confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

OP#407 initial commit with reset

Browse Source
This commit is contained in:
12ww1160
2026-02-02 23:38:50 +01:00
parent 9998e83e79
commit e35b61e131
115 changed files with 67 additions and 20933 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
README.md
View File

@@ -1,14 +1,27 @@
# Readme
[![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_nagios)](https://jenkins.confdroid.com/job/cd_nagios/)
[[_TOC_]]
- [Readme](#readme)
- [Synopsis](#synopsis)
- [WARNING](#warning)
- [Features](#features)
- [Repo Documentation](#repo-documentation)
- [Dependencies](#dependencies)
- [Deployment](#deployment)
- [PuppetDB](#puppetdb)
- [SELINUX](#selinux)
- [Support](#support)
- [Tests](#tests)
- [Contact Us](#contact-us)
- [Disclaimer](#disclaimer)
## Synopsis
Nagios is a powerful open source software solution for monitoring your IT environments.
`cd_nagios` is a Puppet module allowing to fully automate the setup & configuration of the Nagios server, as well as actively adding client hosts and services to the monitoring environment through defines and `PuppetDB`.
`confdroid_nagios` is a Puppet module allowing to fully automate the setup & configuration of the Nagios server, as well as actively adding client hosts and services to the monitoring environment through defines and `PuppetDB`.
## WARNING
@@ -16,54 +29,6 @@ Nagios is a powerful open source software solution for monitoring your IT enviro
## Features
Installation:
* Nagios Server instance:
* install httpd via cd_apache
* install Nagios server binaries on Nagios server
* Nagios clients:
* install client binaries like nagios plugins etc.
* include NRPE via `cd_nrpe` (optional)
Configuration
* configure all aspects of Nagios on server
* manage nagios service user
* manage directories (filesystem permissions, selinux )
* manage `cgi.cfg` through parameters
* manage `nagios.cfg` through parameters
* manage Nagios users through external Puppet rules via define
* manage Nagios commands through Puppet exports
* manage Nagios template definitions through external Puppet rules via define
* manage Nagios main contacts through Puppet exports. Additional contacts can be created through external Puppet rules via define, to avoid having to alter the module code.
* manage Nagios main contact groups through Puppet exports. Additional contact groups can be created through external Puppet rules via define, to avoid having to alter the module code.
* manage Nagios main host groups through Puppet exports. Additional host groups can be created through external Puppet rules via define, to avoid having to alter the module code.
* manage Nagios main service groups through Puppet exports. Additional service groups can be created through external Puppet rules via define, to avoid having to alter the module code.
* manage Nagios main time periods through Puppet exports. Additional time periods can be created through external Puppet rules via define, to avoid having to alter the module code.
* configure firewall (optional)
* configure selinux policies (optional)
* configure forwarding http to https (optional)
* manage TLS certificates through certbot (optional)
* manage `$user$` arguments in resource file via define
Service
* manage Nagios service on server
Monitoring
* monitor Nagios host
* monitor Nagios service
* monitor clients:
* ping
* root partition
* swap usage
* logged-in local users
* amount of total processes
* amount of zombie processes
* current Load
## Repo Documentation
See the full Puppet documentation including parameters in `docs/index.html`
@@ -72,14 +37,7 @@ See the full Puppet documentation including parameters in `docs/index.html`
All dependencies must be included in the catalogue.
* [cd_resources](https://gitlab.confdroid.com/puppet/cd_resources) for Yum repos.
* [cd_apache](https://gitlab.confdroid.com/puppet/cd_apache) for installing httpd
* [cd_firewall](https://gitlab.confdroid.com/puppet/cd_firewall) or [puppetlabs firewall](https://github.com/puppetlabs/puppetlabs-firewall) (optional)
* [cd_selinux](https://gitlab.confdroid.com/puppet/cd_selinux) for selinux policy adjustments
* [cd_certbot](https://gitlab.confdroid.com/puppet/cd_certbot) to auto-manage TLS certificates (optional)
* [cd_nrpe](https://gitlab.confdroid.com/puppet/cd_nrpe) to manage NRPE (optional)
* [cd_stdlib](https://gitlab.confdroid.com/puppet/cd_stdlib) or [puppetlabs stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) to facilitate concat
* [cd_concat](https://gitlab.confdroid.com/puppet/cd_stdlib) or [puppetlabs concat](https://github.com/puppetlabs/puppetlabs-concat) to concatenate configuration files from different sources.
## Deployment
@@ -89,13 +47,13 @@ via site.pp or nodes.pp
```ruby
node 'example.example.net' {
include cd_nagios
include confdroid_nagios
}
```
* through Foreman:
In order to apply parameters through Foreman, **__cd_nagios::params__** must be added to the host or host group in question.
In order to apply parameters through Foreman, **__confdroid_nagios::params__** must be added to the host or host group in question.
See [more details about class deployment on Confdroid.com](https://confdroid.com/2017/05/deploying-our-puppet-modules/).
@@ -107,29 +65,10 @@ A working instance of PuppetDB connected to the Puppet master is required for th
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
## Certbot
This module can optionally setup [certbot](https://certbot.eff.org/) TLS certificate management for the front-end GUI. In order to do so, set `$ng_enable_certbot` as well as `$ng_use_https` to `true` (default). Effectively, this will manage the certs before even installing Nagios, so there will be no problems with the Nagios showing up with a self-signed certificate. Once enabled, the module will go and try to obtain a certificate automatically. For this to work, you need to have proper DNS resolution set up for your domain / nagios server. Certs are also automatically renewed.
If you prefer to use https but use self-signed certs or your own CA, simply set to false. This will point the SSL vhost config file to the default location for TLS certificates.
## httpd vHost files
by default, Nagios creates its own `nagios.conf` file, which is not a vhost file and relies on the main `ssl.conf`. However, as Nagios might be running on a regular web server with various other web instances (not recommended through for performance reasons), we do not want to manage `ssl.conf` directly, hence the module creates a vhost for the SSL host.
## Client Connections
In order to monitor clients, NAGIOS must be able to connect to them. There are multiple ways of doing so, the most common ones being NRPE and SSH.
So far this module works through the usage of NRPE, which by default is enabled. Class cd_nagios::client::nrpe configures `nrpe.cfg` and opens the required firewall port on clients (optional,default).
## Known Problems
* Collected resources import ordering problem: The module might try to import collected facts before nagios is even installed.
## Support
* OS: CentOS 7
* Puppet 5
* OS: Rocky 9
* Puppet 8
## Tests
@@ -143,6 +82,7 @@ So far this module works through the usage of NRPE, which by default is enabled.
## Contact Us
[contact Us](https://confdroid.com/contact/)
[Feedback portal](https://feedback.confdroid.com/)
## Disclaimer