X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnagios%2Fmanifests%2Fserver.pp;h=2e7b1eba0ed8a202fb108bf65605817716f26e3a;hb=368e147f10b8e748f7e171a15568a94d79599039;hp=6f90533c759e586e9934dd7e21f62bc7fc7ff9f4;hpb=d29ac285630ce6574f36c14b08e4de57f74a71f0;p=mirror%2Fdsa-puppet.git

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 6f90533c7..2e7b1eba0 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -1,84 +1,165 @@
-class nagios::server inherits nagios::client {
-	package {
-		nagios3: ensure => installed;
-		nagios-nrpe-plugin: ensure => installed;
-		nagios-plugins: ensure => installed;
-		nagios-images: ensure => installed;
-	}
+# our nagios server class
+#
+# it includes stored ferm configs for all the things it needs to access
+# which are then collected by the monitored services
+class nagios::server {
+  include apache2
+  include apache2::ssl
+  include apache2::authn_anon
 
-	file {
-		"/etc/nagios-plugins/config/local-dsa-checkcommands.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/checkcommands.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
+  ssl::service { 'nagios.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+  apache2::site { '10-nagios.debian.org':
+    site    => 'nagios.debian.org',
+    content => template('nagios/nagios.debian.org.conf.erb'),
+  }
 
-		"/etc/nagios3/cgi.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/cgi.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/nagios.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/nagios.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
+  ensure_packages( [
+    'icinga',
+    'make',
+    'monitoring-plugins',
+    'nagios-nrpe-plugin',
+    ], { ensure => 'installed' })
 
-		"/etc/nagios3/puppetconf.d":
-			mode    => 755,
-			require => Package["nagios3"],
-			ensure  => directory;
+  service { 'icinga':
+    ensure  => running,
+    require => Package['icinga'],
+  }
 
-		"/etc/nagios3/puppetconf.d/contacts.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/generic-host.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/generic-service.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/timeperiods.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
+  file { '/etc/icinga/apache2.conf':
+    content => template('nagios/icinga-apache2.conf.erb'),
+    notify  => Exec['service apache2 reload'],
+  }
+  file { '/srv/nagios.debian.org/htpasswd':
+    mode  => '0640',
+    owner => 'root',
+    group => 'www-data',
+  }
+  file { '/etc/icinga/cgi.cfg':
+    ensure => symlink,
+    target => 'config-pushed/static/cgi.cfg',
+    notify => Exec['service apache2 reload'],
+  }
+  file { '/etc/icinga/icinga.cfg':
+    ensure => symlink,
+    target => 'config-pushed/static/icinga.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects':
+    ensure  => directory,
+    mode    => '0755',
+    purge   => true,
+    recurse => true,
+    force   => true,
+    source  => 'puppet:///files/empty/',
+    notify  => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/contacts.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/contacts.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/generic-host.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/generic-host.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/generic-service.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/generic-service.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/timeperiods.cfg':
+    ensure => symlink,
+    target => '../config-pushed/static/objects/timeperiods.cfg',
+    notify => Service['icinga'],
+  }
 
-		"/etc/nagios3/puppetconf.d/auto-dependencies.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-hostgroups.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-hosts.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hosts.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-servicegroups.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
-		"/etc/nagios3/puppetconf.d/auto-services.cfg":
-			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-services.cfg" ],
-			require => Package["nagios3"],
-			notify  => Exec["nagios3 reload"];
+  file { '/etc/icinga/objects/xauto-dependencies.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-dependencies.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-hostgroups.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-hostgroups.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-hosts.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-hosts.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-servicegroups.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-servicegroups.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/icinga/objects/xauto-services.cfg':
+    ensure => symlink,
+    target => '../config-pushed/generated/auto-services.cfg',
+    notify => Service['icinga'],
+  }
 
-	}
+  file { '/etc/nagios-plugins/config/local-dsa-checkcommands.cfg':
+    ensure => symlink,
+    target => '../../icinga/config-pushed/static/checkcommands.cfg',
+    notify => Service['icinga'],
+  }
+  file { '/etc/nagios-plugins/config/local-dsa-eventhandlers.cfg':
+    ensure => symlink,
+    target => '../../icinga/config-pushed/static/eventhandlers.cfg',
+    notify => Service['icinga'],
+  }
 
-	exec { "nagios3 reload":
-		path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-		refreshonly => true,
-	}
+  file { '/etc/icinga/config-pushed':
+    ensure => symlink,
+    target => '/srv/nagios.debian.org/config-pushed'
+  }
+
+  file { '/srv/nagios.debian.org':
+    ensure => directory,
+    mode   => '0755',
+  }
+  file { '/srv/nagios.debian.org/config-pushed':
+    ensure => directory,
+    mode   => '0755',
+    owner  => 'nagiosadm',
+    group  => 'nagiosadm',
+  }
+
+  concat::fragment { 'puppet-crontab--nagios--restart-stale-icinga':
+    target  => '/etc/cron.d/puppet-crontab',
+    order   => '010',
+    content => @(EOF)
+      */15 * * * * root find /var/lib/icinga/status.dat -mmin +20 | grep -q . && service icinga restart
+      | EOF
+  }
+
+  # The nagios server wants to do DNS queries on the primaries
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => [
+                    'named::primary::ferm',
+                    'named::keyring::ferm',
+    ],
+    description => 'Allow nagios master access to the primary for checks',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
+
+  # The nagios server wants to connect to the NRPE server on all the hosts
+  @@ferm::rule::simple { "dsa-nrpe-from-${::fqdn}":
+    tag         => 'nagios-nrpe::server',
+    description => 'Allow nagios master access to the nrpe daemon',
+    port        => '5666',
+    saddr       => $base::public_addresses,
+  }
+  @@concat::fragment { "nrpe-debian-allow-${::fqdn}":
+    tag     => 'nagios-nrpe::server::debianorg.cfg',
+    target  => '/etc/nagios/nrpe.d/debianorg.cfg',
+    content => "allowed_hosts=${ $base::public_addresses.join(', ') }",
+  }
 }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: