382 lines
18 KiB
ObjectPascal
382 lines
18 KiB
ObjectPascal
## cd_nagios::params.pp
|
|
# Module name: cd_nagios
|
|
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
|
|
# # License:
|
|
# This file is part of cd_nagios.
|
|
#
|
|
# cd_nagios is used for providing automatic configuration of Nagios.
|
|
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
# @summary Class holds all parameters for the cd_nagios module and is
|
|
# inherited by all classes except defines.
|
|
# @see https://confdroid.com/2017/07/nagios-cgi-cfg/
|
|
# @param [string] pkg_ensure
|
|
# which [package type](https://confdroid.com/2017/05/puppet-type-package/)
|
|
# to choose, i.e. `latest` or `present`.
|
|
# @param [string] ng_nagios_server Specify the FQDN of the nagios server host.
|
|
# Must be a proper A-name, no CNAME i.e. on Loadbalancers. When the FQDN
|
|
# matches the configured value, Nagios server components will be installed
|
|
# and the clients will allow to be connected by that host. Impacts also
|
|
# firewall ports (optional).
|
|
# @param [string] ng_nagios_ext_ip Specify the IP address of the
|
|
# nagios server. Required for NRPE configuration to allow the Nagios server
|
|
# to connect to NRPE, which as of now does not trust DNS names. Must be the
|
|
# public interface in case of NAT environments.
|
|
# @param [boolean] ng_include_nrpe Whether to include NRPE to allow
|
|
# Nagios to connect to clients
|
|
# @param [string] ng_ping_warn Default value for ping warning check. Can be
|
|
# overridden on host level.
|
|
# @param [string] ng_ping_crit Default value for ping critical check. Can be
|
|
# overridden on host level.
|
|
# @param [boolean] ng_ping_ensure Wheter to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_disk_warn Default value for disk space warning check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_disk_crit Default value for disk space critical check
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_disk_ensure Whether to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_swap_warn Default value for swap space warning check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_swap_crit Default value for swap space critical check.
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_swap_ensure Whether to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_users_warn Default value for user logins warning check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_users_crit Default value for user logins critical check
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_users_ensure Whether to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_procs_tot_warn Default warning for the total processes
|
|
# warning check. Can be overridden on host level.
|
|
# @param [string] ng_procs_tot_crit Default warning for the total processes
|
|
# critical check. Can be overridden on host level.
|
|
# @param [string] ng_procs_tot_param Default value for the process flags to be
|
|
# checked. Can be overridden on host level.
|
|
# @param [boolean] ng_procs_tot_ens Whether to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_procs_z_warn Default value for the zombie processes
|
|
# warning check. Can be overridden on host level.
|
|
# @param [string] ng_procs_z_crit Default value for the zombie processess
|
|
# critical check. Can be overridden on host level.
|
|
# @param [string] ng_procs_z_param Default value for the zombie processes flag.
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_procs_z_ensure Whether to include or exclude the check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_load_warn Default value for the load warning check.
|
|
# Can be overridden on host level.
|
|
# @param [string] ng_load_crit Default value for the load critical check.
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_load_ensure Whether to include or exclude the load check.
|
|
# Can be overridden on host level.
|
|
# @param [boolean] ng_include_fw Whether to include firewall management.
|
|
# requires cd_firewall or puppetlabs-firewall module.
|
|
# @param [string] ng_fw_order Prefix for the port number to establish proper
|
|
# firewall rule ordering.
|
|
# @param [boolean] ng_use_https Whether to use https.
|
|
# @param [boolean] ng_http_https_fw Whether we want to forward http to https.
|
|
# only active if `ng_use_https` is set to `true`.
|
|
# @param [string] ng_http_port Specify the port to use for httpd. Used in
|
|
# templates and for firewall (Optional)
|
|
# @param [string] ng_https_port Specify the port to use for httpd. Used in
|
|
# templates and for firewall (Optional)
|
|
# @param [string] ng_user The name of the Nagios service user.
|
|
# @param [string] ng_user_home The home directory for the Nagios service user
|
|
# @param [string] ng_user_shell The shell for the Nagios service user, which
|
|
# never should be allowed to login.
|
|
# @param [string] ng_u_comment The comment for the Nagios service user for
|
|
# /etc/passwd. Shows up in email notifocations from the Nagios daemon.
|
|
# @param [string] ng_u_uid The UID for the Nagios service user. Important when
|
|
# using shared environments like NFS.
|
|
# @param [string] ng_u_groups The secondary groups for the Nagios service user.
|
|
# Must not contain the primary group.
|
|
# @param [string] ng_context_help whether or not a context-sensitive
|
|
# help icon will be displayed for most of the CGIs.
|
|
# @param [string] ng_pending_state what states should be displayed in the web
|
|
# interface for hosts/services that have not yet been checked
|
|
# @param [string] ng_use_auth whether or not the CGIs will use any
|
|
# authentication when displaying host and service information, as
|
|
# well as committing commands to Nagios for processing. This should **__not__**
|
|
# be set to 0.
|
|
# @param [string] ng_use_ssl_auth allows you to use x509 cert (SSL)
|
|
# authentication in the CGIs. This is an advanced option and should
|
|
# not be enabled unless you know what you're doing.
|
|
# @param [boolean] ng_enable_def_user Whether to enable a default user
|
|
# (**__not recommended__**).
|
|
# @param [string] ng_def_user_name default user name that can
|
|
# access pages without authentication. This allows people within a
|
|
# secure domain (i.e., behind a firewall) to see the current status
|
|
# without authenticating. Only actuve if `ng_enable_def_user` is set to `true`
|
|
# @param [string] ng_nagios_admin Specify the name of a nagios administration
|
|
# user here. Value will be used in cgi.cfg for all authorized commands and info,
|
|
# i.e. nagiosadmin. however, its stronlgly suggested to use a different name.
|
|
# Can be overridden per host / hostgroups, so allows flexibility and increased
|
|
# security. You can also add a comma-separated list of people in here instead,
|
|
# which then would function like a group instead a single user.
|
|
# @param [string] ng_sysinfo_auth comma-delimited list of all usernames that
|
|
# have access to viewing the Nagios process information as
|
|
# provided by the Extended Information CGI (extinfo.cgi).
|
|
# @param [string] ng_confinfo_auth comma-delimited list of all usernames that
|
|
# can view ALL configuration information (hosts, commands, etc).
|
|
# @param [string] ng_command_auth comma-delimited list of all usernames that
|
|
# can issue shutdown and restart commands to Nagios via the
|
|
# command CGI (cmd.cgi).
|
|
# @param [string] ng_hostview_auth comma-delimited lists of all usernames that
|
|
# can view information for all hosts
|
|
# @param [string] ng_serviceview_auth comma-delimited lists of all usernames
|
|
# that can view information for all services.
|
|
# @param [string] ng_host_cmd_auth comma-delimited lists of all usernames that
|
|
# can issue host related commands.
|
|
# @param [string] ng_svc_cmd_auth comma-delimited lists of all usernames that
|
|
# can issue service related commands.
|
|
# @param [string] ng_readonly_auth comma-delimited list of usernames that have
|
|
# read-only rights in the CGIs.
|
|
# @param [string] ng_statusmap_img specify an image to be used as a
|
|
# background in the statusmap CGI.
|
|
# @param [boolean] ng_use_colormap Whether to set values of background colors.
|
|
# @param [string] ng_colormap_red value for the `red` area of the color map.
|
|
# @param [string] ng_colormap_green value for the `green` area of the color map
|
|
# @param [string] ng_colormap_blue value for the `blue` area of the color map.
|
|
# @param [string] ng_statusmap_layout Value for the default statusmap layout.
|
|
# @param [string] ng_wrl_layout Value for the default statuswrl layout.
|
|
# @param [boolean] ng_incl_own_wrl Whether to include your own objects in the
|
|
# generated VRML world.
|
|
# @param [string] ng_statuswrl_include Specify your own wrl object to be
|
|
# included in the generated VRML world. Only active if `ng_incl_own_wrl`
|
|
# is set to `true`.
|
|
# @param [string] ng_ping_syntax what syntax should be used when
|
|
# attempting to ping a host from the WAP interface
|
|
# @param [string] ng_refresh_rate specify the refresh rate in seconds
|
|
# of various CGIs
|
|
# @param [string] ng_result_limit specify the default number of results
|
|
# displayed on the status.cgi.
|
|
# @param [string] ng_escape_html whether HTML tags in host and service
|
|
# status output is escaped in the web interface. If enabled,
|
|
# your plugin output will not be able to contain clickable links.
|
|
# @param [boolean] ng_use_sound whether to enable sound usage.
|
|
# @param [string] ng_host_unreachable soundfile for `host unreachable`
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_host_down soundfile for `host down`
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_svc_critical soundfile for `service critical`.
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_svc_warn soundfile for `service warning`
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_svc_unknown soundfile for `service unknown`
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_normal_sound soundfile for `normal`
|
|
# Only active if `ng_use_sound` is set to `true`.
|
|
# @param [string] ng_action_url_target Specify target frames in which
|
|
# action URLs will open
|
|
# @param [string] ng_notes_url_target Specify target frames in which
|
|
# notes URLs will open
|
|
# @param [string] ng_lock_author_names whether users can change the author
|
|
# name when submitting comments, scheduling downtime.
|
|
# @param [boolean] ng_enable_splunk Whether to enable splunk integration.
|
|
# @param [string] ng_splunk_url the URL for your Splunk URL
|
|
# @param [string] ng_navbar_addresses allow navbar search queries IP addresses
|
|
# @param [string] ng_navbar_aliases allow navbar search for aliases
|
|
# @param [string] ng_ack_no_sticky Enabling ack_no_sticky will default the
|
|
# "Sticky Acknowledgement" to be unchecked.
|
|
# @param [string] ng_ack_no_send Enabling ack_no_send will default the
|
|
# "Send Notification" to be unchecked.
|
|
# @param [boolean] ng_use_selinux_tools Whether to enable selinux tools and
|
|
# policies. only effective if selinux is enabled.
|
|
# @param [string] ng_required_hosts String of **__FQDNs__** for hosts which
|
|
# should be allowed/required. Requires format
|
|
# 'host1.example.com host2.example.com'. If you want no restriction, chose 'all'.
|
|
# @param [string] ng_required_ips string of **__Ip addresses __** for hosts which
|
|
# should be allowed/reqired. Requires format 'ipaddress ip address range'.
|
|
# If you want no restriction, choose '0.0.0.0/0'
|
|
# @param [boolean] ng_disable_welcome Whether the regular welcome screen should
|
|
# be disabled. this is required for the nagios http check on the nagios server
|
|
# to be successful.
|
|
# @param [boolean] ng_enable_certbot Whether to use certbot for automated TLS
|
|
# certificate management
|
|
# @param [string] ng_certbot_cert_path the path for certbot to place
|
|
# challenges for teh certification process.
|
|
# @param [string] ng_mail_user email address to receive administrative mail.
|
|
# used for nagios itself as well as for certbot.
|
|
###############################################################################
|
|
class cd_nagios::params (
|
|
|
|
$pkg_ensure = 'latest',
|
|
|
|
$ng_nagios_server = "nagios.${::domain}",
|
|
$ng_nagios_ext_ip = undef,
|
|
$ng_mail_user = "admin@${::domain}",
|
|
|
|
$ng_include_nrpe = true,
|
|
|
|
# firewall
|
|
$ng_include_fw = true,
|
|
$ng_use_https = true,
|
|
$ng_http_https_fw = true,
|
|
$ng_fw_order = '50',
|
|
$ng_http_port = '80',
|
|
$ng_https_port = '443',
|
|
|
|
# check command parameters
|
|
## ping
|
|
$ng_ping_warn = '100.0,20%',
|
|
$ng_ping_crit = '500.0,60%',
|
|
$ng_ping_ensure = 'present',
|
|
## disk
|
|
$ng_disk_warn = '20%',
|
|
$ng_disk_crit = '10%' ,
|
|
$ng_disk_ensure = 'present',
|
|
# swap
|
|
$ng_swap_warn = '20',
|
|
$ng_swap_crit = '10',
|
|
$ng_swap_ensure = 'present',
|
|
# users
|
|
$ng_users_warn = '20',
|
|
$ng_users_crit = '50',
|
|
$ng_users_ensure = 'present',
|
|
#total procs
|
|
$ng_procs_tot_warn = '330',
|
|
$ng_procs_tot_crit = '400',
|
|
$ng_procs_tot_param = 'RDST',
|
|
$ng_procs_tot_ens = 'present',
|
|
# zombie procs
|
|
$ng_procs_z_warn = '10',
|
|
$ng_procs_z_crit = '30',
|
|
$ng_procs_z_param = 'Z',
|
|
$ng_procs_z_ensure = 'present',
|
|
# load
|
|
$ng_load_warn = '5.00,4.00,3.00',
|
|
$ng_load_crit = '10.00,6.00,4.00',
|
|
$ng_load_ensure = 'present',
|
|
|
|
# user settings
|
|
$ng_user = 'nagios',
|
|
$ng_u_comment = 'Nagios service user',
|
|
$ng_u_uid = '1004',
|
|
$ng_user_home = '/var/spool/nagios',
|
|
$ng_u_groups = undef,
|
|
$ng_user_shell = '/bin/bash',
|
|
|
|
# cgi settings
|
|
$ng_context_help = '1',
|
|
$ng_pending_state = '1',
|
|
$ng_use_auth = '1',
|
|
$ng_use_ssl_auth = '0',
|
|
$ng_enable_def_user = false,
|
|
$ng_def_user_name = 'nagios_insecure',
|
|
$ng_nagios_admin = 'nagios_sec_adm',
|
|
$ng_sysinfo_auth = '',
|
|
$ng_confinfo_auth = '',
|
|
$ng_command_auth = '',
|
|
$ng_hostview_auth = '',
|
|
$ng_serviceview_auth = '',
|
|
$ng_host_cmd_auth = '',
|
|
$ng_svc_cmd_auth = '',
|
|
$ng_readonly_auth = '' ,
|
|
$ng_statusmap_img = 'smbackground.gd2',
|
|
$ng_use_colormap = false,
|
|
$ng_colormap_red = '255',
|
|
$ng_colormap_green = '255',
|
|
$ng_colormap_blue = '255',
|
|
$ng_statusmap_layout = '6',
|
|
$ng_wrl_layout = '4',
|
|
$ng_incl_own_wrl = false,
|
|
$ng_statuswrl_include = '',
|
|
$ng_ping_syntax = '/bin/ping -n -U -c 5 $HOSTADDRESS$',
|
|
$ng_refresh_rate = '90',
|
|
$ng_result_limit = '100',
|
|
$ng_escape_html = '1',
|
|
$ng_use_sound = false,
|
|
$ng_host_unreachable = 'hostdown.wav',
|
|
$ng_host_down = 'hostdown.wav',
|
|
$ng_svc_critical = 'critical.wav',
|
|
$ng_svc_warn = 'warning.wav',
|
|
$ng_svc_unknown = 'warning.wav',
|
|
$ng_normal_sound = 'noproblem.wav',
|
|
$ng_action_url_target = '_blank',
|
|
$ng_notes_url_target = '_blank',
|
|
$ng_lock_author_names = '1',
|
|
$ng_enable_splunk = false,
|
|
$ng_splunk_url = 'http://127.0.0.1:8000/',
|
|
$ng_navbar_addresses = '1',
|
|
$ng_navbar_aliases = '1',
|
|
$ng_ack_no_sticky = '0',
|
|
$ng_ack_no_send = '0',
|
|
|
|
# selinux
|
|
$ng_use_selinux_tools = true,
|
|
|
|
# httpd
|
|
$ng_required_hosts = '',
|
|
$ng_required_ips = '127.0.0.0/8',
|
|
$ng_disable_welcome = true,
|
|
|
|
# certbot
|
|
$ng_enable_certbot = true,
|
|
$ng_certbot_cert_path = '/var/www/html',
|
|
|
|
) {
|
|
|
|
# installation section
|
|
|
|
$reqpackages_server = $::operatingsystem ? {
|
|
/(?i-mx:centos|fedora|redhat)/ => ['nagios','nagios-devel']
|
|
}
|
|
$reqpackages_client = $::operatingsystem ? {
|
|
/(?i-mx:centos|fedora|redhat)/ => ['net-snmp-utils','nagios-plugins','nagios-plugins-all', 'nagios-plugins-nrpe', 'nagios-common']
|
|
}
|
|
$reqpackages_nrpe = $::operatingsystem ? {
|
|
/(?i-mx:centos|fedora|redhat)/ => ['nrpe']
|
|
}
|
|
|
|
# service
|
|
$ng_service = 'nagios'
|
|
$ae_service = 'httpd'
|
|
|
|
# directories
|
|
$ng_main_dir = '/etc/nagios'
|
|
$ng_conf_d_dir = "${ng_main_dir}/conf.d"
|
|
$ng_objects_dir = "${ng_main_dir}/objects"
|
|
$ng_private_dir = "${ng_main_dir}/private"
|
|
$ng_usr_incl = '/usr/include/nagios'
|
|
$ng_lib_dir = '/usr/lib64/nagios'
|
|
$ng_log_dir = '/var/log/nagios'
|
|
$ng_log_archives = "${ng_log_dir}/archives"
|
|
$ng_spool_dir = '/var/spool/nagios'
|
|
$ng_usr_share = '/usr/share/nagios'
|
|
$ng_share_html = "${ng_usr_share}/html"
|
|
|
|
# files
|
|
$ng_main_config = "${ng_main_dir}/nagios.cfg"
|
|
$ng_cgi_cfg_file = "${ng_main_dir}/cgi.cfg"
|
|
$ng_cgi_cfg_erb = 'cd_nagios/nagios/cgi_cfg.erb'
|
|
$ng_htpasswd_file = "${ng_main_dir}/passwd"
|
|
$ng_htpasswd_head = 'cd_nagios/nagios/htpasswd_head.erb'
|
|
$ng_htpasswd_rule = 'cd_nagios/nagios/htpasswd_rule.erb'
|
|
$ng_taccgi_erb = 'cd_nagios/selinux/taccgi.erb'
|
|
$ng_statcgi_erb = 'cd_nagios/selinux/statuscgi.erb'
|
|
$ng_nagios_conf = '/etc/httpd/conf.d/nagios.conf'
|
|
$ng_nagios_conf_erb = 'cd_nagios/httpd/nagios_conf.erb'
|
|
$ng_welcome_conf = '/etc/httpd/conf.d/welcome.conf'
|
|
$ng_welcome_conf_erb = 'cd_nagios/httpd/welcome_conf.erb'
|
|
$ng_forward_conf = '/etc/httpd/conf.d/nagios_forward.conf'
|
|
$ng_forward_conf_erb = 'cd_nagios/httpd/forward_conf.erb'
|
|
|
|
|
|
# includes must be last
|
|
|
|
include cd_nagios::main::config
|
|
|
|
}
|