confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

TODO-0001 - add new tasks

Browse Source
This commit is contained in:
Arne Teuke
2021-09-13 15:25:45 +02:00
parent 29b15d8a7e
commit 33be877dfe
36 changed files with 151 additions and 6289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

367
doc/index.html
View File

@@ -1,367 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
File: README
&mdash; Documentation by YARD 0.9.9
</title>
<link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" />
<link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" />
<script type="text/javascript" charset="utf-8">
pathId = "";
relpath = '';
</script>
<script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="puppet_class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="_index.html">Index</a> &raquo;
<span class="title">File: README</span>
</div>
<div id="search">
<a class="full_list_link" id="puppet_class_list_link"
href="puppet_class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><div id='filecontents'>
<p>|Repo Name| version | Build
Status|
|---|---|---|---|
|<code>cd_nrpe</code>| 0.0.1.1 | <a
href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_nrpe">{Build
Status</a>/]|</p>
<h3 id="label-Synopsis">Synopsis</h3>
<p>NRPE allows monitoring tools like NAGIOS or ICINGA to connect to clients
for monitoring purposes.</p>
<p><code>cd_nrpe</code> is a fully parameterized Puppet module to automate
NRPE installation and configuration.</p>
<h3 id="label-WARNING">WARNING</h3>
<p><code>**__!!! Attention: Never use this puppet module on systems which have
been previously configured manually. It is impossible to predict how and
what would have been configured, hence previuos configurations outside the
scope of this module may be overwritten! Automated configurations require a
test environment to verify that the module suits the purpose intended by
the user, as well as tune the parameters, before deploying into live
production!!! __**</code></p>
<h3 id="label-Table+of+Contents">Table of Contents</h3>
<ul><li>
<p><a href="#features">Features</a></p>
</li><li>
<p><a
href="https://gitlab.puppetsoft.com/12WW1160/cd_nrpe/blob/master/REPOSTRUCTURE.md">Repo
Structure</a></p>
</li><li>
<p><a href="#repo-documentation">Repo Documention</a></p>
</li><li>
<p><a href="#dependencies">Dependencies</a></p>
</li><li>
<p><a href="#deployment">Deployment</a></p>
</li><li>
<p><a href="#native-puppet-deployment">native Puppet deployment</a></p>
</li><li>
<p><a href="#through-foreman">through Foreman</a></p>
</li><li>
<p><a href="#parameters">Parameters</a></p>
</li><li>
<p><a href="#managing-check-commands">Managing Check Commands</a></p>
</li><li>
<p><a href="#selinux">SELINUX</a></p>
</li><li>
<p><a href="#known-problems">Known Problems</a></p>
</li><li>
<p><a href="#support">Support</a></p>
</li><li>
<p><a href="#tests">Tests</a></p>
</li><li>
<p><a
href="https://gitlab.puppetsoft.com/12WW1160/cd_nrpe/blob/master/CHANGELOG.md">Changelog</a></p>
</li><li>
<p><a href="https://confdroid.com/contact/">Contact Us</a></p>
</li><li>
<p><a href="#disclaimer">Disclaimer</a></p>
</li></ul>
<h3 id="label-Features">Features</h3>
<p>INSTALLATION
* install nrpe binaries</p>
<p>CONFIGURATION
* manage NRPE service user properties
* manage directory
structure (file system permissions, selinux context) through parameters
*
manage configuration files through parameters:
* nrpe.conf
* nrpe.cfg
*
manage sudo role for nagios user on NRPE clients
* manage dynamic NRPE
check command definitions
* manage iptables (optional)
* manage selinux
rule exceptions (optional)</p>
<p>SERVICE
* manage NRPE service</p>
<h3 id="label-Repo+Structure">Repo Structure</h3>
<p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p>
<h3 id="label-Repo+Documentation">Repo Documentation</h3>
<p>The full puppet html documentation is available in docs/index.html</p>
<h3 id="label-Dependencies">Dependencies</h3>
<p>All dependencies must be included in the catalogue.</p>
<ul><li>
<p><a
href="https://gitlab.puppetsoft.com/12WW1160/cd_resources">cd_resources</a>
to manage YUM repositories.</p>
</li><li>
<p><a
href="https://gitlab.puppetsoft.com/12WW1160/cd_firewall">cd_firewall</a>
or <a href="https://github.com/puppetlabs/puppetlabs-firewall">puppetlabs
firewall</a> to manage iptables</p>
</li><li>
<p><a href="https://gitlab.puppetsoft.com/12WW1160/cd_stdlib">cd_stdlib</a> or
<a href="https://github.com/puppetlabs/puppetlabs-stdlib">puppetlabs
stdlib</a> to facilitate concat</p>
</li><li>
<p><a href="https://gitlab.puppetsoft.com/12WW1160/cd_stdlib">cd_concat</a> or
<a href="https://github.com/puppetlabs/puppetlabs-concat">puppetlabs
concat</a> for concatenating files</p>
</li></ul>
<h3 id="label-Deployment">Deployment</h3>
<p><code>cd_nrpe</code> does typically not need to be specifically declared.
It will be auto-required by <code>cd_nagios</code> with default settings.
Only if you want to override settings declare it specifically.</p>
<h5 id="label-native+Puppet+deployment">native Puppet deployment</h5>
<p>via site.pp or nodes.pp</p>
<pre class="code ruby"><code class="ruby">node &#39;example.example.net&#39; {
include cd_puppetdb
}</code></pre>
<h4 id="label-through+Foreman%3A">through Foreman:</h4>
<p>In order to apply parameters through Foreman,
<strong>cd_nrpe::params</strong> must be added to the host or hostgroup in
question, unless the defaults are fully acceptable across the estate.</p>
<p>See <a
href="https://confdroid.com/2017/05/deploying-our-puppet-modules/">more
details about class deployment on Confdroid.com</a>.</p>
<h3 id="label-Parameters">Parameters</h3>
<p>The following parameters are editable via params.pp or through ENC
(<strong>recommended</strong>). Values changed will take immediate effect
at next puppet run. Services will be restarted where neccessary. If you
want to override parameters, the <a href="#through-foreman">module must be
specifically declared to hosts when using ENC</a>.</p>
<p>The <a href="https://confdroid.com/2017/07/cd_nrpe-parameters/">full list
of Parameters</a> is available <a
href="https://confdroid.com/2017/07/cd_nrpe-parameters/">here</a> and in
the docs folder in the software repo.</p>
<h3 id="label-Mandatory+Parameters">Mandatory Parameters</h3>
<p>There are currently no mandatory parameters, i.e. the module will function
right out of box as is.</p>
<h3 id="label-Optional+Parameters">Optional Parameters</h3>
<ul><li>
<p><code>$ne_manage_cmds</code> : Whether to manage check command definitions
dynamically through a define, i.e. from other Puppet modules or profiles.
Defaults to <code>true</code>.</p>
</li><li>
<p><code>$ne_incl_fw</code> : Whether to manage relevant firewall rules
through this modules. Defaults to <code>true</code>.</p>
</li><li>
<p><code>$ne_include_selinux</code> : Whether to manage selinux exception
rules. Defaults to <code>true</code>.</p>
</li><li>
<p><code>$ne_enable_ssl</code> : Whether to allow SSL settings. See <a
href="#konwn-problems">known problems</a> for more details.</p>
</li><li>
<p><code>$ne_allow_sudo : Whether to allow the nagios / nrpe user to
use sudo by default. Controls both the
setting</code>command_prefix<code>and application of a sudo rule. Defaults
to</code>false` as it usually is not required for most of the checks.</p>
</li></ul>
<h3 id="label-Managing+Check+Commands">Managing Check Commands</h3>
<p>In order to connect a Nagios monitoring server to clients through NRPE, you
must define commands and the desired argument strings on the clients. The
default NRPE installation comes with a few examples of such commands, which
are also included in this module. However, every environment is very
different in their requirements and Nagios via Puppet is all about the
ability to dynamicically set command arguments based on default variables /
overrides. For that reason no hard-coded commands are included, but instead
all commands are set via argument strings, where possible.</p>
<p>The commands are created within /etc/nrpe.d/command.cfg , every set of
instructions creates a new line.</p>
<p>Defining commands is as simple as
that:
&lt;code&gt;
cd_nrpe::commands::definitions { &#39;check_users&#39;:
ne_check_cmd =&gt; &#39;check_users&#39;,
ne_cmd_argstring
=&gt; &#39;-w $ARG1$ -c $ARG2$&#39;,
}
&lt;/code&gt;
It is very
recommendable to define such commands directly within Puppet modules or
profiles, so any node running the particular service controlled by the
module will automatically get the required check commands defined as well,
while nodes not running the service also do not contain the command check.
The same then is true for Nagios checks, so you would have both the NRPE
command definition and the Nagios check contained in Puppet modules or
profiles to have it in once location.</p>
<h3 id="label-SELINUX">SELINUX</h3>
<p>All files and directories are configured with correct selinux context. If
selinux is disabled, these contexts are ignored.</p>
<h3 id="label-Known+Problems">Known Problems</h3>
<ul><li>
<p>SSL/TLS support: Version 3 of NRPE supposedly has support for SSL/ TLs.
However, at the time of writing this module, this seems to be buggy, as I
was unable to start the NRPE service as soon as the
<code>ssl_cert_file</code> line was uncommented in teh configuration file,
despite having valid certs in the right position on the node. This happened
when installing manually, not through this Puppet module. For that reason I
included the <code>$ne_enable_ssl</code> boolean parameter, which is set to
<code>false</code> by default, hence disabling SSL/TLS options until this
has been fixed upstream, or a valid workaround has been found. Setting this
option to <code>true</code> will include all SSL / TLS settings.</p>
</li></ul>
<h3 id="label-Troubleshooting">Troubleshooting</h3>
<ul><li>
<p><code>CHECH_NRPE: Unable to read output</code>: Nagios sudo access also
needs Selinux to allow this. Default settings in this module take care for
both through <code>$ne_allow_sudo</code> and
<code>$ne_include_selinux</code>.</p>
</li><li>
<p><code>CHECK_NRPE: Receive header underflow - only 0 bytes received (4
expected): This is down to the new illegal meta characters feature
via</code>nasty_metachars`, i.e. if you included an additional character
which actuall be part of a check, or if a custom check contains a default
illegal character.</p>
</li></ul>
<h3 id="label-Support">Support</h3>
<ul><li>
<p>OS: CentOS 6, 7</p>
</li><li>
<p>Puppet 3.x</p>
</li></ul>
<h3 id="label-Tests">Tests</h3>
<ul><li>
<p>Puppet Lint</p>
</li><li>
<p>excluded tests:</p>
<ul><li>
<p><code>--no-class_inherits_from_params_class-check</code>:relavant only to
non-supported outdated puppet versions</p>
</li><li>
<p><code>--no-variable_scope-check</code>: not applicable as we are inheriting
parameters from params class. the lint check does not distinguish between
facts and inherited parameters.</p>
</li><li>
<p><code>--no-80chars-check</code>: it is not always possible to stay within
80 characters, although typically only occurring on the parameter vault
<code>params.pp</code>.</p>
</li><li>
<p><code>--no-arrow_alignment-check</code>: this check leads to actually not
having am easily readable arrow alignment, as this checks <code>per
block</code>, not per class.</p>
</li></ul>
</li><li>
<p>Puppet Parser</p>
</li><li>
<p>ERB Template Parser</p>
</li><li>
<p>Test for unwanted UTF8 files in the Puppet code as this causes problems
with PuppetDB (see tests/UTF_Files)</p>
<h3 id="label-Contact+Us">Contact Us</h3>
<p><a href="https://confdroid.com/contact/">contact Us</a></p>
</li></ul>
<h3 id="label-Disclaimer">Disclaimer</h3>
<p>ConfDroid as entity is entirely independent from Puppet. We provide custom
configuration modules, written for specific purposes and specific
environments.
The modules are tested and supported only as documented, and
require testing in designated environments (i.e. lab or development
environments) for parameter tuning etc. before deploying into production
environments.</p>
</div></div>
<div id="footer">
Generated on Sun Jul 30 22:29:48 2017 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.9 (ruby-2.0.0).
</div>
</div>
</body>
</html>