From 0c1a7aefdf1529727e6c3b0256d33bc7ad115e6f Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 2 Jan 2014 14:30:02 +0100 Subject: [PATCH 01/14] fixed set up for travis tests --- .travis.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9fa785b..83e1bd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,27 @@ language: ruby + rvm: - 1.8.7 + script: "rake spec SPEC_OPTS='--format documentation'" + branches: only: - master - - dev + - development + notifications: email: false + gemfile: Gemfile + env: - PUPPET_VERSION=2.7.23 # latest 2.7; PE 2.8.0+ - PUPPET_VERSION=3.3.2 # latest 3.3; + +before_install: + - travis_retry gem update --system 2.1.11 + - travis_retry gem install bundler --pre + - gem --version + - bundle --version + \ No newline at end of file From 63fac9cfb99c4113ed13ccbd84346603109c922a Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 2 Jan 2014 14:54:28 +0100 Subject: [PATCH 02/14] modifying tests to match the module --- manifests/init.pp | 7 ++++++- spec/classes/nagios_spec.rb | 16 +++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index c44ba46..13f424e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -10,6 +10,11 @@ # # Sample Usage: # -class nagios { +class nagios ($is_server = false,) { + if $is_server == true { + class { 'nagios::server': } + } else { + class { 'nagios::client': } + } } diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index ee22699..992e5e3 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -6,16 +6,18 @@ let(:node) { 'testing.phy.bris.ac.uk' } let(:facts) { { :ipaddress => '10.13.37.100' } } - describe 'Test standard installation' do + describe 'Test standard installation (client)' do + it { should contain_package('nagios-plugins').with_ensure('present') } + it { should contain_package('nrpe').with_ensure('present') } + it { should contain_service('nrpe').with_ensure('running') } + it { should contain_service('nrpe').with_enable('true') } + end + + describe 'Test standard installation (server)' do + let(:params) { {:is_server => true } } it { should contain_package('nagios').with_ensure('present') } it { should contain_service('nagios').with_ensure('running') } it { should contain_service('nagios').with_enable('true') } - it { should contain_file('nagios.conf').with_ensure('present') } - end - - describe 'Test installation of a specific version' do - let(:params) { {:version => '1.0.42' } } - it { should contain_package('nagios').with_ensure('1.0.42') } end end From be1d22c78b7c7557cc4d5a31226fc2bc15077406 Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 2 Jan 2014 15:17:20 +0100 Subject: [PATCH 03/14] Added needed facts for tests --- spec/classes/nagios_spec.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index 992e5e3..26a3b9b 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -5,15 +5,18 @@ let(:title) { 'nagios' } let(:node) { 'testing.phy.bris.ac.uk' } let(:facts) { { :ipaddress => '10.13.37.100' } } + let(:facts) { {:processorcount => 1 } } - describe 'Test standard installation (client)' do + describe 'Test standard installation on RedHat (client)' do + let(:facts) { {:osfamily => 'RedHat' } } it { should contain_package('nagios-plugins').with_ensure('present') } it { should contain_package('nrpe').with_ensure('present') } it { should contain_service('nrpe').with_ensure('running') } it { should contain_service('nrpe').with_enable('true') } end - describe 'Test standard installation (server)' do + describe 'Test standard installation on RedHat (server)' do + let(:facts) { {:osfamily => 'RedHat' } } let(:params) { {:is_server => true } } it { should contain_package('nagios').with_ensure('present') } it { should contain_service('nagios').with_ensure('running') } From aba5981a92ca393791b878938383a04f05a561eb Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 2 Jan 2014 15:31:12 +0100 Subject: [PATCH 04/14] moving all facts into one definition --- spec/classes/nagios_spec.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index 26a3b9b..6f08485 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -4,11 +4,9 @@ let(:title) { 'nagios' } let(:node) { 'testing.phy.bris.ac.uk' } - let(:facts) { { :ipaddress => '10.13.37.100' } } - let(:facts) { {:processorcount => 1 } } + let(:facts) { {:ipaddress => '10.13.37.100', :processorcount => 1, :osfamily => 'RedHat' } } describe 'Test standard installation on RedHat (client)' do - let(:facts) { {:osfamily => 'RedHat' } } it { should contain_package('nagios-plugins').with_ensure('present') } it { should contain_package('nrpe').with_ensure('present') } it { should contain_service('nrpe').with_ensure('running') } @@ -16,7 +14,6 @@ end describe 'Test standard installation on RedHat (server)' do - let(:facts) { {:osfamily => 'RedHat' } } let(:params) { {:is_server => true } } it { should contain_package('nagios').with_ensure('present') } it { should contain_service('nagios').with_ensure('running') } From 9414b3803109ca7e5cdb02ead20ae4671afc6a6f Mon Sep 17 00:00:00 2001 From: Luke Date: Thu, 2 Jan 2014 15:38:39 +0100 Subject: [PATCH 05/14] fixed variable name conflict --- manifests/config/nrpe.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/config/nrpe.pp b/manifests/config/nrpe.pp index e63dbef..f8dd0f3 100644 --- a/manifests/config/nrpe.pp +++ b/manifests/config/nrpe.pp @@ -2,13 +2,13 @@ # Some stock plugins lack a NRPE snippet so will need nrpeconfig{} # without nagiosplugin{} define nagios::config::nrpe ($command, $sudo = undef) { - $name = $::osfamily ? { + $file_name = $::osfamily ? { 'RedHat' => "/etc/nrpe.d/${title}.cfg", 'Debian' => "/etc/nagios/nrpe.d/${title}.cfg", default => "/etc/nrpe.d/${title}.cfg", } - file { $name: + file { $file_name: alias => "${title}.cfg", content => $sudo ? { true => "command[${title}]=/usr/bin/sudo /usr/${::lib_path}/nagios/plugins/${command}", From 85209e934e8e8c74c87def4008c96cf9466142b7 Mon Sep 17 00:00:00 2001 From: Luke Date: Fri, 3 Jan 2014 16:46:55 +0100 Subject: [PATCH 06/14] Added missing implementation, fixed lint errors and most warnings --- Modulefile | 1 + files/cgi.cfg | 357 +++++ files/nagios.cfg | 1331 +++++++++++++++++ files/nsca.cfg | 191 +++ manifests/client.pp | 14 +- manifests/commands.pp | 11 +- manifests/config/client.pp | 116 ++ manifests/config/hostgroups.pp | 2 +- manifests/config/nrpe.pp | 17 +- manifests/config/server.pp | 152 ++ manifests/config/vhosts.pp | 65 +- manifests/cron/check_nagios_config_passive.pp | 3 +- manifests/cron/kernel_passive.pp | 16 +- manifests/init.pp | 4 +- manifests/install.pp | 28 +- manifests/plugin.pp | 8 +- manifests/plugins/bind.pp | 6 +- manifests/plugins/core.pp | 108 +- manifests/plugins/dhcp.pp | 27 +- manifests/plugins/mysql.pp | 23 +- manifests/plugins/puppet.pp | 12 +- manifests/server.pp | 10 +- manifests/services/aaaa_record.pp | 1 + manifests/services/client.pp | 25 + manifests/services/cpu.pp | 5 +- manifests/services/current_users.pp | 6 +- manifests/services/disk_space.pp | 5 +- manifests/services/iocheck.pp | 4 +- manifests/services/load.pp | 5 +- manifests/services/memory.pp | 5 +- manifests/services/nagios.pp | 23 +- manifests/services/nrpe.pp | 1 + manifests/services/selinux.pp | 7 +- manifests/services/server.pp | 7 +- manifests/services/swap.pp | 5 +- manifests/services/tcpcheck.pp | 4 +- manifests/services/total_procs.pp | 5 +- manifests/services/uptime.pp | 5 +- manifests/services/yum.pp | 11 +- manifests/services/zombies.pp | 5 +- manifests/templates.pp | 2 +- metadata.json | 4 + spec/classes/nagios_spec.rb | 8 +- templates/host_email.erb | 9 + templates/nrpe.cfg.erb | 202 +++ templates/service_email.erb | 14 + 46 files changed, 2720 insertions(+), 150 deletions(-) create mode 100644 files/cgi.cfg create mode 100644 files/nagios.cfg create mode 100644 files/nsca.cfg create mode 100644 manifests/config/client.pp create mode 100644 manifests/config/server.pp create mode 100644 templates/host_email.erb create mode 100644 templates/nrpe.cfg.erb create mode 100644 templates/service_email.erb diff --git a/Modulefile b/Modulefile index 83728de..32180f0 100644 --- a/Modulefile +++ b/Modulefile @@ -12,3 +12,4 @@ project_page 'http://hep-puppet.github.io/' dependency 'puppetlabs-apache', '>=0.9.0' dependency 'heppuppet-grid_repos', '0.1.0' dependency 'puppetlabs-stdlib', '>=4.1.0' +dependency 'puppetlabs/firewall', '>=0.3.1' diff --git a/files/cgi.cfg b/files/cgi.cfg new file mode 100644 index 0000000..aec92ac --- /dev/null +++ b/files/cgi.cfg @@ -0,0 +1,357 @@ +################################################################# +# +# CGI.CFG - Sample CGI Configuration File for Nagios 3.2.3 +# +# Last Modified: 06-17-2009 +# +################################################################# + + +# MAIN CONFIGURATION FILE +# This tells the CGIs where to find your main configuration file. +# The CGIs will read the main and host config files for any other +# data they might need. + +main_config_file=/etc/nagios/nagios.cfg + + + +# PHYSICAL HTML PATH +# This is the path where the HTML files for Nagios reside. This +# value is used to locate the logo images needed by the statusmap +# and statuswrl CGIs. + +physical_html_path=/usr/share/nagios/html + + + +# URL HTML PATH +# This is the path portion of the URL that corresponds to the +# physical location of the Nagios HTML files (as defined above). +# This value is used by the CGIs to locate the online documentation +# and graphics. If you access the Nagios pages with an URL like +# http://www.myhost.com/nagios, this value should be '/nagios' +# (without the quotes). + +url_html_path=/nagios + + + +# CONTEXT-SENSITIVE HELP +# This option determines whether or not a context-sensitive +# help icon will be displayed for most of the CGIs. +# Values: 0 = disables context-sensitive help +# 1 = enables context-sensitive help + +show_context_help=0 + + + +# PENDING STATES OPTION +# This option determines what states should be displayed in the web +# interface for hosts/services that have not yet been checked. +# Values: 0 = leave hosts/services that have not been check yet in their original state +# 1 = mark hosts/services that have not been checked yet as PENDING + +use_pending_states=1 + + + + +# AUTHENTICATION USAGE +# This option controls whether or not the CGIs will use any +# authentication when displaying host and service information, as +# well as committing commands to Nagios for processing. +# +# Read the HTML documentation to learn how the authorization works! +# +# NOTE: It is a really *bad* idea to disable authorization, unless +# you plan on removing the command CGI (cmd.cgi)! Failure to do +# so will leave you wide open to kiddies messing with Nagios and +# possibly hitting you with a denial of service attack by filling up +# your drive by continuously writing to your command file! +# +# Setting this value to 0 will cause the CGIs to *not* use +# authentication (bad idea), while any other value will make them +# use the authentication functions (the default). + +use_authentication=1 + + + + +# x509 CERT AUTHENTICATION +# When enabled, this option allows you to use x509 cert (SSL) +# authentication in the CGIs. This is an advanced option and should +# not be enabled unless you know what you're doing. + +use_ssl_authentication=0 + + + + +# DEFAULT USER +# Setting this variable will define a default user name that can +# access pages without authentication. This allows people within a +# secure domain (i.e., behind a firewall) to see the current status +# without authenticating. You may want to use this to avoid basic +# authentication if you are not using a secure server since basic +# authentication transmits passwords in the clear. +# +# Important: Do not define a default username unless you are +# running a secure web server and are sure that everyone who has +# access to the CGIs has been authenticated in some manner! If you +# define this variable, anyone who has not authenticated to the web +# server will inherit all rights you assign to this user! + +#default_user_name=guest + + + +# SYSTEM/PROCESS INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# have access to viewing the Nagios process information as +# provided by the Extended Information CGI (extinfo.cgi). By +# default, *no one* has access to this unless you choose to +# not use authorization. You may use an asterisk (*) to +# authorize any user who has authenticated to the web server. + +authorized_for_system_information=* + + + +# CONFIGURATION INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# can view ALL configuration information (hosts, commands, etc). +# By default, users can only view configuration information +# for the hosts and services they are contacts for. You may use +# an asterisk (*) to authorize any user who has authenticated +# to the web server. + +authorized_for_configuration_information=* + + + +# SYSTEM/PROCESS COMMAND ACCESS +# This option is a comma-delimited list of all usernames that +# can issue shutdown and restart commands to Nagios via the +# command CGI (cmd.cgi). Users in this list can also change +# the program mode to active or standby. By default, *no one* +# has access to this unless you choose to not use authorization. +# You may use an asterisk (*) to authorize any user who has +# authenticated to the web server. + +authorized_for_system_commands=* + + + +# GLOBAL HOST/SERVICE VIEW ACCESS +# These two options are comma-delimited lists of all usernames that +# can view information for all hosts and services that are being +# monitored. By default, users can only view information +# for hosts or services that they are contacts for (unless you +# you choose to not use authorization). You may use an asterisk (*) +# to authorize any user who has authenticated to the web server. + + +authorized_for_all_services=* +authorized_for_all_hosts=* + + + +# GLOBAL HOST/SERVICE COMMAND ACCESS +# These two options are comma-delimited lists of all usernames that +# can issue host or service related commands via the command +# CGI (cmd.cgi) for all hosts and services that are being monitored. +# By default, users can only issue commands for hosts or services +# that they are contacts for (unless you you choose to not use +# authorization). You may use an asterisk (*) to authorize any +# user who has authenticated to the web server. + +authorized_for_all_service_commands=* +authorized_for_all_host_commands=* + + + +# READ-ONLY USERS +# A comma-delimited list of usernames that have read-only rights in +# the CGIs. This will block any service or host commands normally shown +# on the extinfo CGI pages. It will also block comments from being shown +# to read-only users. + +#authorized_for_read_only=iszcm + + + + +# STATUSMAP BACKGROUND IMAGE +# This option allows you to specify an image to be used as a +# background in the statusmap CGI. It is assumed that the image +# resides in the HTML images path (i.e. /usr/local/nagios/share/images). +# This path is automatically determined by appending "/images" +# to the path specified by the 'physical_html_path' directive. +# Note: The image file may be in GIF, PNG, JPEG, or GD2 format. +# However, I recommend that you convert your image to GD2 format +# (uncompressed), as this will cause less CPU load when the CGI +# generates the image. + +#statusmap_background_image=smbackground.gd2 + + + + +# STATUSMAP TRANSPARENCY INDEX COLOR +# These options set the r,g,b values of the background color used the statusmap CGI, +# so normal browsers that can't show real png transparency set the desired color as +# a background color instead (to make it look pretty). +# Defaults to white: (R,G,B) = (255,255,255). + +#color_transparency_index_r=255 +#color_transparency_index_g=255 +#color_transparency_index_b=255 + + + + +# DEFAULT STATUSMAP LAYOUT METHOD +# This option allows you to specify the default layout method +# the statusmap CGI should use for drawing hosts. If you do +# not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 1 = Depth layers +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular +# 5 = Circular (Marked Up) + +default_statusmap_layout=3 + + + +# DEFAULT STATUSWRL LAYOUT METHOD +# This option allows you to specify the default layout method +# the statuswrl (VRML) CGI should use for drawing hosts. If you +# do not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular + +default_statuswrl_layout=4 + + + +# STATUSWRL INCLUDE +# This option allows you to include your own objects in the +# generated VRML world. It is assumed that the file +# resides in the HTML path (i.e. /usr/local/nagios/share). + +#statuswrl_include=myworld.wrl + + + +# PING SYNTAX +# This option determines what syntax should be used when +# attempting to ping a host from the WAP interface (using +# the statuswml CGI. You must include the full path to +# the ping binary, along with all required options. The +# $HOSTADDRESS$ macro is substituted with the address of +# the host before the command is executed. +# Please note that the syntax for the ping binary is +# notorious for being different on virtually ever *NIX +# OS and distribution, so you may have to tweak this to +# work on your system. + +ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ + + + +# REFRESH RATE +# This option allows you to specify the refresh rate in seconds +# of various CGIs (status, statusmap, extinfo, and outages). + +refresh_rate=60 + + + +# ESCAPE HTML TAGS +# This option determines whether HTML tags in host and service +# status output is escaped in the web interface. If enabled, +# your plugin output will not be able to contain clickable links. + +escape_html_tags=1 + + + + +# SOUND OPTIONS +# These options allow you to specify an optional audio file +# that should be played in your browser window when there are +# problems on the network. The audio files are used only in +# the status CGI. Only the sound for the most critical problem +# will be played. Order of importance (higher to lower) is as +# follows: unreachable hosts, down hosts, critical services, +# warning services, and unknown services. If there are no +# visible problems, the sound file optionally specified by +# 'normal_sound' variable will be played. +# +# +# = +# +# Note: All audio files must be placed in the /media subdirectory +# under the HTML path (i.e. /usr/local/nagios/share/media/). + +#host_unreachable_sound=hostdown.wav +#host_down_sound=hostdown.wav +#service_critical_sound=critical.wav +#service_warning_sound=warning.wav +#service_unknown_sound=warning.wav +#normal_sound=noproblem.wav + + + +# URL TARGET FRAMES +# These options determine the target frames in which notes and +# action URLs will open. + +action_url_target=_blank +notes_url_target=_blank + + + + +# LOCK AUTHOR NAMES OPTION +# This option determines whether users can change the author name +# when submitting comments, scheduling downtime. If disabled, the +# author names will be locked into their contact name, as defined in Nagios. +# Values: 0 = allow editing author names +# 1 = lock author names (disallow editing) + +lock_author_names=1 + + + + +# SPLUNK INTEGRATION OPTIONS +# These options allow you to enable integration with Splunk +# in the web interface. If enabled, you'll be presented with +# "Splunk It" links in various places in the CGIs (log file, +# alert history, host/service detail, etc). Useful if you're +# trying to research why a particular problem occurred. +# For more information on Splunk, visit http://www.splunk.com/ + +# This option determines whether the Splunk integration is enabled +# Values: 0 = disable Splunk integration +# 1 = enable Splunk integration + +#enable_splunk_integration=1 + + +# This option should be the URL used to access your instance of Splunk + +#splunk_url=http://127.0.0.1:8000/ + + + diff --git a/files/nagios.cfg b/files/nagios.cfg new file mode 100644 index 0000000..fcc2b7a --- /dev/null +++ b/files/nagios.cfg @@ -0,0 +1,1331 @@ +############################################################################## +# +# NAGIOS.CFG - Sample Main Config File for Nagios 3.2.1 +# +# Read the documentation for more information on this configuration +# file. I've provided some comments here, but things may not be so +# clear without further explanation. +# +# Last Modified: 12-14-2008 +# +############################################################################## + + +# LOG FILE +# This is the main log file where service and host events are logged +# for historical purposes. This should be the first option specified +# in the config file!!! + +log_file=/var/log/nagios/nagios.log + + +# OBJECT CONFIGURATION FILE(S) +# These are the object configuration files in which you define hosts, +# host groups, contacts, contact groups, services, etc. +# You can split your object definitions across several config files +# if you wish (as shown below), or keep them all in a single config file. + +# You can specify individual object config files as shown below: +# These ones come with stock Nagios +#cfg_file=/etc/nagios/objects/commands.cfg +#cfg_file=/etc/nagios/objects/contacts.cfg +cfg_file=/etc/nagios/objects/timeperiods.cfg +#cfg_file=/etc/nagios/objects/templates.cfg +#cfg_file=/etc/nagios/objects/hostgroups.cfg + +# Definitions for monitoring the local (Linux) host +#cfg_file=/etc/nagios/objects/localhost.cfg + +# Definitions for monitoring a Windows machine +#cfg_file=/etc/nagios/objects/windows.cfg + +# Definitions for monitoring a router/switch +#cfg_file=/etc/nagios/objects/switch.cfg + +# Definitions for monitoring a network printer +#cfg_file=/etc/nagios/objects/printer.cfg + +# You can also tell Nagios to process all config files (with a .cfg +# extension) in a particular directory by using the cfg_dir +# directive as shown below: +cfg_dir=/etc/nagios/conf.d + +# These ones are magically generated by Puppet +cfg_file=/etc/nagios/nagios_host.cfg +cfg_file=/etc/nagios/nagios_hostgroup.cfg +cfg_file=/etc/nagios/nagios_hostextinfo.cfg +cfg_file=/etc/nagios/nagios_service.cfg +cfg_file=/etc/nagios/nagios_servicegroup.cfg +cfg_file=/etc/nagios/nagios_servicedependency.cfg +cfg_file=/etc/nagios/nagios_hostdependency.cfg +cfg_file=/etc/nagios/nagios_command.cfg +cfg_file=/etc/nagios/nagios_contact.cfg +cfg_file=/etc/nagios/nagios_contactgroup.cfg + +# OBJECT CACHE FILE +# This option determines where object definitions are cached when +# Nagios starts/restarts. The CGIs read object definitions from +# this cache file (rather than looking at the object config files +# directly) in order to prevent inconsistencies that can occur +# when the config files are modified after Nagios starts. + +object_cache_file=/var/log/nagios/objects.cache + + + +# PRE-CACHED OBJECT FILE +# This options determines the location of the precached object file. +# If you run Nagios with the -p command line option, it will preprocess +# your object configuration file(s) and write the cached config to this +# file. You can then start Nagios with the -u option to have it read +# object definitions from this precached file, rather than the standard +# object configuration files (see the cfg_file and cfg_dir options above). +# Using a precached object file can speed up the time needed to (re)start +# the Nagios process if you've got a large and/or complex configuration. +# Read the documentation section on optimizing Nagios to find our more +# about how this feature works. + +precached_object_file=/var/log/nagios/objects.precache + + + +# RESOURCE FILE +# This is an optional resource file that contains $USERx$ macro +# definitions. Multiple resource files can be specified by using +# multiple resource_file definitions. The CGIs will not attempt to +# read the contents of resource files, so information that is +# considered to be sensitive (usernames, passwords, etc) can be +# defined as macros in this file and restrictive permissions (600) +# can be placed on this file. + +resource_file=/etc/nagios/private/resource.cfg + + + +# STATUS FILE +# This is where the current status of all monitored services and +# hosts is stored. Its contents are read and processed by the CGIs. +# The contents of the status file are deleted every time Nagios +# restarts. + +status_file=/var/log/nagios/status.dat + + + +# STATUS FILE UPDATE INTERVAL +# This option determines the frequency (in seconds) that +# Nagios will periodically dump program, host, and +# service status data. + +status_update_interval=10 + + + +# NAGIOS USER +# This determines the effective user that Nagios should run as. +# You can either supply a username or a UID. + +nagios_user=nagios + + + +# NAGIOS GROUP +# This determines the effective group that Nagios should run as. +# You can either supply a group name or a GID. + +nagios_group=nagios + + + +# EXTERNAL COMMAND OPTION +# This option allows you to specify whether or not Nagios should check +# for external commands (in the command file defined below). By default +# Nagios will *not* check for external commands, just to be on the +# cautious side. If you want to be able to use the CGI command interface +# you will have to enable this. +# Values: 0 = disable commands, 1 = enable commands + +check_external_commands=1 + + + +# EXTERNAL COMMAND CHECK INTERVAL +# This is the interval at which Nagios should check for external commands. +# This value works of the interval_length you specify later. If you leave +# that at its default value of 60 (seconds), a value of 1 here will cause +# Nagios to check for external commands every minute. If you specify a +# number followed by an "s" (i.e. 15s), this will be interpreted to mean +# actual seconds rather than a multiple of the interval_length variable. +# Note: In addition to reading the external command file at regularly +# scheduled intervals, Nagios will also check for external commands after +# event handlers are executed. +# NOTE: Setting this value to -1 causes Nagios to check the external +# command file as often as possible. + +#command_check_interval=15s +command_check_interval=-1 + + + +# EXTERNAL COMMAND FILE +# This is the file that Nagios checks for external command requests. +# It is also where the command CGI will write commands that are submitted +# by users, so it must be writeable by the user that the web server +# is running as (usually 'nobody'). Permissions should be set at the +# directory level instead of on the file, as the file is deleted every +# time its contents are processed. + +#command_file=/var/log/nagios/rw/nagios.cmd +command_file=/var/spool/nagios/cmd/nagios.cmd + + + +# EXTERNAL COMMAND BUFFER SLOTS +# This settings is used to tweak the number of items or "slots" that +# the Nagios daemon should allocate to the buffer that holds incoming +# external commands before they are processed. As external commands +# are processed by the daemon, they are removed from the buffer. + +external_command_buffer_slots=4096 + + + +# LOCK FILE +# This is the lockfile that Nagios will use to store its PID number +# in when it is running in daemon mode. + +lock_file=/var/run/nagios.pid + + + +# TEMP FILE +# This is a temporary file that is used as scratch space when Nagios +# updates the status log, cleans the comment file, etc. This file +# is created, used, and deleted throughout the time that Nagios is +# running. + +temp_file=/var/log/nagios/nagios.tmp + + + +# TEMP PATH +# This is path where Nagios can create temp files for service and +# host check results, etc. + +temp_path=/tmp + + + +# EVENT BROKER OPTIONS +# Controls what (if any) data gets sent to the event broker. +# Values: 0 = Broker nothing +# -1 = Broker everything +# = See documentation + +event_broker_options=-1 + + + +# EVENT BROKER MODULE(S) +# This directive is used to specify an event broker module that should +# by loaded by Nagios at startup. Use multiple directives if you want +# to load more than one module. Arguments that should be passed to +# the module at startup are seperated from the module path by a space. +# +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# Do NOT overwrite modules while they are being used by Nagios or Nagios +# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation +# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios... +# +# The correct/safe way of updating a module is by using one of these methods: +# 1. Shutdown Nagios, replace the module file, restart Nagios +# 2. Delete the original module file, move the new module file into place, restart Nagios +# +# Example: +# +# broker_module= [moduleargs] + +#broker_module=/somewhere/module1.o +#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 + + + +# LOG ROTATION METHOD +# This is the log rotation method that Nagios should use to rotate +# the main log file. Values are as follows.. +# n = None - don't rotate the log +# h = Hourly rotation (top of the hour) +# d = Daily rotation (midnight every day) +# w = Weekly rotation (midnight on Saturday evening) +# m = Monthly rotation (midnight last day of month) + +log_rotation_method=d + + + +# LOG ARCHIVE PATH +# This is the directory where archived (rotated) log files should be +# placed (assuming you've chosen to do log rotation). + +log_archive_path=/var/log/nagios/archives + + + +# LOGGING OPTIONS +# If you want messages logged to the syslog facility, as well as the +# Nagios log file set this option to 1. If not, set it to 0. + +use_syslog=0 + + + +# NOTIFICATION LOGGING OPTION +# If you don't want notifications to be logged, set this value to 0. +# If notifications should be logged, set the value to 1. + +log_notifications=1 + + + +# SERVICE RETRY LOGGING OPTION +# If you don't want service check retries to be logged, set this value +# to 0. If retries should be logged, set the value to 1. + +log_service_retries=1 + + + +# HOST RETRY LOGGING OPTION +# If you don't want host check retries to be logged, set this value to +# 0. If retries should be logged, set the value to 1. + +log_host_retries=1 + + + +# EVENT HANDLER LOGGING OPTION +# If you don't want host and service event handlers to be logged, set +# this value to 0. If event handlers should be logged, set the value +# to 1. + +log_event_handlers=1 + + + +# INITIAL STATES LOGGING OPTION +# If you want Nagios to log all initial host and service states to +# the main log file (the first time the service or host is checked) +# you can enable this option by setting this value to 1. If you +# are not using an external application that does long term state +# statistics reporting, you do not need to enable this option. In +# this case, set the value to 0. + +log_initial_states=0 + + + +# EXTERNAL COMMANDS LOGGING OPTION +# If you don't want Nagios to log external commands, set this value +# to 0. If external commands should be logged, set this value to 1. +# Note: This option does not include logging of passive service +# checks - see the option below for controlling whether or not +# passive checks are logged. + +log_external_commands=1 + + + +# PASSIVE CHECKS LOGGING OPTION +# If you don't want Nagios to log passive host and service checks, set +# this value to 0. If passive checks should be logged, set +# this value to 1. + +log_passive_checks=1 + + + +# GLOBAL HOST AND SERVICE EVENT HANDLERS +# These options allow you to specify a host and service event handler +# command that is to be run for every host or service state change. +# The global event handler is executed immediately prior to the event +# handler that you have optionally specified in each host or +# service definition. The command argument is the short name of a +# command definition that you define in your host configuration file. +# Read the HTML docs for more information. + +#global_host_event_handler=somecommand +#global_service_event_handler=somecommand + + + +# SERVICE INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" service checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all service checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! This is not a +# good thing for production, but is useful when testing the +# parallelization functionality. +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +service_inter_check_delay_method=s + + + +# MAXIMUM SERVICE CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all services should +# be completed. Default is 30 minutes. + +max_service_check_spread=30 + + + +# SERVICE CHECK INTERLEAVE FACTOR +# This variable determines how service checks are interleaved. +# Interleaving the service checks allows for a more even +# distribution of service checks and reduced load on remote +# hosts. Setting this value to 1 is equivalent to how versions +# of Nagios previous to 0.0.5 did service checks. Set this +# value to s (smart) for automatic calculation of the interleave +# factor unless you have a specific reason to change it. +# s = Use "smart" interleave factor calculation +# x = Use an interleave factor of x, where x is a +# number greater than or equal to 1. + +service_interleave_factor=s + + + +# HOST INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" host checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all host checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +host_inter_check_delay_method=s + + + +# MAXIMUM HOST CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all hosts should +# be completed. Default is 30 minutes. + +max_host_check_spread=30 + + + +# MAXIMUM CONCURRENT SERVICE CHECKS +# This option allows you to specify the maximum number of +# service checks that can be run in parallel at any given time. +# Specifying a value of 1 for this variable essentially prevents +# any service checks from being parallelized. A value of 0 +# will not restrict the number of concurrent checks that are +# being executed. + +max_concurrent_checks=0 + + + +# HOST AND SERVICE CHECK REAPER FREQUENCY +# This is the frequency (in seconds!) that Nagios will process +# the results of host and service checks. + +check_result_reaper_frequency=10 + + + + +# MAX CHECK RESULT REAPER TIME +# This is the max amount of time (in seconds) that a single +# check result reaper event will be allowed to run before +# returning control back to Nagios so it can perform other +# duties. + +max_check_result_reaper_time=30 + + + + +# CHECK RESULT PATH +# This is directory where Nagios stores the results of host and +# service checks that have not yet been processed. +# +# Note: Make sure that only one instance of Nagios has access +# to this directory! + +check_result_path=/var/log/nagios/spool/checkresults +#check_result_path=/var/spool/nagios/checkresults + + + +# MAX CHECK RESULT FILE AGE +# This option determines the maximum age (in seconds) which check +# result files are considered to be valid. Files older than this +# threshold will be mercilessly deleted without further processing. + +#max_check_result_file_age=3600 +max_check_result_file_age=0 + + + + +# CACHED HOST CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous host check is considered current. +# Cached host states (from host checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to the host check logic. +# Too high of a value for this option may result in inaccurate host +# states being used by Nagios, while a lower value may result in a +# performance hit for host checks. Use a value of 0 to disable host +# check caching. + +cached_host_check_horizon=15 + + + +# CACHED SERVICE CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous service check is considered current. +# Cached service states (from service checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to predictive dependency checks. +# Use a value of 0 to disable service check caching. + +cached_service_check_horizon=15 + + + +# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of hosts when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# host dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_host_dependency_checks=1 + + + +# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of service when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# service dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_service_dependency_checks=1 + + + +# SOFT STATE DEPENDENCIES +# This option determines whether or not Nagios will use soft state +# information when checking host and service dependencies. Normally +# Nagios will only use the latest hard host or service state when +# checking dependencies. If you want it to use the latest state (regardless +# of whether its a soft or hard state type), enable this option. +# Values: +# 0 = Don't use soft state dependencies (default) +# 1 = Use soft state dependencies + +soft_state_dependencies=0 + + + +# TIME CHANGE ADJUSTMENT THRESHOLDS +# These options determine when Nagios will react to detected changes +# in system time (either forward or backwards). + +#time_change_threshold=900 + + + +# AUTO-RESCHEDULING OPTION +# This option determines whether or not Nagios will attempt to +# automatically reschedule active host and service checks to +# "smooth" them out over time. This can help balance the load on +# the monitoring server. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_reschedule_checks=0 + + + +# AUTO-RESCHEDULING INTERVAL +# This option determines how often (in seconds) Nagios will +# attempt to automatically reschedule checks. This option only +# has an effect if the auto_reschedule_checks option is enabled. +# Default is 30 seconds. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_interval=30 + + + +# AUTO-RESCHEDULING WINDOW +# This option determines the "window" of time (in seconds) that +# Nagios will look at when automatically rescheduling checks. +# Only host and service checks that occur in the next X seconds +# (determined by this variable) will be rescheduled. This option +# only has an effect if the auto_reschedule_checks option is +# enabled. Default is 180 seconds (3 minutes). +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_window=180 + + + +# SLEEP TIME +# This is the number of seconds to sleep between checking for system +# events and service checks that need to be run. + +sleep_time=0.25 + + + +# TIMEOUT VALUES +# These options control how much time Nagios will allow various +# types of commands to execute before killing them off. Options +# are available for controlling maximum time allotted for +# service checks, host checks, event handlers, notifications, the +# ocsp command, and performance data commands. All values are in +# seconds. + +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +perfdata_timeout=5 + + + +# RETAIN STATE INFORMATION +# This setting determines whether or not Nagios will save state +# information for services and hosts before it shuts down. Upon +# startup Nagios will reload all saved service and host state +# information before starting to monitor. This is useful for +# maintaining long-term data on state statistics, etc, but will +# slow Nagios down a bit when it (re)starts. Since its only +# a one-time penalty, I think its well worth the additional +# startup delay. + +retain_state_information=1 + + + +# STATE RETENTION FILE +# This is the file that Nagios should use to store host and +# service state information before it shuts down. The state +# information in this file is also read immediately prior to +# starting to monitor the network when Nagios is restarted. +# This file is used only if the preserve_state_information +# variable is set to 1. + +state_retention_file=/var/log/nagios/retention.dat + + + +# RETENTION DATA UPDATE INTERVAL +# This setting determines how often (in minutes) that Nagios +# will automatically save retention data during normal operation. +# If you set this value to 0, Nagios will not save retention +# data at regular interval, but it will still save retention +# data before shutting down or restarting. If you have disabled +# state retention, this option has no effect. + +retention_update_interval=60 + + + +# USE RETAINED PROGRAM STATE +# This setting determines whether or not Nagios will set +# program status variables based on the values saved in the +# retention file. If you want to use retained program status +# information, set this value to 1. If not, set this value +# to 0. + +use_retained_program_state=1 + + + +# USE RETAINED SCHEDULING INFO +# This setting determines whether or not Nagios will retain +# the scheduling info (next check time) for hosts and services +# based on the values saved in the retention file. If you +# If you want to use retained scheduling info, set this +# value to 1. If not, set this value to 0. + +use_retained_scheduling_info=1 + + + +# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE) +# The following variables are used to specify specific host and +# service attributes that should *not* be retained by Nagios during +# program restarts. +# +# The values of the masks are bitwise ANDs of values specified +# by the "MODATTR_" definitions found in include/common.h. +# For example, if you do not want the current enabled/disabled state +# of flap detection and event handlers for hosts to be retained, you +# would use a value of 24 for the host attribute mask... +# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24 + +# This mask determines what host attributes are not retained +retained_host_attribute_mask=0 + +# This mask determines what service attributes are not retained +retained_service_attribute_mask=0 + +# These two masks determine what process attributes are not retained. +# There are two masks, because some process attributes have host and service +# options. For example, you can disable active host checks, but leave active +# service checks enabled. +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 + +# These two masks determine what contact attributes are not retained. +# There are two masks, because some contact attributes have host and +# service options. For example, you can disable host notifications for +# a contact, but leave service notifications enabled for them. +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 + + + +# INTERVAL LENGTH +# This is the seconds per unit interval as used in the +# host/contact/service configuration files. Setting this to 60 means +# that each interval is one minute long (60 seconds). Other settings +# have not been tested much, so your mileage is likely to vary... + +interval_length=60 + + + +# CHECK FOR UPDATES +# This option determines whether Nagios will automatically check to +# see if new updates (releases) are available. It is recommend that you +# enable this option to ensure that you stay on top of the latest critical +# patches to Nagios. Nagios is critical to you - make sure you keep it in +# good shape. Nagios will check once a day for new updates. Data collected +# by Nagios Enterprises from the update check is processed in accordance +# with our privacy policy - see http://api.nagios.org for details. + +check_for_updates=0 + + + +# BARE UPDATE CHECK +# This option deterines what data Nagios will send to api.nagios.org when +# it checks for updates. By default, Nagios will send information on the +# current version of Nagios you have installed, as well as an indicator as +# to whether this was a new installation or not. Nagios Enterprises uses +# this data to determine the number of users running specific version of +# Nagios. Enable this option if you do not want this information to be sent. + +bare_update_check=0 + + + +# AGGRESSIVE HOST CHECKING OPTION +# If you don't want to turn on aggressive host checking features, set +# this value to 0 (the default). Otherwise set this value to 1 to +# enable the aggressive check option. Read the docs for more info +# on what aggressive host check is or check out the source code in +# base/checks.c + +use_aggressive_host_checking=0 + + + +# SERVICE CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# service checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of service checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_service_checks=1 + + + +# PASSIVE SERVICE CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# service checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_service_checks=1 + + + +# HOST CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# host checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of host checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_host_checks=1 + + + +# PASSIVE HOST CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# host checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_host_checks=1 + + + +# NOTIFICATIONS OPTION +# This determines whether or not Nagios will sent out any host or +# service notifications when it is initially (re)started. +# Values: 1 = enable notifications, 0 = disable notifications + +enable_notifications=1 + + + +# EVENT HANDLER USE OPTION +# This determines whether or not Nagios will run any host or +# service event handlers when it is initially (re)started. Unless +# you're implementing redundant hosts, leave this option enabled. +# Values: 1 = enable event handlers, 0 = disable event handlers + +enable_event_handlers=1 + + + +# PROCESS PERFORMANCE DATA OPTION +# This determines whether or not Nagios will process performance +# data returned from service and host checks. If this option is +# enabled, host performance data will be processed using the +# host_perfdata_command (defined below) and service performance +# data will be processed using the service_perfdata_command (also +# defined below). Read the HTML docs for more information on +# performance data. +# Values: 1 = process performance data, 0 = do not process performance data + +process_performance_data=1 + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS +# These commands are run after every host and service check is +# performed. These commands are executed only if the +# enable_performance_data option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on performance data. + +host_perfdata_command=process-host-perfdata +service_perfdata_command=process-service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILES +# These files are used to store host and service performance data. +# Performance data is only written to these files if the +# enable_performance_data option (above) is set to 1. + +host_perfdata_file=/tmp/host-perfdata +service_perfdata_file=/tmp/service-perfdata +#host_perfdata_file=/var/lib/pnp4nagios/host-perfdata +#service_perfdata_file=/var/lib/pnp4nagios/service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES +# These options determine what data is written (and how) to the +# performance data files. The templates may contain macros, special +# characters (\t for tab, \r for carriage return, \n for newline) +# and plain text. A newline is automatically added after each write +# to the performance data file. Some examples of what you can do are +# shown below. + +host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$ +service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$ + + + +# HOST AND SERVICE PERFORMANCE DATA FILE MODES +# This option determines whether or not the host and service +# performance data files are opened in write ("w") or append ("a") +# mode. If you want to use named pipes, you should use the special +# pipe ("p") mode which avoid blocking at startup, otherwise you will +# likely want the defult append ("a") mode. + +host_perfdata_file_mode=a +service_perfdata_file_mode=a + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL +# These options determine how often (in seconds) the host and service +# performance data files are processed using the commands defined +# below. A value of 0 indicates the files should not be periodically +# processed. + +host_perfdata_file_processing_interval=60 +service_perfdata_file_processing_interval=60 + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS +# These commands are used to periodically process the host and +# service performance data files. The interval at which the +# processing occurs is determined by the options above. + +host_perfdata_file_processing_command=process-host-perfdata-file +service_perfdata_file_processing_command=process-service-perfdata-file + + + +# OBSESS OVER SERVICE CHECKS OPTION +# This determines whether or not Nagios will obsess over service +# checks and run the ocsp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over services, 0 = do not obsess (default) + +obsess_over_services=0 + + + +# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND +# This is the command that is run for every service check that is +# processed by Nagios. This command is executed only if the +# obsess_over_services option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ocsp_command=somecommand + + + +# OBSESS OVER HOST CHECKS OPTION +# This determines whether or not Nagios will obsess over host +# checks and run the ochp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over hosts, 0 = do not obsess (default) + +obsess_over_hosts=0 + + + +# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND +# This is the command that is run for every host check that is +# processed by Nagios. This command is executed only if the +# obsess_over_hosts option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ochp_command=somecommand + + + +# TRANSLATE PASSIVE HOST CHECKS OPTION +# This determines whether or not Nagios will translate +# DOWN/UNREACHABLE passive host check results into their proper +# state for this instance of Nagios. This option is useful +# if you have distributed or failover monitoring setup. In +# these cases your other Nagios servers probably have a different +# "view" of the network, with regards to the parent/child relationship +# of hosts. If a distributed monitoring server thinks a host +# is DOWN, it may actually be UNREACHABLE from the point of +# this Nagios instance. Enabling this option will tell Nagios +# to translate any DOWN or UNREACHABLE host states it receives +# passively into the correct state from the view of this server. +# Values: 1 = perform translation, 0 = do not translate (default) + +translate_passive_host_checks=0 + + + +# PASSIVE HOST CHECKS ARE SOFT OPTION +# This determines whether or not Nagios will treat passive host +# checks as being HARD or SOFT. By default, a passive host check +# result will put a host into a HARD state type. This can be changed +# by enabling this option. +# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT + +passive_host_checks_are_soft=0 + + + +# ORPHANED HOST/SERVICE CHECK OPTIONS +# These options determine whether or not Nagios will periodically +# check for orphaned host service checks. Since service checks are +# not rescheduled until the results of their previous execution +# instance are processed, there exists a possibility that some +# checks may never get rescheduled. A similar situation exists for +# host checks, although the exact scheduling details differ a bit +# from service checks. Orphaned checks seem to be a rare +# problem and should not happen under normal circumstances. +# If you have problems with service checks never getting +# rescheduled, make sure you have orphaned service checks enabled. +# Values: 1 = enable checks, 0 = disable checks + +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 + + + +# SERVICE FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of service results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_service_freshness=1 + + + +# SERVICE FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of service check results. If you have +# disabled service freshness checking, this option has no effect. + +service_freshness_check_interval=60 + + + +# HOST FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of host results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_host_freshness=0 + + + +# HOST FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of host check results. If you have +# disabled host freshness checking, this option has no effect. + +host_freshness_check_interval=60 + + + + +# ADDITIONAL FRESHNESS THRESHOLD LATENCY +# This setting determines the number of seconds that Nagios +# will add to any host and service freshness thresholds that +# it calculates (those not explicitly specified by the user). + +additional_freshness_latency=15 + + + + +# FLAP DETECTION OPTION +# This option determines whether or not Nagios will try +# and detect hosts and services that are "flapping". +# Flapping occurs when a host or service changes between +# states too frequently. When Nagios detects that a +# host or service is flapping, it will temporarily suppress +# notifications for that host/service until it stops +# flapping. Flap detection is very experimental, so read +# the HTML documentation before enabling this feature! +# Values: 1 = enable flap detection +# 0 = disable flap detection (default) + +enable_flap_detection=1 + + + +# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES +# Read the HTML documentation on flap detection for +# an explanation of what this option does. This option +# has no effect if flap detection is disabled. + +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 + + + +# DATE FORMAT OPTION +# This option determines how short dates are displayed. Valid options +# include: +# us (MM-DD-YYYY HH:MM:SS) +# euro (DD-MM-YYYY HH:MM:SS) +# iso8601 (YYYY-MM-DD HH:MM:SS) +# strict-iso8601 (YYYY-MM-DDTHH:MM:SS) +# + +date_format=iso8601 + + + + +# TIMEZONE OFFSET +# This option is used to override the default timezone that this +# instance of Nagios runs in. If not specified, Nagios will use +# the system configured timezone. +# +# NOTE: In order to display the correct timezone in the CGIs, you +# will also need to alter the Apache directives for the CGI path +# to include your timezone. Example: +# +# +# SetEnv TZ "Australia/Brisbane" +# ... +# + +#use_timezone=US/Mountain +#use_timezone=Australia/Brisbane + + + + +# P1.PL FILE LOCATION +# This value determines where the p1.pl perl script (used by the +# embedded Perl interpreter) is located. If you didn't compile +# Nagios with embedded Perl support, this option has no effect. + +p1_file=/usr/sbin/p1.pl + + + +# EMBEDDED PERL INTERPRETER OPTION +# This option determines whether or not the embedded Perl interpreter +# will be enabled during runtime. This option has no effect if Nagios +# has not been compiled with support for embedded Perl. +# Values: 0 = disable interpreter, 1 = enable interpreter + +enable_embedded_perl=1 + + + +# EMBEDDED PERL USAGE OPTION +# This option determines whether or not Nagios will process Perl plugins +# and scripts with the embedded Perl interpreter if the plugins/scripts +# do not explicitly indicate whether or not it is okay to do so. Read +# the HTML documentation on the embedded Perl interpreter for more +# information on how this option works. + +use_embedded_perl_implicitly=1 + + + +# ILLEGAL OBJECT NAME CHARACTERS +# This option allows you to specify illegal characters that cannot +# be used in host names, service descriptions, or names of other +# object types. + +illegal_object_name_chars=`~!$%^&*|'"<>?,()= + + + +# ILLEGAL MACRO OUTPUT CHARACTERS +# This option allows you to specify illegal characters that are +# stripped from macros before being used in notifications, event +# handlers, etc. This DOES NOT affect macros used in service or +# host check commands. +# The following macros are stripped of the characters you specify: +# $HOSTOUTPUT$ +# $HOSTPERFDATA$ +# $HOSTACKAUTHOR$ +# $HOSTACKCOMMENT$ +# $SERVICEOUTPUT$ +# $SERVICEPERFDATA$ +# $SERVICEACKAUTHOR$ +# $SERVICEACKCOMMENT$ + +illegal_macro_output_chars=`~$&|'"<> + + + +# REGULAR EXPRESSION MATCHING +# This option controls whether or not regular expression matching +# takes place in the object config files. Regular expression +# matching is used to match host, hostgroup, service, and service +# group names/descriptions in some fields of various object types. +# Values: 1 = enable regexp matching, 0 = disable regexp matching + +use_regexp_matching=0 + + + +# "TRUE" REGULAR EXPRESSION MATCHING +# This option controls whether or not "true" regular expression +# matching takes place in the object config files. This option +# only has an effect if regular expression matching is enabled +# (see above). If this option is DISABLED, regular expression +# matching only occurs if a string contains wildcard characters +# (* and ?). If the option is ENABLED, regexp matching occurs +# all the time (which can be annoying). +# Values: 1 = enable true matching, 0 = disable true matching + +use_true_regexp_matching=0 + + + +# ADMINISTRATOR EMAIL/PAGER ADDRESSES +# The email and pager address of a global administrator (likely you). +# Nagios never uses these values itself, but you can access them by +# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification +# commands. + +admin_email=nagios@localhost +admin_pager=pagenagios@localhost + + + +# DAEMON CORE DUMP OPTION +# This option determines whether or not Nagios is allowed to create +# a core dump when it runs as a daemon. Note that it is generally +# considered bad form to allow this, but it may be useful for +# debugging purposes. Enabling this option doesn't guarantee that +# a core file will be produced, but that's just life... +# Values: 1 - Allow core dumps +# 0 - Do not allow core dumps (default) + +daemon_dumps_core=0 + + + +# LARGE INSTALLATION TWEAKS OPTION +# This option determines whether or not Nagios will take some shortcuts +# which can save on memory and CPU usage in large Nagios installations. +# Read the documentation for more information on the benefits/tradeoffs +# of enabling this option. +# Values: 1 - Enabled tweaks +# 0 - Disable tweaks (default) + +use_large_installation_tweaks=0 + + + +# ENABLE ENVIRONMENT MACROS +# This option determines whether or not Nagios will make all standard +# macros available as environment variables when host/service checks +# and system commands (event handlers, notifications, etc.) are +# executed. Enabling this option can cause performance issues in +# large installations, as it will consume a bit more memory and (more +# importantly) consume more CPU. +# Values: 1 - Enable environment variable macros (default) +# 0 - Disable environment variable macros + +enable_environment_macros=1 + + + +# CHILD PROCESS MEMORY OPTION +# This option determines whether or not Nagios will free memory in +# child processes (processed used to execute system commands and host/ +# service checks). If you specify a value here, it will override +# program defaults. +# Value: 1 - Free memory in child processes +# 0 - Do not free memory in child processes + +#free_child_process_memory=1 + + + +# CHILD PROCESS FORKING BEHAVIOR +# This option determines how Nagios will fork child processes +# (used to execute system commands and host/service checks). Normally +# child processes are fork()ed twice, which provides a very high level +# of isolation from problems. Fork()ing once is probably enough and will +# save a great deal on CPU usage (in large installs), so you might +# want to consider using this. If you specify a value here, it will +# program defaults. +# Value: 1 - Child processes fork() twice +# 0 - Child processes fork() just once + +#child_processes_fork_twice=1 + + + +# DEBUG LEVEL +# This option determines how much (if any) debugging information will +# be written to the debug file. OR values together to log multiple +# types of information. +# Values: +# -1 = Everything +# 0 = Nothing +# 1 = Functions +# 2 = Configuration +# 4 = Process information +# 8 = Scheduled events +# 16 = Host/service checks +# 32 = Notifications +# 64 = Event broker +# 128 = External commands +# 256 = Commands +# 512 = Scheduled downtime +# 1024 = Comments +# 2048 = Macros + +debug_level=0 + + + +# DEBUG VERBOSITY +# This option determines how verbose the debug log out will be. +# Values: 0 = Brief output +# 1 = More detailed +# 2 = Very detailed + +debug_verbosity=1 + + + +# DEBUG FILE +# This option determines where Nagios should write debugging information. + +debug_file=/var/log/nagios/nagios.debug + + + +# MAX DEBUG FILE SIZE +# This option determines the maximum size (in bytes) of the debug file. If +# the file grows larger than this size, it will be renamed with a .old +# extension. If a file already exists with a .old extension it will +# automatically be deleted. This helps ensure your disk space usage doesn't +# get out of control when debugging Nagios. + +max_debug_file_size=1000000 + + diff --git a/files/nsca.cfg b/files/nsca.cfg new file mode 100644 index 0000000..7701b59 --- /dev/null +++ b/files/nsca.cfg @@ -0,0 +1,191 @@ +#################################################### +# Sample NSCA Daemon Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 04-03-2006 +#################################################### + + +# PID FILE +# The name of the file in which the NSCA daemon should write it's process ID +# number. The file is only written if the NSCA daemon is started by the root +# user as a single- or multi-process daemon. + +pid_file=/var/run/nsca.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# This must be a non-priveledged port (i.e. > 1024). + +server_port=5667 + + + +# SERVER ADDRESS +# Address that NSCA has to bind to in case there are +# more as one interface and we do not want NSCA to bind +# (thus listen) on all interfaces. + +#server_address=192.168.1.1 + + + +# NSCA USER +# This determines the effective user that the NSCA daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_user=nagios + + + +# NSCA GROUP +# This determines the effective group that the NSCA daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_group=nagios + + + +# NSCA CHROOT +# If specified, determines a directory into which the nsca daemon +# will perform a chroot(2) operation before dropping its privileges. +# for the security conscious this can add a layer of protection in +# the event that the nagios daemon is compromised. +# +# NOTE: if you specify this option, the command file will be opened +# relative to this directory. + +#nsca_chroot=/var/run/nagios/rw + + + +# DEBUGGING OPTION +# This option determines whether or not debugging +# messages are logged to the syslog facility. +# Values: 0 = debugging off, 1 = debugging on + +debug=0 + + + +# COMMAND FILE +# This is the location of the Nagios command file that the daemon +# should write all service check results that it receives. + +command_file=/var/spool/nagios/cmd/nagios.cmd + + +# ALTERNATE DUMP FILE +# This is used to specify an alternate file the daemon should +# write service check results to in the event the command file +# does not exist. It is important to note that the command file +# is implemented as a named pipe and only exists when Nagios is +# running. You may want to modify the startup script for Nagios +# to dump the contents of this file into the command file after +# it starts Nagios. Or you may simply choose to ignore any +# check results received while Nagios was not running... + +alternate_dump_file=/var/spool/nagios/cmd/nsca.dump + + + +# AGGREGATED WRITES OPTION +# This option determines whether or not the nsca daemon will +# aggregate writes to the external command file for client +# connections that contain multiple check results. If you +# are queueing service check results on remote hosts and +# sending them to the nsca daemon in bulk, you will probably +# want to enable bulk writes, as this will be a bit more +# efficient. +# Values: 0 = do not aggregate writes, 1 = aggregate writes + +aggregate_writes=0 + + + +# APPEND TO FILE OPTION +# This option determines whether or not the nsca daemon will +# will open the external command file for writing or appending. +# This option should almost *always* be set to 0! +# Values: 0 = open file for writing, 1 = open file for appending + +append_to_file=0 + + + +# MAX PACKET AGE OPTION +# This option is used by the nsca daemon to determine when client +# data is too old to be valid. Keeping this value as small as +# possible is recommended, as it helps prevent the possibility of +# "replay" attacks. This value needs to be at least as long as +# the time it takes your clients to send their data to the server. +# Values are in seconds. The max packet age cannot exceed 15 +# minutes (900 seconds). If this variable is set to zero (0), no +# packets will be rejected based on their age. + +max_packet_age=30 + + + +# DECRYPTION PASSWORD +# This is the password/passphrase that should be used to descrypt the +# incoming packets. Note that all clients must encrypt the packets +# they send using the same password! +# IMPORTANT: You don't want all the users on this system to be able +# to read the password you specify here, so make sure to set +# restrictive permissions on this config file! + +#password= + + + +# DECRYPTION METHOD +# This option determines the method by which the nsca daemon will +# decrypt the packets it receives from the clients. The decryption +# method you choose will be a balance between security and performance, +# as strong encryption methods consume more processor resources. +# You should evaluate your security needs when choosing a decryption +# method. +# +# Note: The decryption method you specify here must match the +# encryption method the nsca clients use (as specified in +# the send_nsca.cfg file)!! +# Values: +# +# 0 = None (Do NOT use this option) +# 1 = Simple XOR (No security, just obfuscation, but very fast) +# +# 2 = DES +# 3 = 3DES (Triple DES) +# 4 = CAST-128 +# 5 = CAST-256 +# 6 = xTEA +# 7 = 3WAY +# 8 = BLOWFISH +# 9 = TWOFISH +# 10 = LOKI97 +# 11 = RC2 +# 12 = ARCFOUR +# +# 14 = RIJNDAEL-128 +# 15 = RIJNDAEL-192 +# 16 = RIJNDAEL-256 +# +# 19 = WAKE +# 20 = SERPENT +# +# 22 = ENIGMA (Unix crypt) +# 23 = GOST +# 24 = SAFER64 +# 25 = SAFER128 +# 26 = SAFER+ +# + +decryption_method=1 + diff --git a/manifests/client.pp b/manifests/client.pp index 79e01ba..5c47bf0 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,7 +1,13 @@ # Configures nagios client and sets up basic checks -class nagios::client { +class nagios::client ( + $allowed_hosts = ['127.0.0.1'],) { class { 'nagios::install': } - - include nagios::services::client - + + class { 'nagios::config::client': allowed_hosts => $allowed_hosts, } + + class { 'nagios::services::client': } + + Class['nagios::install'] -> Class['nagios::config::client'] -> + Class['nagios::services::client'] + } diff --git a/manifests/commands.pp b/manifests/commands.pp index 9da7886..2293bd9 100644 --- a/manifests/commands.pp +++ b/manifests/commands.pp @@ -4,12 +4,19 @@ command_line => '$USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$', } + $host_email = template('nagios/host_email.erb') + $host_subject = '"** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **"' + $host_sendmail = "/bin/mail -s ${host_subject}" nagios_command { 'notify-host-by-email': - command_line => '/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$', + command_line => "/usr/bin/printf \"%b\" \"${host_email}\" | ${host_sendmail}", } + $service_email = template('nagios/service_email.erb') + $service_subject = '"** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **"' + $service_sendmail = "/bin/mail -s ${service_subject}" + nagios_command { 'notify-service-by-email': - command_line => '/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$', + command_line => "/usr/bin/printf \"%b\" \"${service_email}\" | ${service_sendmail}", } nagios_command { 'check-host-alive': diff --git a/manifests/config/client.pp b/manifests/config/client.pp new file mode 100644 index 0000000..b86bd8c --- /dev/null +++ b/manifests/config/client.pp @@ -0,0 +1,116 @@ +# Configuration for Nagios client +class nagios::config::client ( + $allowed_hosts = ['127.0.0.1'], + $hostgroups = undef,) { + if $hostgroups == undef { + # try and guess the correct group + $local_hostgroups = $::hostname ? { + /^dhcp\d+/ => 'dhcp-servers', + /^dns\d+/ => 'dns-servers', + /^web\d+/ => 'web-servers', + /^webdev/ => 'dev-servers', + /^build\d+/ => 'dev-servers', + /^db\d+/ => 'db-servers', + /^syslog\d+/ => 'syslog-servers', + default => undef, + } } else { + $local_hostgroups = $hostgroups + } + + # Define the host in nagios, including parent hypervisor, if there is one + + @@nagios_host { $::fqdn: + ensure => present, + address => $::ipaddress, + use => 'generic-host', + tag => $::domain, + # Insert parent value if we are a VM + parents => $::vmparent, + action_url => "/nagios/pnp4nagios/graph?host=${::fqdn}", + hostgroups => $local_hostgroups, + } + + # If we are a virtual host, also add host deps on parent + # If we don't (yet) know the parent, skip this step for now + # This suppresses warnings for VMs if the hypervisor is down + if ($::virtual == 'kvm') and ($::vmparent) { + @@nagios_hostdependency { "${::fqdn}-${::vmparent}": + host_name => $::vmparent, + dependent_host_name => $::fqdn, + notification_failure_criteria => 'd,u', + } + } + + # Add icons for the OS and graphs + @@nagios_hostextinfo { $::fqdn: + ensure => present, + icon_image_alt => $::operatingsystem, + icon_image => "${::operatingsystem}.png", + statusmap_image => "${::operatingsystem}.gd2", + tag => $::domain, + } + + # Install SELinux NRPE policy + # if $::osfamily == 'RedHat' { + # selinux::module { 'resnet-nrpe': + # ensure => 'present', + # source => 'puppet:///modules/nagios/nrpe/resnet-nrpe.te', + # } + # } + # Install base nrpe config + file { '/etc/nagios/nrpe.cfg': + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/nagios/nrpe/nrpe.cfg', + require => Package['nrpe'], + notify => Service['nrpe'], + } + + # Install supplementary nrpe config + + # Add a symlink for the different path on ubuntu + if $::osfamily == 'Debian' { + file { '/etc/nrpe.d': + ensure => link, + target => '/etc/nagios/nrpe.d', + } + } + + # Auto-add a NSCA firewall rule on the monitor server just for us + @@firewall { "200-nsca-${::fqdn}": + proto => 'tcp', + dport => '5667', + tag => 'nsca', + source => $::ipaddress, + action => 'accept', + } + + @@firewall { "200-nsca-v6-${::fqdn}": + proto => 'tcp', + dport => '5667', + source => $::ipaddress6, + provider => 'ip6tables', + action => 'accept', + } + + # Add a VIRTUAL nrpe user + @user { 'nrpe': + ensure => present, + require => Package['nrpe'], + } + + # Then realize that virtual user with collection syntax + User <| title == 'nrpe' |> + + # Elsewhere add to the parameters for that virtual resource using plusignment + User <| title == 'nrpe' |> { + groups +> 'sudoers' + } + User <| title == 'nrpe' |> { + groups +> 'puppet' + } + + # Add firewall rule to allow NRPE from the monitoring server + Firewall <<| tag == 'nrpe' |>> +} diff --git a/manifests/config/hostgroups.pp b/manifests/config/hostgroups.pp index 046206b..506500f 100644 --- a/manifests/config/hostgroups.pp +++ b/manifests/config/hostgroups.pp @@ -6,7 +6,7 @@ $hostgroups = { 'default' => { alias => 'default-hostgroup', - tag => 'everything', + tag => $::domain, } } ) { diff --git a/manifests/config/nrpe.pp b/manifests/config/nrpe.pp index f8dd0f3..d992f5b 100644 --- a/manifests/config/nrpe.pp +++ b/manifests/config/nrpe.pp @@ -1,19 +1,24 @@ # Install a nrpe config snippet to make the plugin accessible # Some stock plugins lack a NRPE snippet so will need nrpeconfig{} # without nagiosplugin{} -define nagios::config::nrpe ($command, $sudo = undef) { - $file_name = $::osfamily ? { +define nagios::config::nrpe ( + $command, + $sudo = undef) { + $file_name = $::osfamily ? { 'RedHat' => "/etc/nrpe.d/${title}.cfg", 'Debian' => "/etc/nagios/nrpe.d/${title}.cfg", default => "/etc/nrpe.d/${title}.cfg", } + $nagios_path = "/usr/${::lib_path}/nagios/plugins/${command}" + $content = $sudo ? { + true => "command[${title}]=/usr/bin/sudo ${nagios_path}", + default => "command[${title}]=${nagios_path}", + } + file { $file_name: alias => "${title}.cfg", - content => $sudo ? { - true => "command[${title}]=/usr/bin/sudo /usr/${::lib_path}/nagios/plugins/${command}", - default => "command[${title}]=/usr/${::lib_path}/nagios/plugins/${command}", - }, + content => $content, owner => 'root', group => 'root', mode => '0644', diff --git a/manifests/config/server.pp b/manifests/config/server.pp new file mode 100644 index 0000000..7b648d6 --- /dev/null +++ b/manifests/config/server.pp @@ -0,0 +1,152 @@ +# Configuration for Nagios server +class nagios::config::server ( + $use_mod_auth_cas = true, + $cas_validate_url = undef, + $cas_login_url = undef,) { + # A server is also a client + class { 'nagios::config::client': } + + # These configs are the ones that can't be dynamically generated by puppet, + # for things that aren't managed by puppet, eg ESXi. These are managed by + # puppet in the traditional way. + # Nagios master config + file { '/etc/nagios/nagios.cfg': + alias => 'nagios.cfg', + mode => '0640', + owner => 'root', + group => 'nagios', + source => 'puppet:///modules/nagios/nagios.cfg', + require => Package['nagios'], + notify => Service['nagios'], + before => Service['nagios'], + } + + # NSCA config + file { '/etc/nagios/nsca.cfg': + alias => 'nsca.cfg', + mode => '0600', + owner => 'root', + group => 'root', + source => 'puppet:///modules/nagios/nsca.cfg', + require => Package['nsca'], + notify => Service['nsca'], + } + + file { '/etc/nagios/private/resource.cfg': + alias => 'resource.cfg', + mode => '0640', + owner => 'root', + group => 'nagios', + content => template('nagios/resource.cfg.erb'), + require => Package['nagios'], + notify => Service['nagios'], + before => Service['nagios'], + } + + file { '/etc/nagios/private/cgi.cfg': + alias => 'cgi.cfg', + mode => '0640', + owner => 'root', + group => 'nagios', + source => 'puppet:///modules/nagios/cgi.cfg', + require => Package['nagios'], + notify => Service['nagios'], + before => Service['nagios'], + } + + # Install some custom icons for the web interface + nagios::icon { 'CentOS': } + + nagios::icon { 'Fedora': } + + nagios::icon { 'RedHat': } + + nagios::icon { 'Ubuntu': } + + nagios::icon { 'VMware': } + + nagios::icon { 'Windows': } + + nagios::icon { 'Debian': } + + nagios::icon { 'Scientific': } + + # Auto-add a firewall rule in the NRPE clients just for us + @@firewall { "100-nrpe-${::fqdn}": + proto => 'tcp', + dport => '5666', + tag => 'nrpe', + source => $::ipaddress, + action => 'accept', + } + + @@firewall { "100-nrpe-v6-${::fqdn}": + proto => 'tcp', + dport => '5666', + tag => 'nrpe', + source => $::ipaddress6, + provider => 'ip6tables', + action => 'accept', + } + + # Firewall rules for NSCA + # Automatically grant NSCA access to any managed host + Firewall <<| tag == 'nsca' |>> + + # collect resources and populate /etc/nagios/nagios_*.cfg + Nagios_host <<| |>> { + notify => Service['nagios'], + } + Nagios_service <<| |>> { + notify => Service['nagios'], + } + Nagios_hostextinfo <<| |>> { + notify => Service['nagios'], + } + Nagios_servicedependency <<| |>> { + notify => Service['nagios'], + } + Nagios_hostdependency <<| |>> { + notify => Service['nagios'], + } + Nagios_contact <<| |>> { + notify => Service['nagios'], + } + Nagios_contactgroup <<| |>> { + notify => Service['nagios'], + } + Nagios_command <<| |>> { + notify => Service['nagios'], + } + Nagios_servicegroup <<| |>> { + notify => Service['nagios'], + } + Nagios_hostgroup <<| |>> { + notify => Service['nagios'], + } + + # Purge old configs + resources { [ + 'nagios_host', + 'nagios_service', + 'nagios_hostextinfo', + 'nagios_servicedependency', + 'nagios_contact', + 'nagios_contactgroup', + 'nagios_command', + 'nagios_servicegroup', + 'nagios_hostgroup', + 'nagios_hostdependency']: + purge => true, + notify => Service['nagios'], + } + + # Make sure Nagios can read its own configs + file { '/etc/nagios/conf.d': + recurse => true, + mode => '0644', + owner => 'root', + group => 'nagios', + } + +} \ No newline at end of file diff --git a/manifests/config/vhosts.pp b/manifests/config/vhosts.pp index 37bfc52..848288a 100644 --- a/manifests/config/vhosts.pp +++ b/manifests/config/vhosts.pp @@ -1,4 +1,67 @@ # Creating virtual hosts for the Nagios server -class nagios::config::vhosts { +# Currently only the CAS authentication method is supported +class nagios::config::vhosts ( + $use_mod_auth_cas = true, + $cas_validate_url = undef, + $cas_login_url = undef, + $cas_users = [],) { + # since puppetlabs/apache does not support mod_cas, we need to manually create + # this file + if $use_mod_auth_cas == true { + file { '/etc/httpd/conf.d/00-cas_auth.conf': + alias => '00-cas_auth.conf', + content => template("${module_name}/00-cas_auth.conf.erb") + } + } + $allowed_users = join($cas_users, ' ') + # Combined apache config for nagios and pnp4nagios + apache::vhost { 'Nagios': + port => 80, + docroot => '/usr/lib64/nagios/cgi-bin', + servername => $::fqdn, + serveraliases => [$::fqdn], + error_log_file => 'logs/nagios_error_log', + access_log_file => 'logs/nagios_access_log', + access_log_format => 'common', + directoryindex => 'index.php', + scriptaliases => [{ + alias => '/nagios/cgi-bin/', + path => '/usr/lib64/nagios/cgi-bin/' + } + ,], + aliases => [{ + alias => '/nagios', + path => '/usr/share/nagios/html' + } + ], + directories => [ + { + path => '/usr/lib64/nagios/cgi-bin/', + options => [ + '+ExecCGI'], + allow_override => ALL, + order => 'allow,deny', + allow => 'from all', + auth_type => 'CAS', + auth_require => "user ${allowed_users}", + } + , + { + path => '/usr/share/nagios/html', + allow_override => ALL, + order => 'allow,deny', + allow => 'from all', + auth_type => 'CAS', + auth_require => "user ${allowed_users}", + } + ], + } + + # Remove stock nagios and pnp configs because they don't work + # They will be replaced when the RPM is upgraded so keep this block + file { ['/etc/httpd/conf.d/nagios.conf', '/etc/httpd/conf.d/pnp4nagios.conf']: + ensure => absent, + require => Package['httpd', 'nagios'], + } } diff --git a/manifests/cron/check_nagios_config_passive.pp b/manifests/cron/check_nagios_config_passive.pp index 0e5e272..dc42a27 100644 --- a/manifests/cron/check_nagios_config_passive.pp +++ b/manifests/cron/check_nagios_config_passive.pp @@ -1,3 +1,4 @@ +# Passive Nagios test for Nagios config class nagios::cron::check_nagios_config_passive { cron { 'check_nagios_config_passive_hourly': ensure => present, @@ -8,6 +9,6 @@ minute => 0, month => '*', weekday => '*', - require => File['check_nagios_config_passive'], + require => File['check_nagios_config_passive'], } } diff --git a/manifests/cron/kernel_passive.pp b/manifests/cron/kernel_passive.pp index cb482db..1563065 100644 --- a/manifests/cron/kernel_passive.pp +++ b/manifests/cron/kernel_passive.pp @@ -17,16 +17,18 @@ minute => 0, month => '*', weekday => '*', - require => File['check_kernel_passive'], + require => File['check_kernel_passive'], } # Symlink to run check in daily cron # Should come after 00yum-update -# file { '/etc/cron.daily/kernel-passive-daily': -# ensure => link, -# target => '/usr/lib64/nagios/plugins/check_kernel_passive', -# require => [Package['nsca-client'], File['check_kernel_passive']], -# } + # file { '/etc/cron.daily/kernel-passive-daily': + # ensure => link, + # target => '/usr/lib64/nagios/plugins/check_kernel_passive', + # require => [Package['nsca-client'], File['check_kernel_passive']], + # } + + $dummy_command = 'check_dummy!1 "No passive checks for at least 48h"' # Passive Nagios service definition for the above @@nagios_service { "check_kernel_${::fqdn}": @@ -37,7 +39,7 @@ max_check_attempts => 1, check_freshness => 1, freshness_threshold => 172800, - check_command => 'check_dummy!1 "No passive checks for at least 48h"', + check_command => $dummy_command, tag => $::domain, servicegroups => 'kernel', } diff --git a/manifests/init.pp b/manifests/init.pp index 13f424e..6f0515d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -10,7 +10,9 @@ # # Sample Usage: # -class nagios ($is_server = false,) { +class nagios ( + $allowed_hosts = ['127.0.0.1'], + $is_server = false,) { if $is_server == true { class { 'nagios::server': } } else { diff --git a/manifests/install.pp b/manifests/install.pp index b0745af..ac7e835 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,24 +1,30 @@ -class nagios::install ($is_server = false,) { +# Installation of packages +class nagios::install ( + $is_server = false,) { # for both client and server include nagios::cron::kernel_passive include nagios::plugins::core + $nrpe_name = $::osfamily ? { + 'RedHat' => 'nrpe', + 'Debian' => 'nagios-nrpe-server', + default => 'nrpe', + } + package { 'nrpe': ensure => installed, - name => $::osfamily ? { - 'RedHat' => 'nrpe', - 'Debian' => 'nagios-nrpe-server', - default => 'nrpe', - }, + name => $nrpe_name, + } + + $nsca_client_name = $::osfamily ? { + 'RedHat' => 'nsca-client', + 'Debian' => 'nsca', + default => 'nsca-client', } package { 'nsca-client': ensure => installed, - name => $::osfamily ? { - 'RedHat' => 'nsca-client', - 'Debian' => 'nsca', - default => 'nsca-client', - }, + name => $nsca_client_name, } package { 'nagios-plugins': diff --git a/manifests/plugin.pp b/manifests/plugin.pp index f838c8f..5d1110c 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -2,7 +2,9 @@ # All nagios plugins are installed this way # Third-party ones may exist in a yum repo and are installed that way # -# The templated plugins need the global variable 'monitoring_server' set as a fact. +# The templated plugins need the global variable 'monitoring_server' +# set as a fact. +# # To see how to set it up for your infrastructure, see # http://docs.puppetlabs.com/guides/custom_facts.html define nagios::plugin () { @@ -25,13 +27,13 @@ if $is_templated == true { $plugin = { - "$filename" => { + "${filename}" => { content => template("${module_name}/${title}.erb"), } } } else { $plugin = { - "$filename" => { + "${filename}" => { source => "puppet:///modules/nagios/plugins/${title}", } } diff --git a/manifests/plugins/bind.pp b/manifests/plugins/bind.pp index 7c6cebe..6b17c7d 100644 --- a/manifests/plugins/bind.pp +++ b/manifests/plugins/bind.pp @@ -3,8 +3,12 @@ # check_bind nagios::plugin { 'check_bind': } - nagios::config::nrpe { 'check_bind': command => 'check_bind -N -p /var/run -n named.pid -V 9.5 -s /var/log/named', + $bind_params = '-N -p /var/run -n named.pid -V 9.5 -s /var/log/named' + + nagios::config::nrpe { 'check_bind': + command => "check_bind ${bind_params}", } + User <| title == 'nrpe' |> { groups +> 'named' } diff --git a/manifests/plugins/core.pp b/manifests/plugins/core.pp index 651a654..706ccff 100644 --- a/manifests/plugins/core.pp +++ b/manifests/plugins/core.pp @@ -2,11 +2,15 @@ class nagios::plugins::core { nagios::plugin { 'check_ads': } - nagios::config::nrpe { 'check_ads': command => 'check_ads', } + nagios::config::nrpe { 'check_ads': + command => 'check_ads', + } nagios::plugin { 'check_cpu': } - nagios::config::nrpe { 'check_cpu': command => 'check_cpu', } + nagios::config::nrpe { 'check_cpu': + command => 'check_cpu', + } nagios::plugin { 'check_daemons': } @@ -19,18 +23,25 @@ require => Package['sysstat'], } - nagios::plugin { 'check_iostat': require => Package['sysstat'], } - - nagios::config::nrpe { 'check_iostat_sda': command => 'check_iostat -d sda -c 100000,100000,100000 -w 50000,50000,50000', + nagios::plugin { 'check_iostat': + require => Package['sysstat'], + } + + $iostat_params = '-c 100000,100000,100000 -w 50000,50000,50000' + nagios::config::nrpe { 'check_iostat_sda': + command => "check_iostat -d sda ${iostat_params}", } - nagios::config::nrpe { 'check_iostat_sdb': command => 'check_iostat -d sdb -c 100000,100000,100000 -w 50000,50000,50000', + nagios::config::nrpe { 'check_iostat_sdb': + command => "check_iostat -d sdb ${iostat_params}", } - nagios::config::nrpe { 'check_iostat_sdc': command => 'check_iostat -d sdc -c 100000,100000,100000 -w 50000,50000,50000', + nagios::config::nrpe { 'check_iostat_sdc': + command => "check_iostat -d sdc ${iostat_params}", } - nagios::config::nrpe { 'check_iostat_sdd': command => 'check_iostat -d sdd -c 100000,100000,100000 -w 50000,50000,50000', + nagios::config::nrpe { 'check_iostat_sdd': + command => "check_iostat -d sdd ${iostat_params}", } nagios::plugin { 'check_kernel': } @@ -43,12 +54,14 @@ nagios::plugin { 'check_memory': } - nagios::config::nrpe { 'check_memory': command => 'check_memory -w 20% -c 10%', + nagios::config::nrpe { 'check_memory': + command => 'check_memory -w 20% -c 10%', } nagios::plugin { 'check_procs_perfdata': } - nagios::config::nrpe { 'check_total_procs': command => 'check_procs_perfdata -w 300 -c 500', + nagios::config::nrpe { 'check_total_procs': + command => 'check_procs_perfdata -w 300 -c 500', } nagios::plugin { 'check_uptime': } @@ -65,34 +78,49 @@ nagios::plugin { 'check_x509cert': } - nagios::config::nrpe { 'check_x509cert': command => 'check_x509cert -P /etc/grid-security/', + nagios::config::nrpe { 'check_x509cert': + command => 'check_x509cert -P /etc/grid-security/', } - nagios::config::nrpe { 'check_x509cert_https': command => 'check_x509cert -P /etc/httpd/certs/', + nagios::config::nrpe { 'check_x509cert_https': + command => 'check_x509cert -P /etc/httpd/certs/', } # Load average depends on number of CPU cores $single = $::processorcount $double = $::processorcount * 2 $triple = $::processorcount * 3 + $warnload = "${double},${single},${single}" + $critload = "${triple},${double},${double}" + + # command => "check_load -w $warnload,$warnload,$warnload + # -c $critload,$critload,$critload", nagios::config::nrpe { 'check_load': -# command => "check_load -w $warnload,$warnload,$warnload -c $critload,$critload,$critload", - command => "check_load -w ${double},${single},${single} -c ${triple},${double},${double}", + command => "check_load -w ${warnload} -c ${critload}", } - nagios::config::nrpe { 'check_disk_all': command => 'check_disk -l -x /dev/shm -w 10% -c 5%', + nagios::config::nrpe { 'check_disk_all': + command => 'check_disk -l -x /dev/shm -w 10% -c 5%', } - nagios::config::nrpe { 'check_smtp': command => 'check_smtp -H 127.0.0.1', } + nagios::config::nrpe { 'check_smtp': + command => 'check_smtp -H 127.0.0.1', + } - nagios::config::nrpe { 'check_zombie_procs': command => 'check_procs -w 20 -c 40 -s Z', + nagios::config::nrpe { 'check_zombie_procs': + command => 'check_procs -w 20 -c 40 -s Z', } - nagios::config::nrpe { 'check_swap': command => 'check_swap -w 50% -c 20%', } + nagios::config::nrpe { 'check_swap': + command => 'check_swap -w 50% -c 20%', + } - nagios::config::nrpe { 'check_users': command => 'check_users -w 5 -c 10', } + nagios::config::nrpe { 'check_users': + command => 'check_users -w 5 -c 10', + } - nagios::config::nrpe { 'check_vmtoolsd': command => 'check_daemons vmtoolsd', + nagios::config::nrpe { 'check_vmtoolsd': + command => 'check_daemons vmtoolsd', } nagios::config::nrpe { 'check_crond': command => 'check_daemons crond', } @@ -101,49 +129,45 @@ nagios::config::nrpe { 'check_mailq': command => 'check_mailq -w 5 -c 10', } - nagios::config::nrpe { 'check_tcptraffic': command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic': + command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_tcptraffic_eth0': command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic_eth0': + command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_tcptraffic_eth1': command => 'check_tcptraffic -i eth1 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic_eth1': + command => 'check_tcptraffic -i eth1 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_tcptraffic_bond0': command => 'check_tcptraffic -i bond0 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic_bond0': + command => 'check_tcptraffic -i bond0 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_tcptraffic_bond0_383': command => 'check_tcptraffic -i bond0.383 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic_bond0_383': + command => 'check_tcptraffic -i bond0.383 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_tcptraffic_bond0_67': command => 'check_tcptraffic -i bond0.67 -s 1000 -w 75000000 -c 90000000', + nagios::config::nrpe { 'check_tcptraffic_bond0_67': + command => 'check_tcptraffic -i bond0.67 -s 1000 -w 75000000 -c 90000000', } - nagios::config::nrpe { 'check_linux_bonding': command => 'check_linux_bonding', + nagios::config::nrpe { 'check_linux_bonding': + command => 'check_linux_bonding', } nagios::config::nrpe { 'check_openmanage': command => 'check_openmanage', } - nagios::config::nrpe { 'check_xinetd': command => 'check_daemons xinetd', } + nagios::config::nrpe { 'check_xinetd': command => 'check_daemons xinetd',} - nagios::config::nrpe { 'check_dns': command => 'check_dns -H www.bris.ac.uk -s 127.0.0.1', + #TODO: add DNS host as parameter + nagios::config::nrpe { 'check_dns': + command => 'check_dns -H www.bris.ac.uk -s 127.0.0.1', } # This plugin is not run via NRPE, but actually via cron and NSCA nagios::plugin {'check_kernel_passive':} -# file { "/usr/${::lib_path}/nagios/plugins/check_kernel_passive": -# alias => 'check_kernel_passive', -# # name => "/usr/${::lib_path}/nagios/plugins/check_kernel_passive", -# source => $::osfamily ? { -# 'RedHat' => 'puppet:///modules/nagios/plugins/check_kernel_passive_rpm', -# 'Debian' => 'puppet:///modules/nagios/plugins/check_kernel_passive_deb', -# default => undef, -# }, -# owner => 'root', -# group => 'root', -# mode => '0755', -# require => Package['nrpe', 'nagios-plugins'], -# } # This plugin is not run via NRPE, but actually via cron and NSCA file { "/usr/${::lib_path}/nagios/plugins/check_hardware_spec": diff --git a/manifests/plugins/dhcp.pp b/manifests/plugins/dhcp.pp index bd078e3..cbc245e 100644 --- a/manifests/plugins/dhcp.pp +++ b/manifests/plugins/dhcp.pp @@ -1,26 +1,37 @@ # Nagios plugins and config for DHCP servers class nagios::plugins::dhcp { - package { 'dhcpd-pools': ensure => installed, } + package { 'dhcpd-pools': + ensure => installed, + } # check_dhcpd_pools - RNW version - nagios::plugin { 'check_dhcpd_pools': require => Package['dhcpd-pools'], } + nagios::plugin { 'check_dhcpd_pools': + require => Package['dhcpd-pools'], + } - nagios::config::nrpe { 'check_dhcpd_pools': command => 'check_dhcpd_pools', } + nagios::config::nrpe { 'check_dhcpd_pools': + command => 'check_dhcpd_pools', + } # check_dhcpd_pools - universal version # requires check_nrpe_gz_b64 - nagios::plugin { 'check_dhcpd_pools_gz_b64': require => Package['dhcpd-pools' - ], } + nagios::plugin { 'check_dhcpd_pools_gz_b64': + require => Package['dhcpd-pools'], + } - nagios::config::nrpe { 'check_dhcpd_pools_gz_b64': command => 'check_dhcpd_pools_gz_b64', + nagios::config::nrpe { 'check_dhcpd_pools_gz_b64': + command => 'check_dhcpd_pools_gz_b64', } # check_dhcpd_failover nagios::plugin { 'check_dhcpd_failover': } - nagios::config::nrpe { 'check_dhcpd_failover': command => 'check_dhcpd_failover', + nagios::config::nrpe { 'check_dhcpd_failover': + command => 'check_dhcpd_failover', } # check_dhcpd - nagios::config::nrpe { 'check_dhcpd': command => 'check_daemons dhcpd', } + nagios::config::nrpe { 'check_dhcpd': + command => 'check_daemons dhcpd', + } } diff --git a/manifests/plugins/mysql.pp b/manifests/plugins/mysql.pp index 793f00f..b3b6b3f 100644 --- a/manifests/plugins/mysql.pp +++ b/manifests/plugins/mysql.pp @@ -3,28 +3,37 @@ # check_mysql_qps nagios::plugin { 'check_mysql_qps': } - nagios::config::nrpe { 'check_mysql_qps': command => 'check_mysql_qps', } + nagios::config::nrpe { 'check_mysql_qps': + command => 'check_mysql_qps', + } # check_mmm nagios::plugin { 'check_mmm': } - nagios::config::nrpe { 'check_mmm': command => 'check_mmm', } + nagios::config::nrpe { 'check_mmm': + command => 'check_mmm', + } # check_mysql_dbsize nagios::plugin { 'check_mysql_dbsize': } - nagios::config::nrpe { 'check_mysql_dbsize': command => 'check_mysql_dbsize', + nagios::config::nrpe { 'check_mysql_dbsize': + command => 'check_mysql_dbsize', } # check_mmm_node nagios::plugin { 'check_mmm_node': } - nagios::config::nrpe { 'check_mmm_node': command => 'check_mmm_node', } + nagios::config::nrpe { 'check_mmm_node': + command => 'check_mmm_node', + } # check_mysql_all nagios::plugin { 'check_mysql_all': } - nagios::config::nrpe { 'check_mysql_all': command => 'check_mysql_all', } + nagios::config::nrpe { 'check_mysql_all': + command => 'check_mysql_all', + } # check_mysql_cache # nagios::plugin { 'check_mysql_cache': @@ -36,5 +45,7 @@ # check_mysql_conns nagios::plugin { 'check_mysql_conns': } - nagios::config::nrpe { 'check_mysql_conns': command => 'check_mysql_conns', } + nagios::config::nrpe { 'check_mysql_conns': + command => 'check_mysql_conns', + } } diff --git a/manifests/plugins/puppet.pp b/manifests/plugins/puppet.pp index 18e7bda..3adeed1 100644 --- a/manifests/plugins/puppet.pp +++ b/manifests/plugins/puppet.pp @@ -11,20 +11,24 @@ # check_puppet_checkin_db nagios::plugin { 'check_puppet_checkin_db': } - nagios::config::nrpe { 'check_puppet_checkin_db': command => 'check_puppet_checkin_db', + nagios::config::nrpe { 'check_puppet_checkin_db': + command => 'check_puppet_checkin_db', } # check_puppetmaster - nagios::config::nrpe { 'check_puppetmaster': command => 'check_daemons puppet\ master', + nagios::config::nrpe { 'check_puppetmaster': + command => 'check_daemons puppet\ master', } # check_puppet - nagios::config::nrpe { 'check_puppet': command => 'check_daemons puppet\ agent', + nagios::config::nrpe { 'check_puppet': + command => 'check_daemons puppet\ agent', } # check_puppet_environment nagios::plugin { 'check_puppet_environment': } - nagios::config::nrpe { 'check_puppet_environment': command => 'check_puppet_environment', + nagios::config::nrpe { 'check_puppet_environment': + command => 'check_puppet_environment', } } diff --git a/manifests/server.pp b/manifests/server.pp index 3d7253d..5bc89e4 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,7 +1,11 @@ # Nagios config for monitoring servers class nagios::server { class { 'nagios::install': is_server => true, } - - include nagios::services::server - + + class { 'nagios::services::server': } + + class { 'nagios::config::server': } + + Class['nagios::install'] -> Class['nagios::config::server'] -> + Class['nagios::services::server'] } diff --git a/manifests/services/aaaa_record.pp b/manifests/services/aaaa_record.pp index 6d93504..838a23f 100644 --- a/manifests/services/aaaa_record.pp +++ b/manifests/services/aaaa_record.pp @@ -1,3 +1,4 @@ +# Monitoring of AAAA record for IPv6 boxes class nagios::services::aaaa_record { # Only for IPv6 boxes if ($::ipaddress6) { diff --git a/manifests/services/client.pp b/manifests/services/client.pp index a6b23b9..c01c866 100644 --- a/manifests/services/client.pp +++ b/manifests/services/client.pp @@ -1,4 +1,29 @@ +# Summary of all monitoring services on the client side class nagios::services::client { + # First we template a couple of useful values + $warnload = $::processorcount * 7 + $critload = $::processorcount * 10 + + $lib = $::architecture ? { + 'i386' => 'lib', + 'x86_64' => 'lib64', + default => 'lib', + } + + $nrpe_service_name = $::osfamily ? { + 'RedHat' => 'nrpe', + 'Debian' => 'nagios-nrpe-server', + default => 'nrpe', + } + # Start the monitoring services + service { 'nrpe': + ensure => running, + name => $nrpe_service_name, + require => [File['/etc/nagios/nrpe.cfg'], Package['nrpe']], + enable => true, + hasstatus => true, + hasrestart => true, + } # Now we define generic nagios checks themselves # anything else, eg http, goes in relevant module include nagios::services::ping diff --git a/manifests/services/cpu.pp b/manifests/services/cpu.pp index 66058e8..a7adeb4 100644 --- a/manifests/services/cpu.pp +++ b/manifests/services/cpu.pp @@ -1,3 +1,4 @@ +# Monitoring of CPU usage class nagios::services::cpu { @@nagios_service { "check_cpu_${::fqdn}": check_command => 'check_nrpe!check_cpu', @@ -9,11 +10,11 @@ } @@nagios_servicedependency { "check_cpu_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'CPU usage', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/current_users.pp b/manifests/services/current_users.pp index b460ab5..62be3fd 100644 --- a/manifests/services/current_users.pp +++ b/manifests/services/current_users.pp @@ -1,3 +1,4 @@ +#Monitor logged in users class nagios::services::current_users { @@nagios_service { "check_users_${::fqdn}": check_command => 'check_nrpe!check_users', @@ -8,12 +9,11 @@ } @@nagios_servicedependency { "check_users_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Current users', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } - } diff --git a/manifests/services/disk_space.pp b/manifests/services/disk_space.pp index 6a4becc..c1ce67a 100644 --- a/manifests/services/disk_space.pp +++ b/manifests/services/disk_space.pp @@ -1,3 +1,4 @@ +# Monitoring disk space class nagios::services::disk_space { @@nagios_service { "check_disk_${::fqdn}": check_command => 'check_nrpe!check_disk_all', @@ -8,11 +9,11 @@ } @@nagios_servicedependency { "check_disk_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Disk space', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/iocheck.pp b/manifests/services/iocheck.pp index 1b46d58..86a85c3 100644 --- a/manifests/services/iocheck.pp +++ b/manifests/services/iocheck.pp @@ -11,12 +11,12 @@ } @@nagios_servicedependency { "check_iostat_${::fqdn}_${name}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => "I/O ${name}", service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } } diff --git a/manifests/services/load.pp b/manifests/services/load.pp index da54788..b98e7ad 100644 --- a/manifests/services/load.pp +++ b/manifests/services/load.pp @@ -1,3 +1,4 @@ +# Monitoring of the CPU load class nagios::services::load { @@nagios_service { "check_load_${::fqdn}": check_command => 'check_nrpe!check_load', @@ -9,11 +10,11 @@ } @@nagios_servicedependency { "check_load_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Load', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/memory.pp b/manifests/services/memory.pp index 25d62d5..ef74fbc 100644 --- a/manifests/services/memory.pp +++ b/manifests/services/memory.pp @@ -1,3 +1,4 @@ +# Monitoring of RAM class nagios::services::memory{ @@nagios_service { "check_memory_${::fqdn}": check_command => 'check_nrpe!check_memory', @@ -9,11 +10,11 @@ } @@nagios_servicedependency { "check_memory_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Memory', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/nagios.pp b/manifests/services/nagios.pp index bb8023c..c931e27 100644 --- a/manifests/services/nagios.pp +++ b/manifests/services/nagios.pp @@ -1,11 +1,11 @@ +# A nagios check to monitor the nagios service +# Problably only useful if >1 nagios server +# Chicken <=> Egg, anyone? class nagios::services::nagios { - # A nagios check to monitor the nagios service - # Problably only useful if >1 nagios server - # Chicken <=> Egg, anyone? - # ### NAGIOS SERVICE + $check_nagios = 'check_nagios!/var/log/nagios/nagios.log!/usr/sbin/nagios' @@nagios_service { "check_nagios_${::fqdn}": - check_command => 'check_nagios!/var/log/nagios/nagios.log!/usr/sbin/nagios', + check_command => $check_nagios, host_name => $::fqdn, service_description => 'Nagios', use => '5min-service', @@ -32,13 +32,14 @@ # Also run the check every hour, so the passive check can't get stale include nagios::cron::check_nagios_config_passive -# file { 'check_nagios_config_passive_symlink': -# ensure => link, -# name => '/etc/cron.hourly/check_nagios_config_passive', -# target => '/usr/lib64/nagios/plugins/check_nagios_config_passive', -# } + # file { 'check_nagios_config_passive_symlink': + # ensure => link, + # name => '/etc/cron.hourly/check_nagios_config_passive', + # target => '/usr/lib64/nagios/plugins/check_nagios_config_passive', + # } # Passive Nagios service definition for the above + $check_dummy = 'check_dummy!1 "No passive checks for at least 48h"' @@nagios_service { "check_nagios_config_${::fqdn}": host_name => $::fqdn, service_description => 'Nagios config', @@ -47,7 +48,7 @@ max_check_attempts => 1, check_freshness => 1, freshness_threshold => 172800, - check_command => 'check_dummy!1 "No passive checks for at least 48h"', + check_command => $check_dummy, tag => $::domain, } } diff --git a/manifests/services/nrpe.pp b/manifests/services/nrpe.pp index 6c5e3bc..8036df2 100644 --- a/manifests/services/nrpe.pp +++ b/manifests/services/nrpe.pp @@ -1,3 +1,4 @@ +#Check if NRPE is running class nagios::services::nrpe { @@nagios_service { "check_nrpe_${::fqdn}": check_command => 'check_nrpe_status', diff --git a/manifests/services/selinux.pp b/manifests/services/selinux.pp index 107f2f7..4eeaf23 100644 --- a/manifests/services/selinux.pp +++ b/manifests/services/selinux.pp @@ -1,4 +1,5 @@ -class nagios::services::selinux{ +# Monitoring of the SELinux component +class nagios::services::selinux { @@nagios_service { "check_selinux_${::fqdn}": check_command => 'check_nrpe!check_selinux', host_name => $::fqdn, @@ -9,11 +10,11 @@ } @@nagios_servicedependency { "check_selinux_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'SELinux', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/server.pp b/manifests/services/server.pp index b98f571..7eb1477 100644 --- a/manifests/services/server.pp +++ b/manifests/services/server.pp @@ -1,4 +1,7 @@ +# Summary of all monitoring services on the server side class nagios::services::server { - include nagios::services::client - include nagios::services::nagios + # A server is also a client + class { 'nagios::services::client': } + + class { 'nagios::services::nagios': } } diff --git a/manifests/services/swap.pp b/manifests/services/swap.pp index 283bb64..cee98ef 100644 --- a/manifests/services/swap.pp +++ b/manifests/services/swap.pp @@ -1,3 +1,4 @@ +# Check for available swap space class nagios::services::swap { @@nagios_service { "check_swap_${::fqdn}": check_command => 'check_nrpe!check_swap', @@ -8,11 +9,11 @@ } @@nagios_servicedependency { "check_swap_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Swap', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/tcpcheck.pp b/manifests/services/tcpcheck.pp index b0e1211..bbd9048 100644 --- a/manifests/services/tcpcheck.pp +++ b/manifests/services/tcpcheck.pp @@ -12,12 +12,12 @@ } @@nagios_servicedependency { "check_tcptraffic_${::fqdn}_${name}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => "Network traffic ${name}", service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } } diff --git a/manifests/services/total_procs.pp b/manifests/services/total_procs.pp index f4331b6..6dc0fe2 100644 --- a/manifests/services/total_procs.pp +++ b/manifests/services/total_procs.pp @@ -1,3 +1,4 @@ +# Nagios checks for total number of processes class nagios::services::total_procs { @@nagios_service { "check_total_procs_${::fqdn}": check_command => 'check_nrpe!check_total_procs', @@ -8,11 +9,11 @@ } @@nagios_servicedependency { "check_total_procs_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Processes', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/uptime.pp b/manifests/services/uptime.pp index 7351e2e..885dc07 100644 --- a/manifests/services/uptime.pp +++ b/manifests/services/uptime.pp @@ -1,3 +1,4 @@ +# Nagios monitoring for uptime class nagios::services::uptime { @@nagios_service { "check_uptime_${::fqdn}": check_command => 'check_nrpe!check_uptime', @@ -9,11 +10,11 @@ } @@nagios_servicedependency { "check_uptime_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Uptime', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/yum.pp b/manifests/services/yum.pp index e962f69..70996a4 100644 --- a/manifests/services/yum.pp +++ b/manifests/services/yum.pp @@ -1,20 +1,21 @@ +# Nagios tests for yum class nagios::services::yum { # does notwork with SELinux @@nagios_service { "check_yum_${::fqdn}": - check_command => "check_nrpe!check_yum", + check_command => 'check_nrpe!check_yum', host_name => $::fqdn, - service_description => "Yum updates", + service_description => 'Yum updates', use => 'hourly-service', notifications_enabled => '0', tag => $::domain, } @@nagios_servicedependency { "check_yum_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, - dependent_service_description => "Yum updates", + dependent_service_description => 'Yum updates', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/services/zombies.pp b/manifests/services/zombies.pp index 15a4ebe..99da4d2 100644 --- a/manifests/services/zombies.pp +++ b/manifests/services/zombies.pp @@ -1,3 +1,4 @@ +#Nagios monitoring for zombie processes class nagios::services::zombies { @@nagios_service { "check_zombie_procs_${::fqdn}": check_command => 'check_nrpe!check_zombie_procs', @@ -8,11 +9,11 @@ } @@nagios_servicedependency { "check_zombie_procs_${::fqdn}": - host_name => $::fqdn, + host_name => $::fqdn, dependent_host_name => $::fqdn, dependent_service_description => 'Zombie procs', service_description => 'NRPE', notification_failure_criteria => 'w,u,c', - tag => $::domain, + tag => $::domain, } } diff --git a/manifests/templates.pp b/manifests/templates.pp index 56fed4e..dbb988c 100644 --- a/manifests/templates.pp +++ b/manifests/templates.pp @@ -8,7 +8,7 @@ host_notification_options => 'd,u,r,f,s', service_notification_commands => 'notify-service-by-email', host_notification_commands => 'notify-host-by-email', - register => '0', + register => '0', } # Host templates diff --git a/metadata.json b/metadata.json index 013bf52..e09daae 100644 --- a/metadata.json +++ b/metadata.json @@ -16,6 +16,10 @@ { "name": "puppetlabs/stdlib", "version_requirement": "\u003e\u003d4.1.0" + }, + { + "name": "puppetlabs/firewall", + "version_requirement": "\u003e\u003d0.3.1" } ], "types": [], diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index 6f08485..15c8353 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -4,18 +4,18 @@ let(:title) { 'nagios' } let(:node) { 'testing.phy.bris.ac.uk' } - let(:facts) { {:ipaddress => '10.13.37.100', :processorcount => 1, :osfamily => 'RedHat' } } + let(:facts) { {:ipaddress => '10.13.37.100', :processorcount => 1, :osfamily => 'RedHat', :operatingsystem => 'Redhat' } } describe 'Test standard installation on RedHat (client)' do - it { should contain_package('nagios-plugins').with_ensure('present') } - it { should contain_package('nrpe').with_ensure('present') } + it { should contain_package('nagios-plugins').with_ensure('installed') } + it { should contain_package('nrpe').with_ensure('installed') } it { should contain_service('nrpe').with_ensure('running') } it { should contain_service('nrpe').with_enable('true') } end describe 'Test standard installation on RedHat (server)' do let(:params) { {:is_server => true } } - it { should contain_package('nagios').with_ensure('present') } + it { should contain_package('nagios').with_ensure('installed') } it { should contain_service('nagios').with_ensure('running') } it { should contain_service('nagios').with_enable('true') } end diff --git a/templates/host_email.erb b/templates/host_email.erb new file mode 100644 index 0000000..b457551 --- /dev/null +++ b/templates/host_email.erb @@ -0,0 +1,9 @@ +***** Nagios ***** + +Notification Type: $NOTIFICATIONTYPE$ +Host: $HOSTNAME$ +State: $HOSTSTATE$ +Address: $HOSTADDRESS$ +Info: $HOSTOUTPUT$ + +Date/Time: $LONGDATETIME$ diff --git a/templates/nrpe.cfg.erb b/templates/nrpe.cfg.erb new file mode 100644 index 0000000..71c400f --- /dev/null +++ b/templates/nrpe.cfg.erb @@ -0,0 +1,202 @@ +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 11-23-2007 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + +###################################################################### +###################################################################### +## THIS FILE IS MANAGED BY PUPPET. DO NOT MAKE LOCAL EDITS! ## +###################################################################### +###################################################################### + + + +# LOG FACILITY +# The syslog facility that should be used for logging purposes. + +log_facility=daemon + + + +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. + +#pid_file=/var/run/nrpe.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address=127.0.0.1 + + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nrpe + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nrpe + + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts=<%= @allowed_hosts.join(",") %> + + + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for alllowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + + +# WEEK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include= + + + +# INCLUDE CONFIG DIRECTORY +# This directive allows you to include definitions from config files (with a +# .cfg extension) in one or more directories (with recursion). + +include_dir=/etc/nrpe.d/ +#include_dir= + + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! diff --git a/templates/service_email.erb b/templates/service_email.erb new file mode 100644 index 0000000..d16e87c --- /dev/null +++ b/templates/service_email.erb @@ -0,0 +1,14 @@ +***** Nagios ***** + +Notification Type: $NOTIFICATIONTYPE$ + +Service: $SERVICEDESC$ +Host: $HOSTALIAS$ +Address: $HOSTADDRESS$ +State: $SERVICESTATE$ + +Date/Time: $LONGDATETIME$ + +Additional Info: + +$SERVICEOUTPUT$ From 7a903e4819f65d100c49a0f8f21f86cfcb84de44 Mon Sep 17 00:00:00 2001 From: Luke Date: Fri, 3 Jan 2014 18:20:46 +0100 Subject: [PATCH 07/14] adding puppetlabs/firewall to fixtures --- .fixtures.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.fixtures.yml b/.fixtures.yml index af7573d..9a3ddf8 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -2,6 +2,7 @@ fixtures: repositories: "apache": "https://github.com/example42/puppet-apache.git" "stdlib": "https://github.com/puppetlabs/puppetlabs-stdlib" + "firewall": "https://github.com/puppetlabs/puppetlabs-firewall" "grid_repos": "https://github.com/HEP-Puppet/grid_repos" symlinks: "nagios": "#{source_dir}" From db99c2a52a73a0db5867ed2d2290f88ed0682726 Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 11:37:02 +0100 Subject: [PATCH 08/14] Changing example42 apache to puppetlabs and adding spec/fixtures to gitignore --- .fixtures.yml | 2 +- .gitignore | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index 9a3ddf8..d6be8c6 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,6 @@ fixtures: repositories: - "apache": "https://github.com/example42/puppet-apache.git" + "apache": "https://github.com/puppetlabs/puppetlabs-apache.git" "stdlib": "https://github.com/puppetlabs/puppetlabs-stdlib" "firewall": "https://github.com/puppetlabs/puppetlabs-firewall" "grid_repos": "https://github.com/HEP-Puppet/grid_repos" diff --git a/.gitignore b/.gitignore index 05b6b25..fa8cb09 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store .pydevproject +spec/fixtures From d96002a2c7d4c2b4a9bc22b8218b6fa535c20bed Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 12:05:02 +0100 Subject: [PATCH 09/14] Added operatingsystemrelease fact --- spec/classes/nagios_spec.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index 15c8353..368e051 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -4,7 +4,12 @@ let(:title) { 'nagios' } let(:node) { 'testing.phy.bris.ac.uk' } - let(:facts) { {:ipaddress => '10.13.37.100', :processorcount => 1, :osfamily => 'RedHat', :operatingsystem => 'Redhat' } } + let(:facts) { { + :ipaddress => '10.13.37.100', + :processorcount => 1, + :osfamily => 'RedHat', + :operatingsystem => 'Redhat', + :operatingsystemrelease => 6.4} } describe 'Test standard installation on RedHat (client)' do it { should contain_package('nagios-plugins').with_ensure('installed') } From 63218447029d1be8d9f3a03d18a43dc54d2a9b3b Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 12:12:10 +0100 Subject: [PATCH 10/14] Changed release from float to string --- spec/classes/nagios_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index 368e051..de2b177 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -9,7 +9,7 @@ :processorcount => 1, :osfamily => 'RedHat', :operatingsystem => 'Redhat', - :operatingsystemrelease => 6.4} } + :operatingsystemrelease => '6.4'} } describe 'Test standard installation on RedHat (client)' do it { should contain_package('nagios-plugins').with_ensure('installed') } From e993529a2a98bc754e208abfe89d6ef6440beb3d Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 12:27:45 +0100 Subject: [PATCH 11/14] Added concat as fixture --- .fixtures.yml | 1 + .travis.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index d6be8c6..4c02342 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,7 @@ fixtures: repositories: "apache": "https://github.com/puppetlabs/puppetlabs-apache.git" + "concat": "https://github.com/puppetlabs/puppetlabs-concat.git" "stdlib": "https://github.com/puppetlabs/puppetlabs-stdlib" "firewall": "https://github.com/puppetlabs/puppetlabs-firewall" "grid_repos": "https://github.com/HEP-Puppet/grid_repos" diff --git a/.travis.yml b/.travis.yml index 83e1bd9..0514b0e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ language: ruby rvm: - 1.8.7 -script: "rake spec SPEC_OPTS='--format documentation'" +script: "rake spec SPEC_OPTS='--color --format documentation'" branches: only: From 289aa56696aa064df34f6f3a2234b6f9537e4b6f Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 12:40:14 +0100 Subject: [PATCH 12/14] Added missing templates, corrected template path for plugins. --- manifests/plugin.pp | 2 +- templates/00-cas_auth.conf.erb | 8 ++++++++ templates/resource.cfg.erb | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 templates/00-cas_auth.conf.erb create mode 100644 templates/resource.cfg.erb diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 5d1110c..7c3dc1e 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -28,7 +28,7 @@ if $is_templated == true { $plugin = { "${filename}" => { - content => template("${module_name}/${title}.erb"), + content => template("${module_name}/plugins/${title}.erb"), } } } else { diff --git a/templates/00-cas_auth.conf.erb b/templates/00-cas_auth.conf.erb new file mode 100644 index 0000000..d063c57 --- /dev/null +++ b/templates/00-cas_auth.conf.erb @@ -0,0 +1,8 @@ +LoadModule auth_cas_module modules/mod_auth_cas.so + + + CASCookiePath /var/cache/mod_auth_cas/ + CASValidateURL <%= @cas_validate_url %> + CASLoginURL <%= @cas_login_url %> + CASCertificatePath /etc/httpd/CAs/ + diff --git a/templates/resource.cfg.erb b/templates/resource.cfg.erb new file mode 100644 index 0000000..95920d8 --- /dev/null +++ b/templates/resource.cfg.erb @@ -0,0 +1,34 @@ +########################################################################### +# +# RESOURCE.CFG - Sample Resource File for Nagios 3.2.3 +# +# Last Modified: 09-10-2003 +# +# You can define $USERx$ macros in this file, which can in turn be used +# in command definitions in your host config file(s). $USERx$ macros are +# useful for storing sensitive information such as usernames, passwords, +# etc. They are also handy for specifying the path to plugins and +# event handlers - if you decide to move the plugins or event handlers to +# a different directory in the future, you can just update one or two +# $USERx$ macros, instead of modifying a lot of command definitions. +# +# The CGIs will not attempt to read the contents of resource files, so +# you can set restrictive permissions (600 or 660) on them. +# +# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$) +# +# Resource files may also be used to store configuration directives for +# external data sources like MySQL... +# +########################################################################### + +# Sets $USER1$ to be the path to the plugins +$USER1$=/usr/<%= @lib_path %>/nagios/plugins + +# Sets $USER2$ to be the path to event handlers +#$USER2$=/usr/lib/nagios/plugins/eventhandlers + +# Store some usernames and passwords (hidden from the CGIs) +#$USER3$=someuser +#$USER4$=somepassword + From c68e633fd0dc9d9e10156d40b32d9887ac888ed2 Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 13:34:26 +0100 Subject: [PATCH 13/14] Added concat_basedir to facter variables and fixed spec options --- spec/classes/nagios_spec.rb | 4 +++- spec/spec.opts | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb index de2b177..5fcb5aa 100644 --- a/spec/classes/nagios_spec.rb +++ b/spec/classes/nagios_spec.rb @@ -9,7 +9,9 @@ :processorcount => 1, :osfamily => 'RedHat', :operatingsystem => 'Redhat', - :operatingsystemrelease => '6.4'} } + :operatingsystemrelease => '6.4', + :concat_basedir => '/dne', + } } describe 'Test standard installation on RedHat (client)' do it { should contain_package('nagios-plugins').with_ensure('installed') } diff --git a/spec/spec.opts b/spec/spec.opts index 91cd642..de653df 100644 --- a/spec/spec.opts +++ b/spec/spec.opts @@ -1,6 +1,4 @@ ---format -s +--format s --colour ---loadby -mtime +--loadby mtime --backtrace From 366316f5ddf770aa7997842d6a7d45e286c27d70 Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 4 Jan 2014 15:37:30 +0100 Subject: [PATCH 14/14] Added services to server set up --- manifests/config/server.pp | 36 +++++++++++++++++++++++++++++++ manifests/config/servicegroups.pp | 4 ++-- manifests/services/server.pp | 24 +++++++++++++++++++++ 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/manifests/config/server.pp b/manifests/config/server.pp index 7b648d6..161cfef 100644 --- a/manifests/config/server.pp +++ b/manifests/config/server.pp @@ -1,11 +1,47 @@ # Configuration for Nagios server class nagios::config::server ( + $admins = { + 'admin01' => { + contact_name => 'admin01', + alias => 'Admin for life', + email => 'admin01@bristol.ac.uk', + } + } + , + $hostgroups = { + 'default' => { + alias => 'default-hostgroup', + tag => $::domain, + } + } + , + $servicegroups = { + 'cpu' => { + alias => 'CPU', + tag => $::domain, + } + } + , $use_mod_auth_cas = true, $cas_validate_url = undef, $cas_login_url = undef,) { # A server is also a client class { 'nagios::config::client': } + # define contacts + class { 'nagios::config::contacts': + admins => $admins, + } + + # define host and service groups + class { 'nagios::config::hostgroups': + hostgroups => $hostgroups, + } + + class { 'nagios::config::servicegroups': + servicegroups => $servicegroups, + } + # These configs are the ones that can't be dynamically generated by puppet, # for things that aren't managed by puppet, eg ESXi. These are managed by # puppet in the traditional way. diff --git a/manifests/config/servicegroups.pp b/manifests/config/servicegroups.pp index 8dbf4a9..6f7e3b4 100644 --- a/manifests/config/servicegroups.pp +++ b/manifests/config/servicegroups.pp @@ -3,12 +3,12 @@ # Servicegroups need a name, an alias and a tag. That's it. # tag should correspond to $::domain class nagios::config::servicegroups ( - $hostgroups = { + $servicegroups = { 'cpu' => { alias => 'CPU', tag => $::domain, } } ) { - create_resources('nagios_servicegroup', $hostgroups) + create_resources('nagios_servicegroup', $servicegroups) } diff --git a/manifests/services/server.pp b/manifests/services/server.pp index 7eb1477..51f0c5f 100644 --- a/manifests/services/server.pp +++ b/manifests/services/server.pp @@ -4,4 +4,28 @@ class { 'nagios::services::client': } class { 'nagios::services::nagios': } + + include nagios::commands + include nagios::plugins::all + include nagios::plugins::server + include nagios::templates + + # Start the Nagios service, and make it restart if there have been changes to + # the config + service { 'nagios': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => false, + require => [Package['nagios'], File['nagios.cfg']], + } + + # NSCA service to accept passive checks + service { 'nsca': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => [Service['nagios'], Package['nsca'], File['nsca.cfg']], + } }