4 include apache2::authn_anon
6 ssl::service { 'nagios.debian.org':
7 notify => Exec['service apache2 reload'],
10 apache2::site { '10-nagios.debian.org':
11 site => 'nagios.debian.org',
12 content => template('nagios/nagios.debian.org.conf.erb'),
20 ], { ensure => 'installed' })
24 require => Package['icinga'],
27 file { '/etc/icinga/apache2.conf':
28 content => template('nagios/icinga-apache2.conf.erb'),
29 notify => Exec['service apache2 reload'],
31 file { '/srv/nagios.debian.org/htpasswd':
36 file { '/etc/icinga/cgi.cfg':
38 target => 'config-pushed/static/cgi.cfg',
39 notify => Exec['service apache2 reload'],
41 file { '/etc/icinga/icinga.cfg':
43 target => 'config-pushed/static/icinga.cfg',
44 notify => Service['icinga'],
46 file { '/etc/icinga/objects':
52 source => 'puppet:///files/empty/',
53 notify => Service['icinga'],
55 file { '/etc/icinga/objects/contacts.cfg':
57 target => '../config-pushed/static/objects/contacts.cfg',
58 notify => Service['icinga'],
60 file { '/etc/icinga/objects/generic-host.cfg':
62 target => '../config-pushed/static/objects/generic-host.cfg',
63 notify => Service['icinga'],
65 file { '/etc/icinga/objects/generic-service.cfg':
67 target => '../config-pushed/static/objects/generic-service.cfg',
68 notify => Service['icinga'],
70 file { '/etc/icinga/objects/timeperiods.cfg':
72 target => '../config-pushed/static/objects/timeperiods.cfg',
73 notify => Service['icinga'],
76 file { '/etc/icinga/objects/xauto-dependencies.cfg':
78 target => '../config-pushed/generated/auto-dependencies.cfg',
79 notify => Service['icinga'],
81 file { '/etc/icinga/objects/xauto-hostgroups.cfg':
83 target => '../config-pushed/generated/auto-hostgroups.cfg',
84 notify => Service['icinga'],
86 file { '/etc/icinga/objects/xauto-hosts.cfg':
88 target => '../config-pushed/generated/auto-hosts.cfg',
89 notify => Service['icinga'],
91 file { '/etc/icinga/objects/xauto-servicegroups.cfg':
93 target => '../config-pushed/generated/auto-servicegroups.cfg',
94 notify => Service['icinga'],
96 file { '/etc/icinga/objects/xauto-services.cfg':
98 target => '../config-pushed/generated/auto-services.cfg',
99 notify => Service['icinga'],
102 file { '/etc/nagios-plugins/config/local-dsa-checkcommands.cfg':
104 target => '../../icinga/config-pushed/static/checkcommands.cfg',
105 notify => Service['icinga'],
107 file { '/etc/nagios-plugins/config/local-dsa-eventhandlers.cfg':
109 target => '../../icinga/config-pushed/static/eventhandlers.cfg',
110 notify => Service['icinga'],
113 file { '/etc/icinga/config-pushed':
115 target => '/srv/nagios.debian.org/config-pushed'
118 file { '/srv/nagios.debian.org':
122 file { '/srv/nagios.debian.org/config-pushed':
125 owner => 'nagiosadm',
126 group => 'nagiosadm',
129 concat::fragment { 'puppet-crontab--nagios--restart-stale-icinga':
130 target => '/etc/cron.d/puppet-crontab',
133 */15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
137 # The nagios server wants to do DNS queries on the primaries
138 @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
140 'named::primary::ferm',
141 'named::keyring::ferm',
143 description => 'Allow nagios master access to the primary for checks',
144 proto => ['udp', 'tcp'],
146 saddr => $base::public_addresses,
149 # The nagios server wants to connect to the NRPE server on all the hosts
150 @@ferm::rule::simple { "dsa-nrpe-from-${::fqdn}":
151 tag => 'nagios-nrpe::server',
152 description => 'Allow nagios master access to the nrpe daemon',
154 saddr => $base::public_addresses,
156 @@concat { "nrpe-debian-allow-${::fqdn}":
157 tag => 'nagios-nrpe::server::debianorg.cfg',
158 target => '/etc/nagios/nrpe.d/debianorg.cfg',
159 content => "allowed_hosts=${ $base::public_addresses.join(', ') }",