real_name}"] { contact_groups => $contact_groups } + + if $contact_groups { + Nagios_service[$real_name] { contact_groups => $contact_groups } } } } -- cgit v1.2.3 From e468d58c85886d00d3b49443fe7cef4e8ed7b2c2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:51:53 +0100 Subject: linting --- manifests/defaults/service_templates.pp | 56 ++++++++++++++++----------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/manifests/defaults/service_templates.pp b/manifests/defaults/service_templates.pp index 84740af..b225455 100644 --- a/manifests/defaults/service_templates.pp +++ b/manifests/defaults/service_templates.pp @@ -1,32 +1,32 @@ +# define the generic service template class nagios::defaults::service_templates { - # this inoperative for the moment, see : - # http://projects.reductivelabs.com/issues/1180 - - nagios_service { - 'generic-service': - active_checks_enabled => '1', - passive_checks_enabled => '1', - parallelize_check => '1', - obsess_over_service => '1', - check_freshness => '0', - notifications_enabled => '1', - event_handler_enabled => '1', - flap_detection_enabled => '1', - failure_prediction_enabled => '1', - process_perf_data => '1', - retain_status_information => '1', - retain_nonstatus_information => '1', - notification_interval => '0', - is_volatile => '0', - check_period => '24x7', - normal_check_interval => '5', - retry_check_interval => '1', - max_check_attempts => '4', - notification_period => '24x7', - notification_options => 'w,u,c,r', - contact_groups => 'admins', - register => '0', - } + # this inoperative for the moment, see : + # http://projects.reductivelabs.com/issues/1180 + nagios_service { + 'generic-service': + active_checks_enabled => '1', + passive_checks_enabled => '1', + parallelize_check => '1', + obsess_over_service => '1', + check_freshness => '0', + notifications_enabled => '1', + event_handler_enabled => '1', + flap_detection_enabled => '1', + failure_prediction_enabled => '1', + process_perf_data => '1', + retain_status_information => '1', + retain_nonstatus_information => '1', + notification_interval => '0', + is_volatile => '0', + check_period => '24x7', + normal_check_interval => '5', + retry_check_interval => '1', + max_check_attempts => '4', + notification_period => '24x7', + notification_options => 'w,u,c,r', + contact_groups => 'admins', + register => '0', + } } -- cgit v1.2.3 From 711cbfdc765b743f476da3027c6b95ba27b1a0c1 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:52:49 +0100 Subject: newer nagios versions use now check_interval --- manifests/defaults/service_templates.pp | 2 +- manifests/service.pp | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/defaults/service_templates.pp b/manifests/defaults/service_templates.pp index b225455..e39441a 100644 --- a/manifests/defaults/service_templates.pp +++ b/manifests/defaults/service_templates.pp @@ -21,7 +21,7 @@ class nagios::defaults::service_templates { notification_interval => '0', is_volatile => '0', check_period => '24x7', - normal_check_interval => '5', + check_interval => '5', retry_check_interval => '1', max_check_attempts => '4', notification_period => '24x7', diff --git a/manifests/service.pp b/manifests/service.pp index d53fd24..e2c08e9 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -5,7 +5,7 @@ define nagios::service ( $host_name = $::fqdn, $check_command = 'absent', $check_period = undef, - $normal_check_interval = undef, + $check_interval = undef, $retry_check_interval = undef, $max_check_attempts = undef, $notification_interval = undef, @@ -59,8 +59,8 @@ define nagios::service ( Nagios_service[$real_name] { check_period => $check_period } } - if $normal_check_interval { - Nagios_service[$real_name] { normal_check_interval => $normal_check_interval } + if $check_interval { + Nagios_service[$real_name] { check_interval => $check_interval } } if $retry_check_interval { -- cgit v1.2.3 From a9a04a8e1aa447d71f8745491da9168c81206392 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 14:57:27 +0100 Subject: it's sufficient to check it only once an hour --- manifests/service/gpgkey.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp index f04352a..df13ca8 100644 --- a/manifests/service/gpgkey.pp +++ b/manifests/service/gpgkey.pp @@ -1,8 +1,9 @@ # define a gpgkey to be watched define nagios::service::gpgkey( - $ensure = 'present', - $warning = '14', - $key_info = undef, + $ensure = 'present', + $warning = '14', + $key_info = undef, + $check_interval = 60, ){ validate_slength($name,40,40) require ::nagios::plugins::gpg @@ -26,7 +27,8 @@ define nagios::service::gpgkey( } Nagios::Service["check_gpg_${name}"]{ - check_command => "check_gpg!${warning}!${name}", + check_command => "check_gpg!${warning}!${name}", + check_interval => $check_interval, } if $key_info { Nagios::Service["check_gpg_${name}"]{ -- cgit v1.2.3 From edd94dd98f53c1066c7bd6253bc910c196f798fc Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 15:06:09 +0100 Subject: linting nagios::service::imap --- manifests/service/imap.pp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/manifests/service/imap.pp b/manifests/service/imap.pp index b703db4..45b667a 100644 --- a/manifests/service/imap.pp +++ b/manifests/service/imap.pp @@ -1,24 +1,26 @@ +# check an imap service define nagios::service::imap( - $ensure = 'present', - $host = 'absent', - $port = '143', - $tls = true, - $tls_port = '993' + $ensure = 'present', + $host = 'absent', + $port = '143', + $tls = true, + $tls_port = '993' ){ $real_host = $host ? { 'absent' => $name, - default => $host + default => $host } + $tls_ensure = $tls ? { + true => $ensure, + default => 'absent' + } nagios::service{ "imap_${name}_${port}": ensure => $ensure; "imaps_${name}_${tls_port}": - ensure => $tls ? { - true => $ensure, - default => 'absent' - }; + ensure => $tls_ensure; } if $ensure != 'absent' { -- cgit v1.2.3 From e66581b620d89e81ec02754005f3e3fa2bc603cf Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 25 Oct 2015 16:28:46 +0100 Subject: add an imap_login check --- files/plugins/check_imap_login | 80 +++++++++++++++++++++++++++++++++++++++++ manifests/command/imap_pop3.pp | 5 ++- manifests/plugins/imap_login.pp | 7 ++++ manifests/service/imap_login.pp | 20 +++++++++++ 4 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 files/plugins/check_imap_login create mode 100644 manifests/plugins/imap_login.pp create mode 100644 manifests/service/imap_login.pp diff --git a/files/plugins/check_imap_login b/files/plugins/check_imap_login new file mode 100644 index 0000000..d059822 --- /dev/null +++ b/files/plugins/check_imap_login @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro +# Response time monitoring with perfdata modification by Ivan Savcic and Milos Buncic, 2012. +# From: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, imaplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u -p -H [-s] -w -c \n -s is for using IMAPS" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = imaplib.IMAP4_SSL(host=host) + else: + M = imaplib.IMAP4(host) + + timestamp = time() + + try: + M.login(user, password) + except Exception, e: + print "CRITICAL IMAP Login Failed: %s" % e + return 2 + + M.logout() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s IMAP Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index f3637a7..fbe4182 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,7 +1,8 @@ # manage mail checks class nagios::command::imap_pop3 { + require ::nagios::plugins::imap_login case $::operatingsystem { - debian,ubuntu: { } # Debian/Ubuntu already define those checks + 'Debian','Ubuntu': { } # Debian/Ubuntu already define those checks default: { nagios_command { 'check_imap': @@ -21,5 +22,7 @@ class nagios::command::imap_pop3 { command_line => '$USER1$/check_tcp -H $ARG1$ -p 4190'; 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; + 'check_imap_login': + command_line => '$USER1$/check_imap_login -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } diff --git a/manifests/plugins/imap_login.pp b/manifests/plugins/imap_login.pp new file mode 100644 index 0000000..bb53b81 --- /dev/null +++ b/manifests/plugins/imap_login.pp @@ -0,0 +1,7 @@ +# a simple imap login check +class nagios::plugins::imap_login { + nagios::plugin { 'check_imap_login': + source => 'nagios/plugins/check_imap_login', + } +} + diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp new file mode 100644 index 0000000..53c432a --- /dev/null +++ b/manifests/service/imap_login.pp @@ -0,0 +1,20 @@ +# a imap login check +define nagios::service::imap_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "imap_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["imap_login_${name}"]{ + check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + } + } +} -- cgit v1.2.3 From 27f65e05ff1120c9432b86a4e964b31f9d41b7b7 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 14:14:22 +0100 Subject: make it possible to also pass down the host_name --- manifests/service/imap_login.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp index 53c432a..25303a3 100644 --- a/manifests/service/imap_login.pp +++ b/manifests/service/imap_login.pp @@ -2,10 +2,11 @@ define nagios::service::imap_login( $username, $password, - $warning = 5, - $critical = 10, - $host = $::fqdn, - $ensure = 'present', + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', ){ nagios::service{ "imap_login_${name}": @@ -15,6 +16,7 @@ define nagios::service::imap_login( if $ensure != 'absent' { Nagios::Service["imap_login_${name}"]{ check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, } } } -- cgit v1.2.3 From 0a0a65f6e84dc65253f54f46e08040c086ff120b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 17:50:44 +0100 Subject: fix nagios_alias --- manifests/target.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/target.pp b/manifests/target.pp index 2036e01..760d7d4 100644 --- a/manifests/target.pp +++ b/manifests/target.pp @@ -8,7 +8,6 @@ class nagios::target( ){ @@nagios_host { $::fqdn: address => $address, - alias => $nagios_alias, use => $use, } # Watch out with using aliases: they need to be unique throughout *all* -- cgit v1.2.3 From ca86ffbabd4e5d56bb25e0037e09a4c7cd9f0f6b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 26 Oct 2015 18:23:21 +0100 Subject: enable ssl login by default --- manifests/command/imap_pop3.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index fbe4182..632b304 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -23,6 +23,6 @@ class nagios::command::imap_pop3 { 'check_managesieve_legacy': command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; 'check_imap_login': - command_line => '$USER1$/check_imap_login -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; + command_line => '$USER1$/check_imap_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } -- cgit v1.2.3 From 2c4f69e1ea1656edf7c7d39fa90d200f901404df Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 31 Oct 2015 10:14:18 +0100 Subject: add some metrics to the horde check --- files/plugins/check_horde_login | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login index 4c63daa..8c821e4 100644 --- a/files/plugins/check_horde_login +++ b/files/plugins/check_horde_login @@ -13,27 +13,36 @@ # import sys, os, requests, getopt +from time import time def usage(): print sys.argv[0] + " -u username "+ \ "-p password " + \ - "-s server path" + "-s server path" + \ + "[-w warning_in_s] " + \ + "[-c critical_in_s]" sys.exit(1) def main(): try: - opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h") + opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h:w:c") except getopt.GetoptError: usage() return 3 user = url = password = None + warning = 5 + critical = 10 for o, a in opts: if o == "-u": user = a elif o == "-p": password = a + elif o == "-w": + warning = a + elif o == "-c": + critical = a elif o == "-s": url = a + "/login.php" elif o == '-h': @@ -53,14 +62,30 @@ def main(): } - r = requests.post(url, data=params, allow_redirects=False) - # on a successfully login we are redirected to the mailbox + timestamp = time() + try: + r = requests.post(url, data=params, allow_redirects=False) + except Exception, e: + print "CRITICAL Horde Login Failed: %s" % e + sys.exit(2) + + timestamp = time() - timestamp if r.status_code == 302: - print "OK" - sys.exit(0) + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 else: - print "Error" - sys.exit(2) + status = "ERROR" + exitcode = 2 + # on a successfully login we are redirected to the mailbox + print '%s Horde Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + sys.exit(exitcode) if __name__ == "__main__": -- cgit v1.2.3 From c3ca4ac25d7cdfd5826149445f2946d64d968f97 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 31 Oct 2015 10:26:05 +0100 Subject: also add pop3 login checks --- files/plugins/check_pop3_login | 83 +++++++++++++++++++++++++++++++++++++++++ manifests/command/imap_pop3.pp | 4 +- manifests/plugins/imap_login.pp | 7 ---- manifests/plugins/mail_login.pp | 10 +++++ manifests/service/pop3_login.pp | 22 +++++++++++ 5 files changed, 118 insertions(+), 8 deletions(-) create mode 100644 files/plugins/check_pop3_login delete mode 100644 manifests/plugins/imap_login.pp create mode 100644 manifests/plugins/mail_login.pp create mode 100644 manifests/service/pop3_login.pp diff --git a/files/plugins/check_pop3_login b/files/plugins/check_pop3_login new file mode 100644 index 0000000..4eb29b8 --- /dev/null +++ b/files/plugins/check_pop3_login @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: UTF-8 -*- +# -*- Mode: Python -*- +# +# Copyright (C) 2006 Bertera Pietro +# Copyright (C) 2015 mh +# Response time monitoring with perfdata modification by Ivan Savcic and Milos Buncic, 2012. +# Derived from: https://github.com/isavcic/check_imap_login + +# This file may be distributed and/or modified under the terms of +# the GNU General Public License version 2 as published by +# the Free Software Foundation. +# This file is distributed without any warranty; without even the implied +# warranty of merchantability or fitness for a particular purpose. + +import sys, os, poplib, getopt +from time import time + +def usage(): + print sys.argv[0] + " -u -p -H [-s] -w -c \n -s is for using POP3s" + +def main(): + try: + opts, args = getopt.getopt(sys.argv[1:], "u:p:sH:w:c:") + except getopt.GetoptError: + usage() + return 3 + + user = host = password = use_ssl = warning = critical = None + + for o, a in opts: + if o == "-u": + user = a + elif o == "-p": + password = a + elif o == "-s": + use_ssl = True + elif o == "-H": + host = a + elif o == "-w": + warning = float(a) + elif o == "-c": + critical = float(a) + + if user == None or password == None or host == None or warning == None or critical == None: + usage() + return 1 + + if use_ssl: + M = poplib.POP3_SSL(host=host) + else: + M = poplib.POP3(host) + + timestamp = time() + + try: + M.getwelcome() + M.user(user) + M.pass_(password) + except Exception, e: + print "CRITICAL POP3 Login Failed: %s" % e + return 2 + + M.quit() + + timestamp = time() - timestamp + + if timestamp < warning: + status = "OK" + exitcode = 0 + if timestamp >= warning: + status = "WARNING" + exitcode = 1 + if timestamp >= critical: + status = "CRITICAL" + exitcode = 2 + + print '%s POP3 Login | response_time=%.3fs;%.3f;%.3f' % (status, timestamp, warning, critical) + + return exitcode + +if __name__ == "__main__": + sys.exit(main()) diff --git a/manifests/command/imap_pop3.pp b/manifests/command/imap_pop3.pp index 632b304..42e4092 100644 --- a/manifests/command/imap_pop3.pp +++ b/manifests/command/imap_pop3.pp @@ -1,6 +1,6 @@ # manage mail checks class nagios::command::imap_pop3 { - require ::nagios::plugins::imap_login + require ::nagios::plugins::mail_login case $::operatingsystem { 'Debian','Ubuntu': { } # Debian/Ubuntu already define those checks default: { @@ -24,5 +24,7 @@ class nagios::command::imap_pop3 { command_line => '$USER1$/check_tcp -H $ARG1$ -p 2000'; 'check_imap_login': command_line => '$USER1$/check_imap_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; + 'check_pop3_login': + command_line => '$USER1$/check_pop3_login -s -H $ARG1$ -u $ARG2$ -p $ARG3$ -w $ARG4$ -c $ARG5$'; } } diff --git a/manifests/plugins/imap_login.pp b/manifests/plugins/imap_login.pp deleted file mode 100644 index bb53b81..0000000 --- a/manifests/plugins/imap_login.pp +++ /dev/null @@ -1,7 +0,0 @@ -# a simple imap login check -class nagios::plugins::imap_login { - nagios::plugin { 'check_imap_login': - source => 'nagios/plugins/check_imap_login', - } -} - diff --git a/manifests/plugins/mail_login.pp b/manifests/plugins/mail_login.pp new file mode 100644 index 0000000..a86cdc2 --- /dev/null +++ b/manifests/plugins/mail_login.pp @@ -0,0 +1,10 @@ +# simple mail login check +class nagios::plugins::mail_login { + nagios::plugin { + 'check_imap_login': + source => 'nagios/plugins/check_imap_login'; + 'check_pop3_login': + source => 'nagios/plugins/check_pop3_login'; + } +} + diff --git a/manifests/service/pop3_login.pp b/manifests/service/pop3_login.pp new file mode 100644 index 0000000..7453528 --- /dev/null +++ b/manifests/service/pop3_login.pp @@ -0,0 +1,22 @@ +# a pop3 login check +define nagios::service::pop3_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "pop3_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["pop3_login_${name}"]{ + check_command => "check_pop3_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} -- cgit v1.2.3 From 94b40fa2975cf537dd97ac2484670bc944fa09f4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 Nov 2015 17:41:37 +0100 Subject: linting for future parser --- manifests/debian.pp | 77 ++++++++++++++++++++------------------- manifests/nrpe/base.pp | 91 ++++++++++++++++++++++++---------------------- manifests/nrpe/command.pp | 55 ++++++++++++++-------------- manifests/nsca/client.pp | 20 ++++++---- manifests/nsca/server.pp | 16 ++++---- manifests/plugin/deploy.pp | 61 ++++++++++++++++++------------- 6 files changed, 171 insertions(+), 149 deletions(-) diff --git a/manifests/debian.pp b/manifests/debian.pp index 0f451e3..9b1f7e7 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,48 +1,49 @@ +# debian specific things class nagios::debian inherits nagios::base { - Package['nagios'] { name => 'nagios3' } + Package['nagios'] { name => 'nagios3' } - package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: - ensure => 'present', - notify => Service['nagios'], - } + package { [ 'nagios-plugins', 'nagios-snmp-plugins','nagios-nrpe-plugin' ]: + ensure => 'present', + notify => Service['nagios'], + } - Service['nagios'] { - name => 'nagios3', - hasstatus => true, - } + Service['nagios'] { + name => 'nagios3', + hasstatus => true, + } - File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } + File['nagios_htpasswd', 'nagios_cgi_cfg'] { group => 'www-data' } - file { 'nagios_commands_cfg': - path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", - ensure => present, - notify => Service['nagios'], - mode => 0644, owner => root, group => root; - } + file{ + 'nagios_commands_cfg': + path => "${nagios::defaults::vars::int_cfgdir}/commands.cfg", + notify => Service['nagios'], + owner => root, + group => root, + mode => '0644'; + "${nagios::defaults::vars::int_cfgdir}/stylesheets": + ensure => directory, + purge => false, + recurse => true; + } - file { "${nagios::defaults::vars::int_cfgdir}/stylesheets": - ensure => directory, - purge => false, - recurse => true, + if $nagios::allow_external_cmd { + exec { 'nagios_external_cmd_perms_overrides': + command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', + unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', + logoutput => false, + notify => Service['nagios'], } - - if $nagios::allow_external_cmd { - exec { 'nagios_external_cmd_perms_overrides': - command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3', - unless => 'dpkg-statoverride --list nagios www-data 2710 /var/lib/nagios3/rw && dpkg-statoverride --list nagios nagios 751 /var/lib/nagios3', - logoutput => false, - notify => Service['nagios'], - } - exec { 'nagios_external_cmd_perms_1': - command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', - notify => Service['nagios'], - } - exec { 'nagios_external_cmd_perms_2': - command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', - unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', - notify => Service['nagios'], - } + exec { 'nagios_external_cmd_perms_1': + command => 'chmod 0751 /var/lib/nagios3 && chown nagios:nagios /var/lib/nagios3', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3`" = "751 nagios nagios"', + notify => Service['nagios'], + } + exec { 'nagios_external_cmd_perms_2': + command => 'chmod 2751 /var/lib/nagios3/rw && chown nagios:www-data /var/lib/nagios3/rw', + unless => 'test "`stat -c "%a %U %G" /var/lib/nagios3/rw`" = "2751 nagios www-data"', + notify => Service['nagios'], } + } } diff --git a/manifests/nrpe/base.pp b/manifests/nrpe/base.pp index 17abb04..fe1cd7c 100644 --- a/manifests/nrpe/base.pp +++ b/manifests/nrpe/base.pp @@ -1,50 +1,53 @@ +# basic nrpe stuff class nagios::nrpe::base { - if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } - if $processorcount == '' { $processorcount = 1 } - - package { "nagios-nrpe-server": ensure => present; - "nagios-plugins-basic": ensure => present; - "libwww-perl": ensure => present; # for check_apache - } + if $nagios_nrpe_cfgdir == '' { $nagios_nrpe_cfgdir = '/etc/nagios' } - # Special-case lenny. the package doesn't exist - if $lsbdistcodename != 'lenny' { - package { "libnagios-plugin-perl": ensure => present; } - } - - file { [ $nagios_nrpe_cfgdir, "$nagios_nrpe_cfgdir/nrpe.d" ]: - ensure => directory } + package{['nagios-nrpe-server', 'nagios-plugins-basic', 'libwww-perl']: + ensure => installed; + } - if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } - file { "$nagios_nrpe_cfgdir/nrpe.cfg": - content => template('nagios/nrpe/nrpe.cfg'), - owner => root, group => 0, mode => 644; - } - - # default commands - nagios::nrpe::command { "basic_nrpe": - source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${fqdn}.cfg", - "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg", - "puppet:///modules/nagios/nrpe/nrpe_commands.cfg" ], - } - # the check for load should be customized for each server based on number - # of CPUs and the type of activity. - $warning_1_threshold = 7 * $processorcount - $warning_5_threshold = 6 * $processorcount - $warning_15_threshold = 5 * $processorcount - $critical_1_threshold = 10 * $processorcount - $critical_5_threshold = 9 * $processorcount - $critical_15_threshold = 8 * $processorcount - nagios::nrpe::command { "check_load": - command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", - } + # Special-case lenny. the package doesn't exist + if $::lsbdistcodename != 'lenny' { + package{'libnagios-plugin-perl': ensure => installed; } + } - service { "nagios-nrpe-server": - ensure => running, - enable => true, - pattern => "nrpe", - subscribe => File["$nagios_nrpe_cfgdir/nrpe.cfg"], - require => Package["nagios-nrpe-server"], - } + file{ + [ $nagios_nrpe_cfgdir, "${nagios_nrpe_cfgdir}/nrpe.d" ]: + ensure => directory; + } + + if $nagios_nrpe_dont_blame == '' { $nagios_nrpe_dont_blame = 1 } + file { "${nagios_nrpe_cfgdir}/nrpe.cfg": + content => template('nagios/nrpe/nrpe.cfg'), + owner => root, + group => 0, + mode => '0644'; + } + + # default commands + nagios::nrpe::command{'basic_nrpe': + source => [ "puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.${::fqdn}.cfg", + 'puppet:///modules/site-nagios/configs/nrpe/nrpe_commands.cfg', + 'puppet:///modules/nagios/nrpe/nrpe_commands.cfg' ], + } + # the check for load should be customized for each server based on number + # of CPUs and the type of activity. + $warning_1_threshold = 7 * $::processorcount + $warning_5_threshold = 6 * $::processorcount + $warning_15_threshold = 5 * $::processorcount + $critical_1_threshold = 10 * $::processorcount + $critical_5_threshold = 9 * $::processorcount + $critical_15_threshold = 8 * $::processorcount + nagios::nrpe::command {'check_load': + command_line => "${nagios_plugin_dir}/check_load -w ${warning_1_threshold},${warning_5_threshold},${warning_15_threshold} -c ${critical_1_threshold},${critical_5_threshold},${critical_15_threshold}", + } + + service{'nagios-nrpe-server': + ensure => running, + enable => true, + pattern => 'nrpe', + subscribe => File["${nagios_nrpe_cfgdir}/nrpe.cfg"], + require => Package['nagios-nrpe-server'], + } } diff --git a/manifests/nrpe/command.pp b/manifests/nrpe/command.pp index e6ebdae..196996c 100644 --- a/manifests/nrpe/command.pp +++ b/manifests/nrpe/command.pp @@ -1,33 +1,34 @@ +# manage an nrpe command define nagios::nrpe::command ( - $ensure = present, - $command_line = '', - $source = '' ) -{ - if ($command_line == '' and $source == '') { - fail ( "Either one of 'command_line' or 'source' must be given to nagios::nrpe::command." ) - } + $ensure = present, + $command_line = '', + $source = '', +){ + if ($command_line == '' and $source == '') { + fail('Either one of $command_line or $source must be given to nagios::nrpe::command.' ) + } - if $nagios_nrpe_cfg_dir == '' { - $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir - } + $nagios_nrpe_cfgdir = $nagios::nrpe::base::nagios_nrpe_cfgdir - file { "$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg": - ensure => $ensure, - mode => 644, owner => root, group => 0, - notify => Service['nagios-nrpe-server'], - require => File [ "$nagios_nrpe_cfgdir/nrpe.d" ] - } + file{"${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg": + ensure => $ensure, + notify => Service['nagios-nrpe-server'], + require => File ["${nagios_nrpe_cfgdir}/nrpe.d" ], + owner => 'root', + group => 0, + mode => '0644'; + } - case $source { - '': { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - content => template( "nagios/nrpe/nrpe_command.erb" ), - } - } - default: { - File["$nagios_nrpe_cfgdir/nrpe.d/${name}_command.cfg"] { - source => $source, - } - } + case $source { + '': { + File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + content => template('nagios/nrpe/nrpe_command.erb'), + } + } + default: { + File["${nagios_nrpe_cfgdir}/nrpe.d/${name}_command.cfg"] { + source => $source, + } } + } } diff --git a/manifests/nsca/client.pp b/manifests/nsca/client.pp index e58721d..6aa8c0b 100644 --- a/manifests/nsca/client.pp +++ b/manifests/nsca/client.pp @@ -1,14 +1,18 @@ +# manage nsca client class nagios::nsca::client { - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } - file { '/etc/send_nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/send_nsca.cfg", - "puppet:///modules/site_nagios/nsca/send_nsca.cfg", - "puppet:///modules/nagios/nsca/send_nsca.cfg" ], - owner => 'nagios', - group => 'nogroup', - mode => '400', + file{'/etc/send_nsca.cfg': + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/send_nsca.cfg", + 'puppet:///modules/site_nagios/nsca/send_nsca.cfg', + 'puppet:///modules/nagios/nsca/send_nsca.cfg' ], + owner => 'nagios', + group => 'nogroup', + mode => '0400', + require => Package['nsca']; } } diff --git a/manifests/nsca/server.pp b/manifests/nsca/server.pp index bd5389d..8163eec 100644 --- a/manifests/nsca/server.pp +++ b/manifests/nsca/server.pp @@ -1,21 +1,23 @@ +# an nsca server class nagios::nsca::server { - - package { 'nsca': ensure => installed } + package{'nsca': + ensure => installed + } service { 'nsca': ensure => running, hasstatus => false, hasrestart => true, - require => Package['nsca'], + require => Package['nsca'], } file { '/etc/nsca.cfg': - source => [ "puppet:///modules/site_nagios/nsca/{$::fqdn}/nsca.cfg", - "puppet:///modules/site_nagios/nsca/nsca.cfg", - "puppet:///modules/nagios/nsca/nsca.cfg" ], + source => [ "puppet:///modules/site_nagios/nsca/${::fqdn}/nsca.cfg", + 'puppet:///modules/site_nagios/nsca/nsca.cfg', + 'puppet:///modules/nagios/nsca/nsca.cfg' ], owner => 'nagios', group => 'nogroup', - mode => '400', + mode => '0400', notify => Service['nsca'], } diff --git a/manifests/plugin/deploy.pp b/manifests/plugin/deploy.pp index 3f2a1a4..7681590 100644 --- a/manifests/plugin/deploy.pp +++ b/manifests/plugin/deploy.pp @@ -1,30 +1,41 @@ -define nagios::plugin::deploy($source = '', $ensure = 'present', $config = '', $require_package = 'nagios-plugins') { - $plugin_src = $ensure ? { - 'present' => $name, - 'absent' => $name, - default => $ensure - } - $real_source = $source ? { - '' => "nagios/plugins/${plugin_src}", - default => $source - } +# deploy a specific plugin +define nagios::plugin::deploy( + $source = '', + $ensure = 'present', + $config = '', + $require_package = 'nagios-plugins' +) { + $plugin_src = $ensure ? { + 'present' => $name, + 'absent' => $name, + default => $ensure + } + $real_source = $source ? { + '' => "nagios/plugins/${plugin_src}", + default => $source + } - if !defined(Package[$require_package]) { - package { $require_package: - ensure => installed, - tag => "nagios::plugin::deploy::package"; - } + if !defined(Package[$require_package]) { + package { $require_package: + ensure => installed, + tag => 'nagios::plugin::deploy::package'; } + } - include nagios::plugin::scriptpaths - file { "nagios_plugin_${name}": - path => "$nagios::plugin::scriptpaths::script_path/${name}", - source => "puppet:///modules/${real_source}", - mode => 0755, owner => root, group => 0, - require => Package[$require_package], - tag => "nagios::plugin::deploy::file"; - } + include ::nagios::plugin::scriptpaths + file{"nagios_plugin_${name}": + path => "${nagios::plugin::scriptpaths::script_path}/${name}", + source => "puppet:///modules/${real_source}", + require => Package[$require_package], + tag => 'nagios::plugin::deploy::file', + owner => root, + group => 0, + mode => '0755'; + } - # register the plugin - nagios::plugin{$name: ensure => $ensure, require => Package['nagios-plugins'] } + # register the plugin + nagios::plugin{$name: + ensure => $ensure, + require => Package['nagios-plugins'] + } } -- cgit v1.2.3