X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnagios%2Fmanifests%2Fserver.pp;h=2e7b1eba0ed8a202fb108bf65605817716f26e3a;hb=1f37c1198a12c740639535f69d3f42b841c0aca5;hp=cf5ae48001ff951c6745fdd17d7fec733da9f197;hpb=ba7d7945f415e31e7b67659e745257cab106daa3;p=mirror%2Fdsa-puppet.git

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index cf5ae4800..2e7b1eba0 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -1,104 +1,165 @@
+# our nagios server class
+#
+# it includes stored ferm configs for all the things it needs to access
+# which are then collected by the monitored services
 class nagios::server {
+  include apache2
+  include apache2::ssl
+  include apache2::authn_anon
 
-	package { [
-			'nagios3',
-			'nagios-nrpe-plugin',
-			'nagios-plugins',
-			'nagios-images'
-		]:
-		ensure => installed
-	}
+  ssl::service { 'nagios.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+  apache2::site { '10-nagios.debian.org':
+    site    => 'nagios.debian.org',
+    content => template('nagios/nagios.debian.org.conf.erb'),
+  }
 
-	file { '/etc/init.d/nagios3':
-		source  => 'puppet:///modules/nagios/nagios3.init',
-		require => Package['nagios3'],
-		before  => Service['nagios3'],
-	}
+  ensure_packages( [
+    'icinga',
+    'make',
+    'monitoring-plugins',
+    'nagios-nrpe-plugin',
+    ], { ensure => 'installed' })
 
-	service { 'nagios3':
-		ensure  => running,
-		require => Package['nagios3'],
-	}
+  service { 'icinga':
+    ensure  => running,
+    require => Package['icinga'],
+  }
 
-	file { '/etc/nagios-plugins/config':
-		ensure  => directory,
-		recurse => remote,
-		source  => 'puppet:///files/empty/',
-		require => Package['nagios3'],
-		notify  => Service['nagios3'],
-	}
-	file { '/etc/nagios3':
-		ensure  => directory,
-		recurse => remote,
-		source  => 'puppet:///files/empty/',
-		require => Package['nagios3'],
-		notify  => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d':
-		ensure => directory,
-		recurse => remote,
-		source  => 'puppet:///files/empty/',
-		require => Package['nagios3'],
-		notify  => Service['nagios3'],
-	}
-	file { '/etc/nagios-plugins/config/local-dsa-checkcommands.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/checkcommands.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios-plugins/config/local-dsa-eventhandlers.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/eventhandlers.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/cgi.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/cgi.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/nagios.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/nagios.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/contacts.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/conf.d/contacts.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/generic-host.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-host.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/generic-service.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-service.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/timeperiods.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/static/conf.d/timeperiods.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-dependencies.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-dependencies.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-hostextinfo.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-hostgroups.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-hostgroups.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-hosts.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-hosts.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-serviceextinfo.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-servicegroups.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-servicegroups.cfg',
-		notify => Service['nagios3'],
-	}
-	file { '/etc/nagios3/puppetconf.d/auto-services.cfg':
-		source => 'puppet:///modules/nagios/dsa-nagios/generated/auto-services.cfg',
-		notify => Service['nagios3'],
-	}
+  file { '/etc/icinga/apache2.conf':
+    content => template('nagios/icinga-apache2.conf.erb'),
+    notify  => Exec['service apache2 reload'],
+  }
+  file { '/srv/nagios.debian.org/htpasswd':
+    mode  => '0640',
+    owner => 'root',
+    group => 'www-data',
+  }
+  file { '/etc/icinga/cgi.cfg':
+    ensure => symlink,
+    target => 'config-pushed/static/cgi.cfg',
+    notify => Exec['service apache2 reload'],
+  }
+  file { '/etc/icinga/icinga.cfg':
+    ensure => symlink,
+    target => 'config-pushed/static/icinga.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects':
+    ensure  => directory,
+    mode    => '0755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+    notify  => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/contacts.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/contacts.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/generic-host.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/generic-host.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/generic-service.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/generic-service.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/timeperiods.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/timeperiods.cfg',
+    notify => Service['icinga'],
+  }
+
+  file { '/etc/icinga/objects/xauto-dependencies.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-dependencies.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-hostgroups.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-hostgroups.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-hosts.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-hosts.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-servicegroups.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-servicegroups.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-services.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-services.cfg',
+    notify => Service['icinga'],
+  }
+
+  file { '/etc/nagios-plugins/config/local-dsa-checkcommands.cfg':
+    ensure => symlink,
+    target => '../../icinga/config-pushed/static/checkcommands.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/nagios-plugins/config/local-dsa-eventhandlers.cfg':
+    ensure => symlink,
+    target => '../../icinga/config-pushed/static/eventhandlers.cfg',
+    notify => Service['icinga'],
+  }
+
+  file { '/etc/icinga/config-pushed':
+    ensure => symlink,
+    target => '/srv/nagios.debian.org/config-pushed'
+  }
+
+  file { '/srv/nagios.debian.org':
+    ensure => directory,
+    mode   => '0755',
+  }
+  file { '/srv/nagios.debian.org/config-pushed':
+    ensure => directory,
+    mode   => '0755',
+    owner  => 'nagiosadm',
+    group  => 'nagiosadm',
+  }
+
+  concat::fragment { 'puppet-crontab--nagios--restart-stale-icinga':
+    target  => '/etc/cron.d/puppet-crontab',
+    order   => '010',
+    content => @(EOF)
+      */15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
+      | EOF
+  }
+
+  # The nagios server wants to do DNS queries on the primaries
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => [
+                    'named::primary::ferm',
+                    'named::keyring::ferm',
+    ],
+    description => 'Allow nagios master access to the primary for checks',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
+
+  # The nagios server wants to connect to the NRPE server on all the hosts
+  @@ferm::rule::simple { "dsa-nrpe-from-${::fqdn}":
+    tag         => 'nagios-nrpe::server',
+    description => 'Allow nagios master access to the nrpe daemon',
+    port        => '5666',
+    saddr       => $base::public_addresses,
+  }
+  @@concat::fragment { "nrpe-debian-allow-${::fqdn}":
+    tag     => 'nagios-nrpe::server::debianorg.cfg',
+    target  => '/etc/nagios/nrpe.d/debianorg.cfg',
+    content => "allowed_hosts=${ $base::public_addresses.join(', ') }",
+  }
 }