From 3dca6fa347aaa32bd4891854e7086bea755f8f8e Mon Sep 17 00:00:00 2001 From: 12ww1160 <12ww1160@confdroid.com> Date: Sat, 7 Mar 2026 15:39:36 +0100 Subject: [PATCH] OP#436 start cgi.cfg --- manifests/params.pp | 94 ++++++--- manifests/server/files.pp | 24 +-- templates/nagios/cgi_cfg.erb | 357 ++++++++++++++++++++++++++++++----- 3 files changed, 389 insertions(+), 86 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index f65b273..b6db937 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -336,6 +336,34 @@ # options in Nagios. Default is false. # @param [String] ng_load_ctl_options The load control options for Nagios. # Default is 'jobs_max=100;backoff_limit=10;rampup_change=5'. +# @param [String] ng_context_help Whether to enable context-sensitive +# help in Nagios. Default is '1'. +# @param [String] ng_pending_states Whether to use pending states in Nagios. +# Default is '1'. +# @param [String] ng_use_auth Whether to use authentication in Nagios. +# Default is '1'. +# @param [String] ng_use_ssl_auth Whether to use SSL authentication in Nagios. +# Default is '0'. +# @param [Boolean] ng_enable_def_user Whether to enable the default user in +# Nagios. Default is false. +# @param [String] ng_def_user_name The name of the default user in Nagios. +# Change to a suitable value. +# @param [String] ng_sysinfo_auth Additional username for the sysinfo +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_confinfo_auth Additional username for the confinfo +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_command_auth Additional username for the command +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_hostview_auth Additional username for the host view +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_serviceview_auth Additional username for the service view +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_host_cmd_auth Additional username for the host command +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_svc_cmd_auth Additional username for the service command +# authentication in Nagios. Choose a suitable value or leave empty +# @param [String] ng_readonly_auth Additional username for the read-only +# authentication in Nagios. Choose a suitable value or leave empty ################################################################################ class confdroid_nagios::params ( @@ -488,45 +516,59 @@ class confdroid_nagios::params ( String $ng_svc_skip_chk_par_h_d_sts = '-1', String $ng_host_skip_chk_dep_status = '-1', Boolean $ng_enable_load_ctl_options = false, - String $ng_load_ctl_options = 'jobs_max=100;backoff_limit=10;rampup_change=5', + String $ng_load_ctl_options = 'jobs_max=100;backoff_limit=10;rampup_change=5', # cgi.cfg - String $ng_context_help = '1', + String $ng_context_help = '1', + String $ng_pending_states = '1', + String $ng_use_auth = '1', + String $ng_use_ssl_auth = '0', + Boolean $ng_enable_def_user = false, + String $ng_def_user_name = 'ChangeME', + String $ng_sysinfo_auth = '', + String $ng_confinfo_auth = '', + String $ng_command_auth = '', + String $ng_hostview_auth = '', + String $ng_serviceview_auth = '', + String $ng_host_cmd_auth = '', + String $ng_svc_cmd_auth = '', + String $ng_readonly_auth = '' , + # httpd - Boolean $ng_use_https = false, + Boolean $ng_use_https = false, # check command parameters ## ping - String $ng_ping_warn = '100.0,20%', - String $ng_ping_crit = '500.0,60%', - String $ng_ping_ensure = 'present', + String $ng_ping_warn = '100.0,20%', + String $ng_ping_crit = '500.0,60%', + String $ng_ping_ensure = 'present', ## disk - String $ng_disk_warn = '20%', - String $ng_disk_crit = '10%' , - String $ng_disk_ensure = 'present', + String $ng_disk_warn = '20%', + String $ng_disk_crit = '10%' , + String $ng_disk_ensure = 'present', # swap - String $ng_swap_warn = '20', - String $ng_swap_crit = '10', - String $ng_swap_ensure = 'present', + String $ng_swap_warn = '20', + String $ng_swap_crit = '10', + String $ng_swap_ensure = 'present', # users - String $ng_users_warn = '20', - String $ng_users_crit = '50', - String $ng_users_ensure = 'present', + String $ng_users_warn = '20', + String $ng_users_crit = '50', + String $ng_users_ensure = 'present', #total procs - String $ng_procs_tot_warn = '330', - String $ng_procs_tot_crit = '400', - String $ng_procs_tot_param = 'RDST', - String $ng_procs_tot_ens = 'present', + String $ng_procs_tot_warn = '330', + String $ng_procs_tot_crit = '400', + String $ng_procs_tot_param = 'RDST', + String $ng_procs_tot_ensure = 'present', # zombie procs - String $ng_procs_z_warn = '10', - String $ng_procs_z_crit = '30', - String $ng_procs_z_param = 'Z', - String $ng_procs_z_ensure = 'present', + String $ng_procs_z_warn = '10', + String $ng_procs_z_crit = '30', + String $ng_procs_z_param = 'Z', + String $ng_procs_z_ensure = 'present', # load - String $ng_load_warn = '5.00,4.00,3.00', - String $ng_load_crit = '10.00,6.00,4.00', - String $ng_load_ensure = 'present', + String $ng_load_warn = '5.00,4.00,3.00', + String $ng_load_crit = '10.00,6.00,4.00', + String $ng_load_ensure = 'present', # single nagios checks Boolean $ng_enable_swap_check = true, diff --git a/manifests/server/files.pp b/manifests/server/files.pp index b989afe..c4cfb92 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -21,18 +21,18 @@ class confdroid_nagios::server::files ( notify => Service[$ng_service], } -# file { $ng_cgi_cfg_file: -# ensure => file, -# owner => 'nagios', -# group => 'nagios', -# mode => '0644', -# selrange => s0, -# selrole => object_r, -# seltype => nagios_etc_t, -# seluser => system_u, -# content => template($ng_nagios_cgi_cfg_erb), -# notify => Service[$ng_service], -# } + file { $ng_cgi_cfg_file: + ensure => file, + owner => 'nagios', + group => 'nagios', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => nagios_etc_t, + seluser => system_u, + content => template($ng_nagios_cgi_cfg_erb), + notify => Service[$ng_service], + } file { $ng_lock_file: ensure => file, diff --git a/templates/nagios/cgi_cfg.erb b/templates/nagios/cgi_cfg.erb index d64f9db..0985f8d 100644 --- a/templates/nagios/cgi_cfg.erb +++ b/templates/nagios/cgi_cfg.erb @@ -3,13 +3,16 @@ ########## manual changes will be overwritten !!! ########## ############################################################################### -main_config_file=<%= @ng_main_config %> +main_config_file=<%= @ng_nagios_cfg_file %> + physical_html_path=<%= @ng_share_html %> url_html_path=/nagios show_context_help=<%= @ng_context_help %> -use_pending_states=<%= @ng_pending_state %> + +use_pending_states=<%= @ng_pending_states %> + use_authentication=<%= @ng_use_auth %> use_ssl_authentication=<%= @ng_use_ssl_auth %> @@ -19,73 +22,331 @@ default_user_name=<%= @ng_def_user_name %> #default_user_name=guest <% end -%> -authorized_for_system_information=<%= @ng_contact_name %>,<%= @ng_sysinfo_auth %> -authorized_for_configuration_information=<%= @ng_contact_name %>,<%= @ng_confinfo_auth %> -authorized_for_system_commands=<%= @ng_contact_name %>,<%= @ng_command_auth %> -authorized_for_all_services=<%= @ng_contact_name %>,<%= @ng_serviceview_auth %> -authorized_for_all_hosts=<%= @ng_contact_name %>,<%= @ng_hostview_auth %> -authorized_for_all_service_commands=<%= @ng_contact_name %>,<%= @ng_svc_cmd_auth %> -authorized_for_all_host_commands=<%= @ng_contact_name %>,<%= @ng_host_cmd_auth %> +authorized_for_system_information=<%= @ng_nagios_admin %>,<%= @ng_sysinfo_auth %> +authorized_for_configuration_information=<%= @ng_nagios_admin %>,<%= @ng_confinfo_auth %> +authorized_for_system_commands=<%= @ng_nagios_admin %>,<%= @ng_command_auth %> +authorized_for_all_services=<%= @ng_nagios_admin %>,<%= @ng_serviceview_auth %> +authorized_for_all_hosts=<%= @ng_nagios_admin %>,<%= @ng_hostview_auth %> +authorized_for_all_service_commands=<%= @ng_nagios_admin %>,<%= @ng_svc_cmd_auth %> +authorized_for_all_host_commands=<%= @ng_nagios_admin %>,<%= @ng_host_cmd_auth %> authorized_for_read_only=<%= @ng_readonly_auth %> -statusmap_background_image=<%= @ng_statusmap_img %> -<% if @ng_use_colormap == true -%> -color_transparency_index_r=<%= @ng_colormap_red %> -color_transparency_index_g=<%= @ng_colormap_green %> -color_transparency_index_b=<%= @ng_colormap_blue %> -<% else -%> +# SYSTEM/PROCESS INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# have access to viewing the Nagios process information as +# provided by the Extended Information CGI (extinfo.cgi). By +# default, *no one* has access to this unless you choose to +# not use authorization. You may use an asterisk (*) to +# authorize any user who has authenticated to the web server. + +authorized_for_system_information=nagiosadmin + + + +# CONFIGURATION INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# can view ALL configuration information (hosts, commands, etc). +# By default, users can only view configuration information +# for the hosts and services they are contacts for. You may use +# an asterisk (*) to authorize any user who has authenticated +# to the web server. + +authorized_for_configuration_information=nagiosadmin + + + +# SYSTEM/PROCESS COMMAND ACCESS +# This option is a comma-delimited list of all usernames that +# can issue shutdown and restart commands to Nagios via the +# command CGI (cmd.cgi). Users in this list can also change +# the program mode to active or standby. By default, *no one* +# has access to this unless you choose to not use authorization. +# You may use an asterisk (*) to authorize any user who has +# authenticated to the web server. + +authorized_for_system_commands=nagiosadmin + + + +# GLOBAL HOST/SERVICE VIEW ACCESS +# These two options are comma-delimited lists of all usernames that +# can view information for all hosts and services that are being +# monitored. By default, users can only view information +# for hosts or services that they are contacts for (unless you +# you choose to not use authorization). You may use an asterisk (*) +# to authorize any user who has authenticated to the web server. + +authorized_for_all_services=nagiosadmin +authorized_for_all_hosts=nagiosadmin + + + +# GLOBAL HOST/SERVICE COMMAND ACCESS +# These two options are comma-delimited lists of all usernames that +# can issue host or service related commands via the command +# CGI (cmd.cgi) for all hosts and services that are being monitored. +# By default, users can only issue commands for hosts or services +# that they are contacts for (unless you choose to not use +# authorization). You may use an asterisk (*) to authorize any +# user who has authenticated to the web server. + +authorized_for_all_service_commands=nagiosadmin +authorized_for_all_host_commands=nagiosadmin + + + +# READ-ONLY USERS +# A comma-delimited list of usernames that have read-only rights in +# the CGIs. This will block any service or host commands normally shown +# on the extinfo CGI pages. It will also block comments from being shown +# to read-only users. + +#authorized_for_read_only=user1,user2 + + + +# STATUSMAP BACKGROUND IMAGE +# This option allows you to specify an image to be used as a +# background in the statusmap CGI. It is assumed that the image +# resides in the HTML images path (i.e. /usr/local/nagios/share/images). +# This path is automatically determined by appending "/images" +# to the path specified by the 'physical_html_path' directive. +# Note: The image file may be in GIF, PNG, JPEG, or GD2 format. +# However, I recommend that you convert your image to GD2 format +# (uncompressed) but ONLY IF YOU WILL USE THE LEGACY MAP EXCLUSIVELY, +# as this will cause less CPU load when the CGI generates the image. + +#statusmap_background_image=smbackground.gd2 + + + +# STATUSMAP TRANSPARENCY INDEX COLOR +# These options set the r,g,b values of the background color used the statusmap CGI, +# so normal browsers that can't show real png transparency set the desired color as +# a background color instead (to make it look pretty). +# Defaults to white: (R,G,B) = (255,255,255). + #color_transparency_index_r=255 #color_transparency_index_g=255 #color_transparency_index_b=255 -<% end -%> -default_statusmap_layout=<%= @ng_statusmap_layout%> -default_statuswrl_layout=<%= @ng_wrl_layout %> -<% if @ng_incl_own_wrl == true -%> -statuswrl_include=<%= @ng_statuswrl_include %> -<% else -%> + +# DEFAULT STATUSMAP LAYOUT METHOD +# This option allows you to specify the default layout method +# the statusmap CGI should use for drawing hosts. If you do +# not use this option, the default for the legacy map is to use +# user-defined coordinates and the default for the new map is "6" +# (Circular Balloon). +# Valid options for the legacy map are as follows: +# 0 = User-defined coordinates +# 1 = Depth layers +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular +# 5 = Circular (Marked Up) +# Valid options for the new map are as follows: +# 0 = User-defined coordinates +# 1 = Depth Layers (Horizontal) +# 2 = Collapsed tree (Horizontal) +# 3 = Balanced tree (Horizontal) +# 4 = DON'T USE +# 5 = Circular Markup +# 6 = Circular Balloon +# 7 = Balanced tree (Vertical) +# 8 = Collapsed tree (Vertical) +# 9 = Depth Layers (Vertical) +# 10 = Force Map + +#default_statusmap_layout=6 + + + +# DEFAULT STATUSWRL LAYOUT METHOD +# This option allows you to specify the default layout method +# the statuswrl (VRML) CGI should use for drawing hosts. If you +# do not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular + +default_statuswrl_layout=4 + + + +# STATUSWRL INCLUDE +# This option allows you to include your own objects in the +# generated VRML world. It is assumed that the file +# resides in the HTML path (i.e. /usr/local/nagios/share). + #statuswrl_include=myworld.wrl -<% end -%> -ping_syntax=<%= @ng_ping_syntax %> -refresh_rate=<%= @ng_refresh_rate %> -result_limit=1<%= @ng_result_limit %> -escape_html_tags=<%= @ng_escape_html %> -<% if @ng_use_sound == true -%> -host_unreachable_sound=<%= @ng_host_unreachable %> -host_down_sound=<%= @ng_host_down %> -service_critical_sound=<%= @ng_svc_critical %> -service_warning_sound=<%= @ng_svc_warn %> -service_unknown_sound=<%= @ng_svc_unknown %> -normal_sound=<%= @ng_normal_sound %> -<% else -%> + +# PING SYNTAX +# This option determines what syntax should be used when +# attempting to ping a host from the WAP interface (using +# the statuswml CGI. You must include the full path to +# the ping binary, along with all required options. The +# $HOSTADDRESS$ macro is substituted with the address of +# the host before the command is executed. +# Please note that the syntax for the ping binary is +# notorious for being different on virtually ever *NIX +# OS and distribution, so you may have to tweak this to +# work on your system. + +ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ + + + +# REFRESH RATE +# This option allows you to specify the refresh rate in seconds +# of various CGIs (status, statusmap, extinfo, and outages). + +refresh_rate=90 + + + +# PAGE TOUR +# Enable page tour for helpful tips and tricks on various pages + +#enable_page_tour=1 + + + +# DEFAULT PAGE LIMIT +# This option allows you to specify the default number of results +# displayed on the status.cgi. This number can be adjusted from +# within the UI after the initial page load. Setting this to 0 +# will show all results. + +result_limit=100 + + + +# ESCAPE HTML TAGS +# This option determines whether HTML tags in host and service +# status output is escaped in the web interface. If enabled, +# your plugin output will not be able to contain clickable links. + +escape_html_tags=1 + + + +# SOUND OPTIONS +# These options allow you to specify an optional audio file +# that should be played in your browser window when there are +# problems on the network. The audio files are used only in +# the status CGI. Only the sound for the most critical problem +# will be played. Order of importance (higher to lower) is as +# follows: unreachable hosts, down hosts, critical services, +# warning services, and unknown services. If there are no +# visible problems, the sound file optionally specified by +# 'normal_sound' variable will be played. +# +# +# = +# +# Note: All audio files must be placed in the /media subdirectory +# under the HTML path (i.e. /usr/local/nagios/share/media/). + #host_unreachable_sound=hostdown.wav #host_down_sound=hostdown.wav #service_critical_sound=critical.wav #service_warning_sound=warning.wav #service_unknown_sound=warning.wav #normal_sound=noproblem.wav -<% end -%> -action_url_target=<%= @ng_action_url_target %> -notes_url_target=<%= @ng_notes_url_target %> -lock_author_names=<%= @ng_lock_author_names %> -<% if @ng_enable_splunk -%> -enable_splunk_integration=1 -splunk_url=<%= @ng_splunk_url %> -<% else -%> -enable_splunk_integration=0 +# URL TARGET FRAMES +# These options determine the target frames in which notes and +# action URLs will open. + +action_url_target=_blank +notes_url_target=_blank + + + +# LOCK AUTHOR NAMES OPTION +# This option determines whether users can change the author name +# when submitting comments, scheduling downtime. If disabled, the +# author names will be locked into their contact name, as defined in Nagios. +# Values: 0 = allow editing author names +# 1 = lock author names (disallow editing) + +lock_author_names=1 + + + +# SPLUNK INTEGRATION OPTIONS +# These options allow you to enable integration with Splunk +# in the web interface. If enabled, you'll be presented with +# "Splunk It" links in various places in the CGIs (log file, +# alert history, host/service detail, etc). Useful if you're +# trying to research why a particular problem occurred. +# For more information on Splunk, visit http://www.splunk.com/ + +# This option determines whether the Splunk integration is enabled +# Values: 0 = disable Splunk integration +# 1 = enable Splunk integration + +#enable_splunk_integration=1 + +# This option should be the URL used to access your instance of Splunk #splunk_url=http://127.0.0.1:8000/ -<% end -%> -navbar_search_for_addresses=<%= @ng_navbar_addresses %> -navbar_search_for_aliases=<%= @ng_navbar_aliases %> -ack_no_sticky=<%= @ng_ack_no_sticky %> -ack_no_send=<%= @ng_ack_no_send %> + +# NAVIGATION BAR SEARCH OPTIONS +# The following options allow to configure the navbar search. Default +# is to search for hostnames. With enabled navbar_search_for_addresses, +# the navbar search queries IP addresses as well. It's also possible +# to enable search for aliases by setting navbar_search_for_aliases=1. + +navbar_search_for_addresses=1 +navbar_search_for_aliases=1 + + + +# DEFAULTS FOR CHECKBOXES FOR ACKNOWLEDGEMENTS +# Enabling ack_no_sticky will default the "Sticky Acknowledgement" to +# be unchecked. +# Enabling ack_no_send will default the "Send Notification" to +# be unchecked. + +#ack_no_sticky=0 +#ack_no_send=0 + + + +# SHOW ONLY HARD STATES IS TACTICAL OVERVIEW +# This option controls whether only HARD states are counted on the +# Tactical Overview, or if both HARD and SOFT states are counted. +# Set to 1 to show only HARD states. Defaults to 0 (HARD+SOFT). + +#tac_cgi_hard_only=0 + + + +# COMMAND COMMENTS +# These options control whether or not comments are required, optional, +# or not allowed for specific commands. The format for each line is: +# cmd-name=req,def-comment +# +# cmd-name is "CMT_" plus a command such as ADD_HOST_COMMENT +# req 0 = not allowed, 1 = optional, 2 = required +# def-comment optional default comment that will be put in the input field +# +# The following examples override the default comment requirements in +# some way. + +#CMT_ADD_HOST_COMMENT=1 +#CMT_ACKNOWLEDGE_HOST_PROBLEM=2,"Problem is being looked into" +#CMT_SCHEDULE_SVC_CHECK=1 +#CMT_SCHEDULE_HOST_DOWNTIME=0 +