example42 / puppet-nrpe Goto Github PK

Nrpe Puppet Module

License: Other

Ruby 15.09% Puppet 49.98% HTML 8.48% Python 15.29% Pascal 11.17%

puppet-nrpe's Introduction

Deprecation notice

This module was designed for Puppet versions 2 and 3. It should work also on Puppet 4 but doesn't use any of its features.

The current Puppet 3 compatible codebase is no longer actively maintained by example42.

Still, Pull Requests that fix bugs or introduce backwards compatible features will be accepted.

Puppet module: nrpe

This is a Puppet module for nrpe based on the second generation layout ("NextGen") of Example42 Puppet Modules.

Made by Alessandro Franceschi / Lab42

Official site: http://www.example42.com

Official git repository: http://github.com/example42/puppet-nrpe

Released under the terms of Apache 2 License.

This module requires functions provided by the Example42 Puppi module (you need it even if you don't use and install Puppi)

For detailed info about the logic and usage patterns of Example42 modules check the DOCS directory on Example42 main modules set.

USAGE - Basic management

Install nrpe with default settings
```
  class { 'nrpe': }
```

Disable nrpe service.

  class { 'nrpe':
    disable => true
  }

Remove nrpe package

  class { 'nrpe':
    absent => true
  }

Enable auditing without without making changes on existing nrpe configuration files
```
  class { 'nrpe':
    audit_only => true
  }
```

USAGE - Module specific parameters

Define the hosts allowed to connect to NRPE (typically the Nagios servers) This can be an array. Local host and local IP should be kept
```
  class { 'nrpe':
    allowed_hosts => ['127.0.0.1', $::ipaddress , '10.42.42.20' ],
  }
```

Some settings that harden the default configuration. Note that they require proper configuration on the sudoers file

  class { 'nrpe':
    allowed_hosts   => ['127.0.0.1', '10.42.42.20' ],
    dont_blame_nrpe => '0',
    command_prefix  => '/usr/bin/sudo',
    use_ssl         => true,             # Already true by default
    server_address  => $::ipaddress_eth1, # Listen only on eth1 interface
  }

Do not automatically install Nagios plugins

  class { 'nrpe':
    pluginspackage => '',
  }

Include Nagios Plugin

  nrpe::plugin { 'check_foobar':
        source => 'files/nrpe/check_foobar'
  }

Install nrpe with a specific version

  class { 'nrpe':
    version => '2.12-4'
  }

USAGE - Overrides and Customizations

Use custom sources for main config file. Note that by default the module provides a config file as a template, so you've to undet the template argument.

  class { 'nrpe':
    source   => [ "puppet:///modules/lab42/nrpe/nrpe.conf-${hostname}" , "puppet:///modules/lab42/nrpe/nrpe.conf" ], 
    template => undef,
  }

Use custom source directory for the whole configuration dir

  class { 'nrpe':
    source_dir       => 'puppet:///modules/lab42/nrpe/conf/',
    source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir
  }

Use custom template for main config file. Note that template and source arguments are alternative.
```
  class { 'nrpe':
    template => 'example42/nrpe/nrpe.conf.erb',
  }
```

Automatically include a custom subclass

  class { 'nrpe':
    my_class => 'nrpe::example42',
  }

USAGE - Example42 extensions management

Activate puppi (recommended, but disabled by default)
```
  class { 'nrpe':
    puppi    => true,
  }
```
Activate puppi and use a custom puppi_helper template (to be provided separately with a puppi::helper define ) to customize the output of puppi commands
```
  class { 'nrpe':
    puppi        => true,
    puppi_helper => 'myhelper', 
  }
```
Activate automatic monitoring (recommended, but disabled by default). This option requires the usage of Example42 monitor and relevant monitor tools modules
```
  class { 'nrpe':
    monitor      => true,
    monitor_tool => [ 'nagios' , 'monit' , 'munin' ],
  }
```

Activate automatic firewalling. This option requires the usage of Example42 firewall and relevant firewall tools modules

  class { 'nrpe':       
    firewall      => true,
    firewall_tool => 'iptables',
    firewall_src  => '10.42.0.0/24',
    firewall_dst  => $ipaddress_eth0,
  }

puppet-nrpe's People

Stargazers

Watchers

puppet-nrpe's Issues

Please add "-X cgroup" to nrpe.cfg check_all_disks_param

In Ubuntu 16.04, the "check_disk" command from nrpe.cfg fails when run as the "nagios" user.

# sudo -u nagios /usr/lib/nagios/plugins/check_disk -w 20% -c 10% -L -X tmpfs 
DISK CRITICAL - /run/lxcfs/controllers/blkio is not accessible: Permission denied

However, this works with -X cgroup appended.

Naming collision with version 1 nagios module

Seems there's a collision for plugins with nagios package from version 1

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Package[nagios-plugins] is alrea dy defined in file puppet/modules/nrpe/manifests/init.pp at line 452; cannot redefine at puppet/modules/nagios/manifests/plugins.pp:18 on node x

Own plugins missing in nrpe.cfg

Hi.

I've tried to add a own plugin but it is still missing after a puppet agent run.
My node configuration:

class { 'nrpe':
allowed_hosts => [ 'MY.NAGIOS.IP.ADDRESS' ],
}

nrpe::plugin { 'check_disk_usage':
source => 'files/nrpe/check_disk_usage.sh'
}

The file will be added correctly to /usr/lib/nagios/plugins. Check on the nagios server:

/usr/lib64/nagios/plugins/check_nrpe -H hostname.of.target.server.com -c check_disk_usage
NRPE: Command 'check_disk_usage' not defined

Using Arguments in Checks won't work

Expected Behavior

My Call from Nagios Master:
/usr/local/nagios/libexec/check_nrpe -H 10.1.1.1 -c check_port_tcp -a localhost 19999

NRPE Config on target:
dont_blame_nrpe=1
command[check_port_tcp]=/usr/lib/nagios/plugins/check_tcp -H "$ARG1$" -p "$ARG2$"

Error Message:

service nagios-nrpe-server status
● nagios-nrpe-server.service - Nagios Remote Plugin Executor
Loaded: loaded (/lib/systemd/system/nagios-nrpe-server.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-08-22 17:34:37 UTC; 13min ago
Docs: http://www.nagios.org/documentation
Main PID: 18239 (nrpe)
CGroup: /system.slice/nagios-nrpe-server.service
└─18239 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f

Aug 22 17:43:28 db01 nrpe[24300]: Error: Request contained command arguments!
Client request from 10.1.1.2 was invalid, bailing out...

Google says:
This package is built without support for command argument processing. If you
want to enable it, you will have to rebuild this package with
--enable-command-args in debian/rules

But there is no Option in Puppet package nrpe
Usage:
class { 'nrpe':
allowed_hosts => ['127.0.0.1', $::ipaddress],
use_ssl => true,
dont_blame_nrpe => '1',
}

Facts:

facter -p
apt_has_updates => true
apt_package_updates => ["openssh-sftp-server", "openssh-server", "openssh-client"]
apt_reboot_required => false
apt_security_updates => 3
apt_update_last_success => -1
apt_updates => 3
architecture => amd64
augeasversion => 1.8.0
blockdevice_xvda_size => 106837311488
blockdevice_xvdb_size => 536870912
blockdevices => xvda,xvdb
env_temp_variable => /tmp
facterversion => 2.4.6
filesystems => btrfs,cramfs,ext2,ext3,ext4,gfs2,gfs2meta,iso9660,jfs,minix,msdos,reiserfs,romfs,udf,vfat,xfs
fqdn => db01.lets-bastel.de
gid => root
hardwareisa => unknown
hardwaremodel => x86_64
hostname => db01
id => root
interfaces => dummy0,eth0,eth0_0,gre0,gretap0,ip6_vti0,ip6gre0,ip6tnl0,lo,sit0,teql0,tunl0
ipaddress => 134.119.10.123
ipaddress_eth0 => 134.119.10.123
ipaddress_eth0_0 => 10.1.26.124
ipaddress_lo => 127.0.0.1
is_pe => false
is_virtual => true
kernel => Linux
kernelmajversion => 4.4
kernelrelease => 4.4.110-x86_64-jb1
kernelversion => 4.4.110
last_run => Wed Aug 22 17:51:04:775369316 UTC 2018
lsbdistcodename => stretch
lsbdistdescription => Debian GNU/Linux 9.5 (stretch)
lsbdistid => Debian
lsbdistrelease => 9.5
lsbmajdistrelease => 9
lsbminordistrelease => 5
mco_confdir => /mcollective/etc
memoryfree => 3.59 GB
memoryfree_mb => 3673.18
memorysize => 3.90 GB
memorysize_mb => 3998.23
mtu_dummy0 => 1500
mtu_eth0 => 1500
mtu_eth0_0 => 1500
mtu_gre0 => 1476
mtu_gretap0 => 1462
mtu_ip6_vti0 => 1500
mtu_ip6gre0 => 1448
mtu_ip6tnl0 => 1452
mtu_lo => 65536
mtu_sit0 => 1480
mtu_teql0 => 1500
mtu_tunl0 => 1480
(Debian 9.1)
operatingsystem => Debian
operatingsystemmajrelease => 9
operatingsystemrelease => 9.5
os => {"name"=>"Debian", "family"=>"Debian", "release"=>{"major"=>"9", "minor"=>"5", "full"=>"9.5"}, "lsb"=>{"distcodename"=>"stretch", "distid"=>"Debian", "distdescription"=>"Debian GNU/Linux 9.5 (stretch)", "distrelease"=>"9.5", "majdistrelease"=>"9", "minordistrelease"=>"5"}}
osfamily => Debian
package_provider => apt
path => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
physicalprocessorcount => 1
processor0 => Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz
processor1 => Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz
processorcount => 2
processors => {"models"=>["Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz", "Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz"], "count"=>2, "physicalcount"=>1}
ps => ps -ef
puppet_agent_pid => 29731
puppet_client_datadir => /var/cache/puppet/client_data
puppet_confdir => /etc/puppet
puppet_config => /etc/puppet/puppet.conf
puppet_environmentpath => /etc/puppet/code/environments
puppet_master_server => puppet
puppet_server => puppet
puppet_ssldir => /var/lib/puppet/ssl
puppet_sslpaths => {"privatedir"=>{"path"=>"/var/lib/puppet/ssl/private", "path_exists"=>true}, "privatekeydir"=>{"path"=>"/var/lib/puppet/ssl/private_keys", "path_exists"=>true}, "publickeydir"=>{"path"=>"/var/lib/puppet/ssl/public_keys", "path_exists"=>true}, "certdir"=>{"path"=>"/var/lib/puppet/ssl/certs", "path_exists"=>true}, "requestdir"=>{"path"=>"/var/lib/puppet/ssl/certificate_requests", "path_exists"=>true}, "hostcrl"=>{"path"=>"/var/lib/puppet/ssl/crl.pem", "path_exists"=>true}}
puppet_stringify_facts => false
puppet_vardir => /var/cache/puppet
puppetversion => 4.8.2
root_home => /root
rubyplatform => x86_64-linux-gnu
rubysitedir => /usr/local/lib/site_ruby/2.3.0
rubyversion => 2.3.3
selinux => false
service_provider => systemd
staging_http_get => curl
swapfree => 512.00 MB
swapfree_mb => 512.00
swapsize => 512.00 MB
swapsize_mb => 512.00
system_uptime => {"seconds"=>16239, "hours"=>4, "days"=>0, "uptime"=>"4:30 hours"}
timezone => UTC
uniqueid => 77867b0a
uptime => 4:30 hours
uptime_days => 0
uptime_hours => 4
uptime_seconds => 16239
vcsrepo_svn_ver =>
virtual => xenhvm

Thanks for your Support!

Unknown function params_lookup

On a clean puppet installation with this module, I'm greeted with:

"Unknown function params_lookup"

README.md var name typo

-server_address => $::ipadress_eth1, # Listen only on eth1 interface
+server_address => $::ipaddress_eth1, # Listen only on eth1 interface

Pass array to pluginspackage

Hi, I want to disable the installation of pluginspackage "nagios-plugins-all" and instead install a few defined plugins such as nagios-plugins-ssh, nagios-plugins-disk, nagios-plugins-procs-1.4.16-10.el6.x86_64...

So I tried the following code:

$nrpeplugins = ['nagios-plugins-ssh','nagios-plugins-disk']
  class { '::nrpe':
    allowed_hosts   => 'nagios.myhost.be',
    dont_blame_nrpe => '0',
    use_ssl         => false,
    pluginspackage  => $nrpeplugins,
  }

This generates the following error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid argument of type 'Array' to 'defined' at /etc/puppetlabs/puppet/environments/production/modules/nrpe/manifests/init.pp:518 on node

Is there a way to pass an array of plugins that I want to see installed?

nagios-plugins-all not found in CentOS 6.2

And thus nrpe fails to install

Package conflict nrpe from epel with nagios-nrpe from dag

On my CentOS 6 servers there have been the dag repositorys already installed during system build month ago. Now I want to add epel and nrpe modules with puppet.
The EPEL installation with the "before" attribute added works fine.
But when puppet trys to install nrpe from example42/puppet-nrpe module there is an error since nagios-nrpe from dag is newer at version 2.14 and additionally makes nrpe obsolete.
Is there a way to solve this with already given tools or will I have to write a module for dag yumrepos where I exclude nagios-nrpe? This would be a dirty workaround because there could be other repos that have a xxx-nrpe package which makes nrpe obsolete.
Any suggestion here?

Need more robust solaris support.

Hi,
It appears I was premature in submitting my solaris support using OpenCSW nrpe package. It seems they just published a new package version which moves the config files from /opt/csw/etc/ to /etc/opt/csw. The new location makes sense, but I have a problem with the puppet module now.

It's quite possible not everyone will update to the new version - I myself am not diligent about keeping csw packages up to date. I stumbled on the problem after pulling another Solaris box into Puppet, only to find that Nagios got ssl handshake errors against it. There were no puppet agent errors, but nrpe was using a default file only allowing localhost to connect. sigh

So, what should I do? Here are my thoughts but I'd like your opinion.

recode the module to use the new directories and make a symlink from the old location to the new. I was hoping that this would cover the clients who aren't at CSWnrpe v2.13 since those will still be pointing to the old location.
try to do a package version check and set the parameters appropriately. - Completely not sure how to do this or if its possible.

What do you think?