# Readme

[![Build Status](https://jenkins.confdroid.com/job/confdroid_nagios/badge/icon?style=plastic)](https://jenkins.confdroid.com/job/confdroid_nagios/)
[![Security Hotspots](https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_nagios&metric=security_hotspots&token=sqb_927c2cd1f1b90805cde962af0f5eda9ec936eb6f)](https://sonarqube.confdroid.com/dashboard?id=confdroid_nagios)

- [Readme](#readme)
  - [Synopsis](#synopsis)
  - [WARNING](#warning)
  - [Features](#features)
  - [Repo Documentation](#repo-documentation)
  - [Dependencies](#dependencies)
  - [Deployment](#deployment)
  - [Configuration](#configuration)
    - [configuring UI user access](#configuring-ui-user-access)
    - [Additional UI users](#additional-ui-users)
    - [Adding contacts](#adding-contacts)
    - [Adding contact groups](#adding-contact-groups)
    - [Adding host groups](#adding-host-groups)
  - [PuppetDB](#puppetdb)
  - [SELINUX](#selinux)
  - [Support](#support)
  - [Tests](#tests)
  - [Contact Us](#contact-us)
  - [Disclaimer](#disclaimer)


## Synopsis

Nagios is a powerful open source software solution for monitoring your IT environments.

`confdroid_nagios` is a Puppet module allowing to fully automate the setup & configuration of the Nagios server, as well as actively adding client hosts and services to the monitoring environment through defines and `PuppetDB`.

At this stage, the module is being redeveloped and being built to the latest standards for Puppet 8.

## WARNING

***Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production***

## Features

- if FQDN equals the specified `ng_nagios_server`, nagios server with all required specs is installed, else only nagios client packages and the target specs
- an additional directory /etc/nagios/conf.d is created to place the custom checks etc. without being overwritten by updates.
- contacts and contactgroups are separated and filled in via define
- hostgroups are filled in via define, hosts are added dynamically
- configures all required directories for server and clients and sets proper permissions and selinux contexts
- configures the main nagios configuration file and sets values as (pre)configured per values in params, which can be overwritten.
- if `ng_include_nrpe`is set to `true`, the confdroid_nrpe module is automatically applied on clients ([confdroid_nrpe](https://sourcecode.confdroid.com/confdroid/confdroid_nrpe) must be in the catalogue then)

## Repo Documentation

See the full Puppet documentation including parameters in `docs/index.html`

## Dependencies

All dependencies must be included in the catalogue.

- `puppetlabs-firewall`
- `puppetlabs-stdlib`
- `puppetlabs-concat`
- `puppetlabs-nagios_core`

## Deployment

- native Puppet deployment

via site.pp or nodes.pp

```ruby
node 'example.example.net' {
  include confdroid_nagios
}
```

- through Foreman:

In order to apply parameters through Foreman, **__confdroid_nagios::params__*- must be added to the host or host group in question.

See [more details about class deployment on confdroid.com](https://confdroid.com/2017/05/deploying-our-puppet-modules/).

## Configuration

### configuring UI user access

Main access to the user interface requires defining an administrative user and password via `ng_main_user` and `ng_main_password`. The password should be encrypted like this: 

```bash
htpasswd -B -n  testuser
New password: 
Re-type new password: 
```

This results in

```text
testuser: $2y$05$rNy/P22OfYZlpdEPnCAIg.OUizRD34P7pDRwUGiaYjH44PcRuZ2ia
```

Use that value to override the default password in ENC or Hiera, if you use it.

### Additional UI users

The main user is automatically created. If you want to add more users, this should be done via the define confdroid_nagios::server::access. In your control repo, site.pp etc. address the access define like this:

```puppet
confdroid_nagios::server::access { 'example':
  ng_htpasswd_user     => 'example_user',
  ng_htpasswd_password => 'example_password_encrypted'
}
```

### Adding contacts

In order to add contacts for the notifications, address the define `confdroid_nagios::nagios::objects::add_contact` in your config repo, site.pp etc. like this:

```puppet
  confdroid_nagios::nagios::objects::add_contact { 'example_user':
    ng_contact_name   =>  'example_user',
    ng_contact_alias  =>  'Example User',
    ng_contact_groups =>  'admins',
    ng_contact_email  =>  'example@example.net',
  }
```

This requires the contact groups to be in place as well.

### Adding contact groups

In order to add contact groups for the notifications, address the define `confdroid_nagios::nagios::objects::add_contactgroups` in your config repo, site.pp etc. like this:

```puppet
  confdroid_nagios::nagios::objects::add_contactgroups { 'example_group':
    ng_contactgroup_name      => 'example_group',
    ng_contactgroup_alias     => 'Example Group',
    ng_contactgroup_register  => '1',
  }
```

### Adding host groups

In order to add host groups, address the define `confdroid_nagios::nagios::objects::add_hostgroups` in your config repo, site.pp etc. like this:

```puppet
  confdroid_nagios::nagios::objects::add_hostgroups { 'example_hostgroup':
    ng_hostgroup_name   => 'example_hostgroup',
    ng_hostgroup_alias  => 'Example Hostgroup',
  }
```

Hosts will be populated through the target.pp dynamically.

## PuppetDB

A working instance of PuppetDB connected to the Puppet master is required for this to work. Installation and configuration of PuppetDB is out of scope for this module, however [cd_puppetdb](https://gitlab.confdroid.com/puppet/cd_puppetdb) is available to automate this task for you as well within a few minutes.

## SELINUX

All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

## Support

- OS: Rocky 9
- Puppet 7 # Puppet does not support Nagios in Puppet 8 anymore, although it still works

## Tests

- Puppet Lint
  - excluded tests:
    - `--no-variable_scope-check`: not applicable as we are inheriting parameters from params class. the lint check does not distinguish between facts and inherited parameters.
- Puppet Parser
- ERB Template Parser
- Sonar Quality Gate

## Contact Us

- [contact Us](https://confdroid.com/contact/)
- [Feedback Portal](https://feedback.confdroid.com/)

## Disclaimer

confdroid as entity is entirely independent from Puppet. We provide custom configuration modules, written for specific purposes and specific environments.
The modules are tested and supported only as documented, and require testing in designated environments  (i.e. lab or development environments) for parameter tuning etc. before deploying into production environments.