From a7985f9658346010afba1b248919eeba814f9f18 Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Mon, 12 Mar 2018 12:37:50 +0100 Subject: [PATCH 1/6] fix nrpe install on rhel based systems (centos, cloudlinux etc.) --- manifests/nagios/client.pp | 132 +++++++++++++++++++++++++++---------- 1 file changed, 97 insertions(+), 35 deletions(-) diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index a1cc16b..b14d57e 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -78,22 +78,42 @@ } } + # Deploy on other OS (Linux) perl-DateTime-Format-ISO8601 } else { - # Deploy on other OS (Linux) - package { [ - 'nagios-nrpe-server', - 'libconfig-json-perl', - 'libdatetime-format-iso8601-perl' - ]: - ensure => installed, - } - - if ! defined(Package['libwww-mechanize-perl']) { - package { 'libwww-mechanize-perl': + # Check the distro first if redhat (centos, cloudlinux) then we need to change some libs + if $::osfamily == 'redhat' { + package { [ + 'nrpe', # we need to install the basic plugins to have the folder needed for our atomia plugins + 'nagios-plugins-users', + 'nagios-plugins-load', + 'nagios-plugins-swap', + 'nagios-plugins-disk', + 'nagios-plugins-procs', + 'perl-JSON', + 'perl-DateTime-Format-ISO8601' + ]: ensure => installed, } + if ! defined(Package['perl-WWW-Mechanize']) { + package { 'perl-WWW-Mechanize': + ensure => installed, + } + } + } else { + package { [ + 'nagios-nrpe-server', + 'libconfig-json-perl', + 'libdatetime-format-iso8601-perl' + ]: + ensure => installed, + } + if ! defined(Package['libwww-mechanize-perl']) { + package { 'libwww-mechanize-perl': + ensure => installed, + } + } } - + # Define hostgroups based on custom fact case $::atomia_role_1 { 'domainreg': { @@ -185,29 +205,12 @@ default: { warning('Unsupported config') } - - } - if ! defined(Service['nagios-nrpe-server']) { - service { 'nagios-nrpe-server': - ensure => running, - require => Package['nagios-nrpe-server'], - } } $daggre_ip = hiera('atomia::daggre::ip_addr','') $daggre_token = hiera('atomia::daggre::global_auth_token','') $daggre_check_ftp_url = "http://${daggre_ip}:999/g?a=${daggre_token}&o=100000&latest=ftp_storage" $daggre_check_traffic_url = "http://${daggre_ip}:999/g?a=${daggre_token}&o=100000&latest=web_traffic_bytes" - # Configuration files - file { '/etc/nagios/nrpe.cfg': - owner => 'root', - group => 'root', - mode => '0644', - content => template('atomia/nagios/nrpe.cfg.erb'), - require => Package['nagios-nrpe-server'], - notify => Service['nagios-nrpe-server'] - } - @@nagios_host { "${::fqdn}-host" : use => 'generic-host', @@ -219,14 +222,73 @@ max_check_attempts => '5' } + if $::osfamily == 'redhat' { + if ! defined(Service['nrpe']) { + service { 'nrpe': + ensure => running, + require => Package['nrpe'], + } + } + # Configuration files + # We need to be sure these dirs and files are present or nagios client wont run + file { '/etc/nagios/nrpe.d': + ensure => 'directory' + } -> + file { '/etc/nagios/nrpe_local.cfg': + ensure => 'present', + replace => 'no', + content => '', + mode => '0644' + } -> + file { '/var/run/nagios': + ensure => 'directory' + } -> + file { '/var/run/nagios/nrpe.pid': + owner => 'nrpe', + group => 'nrpe', + mode => '0600', + replace => 'no', + content => '', + } -> + file { '/etc/nagios/nrpe.cfg': + owner => 'root', + group => 'root', + mode => '0644', + content => template('atomia/nagios/nrpe.cfg.erb'), + require => Package['nrpe'], + notify => Service['nrpe'] + } - if !defined(File['/usr/lib/nagios/plugins/atomia']){ - file { '/usr/lib/nagios/plugins/atomia': - source => 'puppet:///modules/atomia/nagios/plugins', - recurse => true, - require => Package['nagios-nrpe-server'] + if !defined(File['/usr/lib64/nagios/plugins/atomia']){ + file { '/usr/lib64/nagios/plugins/atomia': + source => 'puppet:///modules/atomia/nagios/plugins', + recurse => true, + require => Package['nrpe'] + } + } + } else { #Debian based distros + if ! defined(Service['nagios-nrpe-server']) { + service { 'nagios-nrpe-server': + ensure => running, + require => Package['nagios-nrpe-server'], + } + } + # Configuration files + file { '/etc/nagios/nrpe.cfg': + owner => 'root', + group => 'root', + mode => '0644', + content => template('atomia/nagios/nrpe.cfg.erb'), + require => Package['nagios-nrpe-server'], + notify => Service['nagios-nrpe-server'] + } + if !defined(File['/usr/lib/nagios/plugins/atomia']){ + file { '/usr/lib/nagios/plugins/atomia': + source => 'puppet:///modules/atomia/nagios/plugins', + recurse => true, + require => Package['nagios-nrpe-server'] + } } } - } } From f446036f6285e1fc5f94bd67e4023a2243f7898c Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Tue, 13 Mar 2018 11:15:05 +0100 Subject: [PATCH 2/6] Fixed discrepancies with nagios config on rhel and debian --- manifests/nagios/client.pp | 15 +------ templates/nagios/nrpe.cfg.erb | 79 ++++++++++++++++++++--------------- 2 files changed, 47 insertions(+), 47 deletions(-) diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index b14d57e..4afd083 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -223,6 +223,7 @@ } if $::osfamily == 'redhat' { + $libpath = 'lib64' if ! defined(Service['nrpe']) { service { 'nrpe': ensure => running, @@ -231,25 +232,12 @@ } # Configuration files # We need to be sure these dirs and files are present or nagios client wont run - file { '/etc/nagios/nrpe.d': - ensure => 'directory' - } -> file { '/etc/nagios/nrpe_local.cfg': ensure => 'present', replace => 'no', content => '', mode => '0644' } -> - file { '/var/run/nagios': - ensure => 'directory' - } -> - file { '/var/run/nagios/nrpe.pid': - owner => 'nrpe', - group => 'nrpe', - mode => '0600', - replace => 'no', - content => '', - } -> file { '/etc/nagios/nrpe.cfg': owner => 'root', group => 'root', @@ -267,6 +255,7 @@ } } } else { #Debian based distros + $libpath = 'lib' if ! defined(Service['nagios-nrpe-server']) { service { 'nagios-nrpe-server': ensure => running, diff --git a/templates/nagios/nrpe.cfg.erb b/templates/nagios/nrpe.cfg.erb index fe57b11..ccc1f20 100644 --- a/templates/nagios/nrpe.cfg.erb +++ b/templates/nagios/nrpe.cfg.erb @@ -22,9 +22,11 @@ log_facility=daemon # The name of the file in which the NRPE daemon should write it's process ID # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. - +<% if @osfamily == 'redhat' %> +pid_file=/var/run/nrpe/nrpe.pid +<% else %> pid_file=/var/run/nagios/nrpe.pid - +<% end %> # PORT NUMBER @@ -51,8 +53,11 @@ server_port=5666 # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd +<% if @osfamily == 'redhat' %> +nrpe_user=nrpe +<% else %> nrpe_user=nagios - +<% end %> # NRPE GROUP @@ -61,8 +66,11 @@ nrpe_user=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd +<% if @osfamily == 'redhat' %> +nrpe_group=nrpe +<% else %> nrpe_group=nagios - +<% end %> # ALLOWED HOST ADDRESSES @@ -195,47 +203,46 @@ connection_timeout=300 # The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 -command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -e -command[check_apache_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -w 3: -C apache2 -command[check_php_procs]=/usr/lib/nagios/plugins/check_procs -c 100 -w 50 -a php -command[check_bind_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -C named -command[check_powerdnssync_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync -command[check_powerdns_procs]=/usr/lib/nagios/plugins/check_procs -c 2: -a pdns_server -command[check_postgres_proc]=/usr/lib/nagios/plugins/check_procs -c 4:100 -a postgres -command[check_awstats_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -a awstats-agent -command[check_daggre_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a daggre -command[check_cronagent_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a atomia-cronagent -command[check_pureftpd_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a pure-ftpd - - <% $hierapath = "/etc/puppet/hieradata" %> <% $modulepath = "/etc/puppet/modules/atomia/manifests" %> <% $lookup_var = "/etc/puppet/modules/atomia/files/lookup_variable.sh" %> -command[check_daggre_ftp]=/usr/lib/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 -command[check_daggre_weblog]=/usr/lib/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 - -command[check_all_mountpoints] = /usr/lib/nagios/plugins/atomia/check_mountpoints.sh -A +command[check_users]=/usr/<%= @libpath %>/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/<%= @libpath %>/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_hda1]=/usr/<%= @libpath %>/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 +command[check_zombie_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -w 150 -c 200 +command[check_all_disks]=/usr/<%= @libpath %>/nagios/plugins/check_disk -w 20% -c 10% -e +command[check_apache_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -w 3: -C apache2 +command[check_php_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 100 -w 50 -a php +command[check_bind_proc]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -C named +command[check_powerdnssync_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync +command[check_powerdns_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 2: -a pdns_server +command[check_postgres_proc]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 4:100 -a postgres +command[check_awstats_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -a awstats-agent +command[check_daggre_proc]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -a daggre +command[check_cronagent_proc]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -a atomia-cronagent +command[check_pureftpd_proc]=/usr/<%= @libpath %>/nagios/plugins/check_procs -c 1: -a pure-ftpd + +command[check_daggre_ftp]=/usr/<%= @libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 +command[check_daggre_weblog]=/usr/<%= @libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 + +command[check_all_mountpoints] = /usr/<%= @libpath %>/nagios/plugins/atomia/check_mountpoints.sh -A + +command[check_atomiadns]=/usr/<%= @libpath %>/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ +command[check_domainreg]=/usr/<%= @libpath %>/nagios/plugins/atomia/check_domainreg.sh $ARG1$ +command[check_glusterfs]=/usr/<%= @libpath %>/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ -command[check_atomiadns]=/usr/lib/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ -command[check_domainreg]=/usr/lib/nagios/plugins/atomia/check_domainreg.sh $ARG1$ -command[check_glusterfs]=/usr/lib/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for # command arguments *AND* the dont_blame_nrpe directive in this # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. -command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ +command[check_users]=/usr/<%= @libpath %>/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +command[check_load]=/usr/<%= @libpath %>/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +command[check_disk]=/usr/<%= @libpath %>/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +command[check_procs]=/usr/<%= @libpath %>/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ # # local configuration: @@ -245,4 +252,8 @@ include=/etc/nagios/nrpe_local.cfg # # you can place your config snipplets into nrpe.d/ # only snipplets ending in .cfg will get included +<% if @osfamily == 'redhat' %> +include_dir=/etc/nrpe.d/ +<% else %> include_dir=/etc/nagios/nrpe.d/ +<% end %> \ No newline at end of file From 1a8c108ff0c4366b78c9d9f179f0b8bdaa7b94f4 Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Tue, 13 Mar 2018 11:15:05 +0100 Subject: [PATCH 3/6] Fixed discrepancies on rhel and debian --- manifests/nagios/client.pp | 18 +------- templates/nagios/nrpe.cfg.erb | 87 +++++++++++++++++++++-------------- 2 files changed, 55 insertions(+), 50 deletions(-) diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index b14d57e..87167f4 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -37,7 +37,6 @@ } } - # Deploy on Windows. if $::operatingsystem == 'windows' { class { 'nsclient': @@ -81,7 +80,7 @@ # Deploy on other OS (Linux) perl-DateTime-Format-ISO8601 } else { # Check the distro first if redhat (centos, cloudlinux) then we need to change some libs - if $::osfamily == 'redhat' { + if $::osfamily.downcase == 'redhat' { package { [ 'nrpe', # we need to install the basic plugins to have the folder needed for our atomia plugins 'nagios-plugins-users', @@ -222,7 +221,7 @@ max_check_attempts => '5' } - if $::osfamily == 'redhat' { + if $::osfamily.downcase == 'redhat' { if ! defined(Service['nrpe']) { service { 'nrpe': ensure => running, @@ -231,25 +230,12 @@ } # Configuration files # We need to be sure these dirs and files are present or nagios client wont run - file { '/etc/nagios/nrpe.d': - ensure => 'directory' - } -> file { '/etc/nagios/nrpe_local.cfg': ensure => 'present', replace => 'no', content => '', mode => '0644' } -> - file { '/var/run/nagios': - ensure => 'directory' - } -> - file { '/var/run/nagios/nrpe.pid': - owner => 'nrpe', - group => 'nrpe', - mode => '0600', - replace => 'no', - content => '', - } -> file { '/etc/nagios/nrpe.cfg': owner => 'root', group => 'root', diff --git a/templates/nagios/nrpe.cfg.erb b/templates/nagios/nrpe.cfg.erb index fe57b11..4d2d6c0 100644 --- a/templates/nagios/nrpe.cfg.erb +++ b/templates/nagios/nrpe.cfg.erb @@ -22,9 +22,11 @@ log_facility=daemon # The name of the file in which the NRPE daemon should write it's process ID # number. The file is only written if the NRPE daemon is started by the root # user and is running in standalone mode. - +<% if @osfamily.downcase == 'redhat' %> +pid_file=/var/run/nrpe/nrpe.pid +<% else %> pid_file=/var/run/nagios/nrpe.pid - +<% end %> # PORT NUMBER @@ -51,8 +53,11 @@ server_port=5666 # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd +<% if @osfamily.downcase == 'redhat' %> +nrpe_user=nrpe +<% else %> nrpe_user=nagios - +<% end %> # NRPE GROUP @@ -61,8 +66,11 @@ nrpe_user=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd +<% if @osfamily.downcase == 'redhat' %> +nrpe_group=nrpe +<% else %> nrpe_group=nagios - +<% end %> # ALLOWED HOST ADDRESSES @@ -193,49 +201,56 @@ connection_timeout=300 # to match the argument format the plugins expect. Remember, these are # examples only! - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 -command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -e -command[check_apache_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -w 3: -C apache2 -command[check_php_procs]=/usr/lib/nagios/plugins/check_procs -c 100 -w 50 -a php -command[check_bind_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -C named -command[check_powerdnssync_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync -command[check_powerdns_procs]=/usr/lib/nagios/plugins/check_procs -c 2: -a pdns_server -command[check_postgres_proc]=/usr/lib/nagios/plugins/check_procs -c 4:100 -a postgres -command[check_awstats_procs]=/usr/lib/nagios/plugins/check_procs -c 1: -a awstats-agent -command[check_daggre_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a daggre -command[check_cronagent_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a atomia-cronagent -command[check_pureftpd_proc]=/usr/lib/nagios/plugins/check_procs -c 1: -a pure-ftpd +<% + if @osfamily.downcase == 'redhat' + $libpath = 'lib64' + else + $libpath = 'lib' + end +%> +# The following examples use hardcoded command arguments... <% $hierapath = "/etc/puppet/hieradata" %> <% $modulepath = "/etc/puppet/modules/atomia/manifests" %> <% $lookup_var = "/etc/puppet/modules/atomia/files/lookup_variable.sh" %> -command[check_daggre_ftp]=/usr/lib/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 -command[check_daggre_weblog]=/usr/lib/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 - -command[check_all_mountpoints] = /usr/lib/nagios/plugins/atomia/check_mountpoints.sh -A +command[check_users]=/usr/<%= $libpath %>/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/<%= $libpath %>/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_hda1]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 +command[check_zombie_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w 150 -c 200 +command[check_all_disks]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -e +command[check_apache_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -w 3: -C apache2 +command[check_php_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 100 -w 50 -a php +command[check_bind_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -C named +command[check_powerdnssync_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync +command[check_powerdns_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 2: -a pdns_server +command[check_postgres_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 4:100 -a postgres +command[check_awstats_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a awstats-agent +command[check_daggre_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a daggre +command[check_cronagent_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomia-cronagent +command[check_pureftpd_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a pure-ftpd + +command[check_daggre_ftp]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 +command[check_daggre_weblog]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 + +command[check_all_mountpoints] = /usr/<%= $libpath %>/nagios/plugins/atomia/check_mountpoints.sh -A + +command[check_atomiadns]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ +command[check_domainreg]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_domainreg.sh $ARG1$ +command[check_glusterfs]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ -command[check_atomiadns]=/usr/lib/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ -command[check_domainreg]=/usr/lib/nagios/plugins/atomia/check_domainreg.sh $ARG1$ -command[check_glusterfs]=/usr/lib/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for # command arguments *AND* the dont_blame_nrpe directive in this # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. -command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ +command[check_users]=/usr/<%= $libpath %>/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +command[check_load]=/usr/<%= $libpath %>/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +command[check_disk]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +command[check_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ # # local configuration: @@ -245,4 +260,8 @@ include=/etc/nagios/nrpe_local.cfg # # you can place your config snipplets into nrpe.d/ # only snipplets ending in .cfg will get included +<% if @osfamily.downcase == 'redhat' %> +include_dir=/etc/nrpe.d/ +<% else %> include_dir=/etc/nagios/nrpe.d/ +<% end %> \ No newline at end of file From 33cb3e2ec299984c22c41b00cbe24a5d4c189108 Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Wed, 14 Mar 2018 15:06:52 +0100 Subject: [PATCH 4/6] Fix check_process and added role for CL env Added a role for cloudlinux manifest as some more checks are added there also there. Some of the checks require root, so we need to give sudo command to NRPE user and run the check via sudo. --- manifests/nagios/client.pp | 6 ++ manifests/nagios/client/apache_agent_cl.pp | 65 ++++++++++++++++++++ templates/nagios/nrpe.cfg.erb | 71 +++++++++++++--------- 3 files changed, 112 insertions(+), 30 deletions(-) create mode 100644 manifests/nagios/client/apache_agent_cl.pp diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index cff7412..9ec48fc 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -4,6 +4,7 @@ $public_ip = ipaddress_eth0, $atomia_account = '100001', $apache_agent_class = 'atomia::nagios::client::apache_agent', + $apache_agent_cl_class = 'atomia::nagios::client::apache_agent_cl', $atomiadns_master_class = 'atomia::nagios::client::atomiadns_master', $nameserver_class = 'atomia::nagios::client::nameserver', $fsagent_class = 'atomia::nagios::client::fsagent', @@ -130,6 +131,11 @@ class { $apache_agent_class: } } + 'apache_agent_cl': { + $hostgroup = 'linux-customer-webservers,linux-all' + class { $apache_agent_cl_class: } + } + 'atomiadns': { $hostgroup = 'linux-dns,linux-all' class { $atomiadns_master_class: } diff --git a/manifests/nagios/client/apache_agent_cl.pp b/manifests/nagios/client/apache_agent_cl.pp new file mode 100644 index 0000000..ce0e420 --- /dev/null +++ b/manifests/nagios/client/apache_agent_cl.pp @@ -0,0 +1,65 @@ +class atomia::nagios::client::apache_agent_cl ( + +) { + + @@nagios_service { "${::fqdn}-apache_agent-mountpoints": + host_name => $::fqdn, + service_description => 'NFS mounts', + check_command => 'check_nrpe!check_all_mountpoints', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + + @@nagios_service { "${::fqdn}-apache_agent-process-count": + host_name => $::fqdn, + service_description => 'Total processes', + check_command => 'check_nrpe!check_total_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + + @@nagios_service { "${::fqdn}-apache_agent-process-apache": + host_name => $::fqdn, + service_description => 'Apache processes', + check_command => 'check_nrpe!check_apache_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + + @@nagios_service { "${::fqdn}-apache_agent-process-php": + host_name => $::fqdn, + service_description => 'PHP processes', + check_command => 'check_nrpe!check_php_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + + @@nagios_service { "${::fqdn}-apache_agent-process-lvestats": + host_name => $::fqdn, + service_description => 'LVEStats processes', + check_command => 'check_nrpe!check_lvestats_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + @@nagios_service { "${::fqdn}-apache_agent-process-cagefs": + host_name => $::fqdn, + service_description => 'CageFS processes', + check_command => 'check_nrpe!check_cagefs_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + @@nagios_service { "${::fqdn}-apache_agent-process-clagent": + host_name => $::fqdn, + service_description => 'CloudLinux Agent processes', + check_command => 'check_nrpe!check_cloudlinux_agent_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } + @@nagios_service { "${::fqdn}-apache_agent-process-apacheagent": + host_name => $::fqdn, + service_description => 'Apache Agent processes', + check_command => 'check_nrpe!check_apache_agent_procs', + use => 'generic-service', + target => "/usr/local/nagios/etc/servers/${::hostname}_service.cfg", + } +} diff --git a/templates/nagios/nrpe.cfg.erb b/templates/nagios/nrpe.cfg.erb index 4d2d6c0..76c4c44 100644 --- a/templates/nagios/nrpe.cfg.erb +++ b/templates/nagios/nrpe.cfg.erb @@ -202,44 +202,55 @@ connection_timeout=300 # examples only! <% + # We need $sudo in order to be able to list processes on RHEL system as nrpe user. + # Also this needs to applied on RHEL https://gagor.pl/2014/03/nagios-run-checks-as-root-with-nrpe/ if @osfamily.downcase == 'redhat' $libpath = 'lib64' + $apacheprocess = 'httpd' + $sudo = '/usr/bin/sudo ' else $libpath = 'lib' + $apacheprocess = 'apache2' + $sudo = '' end %> - # The following examples use hardcoded command arguments... <% $hierapath = "/etc/puppet/hieradata" %> <% $modulepath = "/etc/puppet/modules/atomia/manifests" %> <% $lookup_var = "/etc/puppet/modules/atomia/files/lookup_variable.sh" %> -command[check_users]=/usr/<%= $libpath %>/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/<%= $libpath %>/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_hda1]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 -command[check_zombie_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w 150 -c 200 -command[check_all_disks]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -e -command[check_apache_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -w 3: -C apache2 -command[check_php_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 100 -w 50 -a php -command[check_bind_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -C named -command[check_powerdnssync_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync -command[check_powerdns_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 2: -a pdns_server -command[check_postgres_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 4:100 -a postgres -command[check_awstats_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a awstats-agent -command[check_daggre_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a daggre -command[check_cronagent_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomia-cronagent -command[check_pureftpd_proc]=/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a pure-ftpd - -command[check_daggre_ftp]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 -command[check_daggre_weblog]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 - -command[check_all_mountpoints] = /usr/<%= $libpath %>/nagios/plugins/atomia/check_mountpoints.sh -A - -command[check_atomiadns]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ -command[check_domainreg]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_domainreg.sh $ARG1$ -command[check_glusterfs]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ +command[check_users]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_hda1]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 +command[check_zombie_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -w 150 -c 200 +command[check_all_disks]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_disk -w 20% -c 10% -e +command[check_apache_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -w 3: -C <%= $apacheprocess %> +command[check_php_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 100 -w 50 -a php +command[check_bind_proc]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -C named +command[check_powerdnssync_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomiapowerdnssync +command[check_powerdns_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 2: -a pdns_server +command[check_postgres_proc]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 4:100 -a postgres +command[check_awstats_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a awstats-agent +command[check_daggre_proc]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a daggre +command[check_cronagent_proc]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a atomia-cronagent +command[check_pureftpd_proc]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a pure-ftpd + +command[check_daggre_ftp]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_ftp_url %>" --timeout 5 --days 1 +command[check_daggre_weblog]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_daggre.pl --uri "<%= @daggre_check_traffic_url %>" --timeout 5 --days 1 + +command[check_all_mountpoints] = <%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_mountpoints.sh -A + +command[check_atomiadns]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_atomiadns.sh $ARG1$ http://localhost/atomiadns $ARG2$ $ARG3$ +command[check_domainreg]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_domainreg.sh $ARG1$ +command[check_glusterfs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/atomia/check_glusterfs -v $ARG1$ -n $ARG2$ + +# CloudLinux Specific checks +command[check_lvestats_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 3: -a lvestats-server +command[check_cagefs_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a cagefs.server +command[check_cloudlinux_agent_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a app.js +command[check_apache_agent_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -c 1: -a apache_agent_daemon # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for @@ -247,10 +258,10 @@ command[check_glusterfs]=/usr/<%= $libpath %>/nagios/plugins/atomia/check_gluste # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. -command[check_users]=/usr/<%= $libpath %>/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -command[check_load]=/usr/<%= $libpath %>/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -command[check_disk]=/usr/<%= $libpath %>/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -command[check_procs]=/usr/<%= $libpath %>/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ +command[check_users]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +command[check_load]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +command[check_disk]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +command[check_procs]=<%= $sudo %>/usr/<%= $libpath %>/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ # # local configuration: From 265ca04644cae8571bc4865d673054fb44579a77 Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Thu, 15 Mar 2018 10:55:07 +0100 Subject: [PATCH 5/6] Added automatic adding of nrpe to sudoers --- manifests/nagios/client.pp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index 9ec48fc..726f330 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -236,12 +236,23 @@ } # Configuration files # We need to be sure these dirs and files are present or nagios client wont run + # We need to allow access to nrpe user to run sudo without password for it to be able to run checks file { '/etc/nagios/nrpe_local.cfg': ensure => 'present', replace => 'no', content => '', mode => '0644' } -> + exec { 'add nrpe to sudoers general' : + command => "/usr/bin/echo '%nrpe ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/' >> /etc/sudoers", + unless => "/usr/bin/grep -c '%nrpe ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/' /etc/sudoers", + require => Package['nrpe'] + } -> + exec { 'add nrpe to sudoers atomia' : + command => "/usr/bin/echo '%nrpe ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/atomia/' >> /etc/sudoers", + unless => "/usr/bin/grep -c '%nrpe ALL=(ALL) NOPASSWD: /usr/lib64/nagios/plugins/atomia/' /etc/sudoers", + require => Package['nrpe'] + } -> file { '/etc/nagios/nrpe.cfg': owner => 'root', group => 'root', @@ -259,7 +270,6 @@ } } } else { #Debian based distros - $libpath = 'lib' if ! defined(Service['nagios-nrpe-server']) { service { 'nagios-nrpe-server': ensure => running, From a2aed60300910628afcab1b6ec6cad9f851fbcdd Mon Sep 17 00:00:00 2001 From: Nikola Vitanovic Date: Fri, 16 Mar 2018 11:46:16 +0100 Subject: [PATCH 6/6] Enable NRPE on startup --- manifests/nagios/client.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/nagios/client.pp b/manifests/nagios/client.pp index 726f330..5ed49a8 100644 --- a/manifests/nagios/client.pp +++ b/manifests/nagios/client.pp @@ -231,6 +231,7 @@ if ! defined(Service['nrpe']) { service { 'nrpe': ensure => running, + enable => true, require => Package['nrpe'], } }