diff --git a/.gitignore b/.gitignore
index fa8cb09..6fc69f6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
.DS_Store
.pydevproject
spec/fixtures
+Vagrantfile
+.vagrant
diff --git a/.travis.yml b/.travis.yml
index 0514b0e..fa48917 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@ branches:
only:
- master
- development
+ - fixing_tests
notifications:
email: false
diff --git a/Modulefile b/Modulefile
index 32180f0..a733b0e 100644
--- a/Modulefile
+++ b/Modulefile
@@ -10,6 +10,6 @@ project_page 'http://hep-puppet.github.io/'
## Add dependencies, if any:
# dependency 'username/name', '>= 1.2.0'
dependency 'puppetlabs-apache', '>=0.9.0'
-dependency 'heppuppet-grid_repos', '0.1.0'
+dependency 'heppuppet-grid_repos', '>=0.1.0'
dependency 'puppetlabs-stdlib', '>=4.1.0'
dependency 'puppetlabs/firewall', '>=0.3.1'
diff --git a/TODO.md b/TODO.md
index 1f3f34b..8fc86f8 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,8 +1,12 @@
-[] groupadd sudoers (or change group name)
-[] add mod_auth_case configuration file (default apache module does not handle mod_auth_cas)
+[x] ~~groupadd sudoers (or change group name)~~ fix file permissions
+[x] add mod_auth_case configuration file (default apache module does not handle mod_auth_cas)
[] nagios::client mvparent and virtual are very custom values at the moment
-[] enable PHP for Nagios (or whatever is causing the problem)
+[x] enable PHP for Nagios (or whatever is causing the problem)
[] fix problem of hostdependencies if none are existent: make nagios.cfg into a template!!
[] documentation: for host dependencies to work, both have to be Nagios clients!
-[] nrpe config: needs to be a template to include the Nagios server IPs (in our case 1 public and 1 private)
-[] add vhost for pnp4nagios
+[x] nrpe config: needs to be a template to include the Nagios server IPs (in our case 1 public and 1 private)
+[x] add ~~vhost for~~ pnp4nagios configuration template
+[x] install missing perl nagios plugins (yum install perl-Nagios-Plugin)
+[x] install passive checks as cron jobs
+[] add send_nsca.cfg for server
+[] fix differences between /usr/lib64/nagios/plugins/check_nagios_config and /usr/lib64/nagios/plugins/check_nagios_config_passive
diff --git a/files/send_nsca.cfg b/files/send_nsca.cfg
new file mode 100644
index 0000000..c465463
--- /dev/null
+++ b/files/send_nsca.cfg
@@ -0,0 +1,62 @@
+####################################################
+# Sample NSCA Client Config File
+# Written by: Ethan Galstad (nagios@nagios.org)
+#
+# Last Modified: 02-21-2002
+####################################################
+
+
+# ENCRYPTION PASSWORD
+# This is the password/passphrase that should be used to encrypt the
+# outgoing packets. Note that the nsca daemon must use the same
+# password when decrypting the packet!
+# IMPORTANT: You don't want all the users on this system to be able
+# to read the password you specify here, so make sure to set
+# restrictive permissions on this config file!
+
+#password=
+
+
+
+# ENCRYPTION METHOD
+# This option determines the method by which the send_nsca client will
+# encrypt the packets it sends to the nsca daemon. The encryption
+# method you choose will be a balance between security and performance,
+# as strong encryption methods consume more processor resources.
+# You should evaluate your security needs when choosing an encryption
+# method.
+#
+# Note: The encryption method you specify here must match the
+# decryption method the nsca daemon uses (as specified in
+# the nsca.cfg file)!!
+# Values:
+# 0 = None (Do NOT use this option)
+# 1 = Simple XOR (No security, just obfuscation, but very fast)
+#
+# 2 = DES
+# 3 = 3DES (Triple DES)
+# 4 = CAST-128
+# 5 = CAST-256
+# 6 = xTEA
+# 7 = 3WAY
+# 8 = BLOWFISH
+# 9 = TWOFISH
+# 10 = LOKI97
+# 11 = RC2
+# 12 = ARCFOUR
+#
+# 14 = RIJNDAEL-128
+# 15 = RIJNDAEL-192
+# 16 = RIJNDAEL-256
+#
+# 19 = WAKE
+# 20 = SERPENT
+#
+# 22 = ENIGMA (Unix crypt)
+# 23 = GOST
+# 24 = SAFER64
+# 25 = SAFER128
+# 26 = SAFER+
+#
+
+encryption_method=1
diff --git a/manifests/client.pp b/manifests/client.pp
deleted file mode 100644
index 5c47bf0..0000000
--- a/manifests/client.pp
+++ /dev/null
@@ -1,13 +0,0 @@
-# Configures nagios client and sets up basic checks
-class nagios::client (
- $allowed_hosts = ['127.0.0.1'],) {
- class { 'nagios::install': }
-
- class { 'nagios::config::client': allowed_hosts => $allowed_hosts, }
-
- class { 'nagios::services::client': }
-
- Class['nagios::install'] -> Class['nagios::config::client'] ->
- Class['nagios::services::client']
-
-}
diff --git a/manifests/commands.pp b/manifests/commands.pp
index 2293bd9..7bf581b 100644
--- a/manifests/commands.pp
+++ b/manifests/commands.pp
@@ -4,14 +4,14 @@
command_line => '$USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$',
}
- $host_email = template('nagios/host_email.erb')
+ $host_email = '***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n'
$host_subject = '"** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **"'
$host_sendmail = "/bin/mail -s ${host_subject}"
nagios_command { 'notify-host-by-email':
command_line => "/usr/bin/printf \"%b\" \"${host_email}\" | ${host_sendmail}",
}
- $service_email = template('nagios/service_email.erb')
+ $service_email = '***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$'
$service_subject = '"** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **"'
$service_sendmail = "/bin/mail -s ${service_subject}"
@@ -243,9 +243,10 @@
command_line => '$USER1$/check_esx_hardware -H $HOSTADDRESS$ -u rnnagios -p TEST -l $ARG1$',
}
- nagios_command { 'check_puppet_checkin_db':
- command_line => '$USER1$/check_puppet_checkin_db $HOSTNAME$',
- }
+# Currently disabled as plugin is needs to be redesigned
+# nagios_command { 'check_puppet_checkin_db':
+# command_line => '$USER1$/check_puppet_checkin_db $HOSTNAME$',
+# }
nagios_command { 'check_nagiostats':
command_line => '$USER1$/check_nagiostats --EXEC /usr/bin/nagiostats',
diff --git a/manifests/config/client.pp b/manifests/config/client.pp
index b86bd8c..bd64372 100644
--- a/manifests/config/client.pp
+++ b/manifests/config/client.pp
@@ -50,24 +50,26 @@
tag => $::domain,
}
- # Install SELinux NRPE policy
- # if $::osfamily == 'RedHat' {
- # selinux::module { 'resnet-nrpe':
- # ensure => 'present',
- # source => 'puppet:///modules/nagios/nrpe/resnet-nrpe.te',
- # }
- # }
# Install base nrpe config
file { '/etc/nagios/nrpe.cfg':
- mode => '0755',
- owner => 'root',
- group => 'root',
- source => 'puppet:///modules/nagios/nrpe/nrpe.cfg',
+ ensure => present,
+ mode => '0644',
+ owner => 'nrpe',
+ group => 'nrpe',
+ content => template('nagios/nrpe.cfg.erb'),
require => Package['nrpe'],
notify => Service['nrpe'],
}
- # Install supplementary nrpe config
+ # install base send_nsca.cfg
+ file {'/etc/nagios/send_nsca.cfg':
+ ensure => present,
+ mode => '0644',
+ owner => 'root',
+ group => 'root',
+ source => 'puppet:///modules/nagios/send_nsca.cfg',
+ require => Package['nsca-client'],
+ }
# Add a symlink for the different path on ubuntu
if $::osfamily == 'Debian' {
@@ -100,13 +102,16 @@
require => Package['nrpe'],
}
+ # Add a VIRTUAL nagios user (should be created by nagios package)
+ @user { 'nagios':
+ ensure => present,
+ require => Package['nagios-plugins-all'],
+ }
+
# Then realize that virtual user with collection syntax
User <| title == 'nrpe' |>
# Elsewhere add to the parameters for that virtual resource using plusignment
- User <| title == 'nrpe' |> {
- groups +> 'sudoers'
- }
User <| title == 'nrpe' |> {
groups +> 'puppet'
}
diff --git a/manifests/config/server.pp b/manifests/config/server.pp
index 161cfef..419e95b 100644
--- a/manifests/config/server.pp
+++ b/manifests/config/server.pp
@@ -1,5 +1,6 @@
# Configuration for Nagios server
class nagios::config::server (
+ $allowed_hosts = ['127.0.0.1'],
$admins = {
'admin01' => {
contact_name => 'admin01',
@@ -23,10 +24,16 @@
}
,
$use_mod_auth_cas = true,
- $cas_validate_url = undef,
- $cas_login_url = undef,) {
+ $cas_login_url = undef,
+ $cas_users = [],
+ $cas_validate_url = undef,) {
+
+ include nagios::commands
+ include nagios::plugins::all
+ include nagios::plugins::server
+ include nagios::templates
# A server is also a client
- class { 'nagios::config::client': }
+ class { 'nagios::config::client': allowed_hosts => $allowed_hosts, }
# define contacts
class { 'nagios::config::contacts':
@@ -39,7 +46,7 @@
}
class { 'nagios::config::servicegroups':
- servicegroups => $servicegroups,
+ additional_servicegroups => $servicegroups,
}
# These configs are the ones that can't be dynamically generated by puppet,
@@ -79,7 +86,7 @@
before => Service['nagios'],
}
- file { '/etc/nagios/private/cgi.cfg':
+ file { '/etc/nagios/cgi.cfg':
alias => 'cgi.cfg',
mode => '0640',
owner => 'root',
@@ -185,4 +192,11 @@
group => 'nagios',
}
-}
\ No newline at end of file
+ # create virtual hosts
+ class { 'nagios::config::vhosts':
+ use_mod_auth_cas => $use_mod_auth_cas,
+ cas_validate_url => $cas_validate_url,
+ cas_login_url => $cas_login_url,
+ cas_users => $cas_users,
+ }
+}
diff --git a/manifests/config/servicegroups.pp b/manifests/config/servicegroups.pp
index 6f7e3b4..d606a6e 100644
--- a/manifests/config/servicegroups.pp
+++ b/manifests/config/servicegroups.pp
@@ -3,12 +3,70 @@
# Servicegroups need a name, an alias and a tag. That's it.
# tag should correspond to $::domain
class nagios::config::servicegroups (
- $servicegroups = {
+ $additional_servicegroups = {
'cpu' => {
alias => 'CPU',
tag => $::domain,
}
}
-) {
- create_resources('nagios_servicegroup', $servicegroups)
+ ,
+ $servicegroup_tag = $::domain,) {
+ # create default service groups
+ nagios_servicegroup { 'mysql':
+ alias => 'MySQL',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'dhcp':
+ alias => 'DHCP',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'dns':
+ alias => 'DNS',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'uptime':
+ alias => 'Uptime',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'network':
+ alias => 'Network',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'memory':
+ alias => 'Memory',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'cpu':
+ alias => 'CPU',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'load':
+ alias => 'Load',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'httpd':
+ alias => 'HTTPD',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'kernel':
+ alias => 'Kernel',
+ tag => $servicegroup_tag,
+ }
+
+ nagios_servicegroup { 'selinux':
+ alias => 'SELinux',
+ tag => $servicegroup_tag,
+ }
+
+ # create additional service groups
+ create_resources('nagios_servicegroup', $additional_servicegroups)
}
diff --git a/manifests/config/vhosts.pp b/manifests/config/vhosts.pp
index 848288a..b4f5628 100644
--- a/manifests/config/vhosts.pp
+++ b/manifests/config/vhosts.pp
@@ -2,60 +2,32 @@
# Currently only the CAS authentication method is supported
class nagios::config::vhosts (
$use_mod_auth_cas = true,
- $cas_validate_url = undef,
$cas_login_url = undef,
- $cas_users = [],) {
+ $cas_users = [],
+ $cas_validate_url = undef,) {
# since puppetlabs/apache does not support mod_cas, we need to manually create
# this file
if $use_mod_auth_cas == true {
file { '/etc/httpd/conf.d/00-cas_auth.conf':
- alias => '00-cas_auth.conf',
- content => template("${module_name}/00-cas_auth.conf.erb")
+ alias => '00-cas_auth.conf',
+ content => template("${module_name}/00-cas_auth.conf.erb"),
+ subscribe => Service['httpd']
}
}
$allowed_users = join($cas_users, ' ')
- # Combined apache config for nagios and pnp4nagios
- apache::vhost { 'Nagios':
- port => 80,
- docroot => '/usr/lib64/nagios/cgi-bin',
- servername => $::fqdn,
- serveraliases => [$::fqdn],
- error_log_file => 'logs/nagios_error_log',
- access_log_file => 'logs/nagios_access_log',
- access_log_format => 'common',
- directoryindex => 'index.php',
- scriptaliases => [{
- alias => '/nagios/cgi-bin/',
- path => '/usr/lib64/nagios/cgi-bin/'
- }
- ,],
- aliases => [{
- alias => '/nagios',
- path => '/usr/share/nagios/html'
- }
- ],
- directories => [
- {
- path => '/usr/lib64/nagios/cgi-bin/',
- options => [
- '+ExecCGI'],
- allow_override => ALL,
- order => 'allow,deny',
- allow => 'from all',
- auth_type => 'CAS',
- auth_require => "user ${allowed_users}",
- }
- ,
- {
- path => '/usr/share/nagios/html',
- allow_override => ALL,
- order => 'allow,deny',
- allow => 'from all',
- auth_type => 'CAS',
- auth_require => "user ${allowed_users}",
- }
- ],
+ # apache config for nagios
+ file { '/etc/httpd/conf.d/25-Nagios.conf':
+ alias => '25-Nagios.conf',
+ content => template("${module_name}/25-Nagios.conf.erb"),
+ subscribe => Service['httpd']
+ }
+
+ # apache configuration for pnp4nagios
+ file { '/etc/httpd/conf.d/35-PNP4Nagios.conf':
+ alias => '35-PNP4Nagios.conf',
+ content => template("${module_name}/35-PNP4Nagios.conf.erb"),
+ subscribe => Service['httpd']
}
# Remove stock nagios and pnp configs because they don't work
diff --git a/manifests/cron/check_nagios_config_passive.pp b/manifests/cron/check_nagios_config_passive.pp
index dc42a27..96bdf04 100644
--- a/manifests/cron/check_nagios_config_passive.pp
+++ b/manifests/cron/check_nagios_config_passive.pp
@@ -9,6 +9,6 @@
minute => 0,
month => '*',
weekday => '*',
- require => File['check_nagios_config_passive'],
+ require => File['check_nagios_config'],
}
}
diff --git a/manifests/fixes.pp b/manifests/fixes.pp
new file mode 100644
index 0000000..5dce09c
--- /dev/null
+++ b/manifests/fixes.pp
@@ -0,0 +1,12 @@
+# ## Fixes the file permissions for the Nagios configs.
+# The permissions are set to root due to a shortcoming in the
+# puppet nagios resource:
+# https://tickets.puppetlabs.com/browse/PUP-1327
+class nagios::fixes {
+ exec { 'fix_nagios_permissions':
+ command => 'chown root:nagios /etc/nagios/nagios*.cfg',
+ # test if already owned by root:nagios group
+ onlyif => 'test $(find /etc/nagios/nagios*.cfg ! -user root -o ! -group nagios | wc -l) -gt 0',
+ path => ['/bin', '/usr/bin'],
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 6f0515d..14d7c37 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,21 +2,120 @@
#
# This module manages nagios
#
-# Parameters: none
+# Parameters:
#
-# Actions:
+# allowed_hosts: a list of hosts which can connect to the Nagios client. Usually
+# the monitoring server + localhost.
#
-# Requires: see Modulefile
+# is_server: boolean to determine the set up.
+# True = server set up, false = client
+#
+# admins: hash of contacts for Nagios email warnings
+#
+# hostgroups: definition of groups for ordering hosts
+#
+# additional_servicegroups defines additional service groups which are not used
+# by default. An example:
+# $additional_servicegroups = 'cpu' => {
+# alias => 'CPU',
+# tag => $::domain,
+# },
+#
+# use_mod_auth_cas: turn on mod_cas authentication. Currently the only supported
+# authentication.
+#
+# cas_login_url: URL used for login within mod_cas
#
-# Sample Usage:
+# cas_users: user names that are allowed to access the Nagios pages via mod_cas
+#
+# cas_validate_url: URL used for validation within mod_cas
+#
+#
+# Requires: see Modulefile
#
class nagios (
- $allowed_hosts = ['127.0.0.1'],
- $is_server = false,) {
+ $allowed_hosts = ['127.0.0.1'],
+ $is_server = false,
+ $admins = {
+ 'admin01' => {
+ contact_name => 'admin01',
+ alias => 'Admin for life',
+ email => 'admin01@bristol.ac.uk',
+ }
+ }
+ ,
+ $hostgroups = {
+ 'default' => {
+ alias => 'default-hostgroup',
+ tag => $::domain,
+ }
+ }
+ ,
+ $additional_servicegroups = {
+ }
+ ,
+ $use_mod_auth_cas = true,
+ $cas_login_url = undef,
+ $cas_users = [],
+ $cas_validate_url = undef,
+ $ensure = installed,
+ $nagios_server = $::fqdn,) {
if $is_server == true {
- class { 'nagios::server': }
+ class { 'nagios::install':
+ is_server => true,
+ ensure => $ensure,
+ }
+
+ class { 'nagios::config::server':
+ allowed_hosts => $allowed_hosts,
+ admins => $admins,
+ hostgroups => $hostgroups,
+ servicegroups => $additional_servicegroups,
+ use_mod_auth_cas => $use_mod_auth_cas,
+ cas_login_url => $cas_login_url,
+ cas_users => $cas_users,
+ cas_validate_url => $cas_validate_url,
+ }
+
+ # A server is also a client
+ class { 'nagios::services::client':
+ }
+
+ # add nagios checks
+ class { 'nagios::services::nagios':
+ }
+
+ # Start the Nagios service, and make it restart if there have been changes
+ # to
+ # the config
+ service { 'nagios':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ hasrestart => false,
+ require => [Package['nagios'], File['nagios.cfg']],
+ }
+
+ # NSCA service to accept passive checks
+ service { 'nsca':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ hasrestart => true,
+ require => [Service['nagios'], Package['nsca'], File['nsca.cfg']],
+ }
+
+ Class['nagios::install'] -> Class['nagios::config::server'] ->
+ Service['nagios'] -> Service['nsca']
} else {
- class { 'nagios::client': }
+ class { 'nagios::install': ensure => $ensure, }
+
+ class { 'nagios::config::client': allowed_hosts => $allowed_hosts, }
+
+ class { 'nagios::services::client': }
+
+ Class['nagios::install'] -> Class['nagios::config::client'] ->
+ Class['nagios::services::client']
}
}
diff --git a/manifests/install.pp b/manifests/install.pp
index ac7e835..1187cd0 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -1,8 +1,9 @@
# Installation of packages
class nagios::install (
+ $ensure = installed,
$is_server = false,) {
# for both client and server
- include nagios::cron::kernel_passive
+ class { 'nagios::cron::kernel_passive': }
include nagios::plugins::core
$nrpe_name = $::osfamily ? {
@@ -12,7 +13,7 @@
}
package { 'nrpe':
- ensure => installed,
+ ensure => $ensure,
name => $nrpe_name,
}
@@ -23,12 +24,12 @@
}
package { 'nsca-client':
- ensure => installed,
+ ensure => $ensure,
name => $nsca_client_name,
}
package { 'nagios-plugins':
- ensure => installed,
+ ensure => $ensure,
require => Class['grid_repos'],
}
@@ -39,7 +40,7 @@
'nagios-plugins-perl',
'nagios-plugins-check-tcptraffic',
'perl-DateTime']:
- ensure => installed,
+ ensure => $ensure,
require => Class['grid_repos'],
}
}
@@ -49,12 +50,12 @@
'nagios-plugins-basic',
'nagios-plugins-standard',
'nagios-plugins-extra']:
- ensure => installed,
+ ensure => $ensure,
}
# Install some perl modules on Debian as they don't seem to get pulled in by
# any dependencies
- package { 'libnagios-plugin-perl': ensure => installed, }
+ package { 'libnagios-plugin-perl': ensure => $ensure, }
}
if $is_server == true { # server only
@@ -63,7 +64,7 @@
'pnp4nagios',
'nagios-plugins-nrpe',
'nsca']:
- ensure => installed,
+ ensure => $ensure,
}
# Install apache web server and add httpd to the nagios group
diff --git a/manifests/plugin.pp b/manifests/plugin.pp
index 7c3dc1e..7302289 100644
--- a/manifests/plugin.pp
+++ b/manifests/plugin.pp
@@ -9,10 +9,8 @@
# http://docs.puppetlabs.com/guides/custom_facts.html
define nagios::plugin () {
$templated_plugins = [
- 'check_hardware_spec',
- 'check_kernel_passive_deb',
- 'check_kernel_passive_rpm',
- 'check_nagios_config_passive']
+ 'check_kernel_passive',
+ 'check_nagios_config_passive',]
$is_templated = member($templated_plugins, $title)
$defaults = {
diff --git a/manifests/plugins/core.pp b/manifests/plugins/core.pp
index 706ccff..18e2cac 100644
--- a/manifests/plugins/core.pp
+++ b/manifests/plugins/core.pp
@@ -1,5 +1,7 @@
# Core Nagios plugins used on all servers
-class nagios::plugins::core {
+class nagios::plugins::core (
+ $n_user_warning = 5,
+ $n_user_critical = 10,) {
nagios::plugin { 'check_ads': }
nagios::config::nrpe { 'check_ads':
@@ -8,9 +10,7 @@
nagios::plugin { 'check_cpu': }
- nagios::config::nrpe { 'check_cpu':
- command => 'check_cpu',
- }
+ nagios::config::nrpe { 'check_cpu': command => 'check_cpu', }
nagios::plugin { 'check_daemons': }
@@ -27,21 +27,10 @@
require => Package['sysstat'],
}
- $iostat_params = '-c 100000,100000,100000 -w 50000,50000,50000'
- nagios::config::nrpe { 'check_iostat_sda':
- command => "check_iostat -d sda ${iostat_params}",
- }
-
- nagios::config::nrpe { 'check_iostat_sdb':
- command => "check_iostat -d sdb ${iostat_params}",
- }
-
- nagios::config::nrpe { 'check_iostat_sdc':
- command => "check_iostat -d sdc ${iostat_params}",
- }
-
- nagios::config::nrpe { 'check_iostat_sdd':
- command => "check_iostat -d sdd ${iostat_params}",
+ $disks_array = split($::disks, ',')
+ nagios::plugins::iostat { [$disks_array]:
+ warning => 50000,
+ critical => 100000,
}
nagios::plugin { 'check_kernel': }
@@ -129,29 +118,8 @@
nagios::config::nrpe { 'check_mailq': command => 'check_mailq -w 5 -c 10', }
- nagios::config::nrpe { 'check_tcptraffic':
- command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000',
- }
-
- nagios::config::nrpe { 'check_tcptraffic_eth0':
- command => 'check_tcptraffic -i eth0 -s 1000 -w 75000000 -c 90000000',
- }
-
- nagios::config::nrpe { 'check_tcptraffic_eth1':
- command => 'check_tcptraffic -i eth1 -s 1000 -w 75000000 -c 90000000',
- }
-
- nagios::config::nrpe { 'check_tcptraffic_bond0':
- command => 'check_tcptraffic -i bond0 -s 1000 -w 75000000 -c 90000000',
- }
-
- nagios::config::nrpe { 'check_tcptraffic_bond0_383':
- command => 'check_tcptraffic -i bond0.383 -s 1000 -w 75000000 -c 90000000',
- }
-
- nagios::config::nrpe { 'check_tcptraffic_bond0_67':
- command => 'check_tcptraffic -i bond0.67 -s 1000 -w 75000000 -c 90000000',
- }
+ $interfaces_array = split($::interfaces, ',')
+ nagios::plugins::tcp_traffic { [$interfaces_array]: }
nagios::config::nrpe { 'check_linux_bonding':
command => 'check_linux_bonding',
@@ -168,13 +136,4 @@
# This plugin is not run via NRPE, but actually via cron and NSCA
nagios::plugin {'check_kernel_passive':}
-
- # This plugin is not run via NRPE, but actually via cron and NSCA
- file { "/usr/${::lib_path}/nagios/plugins/check_hardware_spec":
- source => 'puppet:///modules/nagios/plugins/check_hardware_spec',
- owner => 'root',
- group => 'root',
- mode => '0755',
- require => Package['nrpe', 'nagios-plugins'],
- }
}
diff --git a/manifests/plugins/iostat.pp b/manifests/plugins/iostat.pp
new file mode 100644
index 0000000..659ce15
--- /dev/null
+++ b/manifests/plugins/iostat.pp
@@ -0,0 +1,9 @@
+define nagios::plugins::iostat (
+ $warning = '50000',
+ $critical = '100000',) {
+ $iostat_params = "-c ${critical},${critical},${critical} -w ${warning},${warning},${warning}"
+
+ nagios::config::nrpe { "check_iostat_${name}":
+ command => "check_iostat -d ${name} ${iostat_params}",
+ }
+}
diff --git a/manifests/plugins/nagios.pp b/manifests/plugins/nagios.pp
index c26938b..6008ec1 100644
--- a/manifests/plugins/nagios.pp
+++ b/manifests/plugins/nagios.pp
@@ -1,15 +1,16 @@
# Nagios plugins and config for checking nagios servers
-class nagios::plugins::nagios {
+class nagios::plugins::nagios ($nagios_host = $::fqdn) {
# check_nagios_config
nagios::plugin { 'check_nagios_config': }
- nagios::config::nrpe { 'check_nagios_config':
- command => 'check_nagios_config',
+
+ nagios::config::nrpe { 'check_nagios_config': command => 'check_nagios_config',
+ }
+ User <| title == 'nrpe' |> {
+ groups +> 'nagios'
}
- User <| title == 'nrpe' |> { groups +> 'nagios' }
# check_nagiostats
nagios::plugin { 'check_nagiostats': }
- nagios::config::nrpe { 'check_nagiostats':
- command => 'check_nagiostats',
- }
+
+ nagios::config::nrpe { 'check_nagiostats': command => 'check_nagiostats', }
}
diff --git a/manifests/plugins/puppet.pp b/manifests/plugins/puppet.pp
index 3adeed1..59ce13f 100644
--- a/manifests/plugins/puppet.pp
+++ b/manifests/plugins/puppet.pp
@@ -8,13 +8,6 @@
require => Package['perl-DateTime'],
}
- # check_puppet_checkin_db
- nagios::plugin { 'check_puppet_checkin_db': }
-
- nagios::config::nrpe { 'check_puppet_checkin_db':
- command => 'check_puppet_checkin_db',
- }
-
# check_puppetmaster
nagios::config::nrpe { 'check_puppetmaster':
command => 'check_daemons puppet\ master',
diff --git a/manifests/plugins/tcp_traffic.pp b/manifests/plugins/tcp_traffic.pp
new file mode 100644
index 0000000..b6cdee2
--- /dev/null
+++ b/manifests/plugins/tcp_traffic.pp
@@ -0,0 +1,7 @@
+define nagios::plugins::tcp_traffic (
+ $warning = '75000000',
+ $critical = '90000000',) {
+ $command = "check_tcptraffic -i ${name} -s 1000 -w ${warning} -c ${critical}"
+
+ nagios::config::nrpe { "check_tcptraffic_${name}": command => $command, }
+}
diff --git a/manifests/server.pp b/manifests/server.pp
deleted file mode 100644
index 5bc89e4..0000000
--- a/manifests/server.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-# Nagios config for monitoring servers
-class nagios::server {
- class { 'nagios::install': is_server => true, }
-
- class { 'nagios::services::server': }
-
- class { 'nagios::config::server': }
-
- Class['nagios::install'] -> Class['nagios::config::server'] ->
- Class['nagios::services::server']
-}
diff --git a/manifests/services/client.pp b/manifests/services/client.pp
index c01c866..5876e2e 100644
--- a/manifests/services/client.pp
+++ b/manifests/services/client.pp
@@ -4,17 +4,18 @@
$warnload = $::processorcount * 7
$critload = $::processorcount * 10
- $lib = $::architecture ? {
+ $lib = $::architecture ? {
'i386' => 'lib',
'x86_64' => 'lib64',
default => 'lib',
}
$nrpe_service_name = $::osfamily ? {
- 'RedHat' => 'nrpe',
- 'Debian' => 'nagios-nrpe-server',
- default => 'nrpe',
- }
+ 'RedHat' => 'nrpe',
+ 'Debian' => 'nagios-nrpe-server',
+ default => 'nrpe',
+ }
+
# Start the monitoring services
service { 'nrpe':
ensure => running,
@@ -45,8 +46,6 @@
include nagios::services::memory
# ### UPTIME
include nagios::services::uptime
- # ### SELINUX
- include nagios::services::selinux
# ### NRPE
include nagios::services::nrpe
# ### AAAA RECORD
diff --git a/manifests/services/nagios.pp b/manifests/services/nagios.pp
index c931e27..db74459 100644
--- a/manifests/services/nagios.pp
+++ b/manifests/services/nagios.pp
@@ -32,12 +32,6 @@
# Also run the check every hour, so the passive check can't get stale
include nagios::cron::check_nagios_config_passive
- # file { 'check_nagios_config_passive_symlink':
- # ensure => link,
- # name => '/etc/cron.hourly/check_nagios_config_passive',
- # target => '/usr/lib64/nagios/plugins/check_nagios_config_passive',
- # }
-
# Passive Nagios service definition for the above
$check_dummy = 'check_dummy!1 "No passive checks for at least 48h"'
@@nagios_service { "check_nagios_config_${::fqdn}":
diff --git a/manifests/services/server.pp b/manifests/services/server.pp
deleted file mode 100644
index 51f0c5f..0000000
--- a/manifests/services/server.pp
+++ /dev/null
@@ -1,31 +0,0 @@
-# Summary of all monitoring services on the server side
-class nagios::services::server {
- # A server is also a client
- class { 'nagios::services::client': }
-
- class { 'nagios::services::nagios': }
-
- include nagios::commands
- include nagios::plugins::all
- include nagios::plugins::server
- include nagios::templates
-
- # Start the Nagios service, and make it restart if there have been changes to
- # the config
- service { 'nagios':
- ensure => running,
- enable => true,
- hasstatus => true,
- hasrestart => false,
- require => [Package['nagios'], File['nagios.cfg']],
- }
-
- # NSCA service to accept passive checks
- service { 'nsca':
- ensure => running,
- enable => true,
- hasstatus => true,
- hasrestart => true,
- require => [Service['nagios'], Package['nsca'], File['nsca.cfg']],
- }
-}
diff --git a/spec/classes/nagios_spec.rb b/spec/classes/nagios_spec.rb
index 5fcb5aa..a61a780 100644
--- a/spec/classes/nagios_spec.rb
+++ b/spec/classes/nagios_spec.rb
@@ -4,27 +4,78 @@
let(:title) { 'nagios' }
let(:node) { 'testing.phy.bris.ac.uk' }
+ # facts are either defined globally or separately after every
+ # 'context/describe'
let(:facts) { {
- :ipaddress => '10.13.37.100',
- :processorcount => 1,
- :osfamily => 'RedHat',
- :operatingsystem => 'Redhat',
- :operatingsystemrelease => '6.4',
- :concat_basedir => '/dne',
- } }
-
+ :ipaddress => '10.13.37.100',
+ :processorcount => 1,
+ :osfamily => 'RedHat',
+ :operatingsystem => 'Redhat',
+ :operatingsystemrelease => '6.4',
+ :concat_basedir => '/dne',
+ } }
+
describe 'Test standard installation on RedHat (client)' do
+ # packages
it { should contain_package('nagios-plugins').with_ensure('installed') }
+ it { should contain_package('nagios-plugins-all').with_ensure('installed') }
+ it { should contain_package('nagios-plugins-perl').with_ensure('installed') }
+ it { should contain_package('nagios-plugins-check-tcptraffic').with_ensure('installed') }
+ it { should contain_package('perl-DateTime').with_ensure('installed') }
it { should contain_package('nrpe').with_ensure('installed') }
+ it { should contain_package('nsca-client').with_ensure('installed') }
+ # services
it { should contain_service('nrpe').with_ensure('running') }
it { should contain_service('nrpe').with_enable('true') }
+ # files
+ it { should contain_file('/etc/nagios/nrpe.cfg').with({
+ 'ensure' => 'present',
+ 'owner' => 'nrpe',
+ 'group' => 'nrpe',
+ 'mode' => '0644',
+ })}
+ # users
+ it { should contain_user('nrpe') }
end
-
+
describe 'Test standard installation on RedHat (server)' do
let(:params) { {:is_server => true } }
+ # classes
+ it { should contain_class('apache') }
+ # packages
it { should contain_package('nagios').with_ensure('installed') }
+ it { should contain_package('pnp4nagios').with_ensure('installed') }
+ it { should contain_package('nagios-plugins-nrpe').with_ensure('installed') }
+ it { should contain_package('nsca').with_ensure('installed') }
+ # services
it { should contain_service('nagios').with_ensure('running') }
it { should contain_service('nagios').with_enable('true') }
+ it { should contain_service('httpd').with_ensure('running') }
+ it { should contain_service('httpd').with_enable('true') }
+ # files
+ it {should contain_file('/etc/nagios/private/resource.cfg').with({
+ 'owner' => 'root',
+ 'group' => 'nagios',
+ 'mode' => '0640',
+ })}
+ it {should contain_file('/etc/nagios/nagios.cfg').with({
+ 'owner' => 'root',
+ 'group' => 'nagios',
+ 'mode' => '0640',
+ })}
+ it {should contain_file('/etc/nagios/nsca.cfg').with({
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0600',
+ })}
+ it {should contain_file('/etc/nagios/cgi.cfg').with({
+ 'owner' => 'root',
+ 'group' => 'nagios',
+ 'mode' => '0640',
+ })}
+ # users
+ # the apache user has to be in the nagios group
+ it { should contain_user('apache') }
end
-
+
end
diff --git a/templates/25-Nagios.conf.erb b/templates/25-Nagios.conf.erb
new file mode 100644
index 0000000..0aa6398
--- /dev/null
+++ b/templates/25-Nagios.conf.erb
@@ -0,0 +1,42 @@
+# ************************************
+# Vhost template in module puppetlabs-apache
+# Managed by Puppet
+# ************************************
+
+
+ ServerName moonitor.phy.bris.ac.uk
+
+ ## Vhost docroot
+ DocumentRoot /usr/lib64/nagios/cgi-bin
+ ## Alias declarations for resources outside the DocumentRoot
+ ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
+ Alias /nagios /usr/share/nagios/html
+
+ ## Directories, there should at least be a declaration for /usr/lib64/nagios/cgi-bin
+
+ Options +ExecCGI
+ AllowOverride ALL
+ Order allow,deny
+ Allow from all
+ AuthType CAS
+ Require user <%= @allowed_users %>
+
+
+
+ AllowOverride ALL
+ Order allow,deny
+ Allow from all
+ AuthType CAS
+ Require user phxlk phpwl
+ DirectoryIndex index.php
+
+
+ ## Logging
+ ErrorLog /var/log/httpd/logs/nagios_error_log
+ LogLevel warn
+ ServerSignature Off
+ CustomLog /var/log/httpd/logs/nagios_access_log "common"
+
+ ## Server aliases
+ ServerAlias moonitor.phy.bris.ac.uk
+
diff --git a/templates/35-PNP4Nagios.conf.erb b/templates/35-PNP4Nagios.conf.erb
new file mode 100644
index 0000000..25a875c
--- /dev/null
+++ b/templates/35-PNP4Nagios.conf.erb
@@ -0,0 +1,28 @@
+#
+Alias /pnp4nagios "/usr/share/nagios/html/pnp4nagios/"
+
+
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+ #
+ # Use the same value as defined in nagios.conf
+
+ Authtype CAS
+ require user <%= @allowed_users %>
+
+
+ # Turn on URL rewriting
+ RewriteEngine On
+ Options FollowSymLinks
+ # Installation directory
+ RewriteBase /pnp4nagios/
+ # Protect application and system files from being viewed
+ RewriteRule ^(application|modules|system) - [F,L]
+ # Allow any files or directories that exist to be displayed directly
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ # Rewrite all other URLs to index.php/URL
+ RewriteRule .* index.php/$0 [PT,L]
+
+
diff --git a/templates/host_email.erb b/templates/host_email.erb
deleted file mode 100644
index b457551..0000000
--- a/templates/host_email.erb
+++ /dev/null
@@ -1,9 +0,0 @@
-***** Nagios *****
-
-Notification Type: $NOTIFICATIONTYPE$
-Host: $HOSTNAME$
-State: $HOSTSTATE$
-Address: $HOSTADDRESS$
-Info: $HOSTOUTPUT$
-
-Date/Time: $LONGDATETIME$
diff --git a/templates/plugins/check_hardware_spec.erb b/templates/plugins/check_hardware_spec.erb
deleted file mode 100644
index a6529f0..0000000
--- a/templates/plugins/check_hardware_spec.erb
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/usr/bin/perl -wT
-
-use strict;
-use List::Util qw[min max];
-
-# Ideal values for a system
-# CPU cores
-my $ideal_cpu = 2;
-# MB of memory
-my $ideal_mem = 480;
-# GB of disk
-my $ideal_disk = 6.7;
-
-# Untaint $ENV{PATH}
-$ENV{PATH}="/bin:/usr/bin";
-
-# Grab the short hostname
-my $hostname = `hostname -f`;
-$hostname =~ s/\.?$//; # nuke the trailing "." on the end of the fqdn (if it's there)
-$hostname =~ m/([a-z0-9\-\.]*)/; # untaint
-$hostname = $1;
-
-# Nagios return codes
-# Status codes: 0=OK, 1=Warning, 2=Critical, 3=Unknown
-my %returncode;
-$returncode{'0'} = 'OK';
-$returncode{'1'} = 'WARNING';
-$returncode{'2'} = 'CRITICAL';
-$returncode{'3'} = 'UNKNOWN';
-
-my $cpu_cores = `cat /proc/cpuinfo | grep "model name" | wc -l`;
-$cpu_cores =~ m/([0-9]*)/; # untaint
-$cpu_cores = $1;
-
-my $mem = `cat /proc/meminfo | grep MemTotal`;
-$mem =~ m/.([0-9]+)./; # untaint
-$mem = int($1/1024);
-
-my $disk = `df -h / | tail -n 1`;
-$disk =~ m/\/dev[^ ]* +([0-9\.]*)/; # Grab the first numerical column after the device path
-$disk = $1;
-
-my $cpu_status;
-my $cpu_text;
-if ($cpu_cores >= $ideal_cpu) {
- $cpu_status = 0;
- $cpu_text = "$cpu_cores cores.";
-} else {
- $cpu_status = 1;
- $cpu_text = "$cpu_cores cores. Recommend at least $ideal_cpu cores.";
-}
-
-my $mem_status;
-my $mem_text;
-if ($mem >= $ideal_mem) {
- $mem_status = 0;
- $mem_text = "$mem MB of memory.";
-} else {
- $mem_status = 1;
- $mem_text = "$mem MB of memory. Recommend at least $ideal_mem MB.";
-}
-
-my $disk_status;
-my $disk_text;
-if ($disk >= $ideal_disk) {
- $disk_status = 0;
- $disk_text = "$disk GB of disk.";
-} else {
- $disk_status = 1;
- $disk_text = "$disk GB of disk. Recommend at least $ideal_disk GB.";
-}
-
-my $status = max($cpu_status, $mem_status, $disk_status);
-my $text = "HARDWARE SPEC $returncode{$status} - $cpu_text $mem_text $disk_text\n";
-my $return = `echo "$hostname,Hardware spec,$status,$text" | /usr/sbin/send_nsca -d , -H <%= scope.lookupvar("::monitoring_server") %>`;
diff --git a/templates/plugins/check_kernel_passive_deb.erb b/templates/plugins/check_kernel_passive.erb
similarity index 68%
rename from templates/plugins/check_kernel_passive_deb.erb
rename to templates/plugins/check_kernel_passive.erb
index 3b8fe8b..aa0f9a7 100644
--- a/templates/plugins/check_kernel_passive_deb.erb
+++ b/templates/plugins/check_kernel_passive.erb
@@ -8,12 +8,26 @@ use strict;
my $running_kernel=`uname -r`;
chomp $running_kernel;
-my $dpkg = `which dpkg`;
+<% if scope.lookupvar('::osfamily') == 'RedHat' -%>
+my $rpm = `which rpm`;
+<% else -%>
+my $pkg_manager = `which dpkg`;
+<% end -%>
my $hostname = `hostname -f`;
-$hostname =~ s/\.?$//; # nuke the trailing "." on the end of the fqdn (if it's there)
chomp $hostname;
+$hostname =~ s/\.?$//; # nuke the trailing "." on the end of the fqdn (if it's there)
+
+<% if scope.lookupvar('::osfamily') == 'RedHat' -%>
+if ($rpm =~ m/no rpm in/i) {
+ my $text = "UNKNOWN - You must be running an RPM-based system";
+ my $status = 3;
+ &pushNagios($status, $text);
+ exit;
+}
+my $installed_kernel=`rpm -q kernel | tail -n 1`;
+<% else %>
if ($dpkg =~ m/no dpkg in/i) {
my $text = "UNKNOWN - You must be running a DEB-based system";
my $status = 3;
@@ -22,6 +36,7 @@ if ($dpkg =~ m/no dpkg in/i) {
}
my $installed_kernel=`dpkg --list | grep linux-image | tail -n 1 | cut -d ' ' -f 3`;
+<% end %>
chomp $installed_kernel;
if (!defined $running_kernel || !defined $installed_kernel) {
@@ -31,8 +46,13 @@ if (!defined $running_kernel || !defined $installed_kernel) {
exit;
}
+<% if scope.lookupvar('::osfamily') == 'RedHat' -%>
+# Strip off the "kernel-" prefix so the strings will match
+$installed_kernel =~ s/kernel-//gi;
+<% else %>
# Strip off the "linux-image-" prefix so the strings will match
$installed_kernel =~ s/linux-image-//gi;
+<% end %>
# Do the test
if ($running_kernel eq $installed_kernel) {
@@ -51,5 +71,6 @@ sub pushNagios {
my $status = shift;
my $text = shift;
$text =~ s/[^0-9a-z-\.\ _]//gi;
- my $return = `echo "$hostname,Kernel,$status,$text" | /usr/sbin/send_nsca -d , -H <%= scope.lookupvar("::monitoring_server") %>`;
+ my $return = `echo "$hostname,Kernel,$status,$text" | /usr/sbin/send_nsca -d , -H <%= @nagios_server %>`;
}
+
diff --git a/templates/plugins/check_kernel_passive_rpm.erb b/templates/plugins/check_kernel_passive_rpm.erb
deleted file mode 100644
index 5fbbd6b..0000000
--- a/templates/plugins/check_kernel_passive_rpm.erb
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/perl -w
-
-# Usage: check_kernel
-# Status codes: 0=OK, 1=Warning, 2=Critical, 3=Unknown
-
-use strict;
-
-my $running_kernel=`uname -r`;
-chomp $running_kernel;
-
-my $rpm = `which rpm`;
-
-my $hostname = `hostname -f`;
-chomp $hostname;
-$hostname =~ s/\.?$//; # nuke the trailing "." on the end of the fqdn (if it's there)
-
-if ($rpm =~ m/no rpm in/i) {
- my $text = "UNKNOWN - You must be running an RPM-based system";
- my $status = 3;
- &pushNagios($status, $text);
- exit;
-}
-
-my $installed_kernel=`rpm -q kernel | tail -n 1`;
-chomp $installed_kernel;
-
-if (!defined $running_kernel || !defined $installed_kernel) {
- my $text = "UNKNOWN - Test failed";
- my $status = 3;
- &pushNagios($status, $text);
- exit;
-}
-
-# Strip off the "kernel-" prefix so the strings will match
-$installed_kernel =~ s/kernel-//gi;
-
-# Do the test
-if ($running_kernel eq $installed_kernel) {
- my $text = "OK - Running latest installed kernel ($running_kernel)";
- my $status = 0;
- &pushNagios($status, $text);
- exit;
-} else {
- my $text = "WARNING - Running kernel $running_kernel. Reboot to run latest installed kernel ($installed_kernel)";
- my $status = 1;
- &pushNagios($status, $text);
- exit;
-}
-
-sub pushNagios {
- my $status = shift;
- my $text = shift;
- $text =~ s/[^0-9a-z-\.\ _]//gi;
- my $return = `echo "$hostname,Kernel,$status,$text" | /usr/sbin/send_nsca -d , -H <%= scope.lookupvar("::monitoring_server") %>`;
-}
diff --git a/templates/plugins/check_nagios_config_passive.erb b/templates/plugins/check_nagios_config_passive.erb
index e75ca13..8b4a885 100644
--- a/templates/plugins/check_nagios_config_passive.erb
+++ b/templates/plugins/check_nagios_config_passive.erb
@@ -54,5 +54,5 @@ sub pushNagios {
my $status = shift;
my $text = shift;
$text =~ s/[^0-9a-z-\.\ _]//gi;
- my $return = `echo "$hostname,Nagios config,$status,$text" | /usr/sbin/send_nsca -d , -H <%= scope.lookupvar("::monitoring_server") %>`;
+ my $return = `echo "$hostname,Nagios config,$status,$text" | /usr/sbin/send_nsca -d , -H <%= @nagios_server %>`;
}
diff --git a/templates/service_email.erb b/templates/service_email.erb
deleted file mode 100644
index d16e87c..0000000
--- a/templates/service_email.erb
+++ /dev/null
@@ -1,14 +0,0 @@
-***** Nagios *****
-
-Notification Type: $NOTIFICATIONTYPE$
-
-Service: $SERVICEDESC$
-Host: $HOSTALIAS$
-Address: $HOSTADDRESS$
-State: $SERVICESTATE$
-
-Date/Time: $LONGDATETIME$
-
-Additional Info:
-
-$SERVICEOUTPUT$