Merge pull request #10 from HEP-Puppet/development

Synchronising with Development branch

.gitignore

@@ -1,3 +1,5 @@
 .DS_Store
 .pydevproject
 spec/fixtures
+Vagrantfile
+.vagrant

.travis.yml

@@ -9,6 +9,7 @@ branches:
   only:
     - master
     - development
+    - fixing_tests
 
 notifications:
   email: false

Modulefile

@@ -10,6 +10,6 @@ project_page 'http://hep-puppet.github.io/'
 ## Add dependencies, if any:
 # dependency 'username/name', '>= 1.2.0'
 dependency 'puppetlabs-apache', '>=0.9.0'
-dependency 'heppuppet-grid_repos', '0.1.0'
+dependency 'heppuppet-grid_repos', '>=0.1.0'
 dependency 'puppetlabs-stdlib', '>=4.1.0'
 dependency 'puppetlabs/firewall', '>=0.3.1'

TODO.md

@@ -1,8 +1,12 @@
-[] groupadd sudoers (or change group name)
-[] add mod_auth_case configuration file (default apache module does not handle mod_auth_cas)
+[x] ~~groupadd sudoers (or change group name)~~ fix file permissions
+[x] add mod_auth_case configuration file (default apache module does not handle mod_auth_cas)
 [] nagios::client mvparent and virtual are very custom values at the moment
-[] enable PHP for Nagios (or whatever is causing the problem)
+[x] enable PHP for Nagios (or whatever is causing the problem)
 [] fix problem of hostdependencies if none are existent: make nagios.cfg into a template!!
 [] documentation: for host dependencies to work, both have to be Nagios clients!
-[] nrpe config: needs to be a template to include the Nagios server IPs (in our case 1 public and 1 private)
-[] add vhost for pnp4nagios
+[x] nrpe config: needs to be a template to include the Nagios server IPs (in our case 1 public and 1 private)
+[x] add ~~vhost for~~ pnp4nagios configuration template
+[x] install missing perl nagios plugins (yum install perl-Nagios-Plugin)
+[x] install passive checks as cron jobs
+[] add send_nsca.cfg for server
+[] fix differences between /usr/lib64/nagios/plugins/check_nagios_config and /usr/lib64/nagios/plugins/check_nagios_config_passive

files/send_nsca.cfg

@@ -0,0 +1,62 @@
+####################################################
+# Sample NSCA Client Config File 
+# Written by: Ethan Galstad ([email protected])
+# 
+# Last Modified: 02-21-2002
+####################################################
+
+
+# ENCRYPTION PASSWORD
+# This is the password/passphrase that should be used to encrypt the
+# outgoing packets.  Note that the nsca daemon must use the same 
+# password when decrypting the packet!
+# IMPORTANT: You don't want all the users on this system to be able
+# to read the password you specify here, so make sure to set
+# restrictive permissions on this config file!
+
+#password=
+
+
+
+# ENCRYPTION METHOD
+# This option determines the method by which the send_nsca client will
+# encrypt the packets it sends to the nsca daemon.  The encryption
+# method you choose will be a balance between security and performance,
+# as strong encryption methods consume more processor resources.
+# You should evaluate your security needs when choosing an encryption
+# method.
+#
+# Note: The encryption method you specify here must match the
+#       decryption method the nsca daemon uses (as specified in
+#       the nsca.cfg file)!!
+# Values:
+#       0 = None        (Do NOT use this option)
+#       1 = Simple XOR  (No security, just obfuscation, but very fast)
+#
+#       2 = DES
+#       3 = 3DES (Triple DES)
+#       4 = CAST-128
+#       5 = CAST-256
+#       6 = xTEA
+#       7 = 3WAY
+#       8 = BLOWFISH
+#       9 = TWOFISH
+#       10 = LOKI97
+#       11 = RC2
+#       12 = ARCFOUR
+#
+#       14 = RIJNDAEL-128
+#       15 = RIJNDAEL-192
+#       16 = RIJNDAEL-256
+#
+#       19 = WAKE
+#       20 = SERPENT
+#
+#       22 = ENIGMA (Unix crypt)
+#       23 = GOST
+#       24 = SAFER64
+#       25 = SAFER128
+#       26 = SAFER+
+#
+
+encryption_method=1

manifests/commands.pp

@@ -4,14 +4,14 @@
     command_line => '$USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$',
   }
 
-  $host_email = template('nagios/host_email.erb')
+  $host_email = '***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n'
   $host_subject = '"** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **"'
   $host_sendmail = "/bin/mail -s ${host_subject}"
   nagios_command { 'notify-host-by-email':
     command_line => "/usr/bin/printf \"%b\" \"${host_email}\" | ${host_sendmail}",
   }
 
-  $service_email = template('nagios/service_email.erb')
+  $service_email = '***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$'
   $service_subject = '"** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **"'
   $service_sendmail = "/bin/mail -s ${service_subject}"
 
@@ -243,9 +243,10 @@
     command_line => '$USER1$/check_esx_hardware -H $HOSTADDRESS$ -u rnnagios -p TEST -l $ARG1$',
   }
 
-  nagios_command { 'check_puppet_checkin_db':
-    command_line => '$USER1$/check_puppet_checkin_db $HOSTNAME$',
-  }
+# Currently disabled as plugin is needs to be redesigned
+#  nagios_command { 'check_puppet_checkin_db':
+#    command_line => '$USER1$/check_puppet_checkin_db $HOSTNAME$',
+#  }
 
   nagios_command { 'check_nagiostats':
     command_line => '$USER1$/check_nagiostats --EXEC /usr/bin/nagiostats',

manifests/config/client.pp

@@ -50,24 +50,26 @@
     tag             => $::domain,
   }
 
-  # Install SELinux NRPE policy
-  #  if $::osfamily == 'RedHat' {
-  #    selinux::module { 'resnet-nrpe':
-  #      ensure => 'present',
-  #      source => 'puppet:///modules/nagios/nrpe/resnet-nrpe.te',
-  #    }
-  #  }
   # Install base nrpe config
   file { '/etc/nagios/nrpe.cfg':
-    mode    => '0755',
-    owner   => 'root',
-    group   => 'root',
-    source  => 'puppet:///modules/nagios/nrpe/nrpe.cfg',
+    ensure  => present,
+    mode    => '0644',
+    owner   => 'nrpe',
+    group   => 'nrpe',
+    content => template('nagios/nrpe.cfg.erb'),
     require => Package['nrpe'],
     notify  => Service['nrpe'],
   }
 
-  # Install supplementary nrpe config
+  # install base send_nsca.cfg
+  file {'/etc/nagios/send_nsca.cfg':
+    ensure => present,
+    mode    => '0644',
+    owner   => 'root',
+    group   => 'root',
+    source => 'puppet:///modules/nagios/send_nsca.cfg',
+    require => Package['nsca-client'],
+  }
 
   # Add a symlink for the different path on ubuntu
   if $::osfamily == 'Debian' {
@@ -100,13 +102,16 @@
     require => Package['nrpe'],
   }
 
+  # Add a VIRTUAL nagios user (should be created by nagios package)
+  @user { 'nagios':
+    ensure  => present,
+    require => Package['nagios-plugins-all'],
+  }
+
   # Then realize that virtual user with collection syntax
   User <| title == 'nrpe' |>
 
   # Elsewhere add to the parameters for that virtual resource using plusignment
-  User <| title == 'nrpe' |> {
-    groups +> 'sudoers'
-  }
   User <| title == 'nrpe' |> {
     groups +> 'puppet'
   }

manifests/config/server.pp

@@ -1,5 +1,6 @@
 # Configuration for Nagios server
 class nagios::config::server (
+  $allowed_hosts    = ['127.0.0.1'],
   $admins           = {
     'admin01' => {
       contact_name => 'admin01',
@@ -23,10 +24,16 @@
   }
   ,
   $use_mod_auth_cas = true,
-  $cas_validate_url = undef,
-  $cas_login_url    = undef,) {
+  $cas_login_url    = undef,
+  $cas_users        = [],
+  $cas_validate_url = undef,) {
+
+  include nagios::commands
+  include nagios::plugins::all
+  include nagios::plugins::server
+  include nagios::templates
   # A server is also a client
-  class { 'nagios::config::client': }
+  class { 'nagios::config::client': allowed_hosts => $allowed_hosts, }
 
   # define contacts
   class { 'nagios::config::contacts':
@@ -39,7 +46,7 @@
   }
 
   class { 'nagios::config::servicegroups':
-    servicegroups => $servicegroups,
+    additional_servicegroups => $servicegroups,
   }
 
   # These configs are the ones that can't be dynamically generated by puppet,
@@ -79,7 +86,7 @@
     before  => Service['nagios'],
   }
 
-  file { '/etc/nagios/private/cgi.cfg':
+  file { '/etc/nagios/cgi.cfg':
     alias   => 'cgi.cfg',
     mode    => '0640',
     owner   => 'root',
@@ -185,4 +192,11 @@
     group   => 'nagios',
   }
 
-}
+  # create virtual hosts
+  class { 'nagios::config::vhosts':
+    use_mod_auth_cas => $use_mod_auth_cas,
+    cas_validate_url => $cas_validate_url,
+    cas_login_url    => $cas_login_url,
+    cas_users        => $cas_users,
+  }
+}

manifests/config/servicegroups.pp

@@ -3,12 +3,70 @@
 # Servicegroups need a name, an alias and a tag. That's it.
 # tag should correspond to $::domain
 class nagios::config::servicegroups (
-  $servicegroups = {
+  $additional_servicegroups = {
     'cpu' => {
       alias => 'CPU',
       tag   => $::domain,
     }
   }
-) {
-  create_resources('nagios_servicegroup', $servicegroups)
+  ,
+  $servicegroup_tag         = $::domain,) {
+  # create default service groups
+  nagios_servicegroup { 'mysql':
+    alias => 'MySQL',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'dhcp':
+    alias => 'DHCP',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'dns':
+    alias => 'DNS',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'uptime':
+    alias => 'Uptime',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'network':
+    alias => 'Network',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'memory':
+    alias => 'Memory',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'cpu':
+    alias => 'CPU',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'load':
+    alias => 'Load',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'httpd':
+    alias => 'HTTPD',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'kernel':
+    alias => 'Kernel',
+    tag   => $servicegroup_tag,
+  }
+
+  nagios_servicegroup { 'selinux':
+    alias => 'SELinux',
+    tag   => $servicegroup_tag,
+  }
+
+  # create additional service groups
+  create_resources('nagios_servicegroup', $additional_servicegroups)
 }