btm/apache.conf.erb

## apache.conf.erb
#
# nagios apache configuration
#
# Generated by Chef for <%= @node[:fqdn] %>
#

<VirtualHost *:80>
    ServerAdmin noc@example.com
    ServerName nagios.prod.example.com
    ServerAlias nagios

    RewriteEngine On

    RewriteCond %{HTTPS} !=on

    RewriteRule ^/(.*) https://%{SERVER_NAME}/ [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin noc@example.com
    ServerName nagios.prod.example.com
    ServerAlias nagios

    DocumentRoot /usr/share/nagios3/htdocs
    ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
    ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3

    Alias /stylesheets /etc/nagios3/stylesheets

    ErrorLog /var/log/apache2/nagios-error.log
    CustomLog /var/log/apache2/nagios-access.log combined

  <Directory /usr/lib/cgi-bin/nagios3>
  #  SSLRequireSSL
     Options ExecCGI
     AllowOverride None
     order deny,allow
     allow from all
     AuthName "Example Access"
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com
     AuthLDAPBindPassword nagios_password
     AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*)
     AuthzLDAPAuthoritative Off
     require valid-user
  </Directory>

  <Directory /usr/share/nagios3/htdocs>
  #  SSLRequireSSL
     Options FollowSymLinks
     AllowOverride None
     order deny,allow
     allow from all
     AuthName "Example Access"
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com
     AuthLDAPBindPassword nagios_password
     AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*)
     AuthzLDAPAuthoritative Off
     require valid-user
  </Directory>

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/wildcard.pem
  SSLCertificateKeyFile /etc/apache2/ssl/wildcard.pem

</VirtualHost>


## server.rb
#
# Author:: Bryan McLellan <btm@loftninjas.org>
# Cookbook Name:: nagios
# Recipe:: server
#
# Copyright 2009, Bryan McLellan
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

package "nagios" do
  package_name value_for_platform(
    "ubuntu" => { "default"  => "nagios3" },
    "debian" => { "default" => "nagios3" }
  )
  action :install
end

package "nagios-nrpe-plugin"
package "sqsh" # for check_sqsh.sh

service "nagios" do
  service_name value_for_platform(
    "ubuntu" => { "default"  => "nagios3" },
    "debian" => { "default" => "nagios3" }
  )
  supports [ :restart, :reload, :status ]
end

### Setup the HTTP Server
include_recipe "apache2"
include_recipe "ssl-certificates"
include_recipe "apache2::mod_ssl"
include_recipe "apache2::mod_authnz_ldap"
include_recipe "apache2::mod_rewrite"

template "#{node[:apache_dir]}/sites-available/nagios.conf" do
  source "apache.conf.erb"
  mode 0644
  owner "root"
  group "root"
  notifies :reload, resources(:service => "apache2")
end

link "/etc/apache2/conf.d/nagios3.conf" do
  action :delete
  only_if { File.exists?(name) }
end

apache_site "nagios.conf"

### Setup permissions for external commands

[ "/var/lib/nagios3", "/var/lib/nagios3/rw" ].each do |dir|
  directory dir do
    owner "nagios"
    group "www-data"
    mode 0770
  end
end

### Send the configuration files
config_files = [ "cgi.cfg", "nagios.cfg", "commands.cfg" ]

for config_file in config_files do
  remote_file "/etc/nagios3/#{config_file}" do
    source "#{config_file}"
    owner "root"
    group "root"
    mode 0644
    notifies :restart, resources(:service => "nagios"), :delayed
  end
end

# Resource contains passwords so it has special permissions
remote_file "/etc/nagios3/resource.cfg" do
  source "resource.cfg"
  owner "root"
  group "nagios"
  mode 0640
  notifies :restart, resources(:service => "nagios"), :delayed
end

remote_directory "/etc/nagios3/conf.d" do
  source "conf.d"
  files_owner "root"
  files_group "root"
  owner "root"
  group "root"
  mode 0755
  notifies :restart, resources(:service => "nagios"), :delayed
end

### Add additional logos
remote_directory "/usr/share/nagios/htdocs/images/logos/base" do
  source "logos"
  files_mode 0644
  files_owner "root"
  files_group "root"
  owner "root"
  group "root"
  mode 0755
end

### Install additional plugins (no plugin_dir directive?)
remote_directory "/usr/lib/nagios/plugins" do
  source "plugins"
  files_mode 0755
  files_owner "root"
  files_group "root"
  owner "root"
  group "root"
  mode 0755
end

### Send old configs that we don't want to automate
remote_directory "/etc/nagios3/legacy.d" do
  source "legacy.d"
  files_owner "root"
  files_group "root"
  owner "root"
  group "root"
  mode 0755
  notifies :restart, resources(:service => "nagios"), :delayed
end

### Send the SSH key for legacy checks
directory "/var/run/nagios3/.ssh" do
  owner "nagios"
  group "nagios"
  mode 0755
end

remote_file "/var/run/nagios3/.ssh/id_dsa.pub" do
  source "nagios_id_dsa.pub"
  owner "nagios"
  group "nagios"
  mode 0644
end

remote_file "/var/run/nagios3/.ssh/id_dsa" do
  source "nagios_id_dsa"
  owner "nagios"
  group "nagios"
  mode 0600
end

### Set up the known hosts for legacy checks

script "nagios_known_hosts" do
  interpreter "bash"
  user "root"
  cwd "/var/run/nagios3/.ssh"
  code "ssh-keyscan -t rsa host1 host2 host3 > known_hosts ; chown nagios:nagios known_hosts"
  not_if do File.exists?("/var/run/nagios3/.ssh/known_hosts") end
end

### Pull newer hosts from iclassify
include_recipe "iclassify"

directory "/etc/nagios3/iclassify.d/" do
  mode 0755
  owner "root"
  group "root"
end

iclassify_files= [ "hostgroups.cfg.erb", "services.cfg.erb", "hosts.cfg.erb" ]

for iclassify_file in iclassify_files do
  template "/etc/nagios3/iclassify.d/#{iclassify_file.gsub(/\.erb/, '')}" do
    source "iclassify.d/#{iclassify_file}"
    backup 0
    mode 0644
    owner "root"
    group "root"
    variables ({
      :iclassify_user => 'iclassify_username',
      :iclassify_password => 'iclassify_password',
      :nagios_iclassify_search => 'iclassify_query'
    })
    notifies :restart, resources(:service => "nagios"), :delayed
  end
end

### Finally make sure the service starts
service "nagios" do
  action :start
end
	#
	# nagios apache configuration
	#
	# Generated by Chef for <%= @node[:fqdn] %>
	#

	<VirtualHost *:80>
	ServerAdmin noc@example.com
	ServerName nagios.prod.example.com
	ServerAlias nagios

	RewriteEngine On

	RewriteCond %{HTTPS} !=on

	RewriteRule ^/(.*) https://%{SERVER_NAME}/ [R,L]
	</VirtualHost>

	<VirtualHost *:443>
	ServerAdmin noc@example.com
	ServerName nagios.prod.example.com
	ServerAlias nagios

	DocumentRoot /usr/share/nagios3/htdocs
	ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
	ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3

	Alias /stylesheets /etc/nagios3/stylesheets

	ErrorLog /var/log/apache2/nagios-error.log
	CustomLog /var/log/apache2/nagios-access.log combined

	<Directory /usr/lib/cgi-bin/nagios3>
	# SSLRequireSSL
	Options ExecCGI
	AllowOverride None
	order deny,allow
	allow from all
	AuthName "Example Access"
	AuthType Basic
	AuthBasicProvider ldap
	AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com
	AuthLDAPBindPassword nagios_password
	AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*)
	AuthzLDAPAuthoritative Off
	require valid-user
	</Directory>

	<Directory /usr/share/nagios3/htdocs>
	# SSLRequireSSL
	Options FollowSymLinks
	AllowOverride None
	order deny,allow
	allow from all
	AuthName "Example Access"
	AuthType Basic
	AuthBasicProvider ldap
	AuthLDAPBindDN CN=Nagios,OU=prod,DC=prod,DC=example,DC=com
	AuthLDAPBindPassword nagios_password
	AuthLDAPURL ldap://dc01.prod.example.com/ou=prod,dc=prod,dc=example,dc=com?uid?sub?(objectClass=*)
	AuthzLDAPAuthoritative Off
	require valid-user
	</Directory>

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/wildcard.pem
	SSLCertificateKeyFile /etc/apache2/ssl/wildcard.pem

	</VirtualHost>
	#
	# Author:: Bryan McLellan <btm@loftninjas.org>
	# Cookbook Name:: nagios
	# Recipe:: server
	#
	# Copyright 2009, Bryan McLellan
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	package "nagios" do
	package_name value_for_platform(
	"ubuntu" => { "default" => "nagios3" },
	"debian" => { "default" => "nagios3" }
	)
	action :install
	end

	package "nagios-nrpe-plugin"
	package "sqsh" # for check_sqsh.sh

	service "nagios" do
	service_name value_for_platform(
	"ubuntu" => { "default" => "nagios3" },
	"debian" => { "default" => "nagios3" }
	)
	supports [ :restart, :reload, :status ]
	end

	### Setup the HTTP Server
	include_recipe "apache2"
	include_recipe "ssl-certificates"
	include_recipe "apache2::mod_ssl"
	include_recipe "apache2::mod_authnz_ldap"
	include_recipe "apache2::mod_rewrite"

	template "#{node[:apache_dir]}/sites-available/nagios.conf" do
	source "apache.conf.erb"
	mode 0644
	owner "root"
	group "root"
	notifies :reload, resources(:service => "apache2")
	end

	link "/etc/apache2/conf.d/nagios3.conf" do
	action :delete
	only_if { File.exists?(name) }
	end

	apache_site "nagios.conf"

	### Setup permissions for external commands

	[ "/var/lib/nagios3", "/var/lib/nagios3/rw" ].each do \|dir\|
	directory dir do
	owner "nagios"
	group "www-data"
	mode 0770
	end
	end

	### Send the configuration files
	config_files = [ "cgi.cfg", "nagios.cfg", "commands.cfg" ]

	for config_file in config_files do
	remote_file "/etc/nagios3/#{config_file}" do
	source "#{config_file}"
	owner "root"
	group "root"
	mode 0644
	notifies :restart, resources(:service => "nagios"), :delayed
	end
	end

	# Resource contains passwords so it has special permissions
	remote_file "/etc/nagios3/resource.cfg" do
	source "resource.cfg"
	owner "root"
	group "nagios"
	mode 0640
	notifies :restart, resources(:service => "nagios"), :delayed
	end

	remote_directory "/etc/nagios3/conf.d" do
	source "conf.d"
	files_owner "root"
	files_group "root"
	owner "root"
	group "root"
	mode 0755
	notifies :restart, resources(:service => "nagios"), :delayed
	end

	### Add additional logos
	remote_directory "/usr/share/nagios/htdocs/images/logos/base" do
	source "logos"
	files_mode 0644
	files_owner "root"
	files_group "root"
	owner "root"
	group "root"
	mode 0755
	end

	### Install additional plugins (no plugin_dir directive?)
	remote_directory "/usr/lib/nagios/plugins" do
	source "plugins"
	files_mode 0755
	files_owner "root"
	files_group "root"
	owner "root"
	group "root"
	mode 0755
	end

	### Send old configs that we don't want to automate
	remote_directory "/etc/nagios3/legacy.d" do
	source "legacy.d"
	files_owner "root"
	files_group "root"
	owner "root"
	group "root"
	mode 0755
	notifies :restart, resources(:service => "nagios"), :delayed
	end

	### Send the SSH key for legacy checks
	directory "/var/run/nagios3/.ssh" do
	owner "nagios"
	group "nagios"
	mode 0755
	end

	remote_file "/var/run/nagios3/.ssh/id_dsa.pub" do
	source "nagios_id_dsa.pub"
	owner "nagios"
	group "nagios"
	mode 0644
	end

	remote_file "/var/run/nagios3/.ssh/id_dsa" do
	source "nagios_id_dsa"
	owner "nagios"
	group "nagios"
	mode 0600
	end

	### Set up the known hosts for legacy checks

	script "nagios_known_hosts" do
	interpreter "bash"
	user "root"
	cwd "/var/run/nagios3/.ssh"
	code "ssh-keyscan -t rsa host1 host2 host3 > known_hosts ; chown nagios:nagios known_hosts"
	not_if do File.exists?("/var/run/nagios3/.ssh/known_hosts") end
	end

	### Pull newer hosts from iclassify
	include_recipe "iclassify"

	directory "/etc/nagios3/iclassify.d/" do
	mode 0755
	owner "root"
	group "root"
	end

	iclassify_files= [ "hostgroups.cfg.erb", "services.cfg.erb", "hosts.cfg.erb" ]

	for iclassify_file in iclassify_files do
	template "/etc/nagios3/iclassify.d/#{iclassify_file.gsub(/\.erb/, '')}" do
	source "iclassify.d/#{iclassify_file}"
	backup 0
	mode 0644
	owner "root"
	group "root"
	variables ({
	:iclassify_user => 'iclassify_username',
	:iclassify_password => 'iclassify_password',
	:nagios_iclassify_search => 'iclassify_query'
	})
	notifies :restart, resources(:service => "nagios"), :delayed
	end
	end

	### Finally make sure the service starts
	service "nagios" do
	action :start
	end