From: Paul Richards Date: Sun, 24 Nov 2013 16:47:34 +0000 (+0000) Subject: Add NSCA-ng support for the Vagrant VM. X-Git-Tag: v0.0.5~28 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=593025f7635de0fdb64b78adcfc41df19e2ae1d1;p=icinga2 Add NSCA-ng support for the Vagrant VM. Fixes #5128 Signed-off-by: Gunnar Beutner --- diff --git a/.vagrant-puppet/manifests/default.pp b/.vagrant-puppet/manifests/default.pp index c8b5cda30..a1becaa7f 100644 --- a/.vagrant-puppet/manifests/default.pp +++ b/.vagrant-puppet/manifests/default.pp @@ -2,6 +2,7 @@ include apache include icinga-classicui include icinga-web include nagios-plugins +include nsca-ng # icinga 2 docs at /icinga2-doc file { '/etc/httpd/conf.d/icinga2-doc.conf': diff --git a/.vagrant-puppet/modules/nsca-ng/manifests/init.pp b/.vagrant-puppet/modules/nsca-ng/manifests/init.pp new file mode 100644 index 000000000..10b18a308 --- /dev/null +++ b/.vagrant-puppet/modules/nsca-ng/manifests/init.pp @@ -0,0 +1,85 @@ +# Class: nsca-ng +# +# This class installs nsca-ng components +# +class nsca-ng { + include nsca-ng-server + include nsca-ng-client +} + +# Class: nsca-ng-server +# +# This class installs nsca-ng server +# +# Parameters: +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +class nsca-ng-server { + package { 'nsca-ng-server': + ensure => installed, + } + + exec { 'iptables-allow-nsca-ng': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + unless => 'grep -Fxqe "-A INPUT -m state --state NEW -m tcp -p tcp --dport 5668 -j ACCEPT" /etc/sysconfig/iptables', + command => 'lokkit -p 5668:tcp' + } + + service { 'nsca-ng': + enable => true, + ensure => running, + hasrestart => true, + alias => 'nsca-ng', + require => [ Package['nsca-ng-server'], Exec['iptables-allow-nsca-ng'] ] + } + + file { '/etc/nsca-ng.cfg': + content => template('nsca-ng/nsca-ng.cfg'), + require => Package['nsca-ng-server'], + notify => Service['nsca-ng'] + } +} + +# Class: nsca-ng-client +# +# This class installs nsca-ng client +# +# A example passive check result is stored in ~vagrant/passive_result. +# +# This can be called manually with: +# send_nsca -c /etc/send_nsca.cfg < /home/vagrant/passive_result +# +# Parameters: +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +class nsca-ng-client { + package { 'nsca-ng-client': + ensure => installed, + } + + file { '/etc/icinga2/conf.d/passive.conf': + content => template('nsca-ng/passive.conf'), + require => Package['nsca-ng-client'], + notify => Service['icinga2'] + } + + file { '/etc/send_nsca.cfg': + content => template('nsca-ng/send_nsca.cfg'), + require => Package['nsca-ng-client'], + } + + file { '/home/vagrant/passive_result': + content => template('nsca-ng/passive_result'), + require => Package['nsca-ng-client'], + } +} \ No newline at end of file diff --git a/.vagrant-puppet/modules/nsca-ng/templates/nsca-ng.cfg b/.vagrant-puppet/modules/nsca-ng/templates/nsca-ng.cfg new file mode 100644 index 000000000..d1298f55b --- /dev/null +++ b/.vagrant-puppet/modules/nsca-ng/templates/nsca-ng.cfg @@ -0,0 +1,127 @@ +# +# Sample configuration for nsca-ng(8). See the nsca-ng.cfg(5) man page. +# +# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY +# AUTHORIZED USERS CAN ACCESS IT! +# + +# +# Most probably, you'll have to specify the path to the Nagios command file. +# +command_file = "/var/run/icinga2/cmd/icinga2.cmd" + +# +# These configuration settings are optional. +# +# listen = "monitoring.example.com:5668" # Default: "*". +# pid_file = "/var/run/nsca-ng.pid" # Default: create no PID file. +# temp_directory = "/dev/shm" # Default: "/tmp". +# tls_ciphers = "PSK-AES256-CBC-SHA" # Default: see nsca-ng.cfg(5). +# chroot = "/usr/local/nagios/var" # Default: don't chroot(2). +# user = "nagios" # Default: don't switch user. +# log_level = 2 # Default: 3. +# max_command_size = 65536 # Default: 16384. +# max_queue_size = 128 # Default: 1024. +# timeout = 15.0 # Default: 60.0. +# + +user = "nsca" + +# +# Clients provide a client ID (think: user name) and a password. The same +# ID/password combination may be used by multiple clients. In order to +# authorize clients to submit check results and/or other external commands, at +# least one "authorize" section must be specified. The client ID (which follows + +# the "authorize" keyword) may be "*". In this case, the block will be used as +# fallback if no section is defined for a given client ID. No other wildcard +# characters are available, and "*" has no special meaning unless the client ID +# is exactly "*". +# +# Authorizations are specified using the "commands", "hosts, and/or "services" +# variables within an "authorize" section. These variables are (lists of) +# extended POSIX regular expressions (see the regex(7) man page), but with an +# implicit leading "^" and trailing "$". The "commands" patterns are matched +# against the full command string transmitted by the client, except for the +# leading bracketed timestamp. The "hosts" and "services" variables are +# syntactic sugar, e.g.: +# +# services = { +# "http@web-server", +# "disk" +# } +# +# is equivalent to +# +# commands = { +# "PROCESS_SERVICE_CHECK_RESULT;web-server;http;.+;.+", +# "PROCESS_SERVICE_CHECK_RESULT;[^;]+;disk;.+;.+" +# } +# +# Some examples: +# +# Authenticated "root" clients may submit arbitrary check results and any other +# monitoring commands. +# +# authorize "root" { +# password = "cM5vBM9CtCWTH1SwnxFEOfp8VAmQq2vd" +# commands = ".*" +# } +# +# Authenticated "checker" clients may submit arbitrary check results, but no +# other commands. +# +# authorize "checker" { +# password = "s2LDCy4CiK6yrlcHhTXT6agFh067XYE3" +# hosts = ".*" +# services = ".*" +# } +# +# Authenticated "mail-checker" clients may submit check results for arbitrary +# services on hosts whose names begin with "pop", "imap", or "smtp". +# +# authorize "mail-checker" { +# password = "1HOiwYonRoLByCaX6lfY5KDhP484THzV" +# services = { +# ".+@pop.*", +# ".+@imap.*", +# ".+@smtp.*" +# } +# } +# +# Authenticated "system-checker" clients may submit check results for the +# "disk", "swap", and "load" services on arbitrary hosts. +# +# authorize "system-checker" { +# password = "rDCnSMFaM9wb5Yzjd6JwRcvHEwmC9ZlQ" +# services = { +# "disk", +# "swap", +# "load" +# } +# } +# + +# +# The "*" section applies when no other section matches the client's identity. +# In order to authorize clients to actually submit check results (or other +# commands), at least one "commands" and/or "services" expression must be +# specified. +# +authorize "*" { + password = "password" + # + # The original NSCA server permits all authenticated clients to submit + # arbitrary check results. To get this behaviour, enable the following + # lines: + # + hosts = ".*" + services = ".*" +} + +# +# Other files can be included. If a directory is specified, all "*.cfg" and +# "*.conf" files within this directory and all subdirectories are included. +# +# include(nsca-ng.d/included.cfg) +# \ No newline at end of file diff --git a/.vagrant-puppet/modules/nsca-ng/templates/passive.conf b/.vagrant-puppet/modules/nsca-ng/templates/passive.conf new file mode 100644 index 000000000..84057c211 --- /dev/null +++ b/.vagrant-puppet/modules/nsca-ng/templates/passive.conf @@ -0,0 +1,18 @@ +/** + * A host definition. You can create your own configuration files + * in the conf.d directory (e.g. one per host). By default all *.conf + * files in this directory are included. + */ +object Host "nsca-ng" inherits "generic-host" { + display_name = "nsca-ng test", + + services["PassiveService1"] = { + templates = [ "generic-service" ], + check_command = "passive", + }, + + services["PassiveService2"] = { + templates = [ "generic-service" ], + check_command = "passive", + }, +} \ No newline at end of file diff --git a/.vagrant-puppet/modules/nsca-ng/templates/passive_result b/.vagrant-puppet/modules/nsca-ng/templates/passive_result new file mode 100644 index 000000000..7f285f331 --- /dev/null +++ b/.vagrant-puppet/modules/nsca-ng/templates/passive_result @@ -0,0 +1,3 @@ +nsca-ng PassiveService1 0 This is a test passive result check returning OK +nsca-ng PassiveService2 1 This is a test passive result check returning BAD + diff --git a/.vagrant-puppet/modules/nsca-ng/templates/send_nsca.cfg b/.vagrant-puppet/modules/nsca-ng/templates/send_nsca.cfg new file mode 100644 index 000000000..949dfa334 --- /dev/null +++ b/.vagrant-puppet/modules/nsca-ng/templates/send_nsca.cfg @@ -0,0 +1,16 @@ +# +# Sample configuration for send_nsca(8). See the send_nsca.cfg(5) man page. +# +# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY +# AUTHORIZED USERS CAN ACCESS IT! +# + +password="password" +identity="nsca-ng" +# identity = "web-checker" # Default: `hostname`. +# password = "8a5UMsMzZhu6sSPkSmSaqC3HjMGCLwdt" # Default: "change-me". +# server = "monitoring.example.com" # Default: "localhost". +# tls_ciphers = "PSK-AES256-CBC-SHA" # See send_nsca.cfg(5). +# delay = 2 # Default: 0. +# port = 5668 # Default: 5668. +# timeout = 10 # Default: 15. \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile index 372488ed2..319da2fb8 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -30,6 +30,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # so you can take notice and act accordingly. auto_correct: true + # forward port for nsca-ng. See note above regarding auto_correct + config.vm.network :forwarded_port, guest: 5668, host: 5668, auto_correct: true + # Create a private network, which allows host-only access to the machine # using a specific IP. # config.vm.network :private_network, ip: "192.168.33.10" diff --git a/doc/5-icinga-template-library.md b/doc/5-icinga-template-library.md index 5e7ac1dd5..e663779fc 100644 --- a/doc/5-icinga-template-library.md +++ b/doc/5-icinga-template-library.md @@ -58,6 +58,18 @@ plugindir | **Required.** The directory containing this plugin. state | **Optional.** The state. Can be one of 0 (ok), 1 (warning), 2 (critical) and 3 (unknown). Defaults to 0. text | **Optional.** Plugin output. Defaults to "Check was successful.". +### passive + +Specialised check command object for passive checks executing the `check_dummy` plugin with appropriate default values. + +Macros: + +Name | Description +----------------|-------------- +plugindir | **Required.** The directory containing this plugin. +state | **Optional.** The state. Can be one of 0 (ok), 1 (warning), 2 (critical) and 3 (unknown). Defaults to 3. +text | **Optional.** Plugin output. Defaults to "No Passive Check Result Received.". + ### tcp Check command object for the `check_tcp` plugin. diff --git a/itl/command-common.conf b/itl/command-common.conf index 1492485a3..4502402e5 100644 --- a/itl/command-common.conf +++ b/itl/command-common.conf @@ -76,6 +76,13 @@ object CheckCommand "dummy" inherits "plugin-check-command" { } } +object CheckCommand "passive" inherits "dummy" { + macros = { + state = 3, + text = "No Passive Check Result Received." + } +} + object CheckCommand "tcp" inherits "plugin-check-command" { command = [ "$plugindir$/check_tcp",