1 # our nagios server class
3 # it includes stored ferm configs for all the things it needs to access
4 # which are then collected by the monitored services
8 include apache2::authn_anon
10 ssl::service { 'nagios.debian.org':
11 notify => Exec['service apache2 reload'],
14 apache2::site { '10-nagios.debian.org':
15 site => 'nagios.debian.org',
16 content => template('nagios/nagios.debian.org.conf.erb'),
24 ], { ensure => 'installed' })
28 require => Package['icinga'],
31 file { '/etc/icinga/apache2.conf':
32 content => template('nagios/icinga-apache2.conf.erb'),
33 notify => Exec['service apache2 reload'],
35 file { '/srv/nagios.debian.org/htpasswd':
40 file { '/etc/icinga/cgi.cfg':
42 target => 'config-pushed/static/cgi.cfg',
43 notify => Exec['service apache2 reload'],
45 file { '/etc/icinga/icinga.cfg':
47 target => 'config-pushed/static/icinga.cfg',
48 notify => Service['icinga'],
50 file { '/etc/icinga/objects':
56 source => 'puppet:///files/empty/',
57 notify => Service['icinga'],
59 file { '/etc/icinga/objects/contacts.cfg':
61 target => '../config-pushed/static/objects/contacts.cfg',
62 notify => Service['icinga'],
64 file { '/etc/icinga/objects/generic-host.cfg':
66 target => '../config-pushed/static/objects/generic-host.cfg',
67 notify => Service['icinga'],
69 file { '/etc/icinga/objects/generic-service.cfg':
71 target => '../config-pushed/static/objects/generic-service.cfg',
72 notify => Service['icinga'],
74 file { '/etc/icinga/objects/timeperiods.cfg':
76 target => '../config-pushed/static/objects/timeperiods.cfg',
77 notify => Service['icinga'],
80 file { '/etc/icinga/objects/xauto-dependencies.cfg':
82 target => '../config-pushed/generated/auto-dependencies.cfg',
83 notify => Service['icinga'],
85 file { '/etc/icinga/objects/xauto-hostgroups.cfg':
87 target => '../config-pushed/generated/auto-hostgroups.cfg',
88 notify => Service['icinga'],
90 file { '/etc/icinga/objects/xauto-hosts.cfg':
92 target => '../config-pushed/generated/auto-hosts.cfg',
93 notify => Service['icinga'],
95 file { '/etc/icinga/objects/xauto-servicegroups.cfg':
97 target => '../config-pushed/generated/auto-servicegroups.cfg',
98 notify => Service['icinga'],
100 file { '/etc/icinga/objects/xauto-services.cfg':
102 target => '../config-pushed/generated/auto-services.cfg',
103 notify => Service['icinga'],
106 file { '/etc/nagios-plugins/config/local-dsa-checkcommands.cfg':
108 target => '../../icinga/config-pushed/static/checkcommands.cfg',
109 notify => Service['icinga'],
111 file { '/etc/nagios-plugins/config/local-dsa-eventhandlers.cfg':
113 target => '../../icinga/config-pushed/static/eventhandlers.cfg',
114 notify => Service['icinga'],
117 file { '/etc/icinga/config-pushed':
119 target => '/srv/nagios.debian.org/config-pushed'
122 file { '/srv/nagios.debian.org':
126 file { '/srv/nagios.debian.org/config-pushed':
129 owner => 'nagiosadm',
130 group => 'nagiosadm',
133 concat::fragment { 'puppet-crontab--nagios--restart-stale-icinga':
134 target => '/etc/cron.d/puppet-crontab',
137 */15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
141 # The nagios server wants to do DNS queries on the primaries
142 @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
144 'named::primary::ferm',
145 'named::keyring::ferm',
147 description => 'Allow nagios master access to the primary for checks',
148 proto => ['udp', 'tcp'],
150 saddr => $base::public_addresses,
153 # The nagios server wants to connect to the NRPE server on all the hosts
154 @@ferm::rule::simple { "dsa-nrpe-from-${::fqdn}":
155 tag => 'nagios-nrpe::server',
156 description => 'Allow nagios master access to the nrpe daemon',
158 saddr => $base::public_addresses,
160 @@concat::fragment { "nrpe-debian-allow-${::fqdn}":
161 tag => 'nagios-nrpe::server::debianorg.cfg',
162 target => '/etc/nagios/nrpe.d/debianorg.cfg',
163 content => "allowed_hosts=${ $base::public_addresses.join(', ') }",
165 # and we want to monitor smtp servers
166 @@ferm::rule::simple { "dsa-smtp-from-nagios-${::fqdn}":
167 tag => 'smtp::server::to::mail-satellite',
168 description => 'Allow smtp access from the nagios server',
169 port => '7', # will be overwritten on collection
170 saddr => $base::public_addresses,
172 # and we want to monitor ssh
173 @@ferm::rule::simple { "dsa-ssh-from-nagios-${::fqdn}":
174 tag => 'ssh::server::from::nagios',
175 description => 'Allow ssh access from the nagios server',
177 saddr => $base::public_addresses,