confdroid/confdroid_nagios
3
0
Fork 0
Code Issues Projects Wiki Activity

re-added all files

Browse Source
This commit is contained in:
Arne Teuke
2017-07-20 14:47:24 +01:00
parent 8db8758970
commit febc8f1a34
19 changed files with 1563 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
manifests/client/target.pp Normal file
View File

@@ -0,0 +1,137 @@
## cd_nagios::client::target.pp
# Module name: nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# License:
# This file is part of nagios.
#
# nagios is used for providing automatic configuration of Nagios targets.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary CLass manages Nagios targets for cd_nagios.
###############################################################################
class cd_nagios::client::target (
) inherits cd_nagios::params {
if $::fqdn != $ng_nagios_server {
@@nagios_host { $::fqdn:
ensure => $ng_ping_ensure,
alias => $::hostname,
address => $::fqdn,
use => 'linux-server',
target => $ng_target_host,
hostgroups => 'linux-servers',
contacts => 'ops',
max_check_attempts => $max_check_attempts,
notification_period => '24x7',
owner => 'nagios',
group => 'nagios',
mode => '0664',
check_command => "check_ping!${ng_ping_warn}!${ng_ping_crit}",
notify => Service ['nagios'],
}
@@nagios_service { "root_partition_${::hostname}":
ensure => $ng_disk_ensure,
check_command => "check_nrpe!check_disk!${ng_disk_warn}!${ng_disk_crit}!/",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_root_partition",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
@@nagios_service { "Swap_Usage_${::hostname}":
ensure => $ng_swap_ensure,
check_command => "check_nrpe!check_swap!${ng_swap_warn}!${ng_swap_crit}",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_swap_usage",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
@@nagios_service { "Local_Users_${::hostname}":
ensure => $ng_users_ensure,
check_command => "check_nrpe!check_users!${ng_users_warn}!${ng_users_crit}",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_local_users",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
@@nagios_service { "Total Processes_${::hostname}":
ensure => $ng_procs_tot_ens,
check_command => "check_nrpe!check_procs!${ng_procs_tot_warn}!${ng_procs_tot_crit}!${ng_procs_tot_param}",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_total_processes",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
@@nagios_service { "Zombie Processes_${::hostname}":
ensure => $ng_procs_z_ensure,
check_command => "check_nrpe!check_procs!${ng_procs_z_warn}!${ng_procs_z_crit}!${ng_procs_z_param}",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_zombie_processes",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
@@nagios_service { "Current_Load_${::hostname}":
ensure => $ng_load_ensure,
check_command => "check_nrpe!check_load!${ng_load_warn}!${ng_load_crit}",
use => 'generic-service',
host_name => $::fqdn,
contacts => 'ops',
notification_period => '24x7',
service_description => "${::hostname}_current_load",
servicegroups => 'linux-services',
target => $ng_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0664',
}
}
}

57
manifests/firewall/iptables.pp Normal file
View File

@@ -0,0 +1,57 @@
## cd_nagios::firewall::iptables.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of
# <service / purpose>
# Copyright (C) 2017 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
###############################################################################
class cd_nagios::firewall::iptables (
) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server {
if $ng_use_https != true {
firewall { "${ng_fw_order}${ng_http_port} port ${ng_http_port}":
proto => ['tcp','udp'],
dport => $ng_http_port,
action => 'accept',
}
}
if $ng_use_https == true {
firewall { "${ng_fw_order}${ng_https_port} port ${ng_https_port}":
proto => ['tcp','udp'],
dport => $ng_https_port,
action => 'accept',
}
if $ng_http_https_fw == true {
firewall { "${ng_fw_order}${ng_http_port} port ${ng_http_port}":
proto => ['tcp','udp'],
dport => $ng_http_port,
action => 'accept',
}
}
}
}
}

25
manifests/init.pp Normal file
View File

@@ -0,0 +1,25 @@
## cd_nagios::init.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2017 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class initialises the cd_nagios Module.
##############################################################################
class cd_nagios {
include cd_nagios::params
}

46
manifests/main/config.pp Normal file
View File

@@ -0,0 +1,46 @@
## cd_nagios::main::config.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all aspects of configuring the module logic for
# cd_nagios.
##############################################################################
class cd_nagios::main::config (
) inherits cd_nagios::params {
# manage server configuration
if $::fqdn == $ng_nagios_server {
include cd_nagios::server::service
if $ng_include_fw == true {
include cd_nagios::firewall::iptables
}
if $ng_use_selinux_tools == true {
include cd_nagios::selinux::config
}
}
if $::fqdn != $ng_nagios_server {
include cd_nagios::client::target
}
}

186
manifests/main/dirs.pp Normal file
View File

@@ -0,0 +1,186 @@
## cd_nagios::main::dirs.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all directories required for cd_nagios.
###############################################################################
class cd_nagios::main::dirs (
) inherits cd_nagios::params {
require cd_nagios::main::user
# main directory
file { $ng_main_dir:
ensure => directory,
path => $ng_main_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
}
# /usr/lib64/nagios dir required for plugins
file { $ng_lib_dir:
ensure => directory,
path => $ng_lib_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => lib_t,
seluser => system_u,
}
# /var/spool/nagios
file { $ng_spool_dir:
ensure => directory,
path => $ng_spool_dir,
owner => $ng_user,
group => $ng_user,
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => nagios_spool_t,
seluser => system_u,
}
if $::fqdn == $ng_nagios_server {
# /etc/nagios/conf.d
file { $ng_conf_d_dir:
ensure => directory,
path => $ng_conf_d_dir,
owner => 'root',
group => $ng_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
}
# /etc/nagios/objects
file { $ng_objects_dir:
ensure => directory,
path => $ng_objects_dir,
owner => 'root',
group => $ng_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
}
# /etc/nagios/private
file { $ng_private_dir:
ensure => directory,
path => $ng_private_dir,
owner => 'root',
group => $ng_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
}
# include dir
file { $ng_usr_incl:
ensure => directory,
path => $ng_usr_incl,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => usr_t,
seluser => system_u,
}
# log dir
file { $ng_log_dir:
ensure => directory,
path => $ng_log_dir,
owner => $ng_user,
group => $ng_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => nagios_log_t,
seluser => system_u,
}
# log archives
file { $ng_log_archives:
ensure => directory,
path => $ng_log_archives,
owner => $ng_user,
group => $ng_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => nagios_log_t,
seluser => system_u,
}
# /usr/share/nagios
file { $ng_usr_share:
ensure => directory,
path => $ng_usr_share,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => usr_t,
seluser => system_u,
}
# /usr/share/nagios/html
file { $ng_share_html:
ensure => directory,
path => $ng_share_html,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => usr_t,
seluser => system_u,
}
}
}

70
manifests/main/install.pp Normal file
View File

@@ -0,0 +1,70 @@
## cd_nagios::main::install.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manage all aspects of installing binaries required for
# cd_nagios
###############################################################################
class cd_nagios::main::install (
) inherits cd_nagios::params {
require cd_resources
# if our FQDN matches the configured Nagios server FQDN, install both server-
# and client packages.
if $::fqdn == $ng_nagios_server {
# we'll need httpd installed
require cd_apache
package {$reqpackages_server:
ensure => $pkg_ensure,
}
package {$reqpackages_client:
ensure => $pkg_ensure,
}
# install NRPE if enabled
if $ng_include_nrpe == true {
package {$reqpackages_nrpe:
ensure => $pkg_ensure,
}
}
}
# if we are not the nagios server, install client packages
if $::fqdn != $ng_nagios_server {
package {$reqpackages_client:
ensure => $pkg_ensure,
}
# if we want o use NRPE, install it
if $ng_include_nrpe == true {
package {$reqpackages_nrpe:
ensure => $pkg_ensure,
}
}
}
}

52
manifests/main/user.pp Normal file
View File

@@ -0,0 +1,52 @@
## cd_nagios::main::user.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages service users for cd_nagios.
#############################################################################
class cd_nagios::main::user (
) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server {
require cd_nagios::main::install
group { $ng_user:
ensure => present,
name => $ng_user,
gid => $ng_u_uid,
allowdupe => false,
}
user { $ng_user:
ensure => present,
name => $ng_user,
allowdupe => false,
comment => $ng_u_comment,
uid => $ng_u_uid,
gid => $ng_user,
groups => $ng_u_groups,
managehome => true,
home => $ng_user_home,
shell => $ng_user_shell,
require => Group[$ng_user],
}
}
}

347
manifests/params.pp Normal file
View File

@@ -0,0 +1,347 @@
## cd_nagios::params.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class holds all parameters for the cd_nagios module and is
# inherited by all classes except defines.
# @see https://confdroid.com/2017/07/nagios-cgi-cfg/
# @param [string] pkg_ensure
# which [package type](https://confdroid.com/2017/05/puppet-type-package/)
# to choose, i.e. `latest` or `present`.
# @param [string] ng_nagios_server Specify the FQDN of the nagios server host.
# Must be a proper A-name, no CNAME i.e. on Loadbalancers. When the FQDN
# matches the configured value, Nagios server components will be installed
# and the clients will allow to be connected by that host. Impacts also
# firewall ports (optional).
# @param [string] ng_nagios_ext_ip Specify the IP address of the
# nagios server. Required for NRPE configuration to allow the Nagios server
# to connect to NRPE, which as of now does not trust DNS names. Must be the
# public interface in case of NAT environments.
# @param [boolean] ng_include_nrpe Whether to include NRPE to allow
# Nagios to connect to clients
# @param [string] ng_ping_warn Default value for ping warning check. Can be
# overridden on host level.
# @param [string] ng_ping_crit Default value for ping critical check. Can be
# overridden on host level.
# @param [boolean] ng_ping_ensure Wheter to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_disk_warn Default value for disk space warning check.
# Can be overridden on host level.
# @param [string] ng_disk_crit Default value for disk space critical check
# Can be overridden on host level.
# @param [boolean] ng_disk_ensure Whether to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_swap_warn Default value for swap space warning check.
# Can be overridden on host level.
# @param [string] ng_swap_crit Default value for swap space critical check.
# Can be overridden on host level.
# @param [boolean] ng_swap_ensure Whether to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_users_warn Default value for user logins warning check.
# Can be overridden on host level.
# @param [string] ng_users_crit Default value for user logins critical check
# Can be overridden on host level.
# @param [boolean] ng_users_ensure Whether to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_procs_tot_warn Default warning for the total processes
# warning check. Can be overridden on host level.
# @param [string] ng_procs_tot_crit Default warning for the total processes
# critical check. Can be overridden on host level.
# @param [string] ng_procs_tot_param Default value for the process flags to be
# checked. Can be overridden on host level.
# @param [boolean] ng_procs_tot_ens Whether to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_procs_z_warn Default value for the zombie processes
# warning check. Can be overridden on host level.
# @param [string] ng_procs_z_crit Default value for the zombie processess
# critical check. Can be overridden on host level.
# @param [string] ng_procs_z_param Default value for the zombie processes flag.
# Can be overridden on host level.
# @param [boolean] ng_procs_z_ensure Whether to include or exclude the check.
# Can be overridden on host level.
# @param [string] ng_load_warn Default value for the load warning check.
# Can be overridden on host level.
# @param [string] ng_load_crit Default value for the load critical check.
# Can be overridden on host level.
# @param [boolean] ng_load_ensure Whether to include or exclude the load check.
# Can be overridden on host level.
# @param [boolean] ng_include_fw Whether to include firewall management.
# requires cd_firewall or puppetlabs-firewall module.
# @param [string] ng_fw_order Prefix for the port number to establish proper
# firewall rule ordering.
# @param [boolean] ng_use_https Whether to use https.
# @param [boolean] ng_http_https_fw Whether we want to forward http to https.
# only active if `ng_use_https` is set to `true`.
# @param [string] ng_http_port Specify the port to use for httpd. Used in
# templates and for firewall (Optional)
# @param [string] ng_https_port Specify the port to use for httpd. Used in
# templates and for firewall (Optional)
# @param [string] ng_user The name of the Nagios service user.
# @param [string] ng_user_home The home directory for the Nagios service user
# @param [string] ng_user_shell The shell for the Nagios service user, which
# never should be allowed to login.
# @param [string] ng_u_comment The comment for the Nagios service user for
# /etc/passwd. Shows up in email notifocations from the Nagios daemon.
# @param [string] ng_u_uid The UID for the Nagios service user. Important when
# using shared environments like NFS.
# @param [string] ng_u_groups The secondary groups for the Nagios service user.
# Must not contain the primary group.
# @param [string] ng_context_help whether or not a context-sensitive
# help icon will be displayed for most of the CGIs.
# @param [string] ng_pending_state what states should be displayed in the web
# interface for hosts/services that have not yet been checked
# @param [string] ng_use_auth whether or not the CGIs will use any
# authentication when displaying host and service information, as
# well as committing commands to Nagios for processing. This should **__not__**
# be set to 0.
# @param [string] ng_use_ssl_auth allows you to use x509 cert (SSL)
# authentication in the CGIs. This is an advanced option and should
# not be enabled unless you know what you're doing.
# @param [boolean] ng_enable_def_user Whether to enable a default user
# (**__not recommended__**).
# @param [string] ng_def_user_name default user name that can
# access pages without authentication. This allows people within a
# secure domain (i.e., behind a firewall) to see the current status
# without authenticating. Only actuve if `ng_enable_def_user` is set to `true`
# @param [string] ng_nagios_admin Specify the name of a nagios administration
# user here. Value will be used in cgi.cfg for all authorized commands and info,
# i.e. nagiosadmin. however, its stronlgly suggested to use a different name.
# Can be overridden per host / hostgroups, so allows flexibility and increased
# security. You can also add a comma-separated list of people in here instead,
# which then would function like a group instead a single user.
# @param [string] ng_sysinfo_auth comma-delimited list of all usernames that
# have access to viewing the Nagios process information as
# provided by the Extended Information CGI (extinfo.cgi).
# @param [string] ng_confinfo_auth comma-delimited list of all usernames that
# can view ALL configuration information (hosts, commands, etc).
# @param [string] ng_command_auth comma-delimited list of all usernames that
# can issue shutdown and restart commands to Nagios via the
# command CGI (cmd.cgi).
# @param [string] ng_hostview_auth comma-delimited lists of all usernames that
# can view information for all hosts
# @param [string] ng_serviceview_auth comma-delimited lists of all usernames
# that can view information for all services.
# @param [string] ng_host_cmd_auth comma-delimited lists of all usernames that
# can issue host related commands.
# @param [string] ng_svc_cmd_auth comma-delimited lists of all usernames that
# can issue service related commands.
# @param [string] ng_readonly_auth comma-delimited list of usernames that have
# read-only rights in the CGIs.
# @param [string] ng_statusmap_img specify an image to be used as a
# background in the statusmap CGI.
# @param [boolean] ng_use_colormap Whether to set values of background colors.
# @param [string] ng_colormap_red value for the `red` area of the color map.
# @param [string] ng_colormap_green value for the `green` area of the color map
# @param [string] ng_colormap_blue value for the `blue` area of the color map.
# @param [string] ng_statusmap_layout Value for the default statusmap layout.
# @param [string] ng_wrl_layout Value for the default statuswrl layout.
# @param [boolean] ng_incl_own_wrl Whether to include your own objects in the
# generated VRML world.
# @param [string] ng_statuswrl_include Specify your own wrl object to be
# included in the generated VRML world. Only active if `ng_incl_own_wrl`
# is set to `true`.
# @param [string] ng_ping_syntax what syntax should be used when
# attempting to ping a host from the WAP interface
# @param [string] ng_refresh_rate specify the refresh rate in seconds
# of various CGIs
# @param [string] ng_result_limit specify the default number of results
# displayed on the status.cgi.
# @param [string] ng_escape_html whether HTML tags in host and service
# status output is escaped in the web interface. If enabled,
# your plugin output will not be able to contain clickable links.
# @param [boolean] ng_use_sound whether to enable sound usage.
# @param [string] ng_host_unreachable soundfile for `host unreachable`
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_host_down soundfile for `host down`
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_svc_critical soundfile for `service critical`.
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_svc_warn soundfile for `service warning`
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_svc_unknown soundfile for `service unknown`
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_normal_sound soundfile for `normal`
# Only active if `ng_use_sound` is set to `true`.
# @param [string] ng_action_url_target Specify target frames in which
# action URLs will open
# @param [string] ng_notes_url_target Specify target frames in which
# notes URLs will open
# @param [string] ng_lock_author_names whether users can change the author
# name when submitting comments, scheduling downtime.
# @param [boolean] ng_enable_splunk Whether to enable splunk integration.
# @param [string] ng_splunk_url the URL for your Splunk URL
# @param [string] ng_navbar_addresses allow navbar search queries IP addresses
# @param [string] ng_navbar_aliases allow navbar search for aliases
# @param [string] ng_ack_no_sticky Enabling ack_no_sticky will default the
# "Sticky Acknowledgement" to be unchecked.
# @param [string] ng_ack_no_send Enabling ack_no_send will default the
# "Send Notification" to be unchecked.
# @param [boolean] ng_use_selinux_tools Whether to enable selinux tools and
# policies. only effective if selinux is enabled.
###############################################################################
class cd_nagios::params (
$pkg_ensure = 'latest',
$ng_nagios_server = "nagios.${::domain}",
$ng_nagios_ext_ip = undef,
$ng_include_nrpe = true,
# firewall
$ng_include_fw = true,
$ng_use_https = true,
$ng_http_https_fw = true,
$ng_fw_order = '50',
$ng_http_port = '80',
$ng_https_port = '443',
# check command parameters
## ping
$ng_ping_warn = '100.0,20%',
$ng_ping_crit = '500.0,60%',
$ng_ping_ensure = 'present',
## disk
$ng_disk_warn = '20%',
$ng_disk_crit = '10%' ,
$ng_disk_ensure = 'present',
# swap
$ng_swap_warn = '20',
$ng_swap_crit = '10',
$ng_swap_ensure = 'present',
# users
$ng_users_warn = '20',
$ng_users_crit = '50',
$ng_users_ensure = 'present',
#total procs
$ng_procs_tot_warn = '330',
$ng_procs_tot_crit = '400',
$ng_procs_tot_param = 'RDST',
$ng_procs_tot_ens = 'present',
# zombie procs
$ng_procs_z_warn = '10',
$ng_procs_z_crit = '30',
$ng_procs_z_param = 'Z',
$ng_procs_z_ensure = 'present',
# load
$ng_load_warn = '5.00,4.00,3.00',
$ng_load_crit = '10.00,6.00,4.00',
$ng_load_ensure = 'present',
# user settings
$ng_user = 'nagios',
$ng_u_comment = 'Nagios service user',
$ng_u_uid = '1004',
$ng_user_home = '/var/spool/nagios',
$ng_u_groups = undef,
$ng_user_shell = '/bin/bash',
# cgi settings
$ng_context_help = '1',
$ng_pending_state = '1',
$ng_use_auth = '1',
$ng_use_ssl_auth = '0',
$ng_enable_def_user = false,
$ng_def_user_name = 'nagios_insecure',
$ng_nagios_admin = 'nagios_sec_adm',
$ng_sysinfo_auth = '',
$ng_confinfo_auth = '',
$ng_command_auth = '',
$ng_hostview_auth = '',
$ng_serviceview_auth = '',
$ng_host_cmd_auth = '',
$ng_svc_cmd_auth = '',
$ng_readonly_auth = '' ,
$ng_statusmap_img = 'smbackground.gd2',
$ng_use_colormap = false,
$ng_colormap_red = '255',
$ng_colormap_green = '255',
$ng_colormap_blue = '255',
$ng_statusmap_layout = '6',
$ng_wrl_layout = '4',
$ng_incl_own_wrl = false,
$ng_statuswrl_include = '',
$ng_ping_syntax = '/bin/ping -n -U -c 5 $HOSTADDRESS$',
$ng_refresh_rate = '90',
$ng_result_limit = '100',
$ng_escape_html = '1',
$ng_use_sound = false,
$ng_host_unreachable = 'hostdown.wav',
$ng_host_down = 'hostdown.wav',
$ng_svc_critical = 'critical.wav',
$ng_svc_warn = 'warning.wav',
$ng_svc_unknown = 'warning.wav',
$ng_normal_sound = 'noproblem.wav',
$ng_action_url_target = '_blank',
$ng_notes_url_target = '_blank',
$ng_lock_author_names = '1',
$ng_enable_splunk = false,
$ng_splunk_url = 'http://127.0.0.1:8000/',
$ng_navbar_addresses = '1',
$ng_navbar_aliases = '1',
$ng_ack_no_sticky = '0',
$ng_ack_no_send = '0',
# selinux
$ng_use_selinux_tools = true,
) {
# installation section
$reqpackages_server = $::operatingsystem ? {
/(?i-mx:centos|fedora|redhat)/ => ['nagios','nagios-devel']
}
$reqpackages_client = $::operatingsystem ? {
/(?i-mx:centos|fedora|redhat)/ => ['net-snmp-utils','nagios-plugins','nagios-plugins-all', 'nagios-plugins-nrpe', 'nagios-common']
}
$reqpackages_nrpe = $::operatingsystem ? {
/(?i-mx:centos|fedora|redhat)/ => ['nrpe']
}
# service
$ng_service = 'nagios'
# directories
$ng_main_dir = '/etc/nagios'
$ng_conf_d_dir = "${ng_main_dir}/conf.d"
$ng_objects_dir = "${ng_main_dir}/objects"
$ng_private_dir = "${ng_main_dir}/private"
$ng_usr_incl = '/usr/include/nagios'
$ng_lib_dir = '/usr/lib64/nagios'
$ng_log_dir = '/var/log/nagios'
$ng_log_archives = "${ng_log_dir}/archives"
$ng_spool_dir = '/var/spool/nagios'
$ng_usr_share = '/usr/share/nagios'
$ng_share_html = "${ng_usr_share}/html"
# files
$ng_main_config = "${ng_main_dir}/nagios.cfg"
$ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg"
$ng_cgi_cfg_erb = 'cd_nagios/nagios/cgi_cfg.erb'
$ng_htpasswd_file = "${ng_main_dir}/passwd"
$ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb'
$ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb'
$ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb'
# includes must be last
include cd_nagios::main::config
}

47
manifests/selinux/config.pp Normal file
View File

@@ -0,0 +1,47 @@
## cd_nagios::selinux::config.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all aspects of configuring the module logic for
# cd_nagios.
##############################################################################
class cd_nagios::selinux::config (
) inherits cd_nagios::params {
if $ng_use_selinux_tools == true {
# sealert 093d6a07-03f5-4457-abaa-e6592fb01e05
exec { 'create_policy_taccgi':
command => template($ng_taccgi_erb),
path => ['/usr/bin','/usr/sbin'],
cwd => '/tmp',
creates => '/tmp/my-taccgi',
notify => Exec['semodule_taccgi'],
}
exec { 'semodule_taccgi':
command => 'semodule -i my-taccgi.pp',
path => ['/usr/bin','/usr/sbin'],
cwd => '/tmp',
require => Exec['create_policy_taccgi'],
refreshonly => true,
}
}
}

41
manifests/server/access.pp Normal file
View File

@@ -0,0 +1,41 @@
## cd_nagios::server::access.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Define manages user- and password rules for accessing nagios.
##############################################################################
define cd_nagios::server::access (
$ng_htpasswd_user = undef,
$ng_htpasswd_password = undef,
) {
$ng_htpasswd_file = $::cd_nagios::params::ng_htpasswd_file
$ng_htpasswd_rule = $::cd_nagios::params::ng_htpasswd_rule
$ng_service = $::cd_nagios::params::ng_service
# create password rules
concat::fragment { $name:
target => $ng_htpasswd_file,
content => template($ng_htpasswd_rule),
notify => Service[$ng_service],
}
}

54
manifests/server/access_rules.pp Normal file
View File

@@ -0,0 +1,54 @@
## cd_nagios::server::access_rules.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages presennce of /etc/nagios/phtpasswd file.
# @example
# cd_nagios::server::access { 'example':
# ng_htpasswd_user => 'example_user',
# ng_htpasswd_password => 'example_password_encrypted',
# }
##############################################################################
class cd_nagios::server::access_rules (
) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server {
# manage /etc/nagios/htpasswd file
concat { $ng_htpasswd_file:
ensure => present,
path => $ng_htpasswd_file,
owner => 'root',
group => 'apache',
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
}
concat::fragment { 'create_header':
target => $ng_htpasswd_file,
content => template($ng_htpasswd_head),
notify => Service[$ng_service],
}
}
}

50
manifests/server/files.pp Normal file
View File

@@ -0,0 +1,50 @@
## cd_nagios::server::files.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all configuration files required for cd_nagios.
##############################################################################
class cd_nagios::server::files (
) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server {
require cd_nagios::main::dirs
# manage nagios.cfg
# manage cgi.cfg
file { $ng_cgi_cfg_file:
ensure => file,
path => $ng_cgi_cfg_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nagios_etc_t,
seluser => system_u,
content => template($ng_cgi_cfg_erb),
notify => Service[$ng_service],
}
}
}

39
manifests/server/service.pp Normal file
View File

@@ -0,0 +1,39 @@
## cd_nagios::server::service.pp
# Module name: cd_nagios
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nagios.
#
# cd_nagios is used for providing automatic configuration of Nagios
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages the service(s) for cd_nagios.
#############################################################################
class cd_nagios::server::service (
) inherits cd_nagios::params {
if $::fqdn == $ng_nagios_server {
require cd_nagios::server::files
require cd_nagios::server::access_rules
service { $ng_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}
}