Created
March 30, 2009 22:20
-
-
Save btm/87915 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# nagios apache configuration | |
# | |
# Generated by Chef for <%= @node[:fqdn] %> | |
# | |
<VirtualHost *:80> | |
ServerAdmin noc@example.com | |
ServerName nagios.prod.example.com | |
ServerAlias nagios | |
RewriteEngine On | |
RewriteCond %{HTTPS} !=on | |
RewriteRule ^/(.*) https://%{SERVER_NAME}/ [R,L] | |
</VirtualHost> | |
<VirtualHost *:443> | |
ServerAdmin noc@example.com | |
ServerName nagios.prod.example.com | |
ServerAlias nagios | |
DocumentRoot /usr/share/nagios3/htdocs | |
ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 | |
ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 | |
Alias /stylesheets /etc/nagios3/stylesheets | |
ErrorLog /var/log/apache2/nagios-error.log | |
CustomLog /var/log/apache2/nagios-access.log combined | |
<Directory /usr/lib/cgi-bin/nagios3> | |
# SSLRequireSSL | |
Options ExecCGI | |
AllowOverride None | |
order deny,allow | |
allow from all | |
AuthName "Example Access" | |
AuthType Basic | |
AuthBasicProvider ldap | |
AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com | |
AuthLDAPBindPassword nagios_password | |
AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*) | |
AuthzLDAPAuthoritative Off | |
require valid-user | |
</Directory> | |
<Directory /usr/share/nagios3/htdocs> | |
# SSLRequireSSL | |
Options FollowSymLinks | |
AllowOverride None | |
order deny,allow | |
allow from all | |
AuthName "Example Access" | |
AuthType Basic | |
AuthBasicProvider ldap | |
AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com | |
AuthLDAPBindPassword nagios_password | |
AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*) | |
AuthzLDAPAuthoritative Off | |
require valid-user | |
</Directory> | |
SSLEngine on | |
SSLCertificateFile /etc/apache2/ssl/wildcard.pem | |
SSLCertificateKeyFile /etc/apache2/ssl/wildcard.pem | |
</VirtualHost> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Author:: Bryan McLellan <btm@loftninjas.org> | |
# Cookbook Name:: nagios | |
# Recipe:: server | |
# | |
# Copyright 2009, Bryan McLellan | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# | |
package "nagios" do | |
package_name value_for_platform( | |
"ubuntu" => { "default" => "nagios3" }, | |
"debian" => { "default" => "nagios3" } | |
) | |
action :install | |
end | |
package "nagios-nrpe-plugin" | |
package "sqsh" # for check_sqsh.sh | |
service "nagios" do | |
service_name value_for_platform( | |
"ubuntu" => { "default" => "nagios3" }, | |
"debian" => { "default" => "nagios3" } | |
) | |
supports [ :restart, :reload, :status ] | |
end | |
### Setup the HTTP Server | |
include_recipe "apache2" | |
include_recipe "ssl-certificates" | |
include_recipe "apache2::mod_ssl" | |
include_recipe "apache2::mod_authnz_ldap" | |
include_recipe "apache2::mod_rewrite" | |
template "#{node[:apache_dir]}/sites-available/nagios.conf" do | |
source "apache.conf.erb" | |
mode 0644 | |
owner "root" | |
group "root" | |
notifies :reload, resources(:service => "apache2") | |
end | |
link "/etc/apache2/conf.d/nagios3.conf" do | |
action :delete | |
only_if { File.exists?(name) } | |
end | |
apache_site "nagios.conf" | |
### Setup permissions for external commands | |
[ "/var/lib/nagios3", "/var/lib/nagios3/rw" ].each do |dir| | |
directory dir do | |
owner "nagios" | |
group "www-data" | |
mode 0770 | |
end | |
end | |
### Send the configuration files | |
config_files = [ "cgi.cfg", "nagios.cfg", "commands.cfg" ] | |
for config_file in config_files do | |
remote_file "/etc/nagios3/#{config_file}" do | |
source "#{config_file}" | |
owner "root" | |
group "root" | |
mode 0644 | |
notifies :restart, resources(:service => "nagios"), :delayed | |
end | |
end | |
# Resource contains passwords so it has special permissions | |
remote_file "/etc/nagios3/resource.cfg" do | |
source "resource.cfg" | |
owner "root" | |
group "nagios" | |
mode 0640 | |
notifies :restart, resources(:service => "nagios"), :delayed | |
end | |
remote_directory "/etc/nagios3/conf.d" do | |
source "conf.d" | |
files_owner "root" | |
files_group "root" | |
owner "root" | |
group "root" | |
mode 0755 | |
notifies :restart, resources(:service => "nagios"), :delayed | |
end | |
### Add additional logos | |
remote_directory "/usr/share/nagios/htdocs/images/logos/base" do | |
source "logos" | |
files_mode 0644 | |
files_owner "root" | |
files_group "root" | |
owner "root" | |
group "root" | |
mode 0755 | |
end | |
### Install additional plugins (no plugin_dir directive?) | |
remote_directory "/usr/lib/nagios/plugins" do | |
source "plugins" | |
files_mode 0755 | |
files_owner "root" | |
files_group "root" | |
owner "root" | |
group "root" | |
mode 0755 | |
end | |
### Send old configs that we don't want to automate | |
remote_directory "/etc/nagios3/legacy.d" do | |
source "legacy.d" | |
files_owner "root" | |
files_group "root" | |
owner "root" | |
group "root" | |
mode 0755 | |
notifies :restart, resources(:service => "nagios"), :delayed | |
end | |
### Send the SSH key for legacy checks | |
directory "/var/run/nagios3/.ssh" do | |
owner "nagios" | |
group "nagios" | |
mode 0755 | |
end | |
remote_file "/var/run/nagios3/.ssh/id_dsa.pub" do | |
source "nagios_id_dsa.pub" | |
owner "nagios" | |
group "nagios" | |
mode 0644 | |
end | |
remote_file "/var/run/nagios3/.ssh/id_dsa" do | |
source "nagios_id_dsa" | |
owner "nagios" | |
group "nagios" | |
mode 0600 | |
end | |
### Set up the known hosts for legacy checks | |
script "nagios_known_hosts" do | |
interpreter "bash" | |
user "root" | |
cwd "/var/run/nagios3/.ssh" | |
code "ssh-keyscan -t rsa host1 host2 host3 > known_hosts ; chown nagios:nagios known_hosts" | |
not_if do File.exists?("/var/run/nagios3/.ssh/known_hosts") end | |
end | |
### Pull newer hosts from iclassify | |
include_recipe "iclassify" | |
directory "/etc/nagios3/iclassify.d/" do | |
mode 0755 | |
owner "root" | |
group "root" | |
end | |
iclassify_files= [ "hostgroups.cfg.erb", "services.cfg.erb", "hosts.cfg.erb" ] | |
for iclassify_file in iclassify_files do | |
template "/etc/nagios3/iclassify.d/#{iclassify_file.gsub(/\.erb/, '')}" do | |
source "iclassify.d/#{iclassify_file}" | |
backup 0 | |
mode 0644 | |
owner "root" | |
group "root" | |
variables ({ | |
:iclassify_user => 'iclassify_username', | |
:iclassify_password => 'iclassify_password', | |
:nagios_iclassify_search => 'iclassify_query' | |
}) | |
notifies :restart, resources(:service => "nagios"), :delayed | |
end | |
end | |
### Finally make sure the service starts | |
service "nagios" do | |
action :start | |
end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment