## cd_nagios::params.pp # Module name: cd_nagios # Author: Arne Teuke (arne_teuke@ConfDroid.com) # # License: # This file is part of cd_nagios. # # cd_nagios is used for providing automatic configuration of Nagios. # Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # @summary Class holds all parameters for the cd_nagios module and is # inherited by all classes except defines. # @see https://confdroid.com/2017/07/nagios-cgi-cfg/ # @param [string] pkg_ensure # which [package type](https://confdroid.com/2017/05/puppet-type-package/) # to choose, i.e. `latest` or `present`. # @param [string] ng_nagios_server Specify the FQDN of the nagios server host. # Must be a proper A-name, no CNAME i.e. on Loadbalancers. When the FQDN # matches the configured value, Nagios server components will be installed # and the clients will allow to be connected by that host. Impacts also # firewall ports (optional). # @param [string] ng_nagios_ext_ip Specify the IP address of the # nagios server. Required for NRPE configuration to allow the Nagios server # to connect to NRPE, which as of now does not trust DNS names. Must be the # public interface in case of NAT environments. # @param [boolean] ng_include_nrpe Whether to include NRPE to allow # Nagios to connect to clients # @param [string] ng_ping_warn Default value for ping warning check. Can be # overridden on host level. # @param [string] ng_ping_crit Default value for ping critical check. Can be # overridden on host level. # @param [boolean] ng_ping_ensure Wheter to include or exclude the check. # Can be overridden on host level. # @param [string] ng_disk_warn Default value for disk space warning check. # Can be overridden on host level. # @param [string] ng_disk_crit Default value for disk space critical check # Can be overridden on host level. # @param [boolean] ng_disk_ensure Whether to include or exclude the check. # Can be overridden on host level. # @param [string] ng_swap_warn Default value for swap space warning check. # Can be overridden on host level. # @param [string] ng_swap_crit Default value for swap space critical check. # Can be overridden on host level. # @param [boolean] ng_swap_ensure Whether to include or exclude the check. # Can be overridden on host level. # @param [string] ng_users_warn Default value for user logins warning check. # Can be overridden on host level. # @param [string] ng_users_crit Default value for user logins critical check # Can be overridden on host level. # @param [boolean] ng_users_ensure Whether to include or exclude the check. # Can be overridden on host level. # @param [string] ng_procs_tot_warn Default warning for the total processes # warning check. Can be overridden on host level. # @param [string] ng_procs_tot_crit Default warning for the total processes # critical check. Can be overridden on host level. # @param [string] ng_procs_tot_param Default value for the process flags to be # checked. Can be overridden on host level. # @param [boolean] ng_procs_tot_ens Whether to include or exclude the check. # Can be overridden on host level. # @param [string] ng_procs_z_warn Default value for the zombie processes # warning check. Can be overridden on host level. # @param [string] ng_procs_z_crit Default value for the zombie processess # critical check. Can be overridden on host level. # @param [string] ng_procs_z_param Default value for the zombie processes flag. # Can be overridden on host level. # @param [boolean] ng_procs_z_ensure Whether to include or exclude the check. # Can be overridden on host level. # @param [string] ng_load_warn Default value for the load warning check. # Can be overridden on host level. # @param [string] ng_load_crit Default value for the load critical check. # Can be overridden on host level. # @param [boolean] ng_load_ensure Whether to include or exclude the load check. # Can be overridden on host level. # @param [boolean] ng_include_fw Whether to include firewall management. # requires cd_firewall or puppetlabs-firewall module. # @param [string] ng_fw_order Prefix for the port number to establish proper # firewall rule ordering. # @param [boolean] ng_use_https Whether to use https. # @param [boolean] ng_http_https_fw Whether we want to forward http to https. # only active if `ng_use_https` is set to `true`. # @param [string] ng_http_port Specify the port to use for httpd. Used in # templates and for firewall (Optional) # @param [string] ng_https_port Specify the port to use for httpd. Used in # templates and for firewall (Optional) # @param [string] ng_user The name of the Nagios service user. # @param [string] ng_user_home The home directory for the Nagios service user # @param [string] ng_user_shell The shell for the Nagios service user, which # never should be allowed to login. # @param [string] ng_u_comment The comment for the Nagios service user for # /etc/passwd. Shows up in email notifocations from the Nagios daemon. # @param [string] ng_u_uid The UID for the Nagios service user. Important when # using shared environments like NFS. # @param [string] ng_u_groups The secondary groups for the Nagios service user. # Must not contain the primary group. # @param [string] ng_context_help whether or not a context-sensitive # help icon will be displayed for most of the CGIs. # @param [string] ng_pending_state what states should be displayed in the web # interface for hosts/services that have not yet been checked # @param [string] ng_use_auth whether or not the CGIs will use any # authentication when displaying host and service information, as # well as committing commands to Nagios for processing. This should **__not__** # be set to 0. # @param [string] ng_use_ssl_auth allows you to use x509 cert (SSL) # authentication in the CGIs. This is an advanced option and should # not be enabled unless you know what you're doing. # @param [boolean] ng_enable_def_user Whether to enable a default user # (**__not recommended__**). # @param [string] ng_def_user_name default user name that can # access pages without authentication. This allows people within a # secure domain (i.e., behind a firewall) to see the current status # without authenticating. Only actuve if `ng_enable_def_user` is set to `true` # @param [string] ng_nagios_admin Specify the name of a nagios administration # user here. Value will be used in cgi.cfg for all authorized commands and info, # i.e. nagiosadmin. however, its stronlgly suggested to use a different name. # Can be overridden per host / hostgroups, so allows flexibility and increased # security. You can also add a comma-separated list of people in here instead, # which then would function like a group instead a single user. # @param [string] ng_sysinfo_auth comma-delimited list of all usernames that # have access to viewing the Nagios process information as # provided by the Extended Information CGI (extinfo.cgi). # @param [string] ng_confinfo_auth comma-delimited list of all usernames that # can view ALL configuration information (hosts, commands, etc). # @param [string] ng_command_auth comma-delimited list of all usernames that # can issue shutdown and restart commands to Nagios via the # command CGI (cmd.cgi). # @param [string] ng_hostview_auth comma-delimited lists of all usernames that # can view information for all hosts # @param [string] ng_serviceview_auth comma-delimited lists of all usernames # that can view information for all services. # @param [string] ng_host_cmd_auth comma-delimited lists of all usernames that # can issue host related commands. # @param [string] ng_svc_cmd_auth comma-delimited lists of all usernames that # can issue service related commands. # @param [string] ng_readonly_auth comma-delimited list of usernames that have # read-only rights in the CGIs. # @param [string] ng_statusmap_img specify an image to be used as a # background in the statusmap CGI. # @param [boolean] ng_use_colormap Whether to set values of background colors. # @param [string] ng_colormap_red value for the `red` area of the color map. # @param [string] ng_colormap_green value for the `green` area of the color map # @param [string] ng_colormap_blue value for the `blue` area of the color map. # @param [string] ng_statusmap_layout Value for the default statusmap layout. # @param [string] ng_wrl_layout Value for the default statuswrl layout. # @param [boolean] ng_incl_own_wrl Whether to include your own objects in the # generated VRML world. # @param [string] ng_statuswrl_include Specify your own wrl object to be # included in the generated VRML world. Only active if `ng_incl_own_wrl` # is set to `true`. # @param [string] ng_ping_syntax what syntax should be used when # attempting to ping a host from the WAP interface # @param [string] ng_refresh_rate specify the refresh rate in seconds # of various CGIs # @param [string] ng_result_limit specify the default number of results # displayed on the status.cgi. # @param [string] ng_escape_html whether HTML tags in host and service # status output is escaped in the web interface. If enabled, # your plugin output will not be able to contain clickable links. # @param [boolean] ng_use_sound whether to enable sound usage. # @param [string] ng_host_unreachable soundfile for `host unreachable` # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_host_down soundfile for `host down` # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_svc_critical soundfile for `service critical`. # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_svc_warn soundfile for `service warning` # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_svc_unknown soundfile for `service unknown` # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_normal_sound soundfile for `normal` # Only active if `ng_use_sound` is set to `true`. # @param [string] ng_action_url_target Specify target frames in which # action URLs will open # @param [string] ng_notes_url_target Specify target frames in which # notes URLs will open # @param [string] ng_lock_author_names whether users can change the author # name when submitting comments, scheduling downtime. # @param [boolean] ng_enable_splunk Whether to enable splunk integration. # @param [string] ng_splunk_url the URL for your Splunk URL # @param [string] ng_navbar_addresses allow navbar search queries IP addresses # @param [string] ng_navbar_aliases allow navbar search for aliases # @param [string] ng_ack_no_sticky Enabling ack_no_sticky will default the # "Sticky Acknowledgement" to be unchecked. # @param [string] ng_ack_no_send Enabling ack_no_send will default the # "Send Notification" to be unchecked. # @param [boolean] ng_use_selinux_tools Whether to enable selinux tools and # policies. only effective if selinux is enabled. ############################################################################### class cd_nagios::params ( $pkg_ensure = 'latest', $ng_nagios_server = "nagios.${::domain}", $ng_nagios_ext_ip = undef, $ng_include_nrpe = true, # firewall $ng_include_fw = true, $ng_use_https = true, $ng_http_https_fw = true, $ng_fw_order = '50', $ng_http_port = '80', $ng_https_port = '443', # check command parameters ## ping $ng_ping_warn = '100.0,20%', $ng_ping_crit = '500.0,60%', $ng_ping_ensure = 'present', ## disk $ng_disk_warn = '20%', $ng_disk_crit = '10%' , $ng_disk_ensure = 'present', # swap $ng_swap_warn = '20', $ng_swap_crit = '10', $ng_swap_ensure = 'present', # users $ng_users_warn = '20', $ng_users_crit = '50', $ng_users_ensure = 'present', #total procs $ng_procs_tot_warn = '330', $ng_procs_tot_crit = '400', $ng_procs_tot_param = 'RDST', $ng_procs_tot_ens = 'present', # zombie procs $ng_procs_z_warn = '10', $ng_procs_z_crit = '30', $ng_procs_z_param = 'Z', $ng_procs_z_ensure = 'present', # load $ng_load_warn = '5.00,4.00,3.00', $ng_load_crit = '10.00,6.00,4.00', $ng_load_ensure = 'present', # user settings $ng_user = 'nagios', $ng_u_comment = 'Nagios service user', $ng_u_uid = '1004', $ng_user_home = '/var/spool/nagios', $ng_u_groups = undef, $ng_user_shell = '/bin/bash', # cgi settings $ng_context_help = '1', $ng_pending_state = '1', $ng_use_auth = '1', $ng_use_ssl_auth = '0', $ng_enable_def_user = false, $ng_def_user_name = 'nagios_insecure', $ng_nagios_admin = 'nagios_sec_adm', $ng_sysinfo_auth = '', $ng_confinfo_auth = '', $ng_command_auth = '', $ng_hostview_auth = '', $ng_serviceview_auth = '', $ng_host_cmd_auth = '', $ng_svc_cmd_auth = '', $ng_readonly_auth = '' , $ng_statusmap_img = 'smbackground.gd2', $ng_use_colormap = false, $ng_colormap_red = '255', $ng_colormap_green = '255', $ng_colormap_blue = '255', $ng_statusmap_layout = '6', $ng_wrl_layout = '4', $ng_incl_own_wrl = false, $ng_statuswrl_include = '', $ng_ping_syntax = '/bin/ping -n -U -c 5 $HOSTADDRESS$', $ng_refresh_rate = '90', $ng_result_limit = '100', $ng_escape_html = '1', $ng_use_sound = false, $ng_host_unreachable = 'hostdown.wav', $ng_host_down = 'hostdown.wav', $ng_svc_critical = 'critical.wav', $ng_svc_warn = 'warning.wav', $ng_svc_unknown = 'warning.wav', $ng_normal_sound = 'noproblem.wav', $ng_action_url_target = '_blank', $ng_notes_url_target = '_blank', $ng_lock_author_names = '1', $ng_enable_splunk = false, $ng_splunk_url = 'http://127.0.0.1:8000/', $ng_navbar_addresses = '1', $ng_navbar_aliases = '1', $ng_ack_no_sticky = '0', $ng_ack_no_send = '0', # selinux $ng_use_selinux_tools = true, ) { # installation section $reqpackages_server = $::operatingsystem ? { /(?i-mx:centos|fedora|redhat)/ => ['nagios','nagios-devel'] } $reqpackages_client = $::operatingsystem ? { /(?i-mx:centos|fedora|redhat)/ => ['net-snmp-utils','nagios-plugins','nagios-plugins-all', 'nagios-plugins-nrpe', 'nagios-common'] } $reqpackages_nrpe = $::operatingsystem ? { /(?i-mx:centos|fedora|redhat)/ => ['nrpe'] } # service $ng_service = 'nagios' # directories $ng_main_dir = '/etc/nagios' $ng_conf_d_dir = "${ng_main_dir}/conf.d" $ng_objects_dir = "${ng_main_dir}/objects" $ng_private_dir = "${ng_main_dir}/private" $ng_usr_incl = '/usr/include/nagios' $ng_lib_dir = '/usr/lib64/nagios' $ng_log_dir = '/var/log/nagios' $ng_log_archives = "${ng_log_dir}/archives" $ng_spool_dir = '/var/spool/nagios' $ng_usr_share = '/usr/share/nagios' $ng_share_html = "${ng_usr_share}/html" # files $ng_main_config = "${ng_main_dir}/nagios.cfg" $ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg" $ng_cgi_cfg_erb = 'cd_nagios/nagios/cgi_cfg.erb' $ng_htpasswd_file = "${ng_main_dir}/passwd" $ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb' $ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb' $ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb' # includes must be last include cd_nagios::main::config }