Puppet Class: cd_nagios::params

Inherited by:: cd_nagios::main::dirs
cd_nagios::main::user
cd_nagios::main::config
cd_nagios::main::install
cd_nagios::server::files
cd_nagios::client::target
cd_nagios::certbot::config
cd_nagios::selinux::config
cd_nagios::server::service
cd_nagios::firewall::iptables
cd_nagios::server::access_rules

Defined in:: manifests/params.pp

Summary

Class holds all parameters for the cd_nagios module and is inherited by all classes except defines.

Overview

cd_nagios::params.pp Module name: cd_nagios Author: Arne Teuke (arne_teuke@ConfDroid.com)

License:

This file is part of cd_nagios.

cd_nagios is used for providing automatic configuration of Nagios. Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/. to connect to NRPE, which as of now does not trust DNS names. Must be the public interface in case of NAT environments. can issue host related commands. can issue service related commands.

Parameters:

pkg_ensure (string) (defaults to: 'latest') —

which package type to choose, i.e. latest or present.
ng_nagios_server (string) (defaults to: "nagios.${::domain}") —

Specify the FQDN of the nagios server host. Must be a proper A-name, no CNAME i.e. on Loadbalancers. When the FQDN matches the configured value, Nagios server components will be installed and the clients will allow to be connected by that host. Impacts also firewall ports (optional).
ng_nagios_ext_ip (string) (defaults to: undef) —

Specify the IP address of the nagios server. Required for NRPE configuration to allow the Nagios server
ng_include_nrpe (boolean) (defaults to: true) —

Whether to include NRPE to allow Nagios to connect to clients
ng_ping_warn (string) (defaults to: '100.0,20%') —

Default value for ping warning check. Can be overridden on host level.
ng_ping_crit (string) (defaults to: '500.0,60%') —

Default value for ping critical check. Can be overridden on host level.
ng_ping_ensure (boolean) (defaults to: 'present') —

Wheter to include or exclude the check. Can be overridden on host level.
ng_disk_warn (string) (defaults to: '20%') —

Default value for disk space warning check. Can be overridden on host level.
ng_disk_crit (string) (defaults to: '10%') —

Default value for disk space critical check Can be overridden on host level.
ng_disk_ensure (boolean) (defaults to: 'present') —

Whether to include or exclude the check. Can be overridden on host level.
ng_swap_warn (string) (defaults to: '20') —

Default value for swap space warning check. Can be overridden on host level.
ng_swap_crit (string) (defaults to: '10') —

Default value for swap space critical check. Can be overridden on host level.
ng_swap_ensure (boolean) (defaults to: 'present') —

Whether to include or exclude the check. Can be overridden on host level.
ng_users_warn (string) (defaults to: '20') —

Default value for user logins warning check. Can be overridden on host level.
ng_users_crit (string) (defaults to: '50') —

Default value for user logins critical check Can be overridden on host level.
ng_users_ensure (boolean) (defaults to: 'present') —

Whether to include or exclude the check. Can be overridden on host level.
ng_procs_tot_warn (string) (defaults to: '330') —

Default warning for the total processes warning check. Can be overridden on host level.
ng_procs_tot_crit (string) (defaults to: '400') —

Default warning for the total processes critical check. Can be overridden on host level.
ng_procs_tot_param (string) (defaults to: 'RDST') —

Default value for the process flags to be checked. Can be overridden on host level.
ng_procs_tot_ens (boolean) (defaults to: 'present') —

Whether to include or exclude the check. Can be overridden on host level.
ng_procs_z_warn (string) (defaults to: '10') —

Default value for the zombie processes warning check. Can be overridden on host level.
ng_procs_z_crit (string) (defaults to: '30') —

Default value for the zombie processess critical check. Can be overridden on host level.
ng_procs_z_param (string) (defaults to: 'Z') —

Default value for the zombie processes flag. Can be overridden on host level.
ng_procs_z_ensure (boolean) (defaults to: 'present') —

Whether to include or exclude the check. Can be overridden on host level.
ng_load_warn (string) (defaults to: '5.00,4.00,3.00') —

Default value for the load warning check. Can be overridden on host level.
ng_load_crit (string) (defaults to: '10.00,6.00,4.00') —

Default value for the load critical check. Can be overridden on host level.
ng_load_ensure (boolean) (defaults to: 'present') —

Whether to include or exclude the load check. Can be overridden on host level.
ng_include_fw (boolean) (defaults to: true) —

Whether to include firewall management. requires cd_firewall or puppetlabs-firewall module.
ng_fw_order (string) (defaults to: '50') —

Prefix for the port number to establish proper firewall rule ordering.
ng_use_https (boolean) (defaults to: true) —

Whether to use https.
ng_http_https_fw (boolean) (defaults to: true) —

Whether we want to forward http to https. only active if ng_use_https is set to true.
ng_http_port (string) (defaults to: '80') —

Specify the port to use for httpd. Used in templates and for firewall (Optional)
ng_https_port (string) (defaults to: '443') —

Specify the port to use for httpd. Used in templates and for firewall (Optional)
ng_user (string) (defaults to: 'nagios') —

The name of the Nagios service user.
ng_user_home (string) (defaults to: '/var/spool/nagios') —

The home directory for the Nagios service user
ng_user_shell (string) (defaults to: '/bin/bash') —

The shell for the Nagios service user, which never should be allowed to login.
ng_u_comment (string) (defaults to: 'Nagios service user') —

The comment for the Nagios service user for /etc/passwd. Shows up in email notifocations from the Nagios daemon.
ng_u_uid (string) (defaults to: '1004') —

The UID for the Nagios service user. Important when using shared environments like NFS.
ng_u_groups (string) (defaults to: undef) —

The secondary groups for the Nagios service user. Must not contain the primary group.
ng_context_help (string) (defaults to: '1') —

whether or not a context-sensitive help icon will be displayed for most of the CGIs.
ng_pending_state (string) (defaults to: '1') —

what states should be displayed in the web interface for hosts/services that have not yet been checked
ng_use_auth (string) (defaults to: '1') —

whether or not the CGIs will use any authentication when displaying host and service information, as well as committing commands to Nagios for processing. This should not be set to 0.
ng_use_ssl_auth (string) (defaults to: '0') —

allows you to use x509 cert (SSL) authentication in the CGIs. This is an advanced option and should not be enabled unless you know what you're doing.
ng_enable_def_user (boolean) (defaults to: false) —

Whether to enable a default user (not recommended).
ng_def_user_name (string) (defaults to: 'nagios_insecure') —

default user name that can access pages without authentication. This allows people within a secure domain (i.e., behind a firewall) to see the current status without authenticating. Only actuve if ng_enable_def_user is set to true
ng_nagios_admin (string) (defaults to: 'nagios_sec_adm') —

Specify the name of a nagios administration user here. Value will be used in cgi.cfg for all authorized commands and info, i.e. nagiosadmin. however, its stronlgly suggested to use a different name. Can be overridden per host / hostgroups, so allows flexibility and increased security. You can also add a comma-separated list of people in here instead, which then would function like a group instead a single user.
ng_sysinfo_auth (string) (defaults to: '') —

comma-delimited list of all usernames that have access to viewing the Nagios process information as provided by the Extended Information CGI (extinfo.cgi).
ng_confinfo_auth (string) (defaults to: '') —

comma-delimited list of all usernames that can view ALL configuration information (hosts, commands, etc).
ng_command_auth (string) (defaults to: '') —

comma-delimited list of all usernames that can issue shutdown and restart commands to Nagios via the command CGI (cmd.cgi).
ng_hostview_auth (string) (defaults to: '') —

comma-delimited lists of all usernames that can view information for all hosts
ng_serviceview_auth (string) (defaults to: '') —

comma-delimited lists of all usernames that can view information for all services.
ng_host_cmd_auth (string) (defaults to: '') —

comma-delimited lists of all usernames that
ng_svc_cmd_auth (string) (defaults to: '') —

comma-delimited lists of all usernames that
ng_readonly_auth (string) (defaults to: '') —

comma-delimited list of usernames that have read-only rights in the CGIs.
ng_statusmap_img (string) (defaults to: 'smbackground.gd2') —

specify an image to be used as a background in the statusmap CGI.
ng_use_colormap (boolean) (defaults to: false) —

Whether to set values of background colors.
ng_colormap_red (string) (defaults to: '255') —

value for the red area of the color map.
ng_colormap_green (string) (defaults to: '255') —

value for the green area of the color map
ng_colormap_blue (string) (defaults to: '255') —

value for the blue area of the color map.
ng_statusmap_layout (string) (defaults to: '6') —

Value for the default statusmap layout.
ng_wrl_layout (string) (defaults to: '4') —

Value for the default statuswrl layout.
ng_incl_own_wrl (boolean) (defaults to: false) —

Whether to include your own objects in the generated VRML world.
ng_statuswrl_include (string) (defaults to: '') —

Specify your own wrl object to be included in the generated VRML world. Only active if ng_incl_own_wrl is set to true.
ng_ping_syntax (string) (defaults to: '/bin/ping -n -U -c 5 $HOSTADDRESS$') —

what syntax should be used when attempting to ping a host from the WAP interface
ng_refresh_rate (string) (defaults to: '90') —

specify the refresh rate in seconds of various CGIs
ng_result_limit (string) (defaults to: '100') —

specify the default number of results displayed on the status.cgi.
ng_escape_html (string) (defaults to: '1') —

whether HTML tags in host and service status output is escaped in the web interface. If enabled, your plugin output will not be able to contain clickable links.
ng_use_sound (boolean) (defaults to: false) —

whether to enable sound usage.
ng_host_unreachable (string) (defaults to: 'hostdown.wav') —

soundfile for host unreachable Only active if ng_use_sound is set to true.
ng_host_down (string) (defaults to: 'hostdown.wav') —

soundfile for host down Only active if ng_use_sound is set to true.
ng_svc_critical (string) (defaults to: 'critical.wav') —

soundfile for service critical. Only active if ng_use_sound is set to true.
ng_svc_warn (string) (defaults to: 'warning.wav') —

soundfile for service warning Only active if ng_use_sound is set to true.
ng_svc_unknown (string) (defaults to: 'warning.wav') —

soundfile for service unknown Only active if ng_use_sound is set to true.
ng_normal_sound (string) (defaults to: 'noproblem.wav') —

soundfile for normal Only active if ng_use_sound is set to true.
ng_action_url_target (string) (defaults to: '_blank') —

Specify target frames in which action URLs will open
ng_notes_url_target (string) (defaults to: '_blank') —

Specify target frames in which notes URLs will open
ng_lock_author_names (string) (defaults to: '1') —

whether users can change the author name when submitting comments, scheduling downtime.
ng_enable_splunk (boolean) (defaults to: false) —

Whether to enable splunk integration.
ng_splunk_url (string) (defaults to: 'http://127.0.0.1:8000/') —

the URL for your Splunk URL
ng_navbar_addresses (string) (defaults to: '1') —

allow navbar search queries IP addresses
ng_navbar_aliases (string) (defaults to: '1') —

allow navbar search for aliases
ng_ack_no_sticky (string) (defaults to: '0') —

Enabling ack_no_sticky will default the "Sticky Acknowledgement" to be unchecked.
ng_ack_no_send (string) (defaults to: '0') —

Enabling ack_no_send will default the "Send Notification" to be unchecked.
ng_use_selinux_tools (boolean) (defaults to: true) —

Whether to enable selinux tools and policies. only effective if selinux is enabled.
ng_required_hosts (string) (defaults to: '') —

String of FQDNs for hosts which should be allowed/required. Requires format 'host1.example.com host2.example.com'. If you want no restriction, chose 'all'.
ng_required_ips (string) (defaults to: '127.0.0.0/8') —

string of <b>_<em>Ip addresses __** for hosts which should be allowed/reqired. Requires format 'ipaddress ip address range'. If you want no restriction, choose '0.0.0.0/0'Ip addresses _</em></b> for hosts which should be allowed/reqired. Requires format 'ipaddress ip address range'. If you want no restriction, choose '0.0.0.0/0'
ng_disable_welcome (boolean) (defaults to: true) —

Whether the regular welcome screen should be disabled. this is required for the nagios http check on the nagios server to be successful.
ng_enable_certbot (boolean) (defaults to: true) —

Whether to use certbot for automated TLS certificate management
ng_certbot_cert_path (string) (defaults to: '/var/www/html') —

the path for certbot to place challenges for teh certification process.
ng_mail_user (string) (defaults to: "admin@${::domain}") —

email address to receive administrative mail. used for nagios itself as well as for certbot.

See Also:

https://confdroid.com/2017/07/nagios-cgi-cfg/

# File 'manifests/params.pp', line 213

class cd_nagios::params (

$pkg_ensure           = 'latest',

$ng_nagios_server     = "nagios.${::domain}",
$ng_nagios_ext_ip     = undef,
$ng_mail_user         = "admin@${::domain}",

$ng_include_nrpe      = true,

# firewall
$ng_include_fw        = true,
$ng_use_https         = true,
$ng_http_https_fw     = true,
$ng_fw_order          = '50',
$ng_http_port         = '80',
$ng_https_port        = '443',

# check command parameters
## ping
$ng_ping_warn         = '100.0,20%',
$ng_ping_crit         = '500.0,60%',
$ng_ping_ensure       = 'present',
## disk
$ng_disk_warn         = '20%',
$ng_disk_crit         = '10%' ,
$ng_disk_ensure       = 'present',
# swap
$ng_swap_warn         = '20',
$ng_swap_crit         = '10',
$ng_swap_ensure       = 'present',
# users
$ng_users_warn        = '20',
$ng_users_crit        = '50',
$ng_users_ensure      = 'present',
#total procs
$ng_procs_tot_warn    = '330',
$ng_procs_tot_crit    = '400',
$ng_procs_tot_param   = 'RDST',
$ng_procs_tot_ens     = 'present',
# zombie procs
$ng_procs_z_warn      = '10',
$ng_procs_z_crit      = '30',
$ng_procs_z_param     = 'Z',
$ng_procs_z_ensure    = 'present',
# load
$ng_load_warn         = '5.00,4.00,3.00',
$ng_load_crit         = '10.00,6.00,4.00',
$ng_load_ensure       = 'present',

# user settings
$ng_user              = 'nagios',
$ng_u_comment         = 'Nagios service user',
$ng_u_uid             = '1004',
$ng_user_home         = '/var/spool/nagios',
$ng_u_groups          = undef,
$ng_user_shell        = '/bin/bash',

# cgi settings
$ng_context_help      = '1',
$ng_pending_state     = '1',
$ng_use_auth          = '1',
$ng_use_ssl_auth      = '0',
$ng_enable_def_user   = false,
$ng_def_user_name     = 'nagios_insecure',
$ng_nagios_admin      = 'nagios_sec_adm',
$ng_sysinfo_auth      = '',
$ng_confinfo_auth     = '',
$ng_command_auth      = '',
$ng_hostview_auth     = '',
$ng_serviceview_auth  = '',
$ng_host_cmd_auth     = '',
$ng_svc_cmd_auth      = '',
$ng_readonly_auth     = '' ,
$ng_statusmap_img     = 'smbackground.gd2',
$ng_use_colormap      = false,
$ng_colormap_red      = '255',
$ng_colormap_green    = '255',
$ng_colormap_blue     = '255',
$ng_statusmap_layout  = '6',
$ng_wrl_layout        = '4',
$ng_incl_own_wrl      = false,
$ng_statuswrl_include = '',
$ng_ping_syntax       = '/bin/ping -n -U -c 5 $HOSTADDRESS$',
$ng_refresh_rate      = '90',
$ng_result_limit      = '100',
$ng_escape_html       = '1',
$ng_use_sound         = false,
$ng_host_unreachable  = 'hostdown.wav',
$ng_host_down         = 'hostdown.wav',
$ng_svc_critical      = 'critical.wav',
$ng_svc_warn          = 'warning.wav',
$ng_svc_unknown       = 'warning.wav',
$ng_normal_sound      = 'noproblem.wav',
$ng_action_url_target = '_blank',
$ng_notes_url_target  = '_blank',
$ng_lock_author_names = '1',
$ng_enable_splunk     = false,
$ng_splunk_url        = 'http://127.0.0.1:8000/',
$ng_navbar_addresses  = '1',
$ng_navbar_aliases    = '1',
$ng_ack_no_sticky     = '0',
$ng_ack_no_send       = '0',

# selinux
$ng_use_selinux_tools = true,

# httpd
$ng_required_hosts    = '',
$ng_required_ips      = '127.0.0.0/8',
$ng_disable_welcome   = true,

# certbot
$ng_enable_certbot    = true,
$ng_certbot_cert_path = '/var/www/html',

) {

# installation section

  $reqpackages_server = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['nagios','nagios-devel']
  }
  $reqpackages_client = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['net-snmp-utils','nagios-plugins','nagios-plugins-all', 'nagios-plugins-nrpe', 'nagios-common']
  }
  $reqpackages_nrpe = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['nrpe']
  }

# service
$ng_service           = 'nagios'
$ae_service           = 'httpd'

# directories
$ng_main_dir          = '/etc/nagios'
$ng_conf_d_dir        = "${ng_main_dir}/conf.d"
$ng_objects_dir       = "${ng_main_dir}/objects"
$ng_private_dir       = "${ng_main_dir}/private"
$ng_usr_incl          = '/usr/include/nagios'
$ng_lib_dir           = '/usr/lib64/nagios'
$ng_log_dir           = '/var/log/nagios'
$ng_log_archives      = "${ng_log_dir}/archives"
$ng_spool_dir         = '/var/spool/nagios'
$ng_usr_share         = '/usr/share/nagios'
$ng_share_html        = "${ng_usr_share}/html"

# files
$ng_main_config       = "${ng_main_dir}/nagios.cfg"
$ng_cgi_cfg_file      = "${ng_main_dir}/cgi.cfg"
$ng_cgi_cfg_erb       = 'cd_nagios/nagios/cgi_cfg.erb'
$ng_htpasswd_file     = "${ng_main_dir}/passwd"
$ng_htpasswd_head     = 'cd_nagios/nagios/htpasswd_head.erb'
$ng_htpasswd_rule     = 'cd_nagios/nagios/htpasswd_rule.erb'
$ng_taccgi_erb        = 'cd_nagios/selinux/taccgi.erb'
$ng_statcgi_erb       = 'cd_nagios/selinux/statuscgi.erb'
$ng_nagios_conf       = '/etc/httpd/conf.d/nagios.conf'
$ng_nagios_conf_erb   = 'cd_nagios/httpd/nagios_conf.erb'
$ng_welcome_conf      = '/etc/httpd/conf.d/welcome.conf'
$ng_welcome_conf_erb  = 'cd_nagios/httpd/welcome_conf.erb'
$ng_forward_conf      = '/etc/httpd/conf.d/nagios_forward.conf'
$ng_forward_conf_erb  = 'cd_nagios/httpd/forward_conf.erb'
$ng_get_cert_erb      = 'cd_nagios/certbot/get_cert.erb'
$ng_unless_get_cert   = 'cd_nagios/certbot/unless_get_cert.erb'
$ng_unless_renew_erb  = 'cd_nagios/certbot/unless_renew_cert.erb'
$ng_create_tempvhost  = 'cd_nagios/certbot/create_tempfile.erb'
$ng_certbot_temp_file = '/etc/httpd/conf.d/certbot_temp.conf'

# includes must be last

  include cd_nagios::main::config

}