Merge branch 'monitoring' into dev

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-07-11 09:31:24 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-07-11 09:31:24 +0200
commit: 2bdbb0213a0f70705f81ac2eaf8349668b2c29b4 (patch)
tree: 06b1e40db99815133dcc40e3e68531d45e1bd228 /modules/profile/manifests
parent: 25c99a635507abfe6af4a1f0a9fc5a103d1880c0 (diff)
parent: d8bc769648c1528f5d749deee060d70e326ef431 (diff)
download: Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.tar.gz
Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.tar.zst
Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.zip
15 files changed, 411 insertions, 1 deletions
diff --git a/modules/profile/manifests/fstab.pp b/modules/profile/manifests/fstab.pp
index 8ecfe72..3af316e 100644
--- a/modules/profile/manifests/fstab.pp
+++ b/modules/profile/manifests/fstab.pp
@@ -15,6 +15,12 @@ class profile::fstab (
        device => "UUID=${infos[1]}",
        fstype => $infos[2]
      }
+      @profile::monitoring::local_service { "Size on ${infos[0]} partition":
+        local => {
+          check_command => "check_local_disk!10%!5%!${infos[0]}",
+        };
+      }
    }
  }
 }
diff --git a/modules/profile/manifests/monitoring.pp b/modules/profile/manifests/monitoring.pp
new file mode 100644
index 0000000..8633626
--- /dev/null
+++ b/modules/profile/manifests/monitoring.pp
@@ -0,0 +1,58 @@
+class profile::monitoring (
+  Optional[String] $naemon_url   = undef,
+  Optional[String] $naemon_token = undef,
+) inherits profile::monitoring::params {
+  ensure_packages(["naemon", "cnagios"])
+  file { "/etc/naemon":
+    ensure  => "directory",
+    recurse => true,
+    purge   => true,
+    force   => true,
+    require => Package["naemon"],
+  }
+  ->
+  file { "/etc/naemon/resource.cfg":
+    ensure  => "file",
+    owner   => "naemon",
+    group   => "naemon",
+    mode    => "0600",
+    content => template("profile/monitoring/resource.cfg.erb"),
+  }
+  ->
+  file { "/etc/naemon/naemon.cfg":
+    ensure  => "file",
+    owner   => "naemon",
+    group   => "naemon",
+    mode    => "0644",
+    content => template("profile/monitoring/naemon.cfg.erb"),
+  }
+  ->
+  file { $objects:
+    ensure => "file",
+    owner  => "naemon",
+    group  => "naemon",
+    mode   => "0600"
+  }
+  ->
+  service { "naemon":
+    ensure => "running",
+    enable => true,
+  }
+  unless ($naemon_url == undef or empty($naemon_url)) {
+    file { "/etc/naemon/send_nrdp.sh":
+      ensure  => "file",
+      owner   => "naemon",
+      group   => "naemon",
+      mode    => "0700",
+      content => template("profile/monitoring/send_nrdp.sh.erb"),
+    }
+  }
+  include "profile::monitoring::hosts"
+  include "profile::monitoring::services"
+  include "profile::monitoring::commands"
+  include "profile::monitoring::times"
+  include "profile::monitoring::contacts"
+}
diff --git a/modules/profile/manifests/monitoring/commands.pp b/modules/profile/manifests/monitoring/commands.pp
new file mode 100644
index 0000000..1c8d0b4
--- /dev/null
+++ b/modules/profile/manifests/monitoring/commands.pp
@@ -0,0 +1,70 @@
+class profile::monitoring::commands inherits profile::monitoring {
+  ensure_packages(["monitoring-plugins"])
+  file { $plugins:
+    ensure => "directory",
+    owner  => "root",
+    group  => "naemon",
+    mode   => "0755",
+  }
+  [
+    "check_command",
+    "check_md_raid",
+    "check_postgres_replication",
+    "check_last_file_date",
+  ].each |$file| {
+    file { "$plugins/$file":
+      ensure => "present",
+      owner  => "root",
+      group  => "naemon",
+      mode   => "0755",
+      source => "puppet:///modules/profile/monitoring/$file",
+    }
+  }
+  Nagios_command {
+    ensure => "present",
+    owner  => "naemon",
+    group  => "naemon",
+    target => $objects,
+    notify => Service["naemon"],
+    before => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  nagios_command {
+    "check-host-alive":
+      command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5';
+    "check_local_disk":
+      command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$';
+    "check_local_procs":
+      command_line => '$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$';
+    "check_local_load":
+      command_line => '$USER1$/check_load -w $ARG1$ -c $ARG2$';
+    "check_local_swap":
+      command_line => '$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$';
+    "check_ntp":
+      command_line => '$USER1$/check_ntp_time -H 0.arch.pool.ntp.org';
+    "check_md_raid":
+      command_line => '$USER2$/check_md_raid',
+      require      => File["$plugins/check_md_raid"];
+    "check_command_output":
+      command_line => '$USER2$/check_command -c "$ARG1$" -o "$ARG2$" $ARG3$',
+      require      => File["$plugins/check_command"];
+    "check_postgresql_replication":
+      command_line => '/usr/bin/sudo -u postgres $USER2$/check_postgres_replication "$ARG1$" "$ARG2$" "$ARG3$"',
+      require      => File["$plugins/check_postgres_replication"];
+    "check_last_file_date":
+      command_line => '$USER2$/check_last_file_date "$ARG1$" "$ARG2$" "$ARG3$"',
+      require      => File["$plugins/check_last_file_date"],
+  }
+  unless empty($naemon_url) {
+    nagios_command {
+      "notify-master":
+        command_line => '/etc/naemon/send_nrdp.sh -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"',
+        require      => File["/etc/naemon/send_nrdp.sh"];
+    }
+  }
+}
diff --git a/modules/profile/manifests/monitoring/contacts.pp b/modules/profile/manifests/monitoring/contacts.pp
new file mode 100644
index 0000000..a751153
--- /dev/null
+++ b/modules/profile/manifests/monitoring/contacts.pp
@@ -0,0 +1,16 @@
+class profile::monitoring::contacts inherits profile::monitoring::params {
+  Nagios_contactgroup {
+    ensure  => "present",
+    owner   => "naemon",
+    group   => "naemon",
+    target  => $objects,
+    notify  => Service["naemon"],
+    before  => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  nagios_contactgroup { "admins":
+    alias => "System administrators",    
+  }
+}
diff --git a/modules/profile/manifests/monitoring/external_service.pp b/modules/profile/manifests/monitoring/external_service.pp
new file mode 100644
index 0000000..027dad8
--- /dev/null
+++ b/modules/profile/manifests/monitoring/external_service.pp
@@ -0,0 +1,16 @@
+define profile::monitoring::external_service (
+  Optional[String] $type   = undef,
+  Optional[Hash]   $master = {},
+) {
+  include profile::monitoring::params
+  $service_description = $title
+  nagios_service { $service_description:
+    service_description => $service_description,
+    host_name           => $::profile::monitoring::params::service_local["host_name"],
+    use                 => $::profile::monitoring::params::service_types[$type],
+    target              => $::profile::monitoring::params::services_for_master,
+    *                   => $master,
+  }
+}
diff --git a/modules/profile/manifests/monitoring/hosts.pp b/modules/profile/manifests/monitoring/hosts.pp
new file mode 100644
index 0000000..f7802be
--- /dev/null
+++ b/modules/profile/manifests/monitoring/hosts.pp
@@ -0,0 +1,45 @@
+class profile::monitoring::hosts inherits profile::monitoring::params {
+  $real_hostname = lookup("base_installation::real_hostname")
+  Nagios_hostgroup {
+    ensure  => "present",
+    owner   => "naemon",
+    group   => "naemon",
+    target  => $objects,
+    notify  => Service["naemon"],
+    before  => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  Nagios_host {
+    ensure  => "present",
+    owner   => "naemon",
+    group   => "naemon",
+    target  => $objects,
+    notify  => Service["naemon"],
+    before  => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  nagios_hostgroup { "linux-servers":
+    alias   => "Linux Servers",
+    members => [$real_hostname],
+  }
+  $host_linux_server = {
+    check_command         => "check-host-alive",
+    check_interval        => 5,
+    check_period          => "24x7",
+    contact_groups        => "admins",
+    max_check_attempts    => "10",
+    notification_interval => "120",
+    notification_options  => "d,u,r",
+    retry_interval        => "1",
+  }
+  nagios_host { $real_hostname:
+    address => $real_hostname;
+  default: * => $host_linux_server,
+  }
+}
diff --git a/modules/profile/manifests/monitoring/local_service.pp b/modules/profile/manifests/monitoring/local_service.pp
new file mode 100644
index 0000000..1f975f0
--- /dev/null
+++ b/modules/profile/manifests/monitoring/local_service.pp
@@ -0,0 +1,56 @@
+define profile::monitoring::local_service (
+  Optional[Hash] $sudos  = {},
+  Optional[Hash] $common = {},
+  Optional[Hash] $master = {},
+  Optional[Hash] $local  = {},
+) {
+  include profile::monitoring::params
+  $service_description = $title
+  Nagios_service {
+    ensure  => "present",
+    owner   => "naemon",
+    group   => "naemon",
+    notify  => Service["naemon"],
+    before  => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  $sudos.each |$sudo_name, $content| {
+    ensure_resource("sudo::conf", $sudo_name, {
+      content => $content,
+      before  => Nagios_service[$service_description],
+    })
+  }
+  [true, false].each |$services_for_master| {
+    if $services_for_master {
+      $default_local = {
+        mode           => "0644",
+        target         => $::profile::monitoring::params::services_for_master,
+        check_interval => $::profile::monitoring::params::service_local["check_interval"],
+        retry_interval => $::profile::monitoring::params::service_local["retry_interval"],
+        host_name      => $::profile::monitoring::params::service_local["host_name"],
+        use            => $::profile::monitoring::params::service_types["passive"],
+        notify         => [],
+      }
+      $t = "master - "
+      $services_key = $master
+    } else {
+      $default_local = merge(
+        $::profile::monitoring::params::service_local,
+        { target => $::profile::monitoring::params::objects }
+      )
+      $t = ""
+      $services_key = $local
+    }
+    $hash = merge($default_local, $common, $services_key)
+    nagios_service { "$t$service_description":
+      service_description => $service_description,
+      *                   => $hash
+    }
+  }
+}
diff --git a/modules/profile/manifests/monitoring/params.pp b/modules/profile/manifests/monitoring/params.pp
new file mode 100644
index 0000000..27f895e
--- /dev/null
+++ b/modules/profile/manifests/monitoring/params.pp
@@ -0,0 +1,42 @@
+class profile::monitoring::params {
+  $real_hostname = lookup("base_installation::real_hostname")
+  $services_for_master = "/etc/naemon/services_for_master.cfg"
+  $objects             = "/etc/naemon/objects.cfg"
+  $plugins             = "/etc/naemon/monitoring-plugins"
+  $service_types = {
+    "passive" => "external-passive-service",
+    "web"     => "external-web-service",
+  }
+  $service_generic = {
+    active_checks_enabled        => "1",
+    check_freshness              => "0",
+    check_interval               => "10",
+    check_period                 => "24x7",
+    contact_groups               => "admins",
+    event_handler_enabled        => "1",
+    flap_detection_enabled       => "1",
+    is_volatile                  => "0",
+    max_check_attempts           => "3",
+    notification_interval        => "60",
+    notification_options         => "w,u,c,r",
+    notification_period          => "24x7",
+    notifications_enabled        => "0",
+    obsess_over_service          => "1",
+    passive_checks_enabled       => "1",
+    process_perf_data            => "1",
+    retain_nonstatus_information => "1",
+    retain_status_information    => "1",
+    retry_interval               => "2",
+  }
+  $service_local = merge($service_generic, {
+    host_name          => $real_hostname,
+    check_interval     => "5",
+    max_check_attempts => "4",
+    retry_interval     => "1",
+    })
+}
diff --git a/modules/profile/manifests/monitoring/services.pp b/modules/profile/manifests/monitoring/services.pp
new file mode 100644
index 0000000..95c6efb
--- /dev/null
+++ b/modules/profile/manifests/monitoring/services.pp
@@ -0,0 +1,42 @@
+class profile::monitoring::services {
+  profile::monitoring::local_service {
+    "Size on root partition":
+      local => {
+        check_command => "check_local_disk!20%!10%!/",
+      };
+    "Total number of process":
+      local => {
+        check_command => "check_local_procs!50!100!RSZDT",
+      };
+    "Average load":
+      local => {
+        check_command => "check_local_load!8.0,8.0,8.0!10.0,10.0,10.0",
+      };
+    "Swap usage":
+      local => {
+        check_command => "check_local_swap!20!10",
+      };
+    "fail2ban is active":
+      sudos   => {
+        "naemon-fail2ban" => "naemon  ALL=(root) NOPASSWD: /usr/bin/fail2ban-client ping",
+      },
+      local   => {
+        check_command => "check_command_output!fail2ban-client ping!pong!-r root",
+      };
+    "NTP is activated and working":
+      local => {
+        check_command => "check_ntp",
+      };
+    "No mdadm array is degraded":
+      common => {
+        ensure => (find_file("/proc/mdstat") == undef) ? { true => "absent", default =>"present" },
+      },
+      local => {
+        check_command => "check_md_raid",
+      };
+  }
+  Profile::Monitoring::Local_service <| |>
+  Profile::Monitoring::External_service <| |>
+}
diff --git a/modules/profile/manifests/monitoring/times.pp b/modules/profile/manifests/monitoring/times.pp
new file mode 100644
index 0000000..42f5d9c
--- /dev/null
+++ b/modules/profile/manifests/monitoring/times.pp
@@ -0,0 +1,23 @@
+class profile::monitoring::times inherits profile::monitoring::params {
+  Nagios_timeperiod {
+    ensure  => "present",
+    owner   => "naemon",
+    group   => "naemon",
+    target  => $objects,
+    notify  => Service["naemon"],
+    before  => Service["naemon"],
+    require => File["/etc/naemon"],
+  }
+  nagios_timeperiod { "24x7":
+    alias     => "24 Hours A Day, 7 Days A Week",
+    monday    => "00:00-24:00",
+    tuesday   => "00:00-24:00",
+    wednesday => "00:00-24:00",
+    thursday  => "00:00-24:00",
+    friday    => "00:00-24:00",
+    saturday  => "00:00-24:00",
+    sunday    => "00:00-24:00",
+  }
+}
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 97ce572..fedbcb1 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -28,5 +28,13 @@ class profile::postgresql (
  profile::postgresql::base_pg_hba_rules { "default": }
+  @profile::monitoring::local_service { "Databases are present in postgresql":
+    sudos => {
+      "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\\ nspname\\ from\\ pg_catalog.pg_namespace"
+    },
+    local => {
+      check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace'!public!-r postgres",
+    }
+  }
 }
diff --git a/modules/profile/manifests/postgresql/backup_dump.pp b/modules/profile/manifests/postgresql/backup_dump.pp
index 53fb20e..e247cf0 100644
--- a/modules/profile/manifests/postgresql/backup_dump.pp
+++ b/modules/profile/manifests/postgresql/backup_dump.pp
@@ -57,4 +57,13 @@ define profile::postgresql::backup_dump (
      },
    ]
  }
+  @profile::monitoring::local_service { "Last postgresql dump in $pg_backup_path is not too old":
+    sudos => {
+      "naemon-postgresql-dumps-$pg_host" => "naemon  ALL=($pg_user) NOPASSWD: /usr/bin/find $pg_backup_path -mindepth 1 -maxdepth 1 -printf %T@?n",
+    },
+    local => {
+      check_command => "check_last_file_date!$pg_backup_path!7!$pg_user",
+    }
+  }
 }
diff --git a/modules/profile/manifests/postgresql/backup_pgbouncer.pp b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
index 45b8ed5..5fd7861 100644
--- a/modules/profile/manifests/postgresql/backup_pgbouncer.pp
+++ b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
@@ -48,6 +48,16 @@ define profile::postgresql::backup_pgbouncer (
    content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
  }
+  # Current pam configuration requires password for postgres
+  # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
+  #   sudos => {
+  #     "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"
+  #   },
+  #   local => {
+  #     check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace' ${pg_infos[pgbouncer_dbname]}!public!-r postgres",
+  #   }
+  # }
  # pg_hba for accessed cluster
  postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
    description => "Allow local access to ${pg_infos[dbuser]} user",
diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp
index 02315a6..99ac4c4 100644
--- a/modules/profile/manifests/postgresql/master.pp
+++ b/modules/profile/manifests/postgresql/master.pp
@@ -59,5 +59,15 @@ define profile::postgresql::master (
      handle_slot   => true,
      add_self_role => true,
    }
+    @profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
+      sudos => {
+        "naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"
+      },
+      local => {
+        check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",
+      }
+    }
  }
 }
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
index dc56c0b..b809a9d 100644
--- a/modules/profile/manifests/postgresql/ssl.pp
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -78,5 +78,4 @@ define profile::postgresql::ssl (
      content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
    }
  }
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-07-11 09:31:24 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-07-11 09:31:24 +0200
commit	2bdbb0213a0f70705f81ac2eaf8349668b2c29b4 (patch)
tree	06b1e40db99815133dcc40e3e68531d45e1bd228 /modules/profile/manifests
parent	25c99a635507abfe6af4a1f0a9fc5a103d1880c0 (diff)
parent	d8bc769648c1528f5d749deee060d70e326ef431 (diff)
download	Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.tar.gz Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.tar.zst Puppet-2bdbb0213a0f70705f81ac2eaf8349668b2c29b4.zip

diff --git a/modules/profile/manifests/fstab.pp b/modules/profile/manifests/fstab.pp index 8ecfe72..3af316e 100644 --- a/modules/profile/manifests/fstab.pp +++ b/modules/profile/manifests/fstab.pp
@@ -15,6 +15,12 @@ class profile::fstab (
15	device => "UUID=${infos[1]}",	15	device => "UUID=${infos[1]}",
16	fstype => $infos[2]	16	fstype => $infos[2]
17	}	17	}
		18
		19	@profile::monitoring::local_service { "Size on ${infos[0]} partition":
		20	local => {
		21	check_command => "check_local_disk!10%!5%!${infos[0]}",
		22	};
		23	}
18	}	24	}
19	}	25	}
20	}	26	}


diff --git a/modules/profile/manifests/monitoring.pp b/modules/profile/manifests/monitoring.pp new file mode 100644 index 0000000..8633626 --- /dev/null +++ b/modules/profile/manifests/monitoring.pp
@@ -0,0 +1,58 @@
		1	class profile::monitoring (
		2	Optional[String] $naemon_url = undef,
		3	Optional[String] $naemon_token = undef,
		4	) inherits profile::monitoring::params {
		5	ensure_packages(["naemon", "cnagios"])
		6
		7	file { "/etc/naemon":
		8	ensure => "directory",
		9	recurse => true,
		10	purge => true,
		11	force => true,
		12	require => Package["naemon"],
		13	}
		14	->
		15	file { "/etc/naemon/resource.cfg":
		16	ensure => "file",
		17	owner => "naemon",
		18	group => "naemon",
		19	mode => "0600",
		20	content => template("profile/monitoring/resource.cfg.erb"),
		21	}
		22	->
		23	file { "/etc/naemon/naemon.cfg":
		24	ensure => "file",
		25	owner => "naemon",
		26	group => "naemon",
		27	mode => "0644",
		28	content => template("profile/monitoring/naemon.cfg.erb"),
		29	}
		30	->
		31	file { $objects:
		32	ensure => "file",
		33	owner => "naemon",
		34	group => "naemon",
		35	mode => "0600"
		36	}
		37	->
		38	service { "naemon":
		39	ensure => "running",
		40	enable => true,
		41	}
		42
		43	unless ($naemon_url == undef or empty($naemon_url)) {
		44	file { "/etc/naemon/send_nrdp.sh":
		45	ensure => "file",
		46	owner => "naemon",
		47	group => "naemon",
		48	mode => "0700",
		49	content => template("profile/monitoring/send_nrdp.sh.erb"),
		50	}
		51	}
		52
		53	include "profile::monitoring::hosts"
		54	include "profile::monitoring::services"
		55	include "profile::monitoring::commands"
		56	include "profile::monitoring::times"
		57	include "profile::monitoring::contacts"
		58	}


diff --git a/modules/profile/manifests/monitoring/commands.pp b/modules/profile/manifests/monitoring/commands.pp new file mode 100644 index 0000000..1c8d0b4 --- /dev/null +++ b/modules/profile/manifests/monitoring/commands.pp
@@ -0,0 +1,70 @@
		1	class profile::monitoring::commands inherits profile::monitoring {
		2	ensure_packages(["monitoring-plugins"])
		3
		4	file { $plugins:
		5	ensure => "directory",
		6	owner => "root",
		7	group => "naemon",
		8	mode => "0755",
		9	}
		10
		11	[
		12	"check_command",
		13	"check_md_raid",
		14	"check_postgres_replication",
		15	"check_last_file_date",
		16	].each \|$file\| {
		17	file { "$plugins/$file":
		18	ensure => "present",
		19	owner => "root",
		20	group => "naemon",
		21	mode => "0755",
		22	source => "puppet:///modules/profile/monitoring/$file",
		23	}
		24	}
		25
		26	Nagios_command {
		27	ensure => "present",
		28	owner => "naemon",
		29	group => "naemon",
		30	target => $objects,
		31	notify => Service["naemon"],
		32	before => Service["naemon"],
		33	require => File["/etc/naemon"],
		34	}
		35
		36	nagios_command {
		37	"check-host-alive":
		38	command_line => '$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5';
		39	"check_local_disk":
		40	command_line => '$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$';
		41	"check_local_procs":
		42	command_line => '$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$';
		43	"check_local_load":
		44	command_line => '$USER1$/check_load -w $ARG1$ -c $ARG2$';
		45	"check_local_swap":
		46	command_line => '$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$';
		47	"check_ntp":
		48	command_line => '$USER1$/check_ntp_time -H 0.arch.pool.ntp.org';
		49	"check_md_raid":
		50	command_line => '$USER2$/check_md_raid',
		51	require => File["$plugins/check_md_raid"];
		52	"check_command_output":
		53	command_line => '$USER2$/check_command -c "$ARG1$" -o "$ARG2$" $ARG3$',
		54	require => File["$plugins/check_command"];
		55	"check_postgresql_replication":
		56	command_line => '/usr/bin/sudo -u postgres $USER2$/check_postgres_replication "$ARG1$" "$ARG2$" "$ARG3$"',
		57	require => File["$plugins/check_postgres_replication"];
		58	"check_last_file_date":
		59	command_line => '$USER2$/check_last_file_date "$ARG1$" "$ARG2$" "$ARG3$"',
		60	require => File["$plugins/check_last_file_date"],
		61	}
		62
		63	unless empty($naemon_url) {
		64	nagios_command {
		65	"notify-master":
		66	command_line => '/etc/naemon/send_nrdp.sh -H "$HOSTADDRESS$" -s "$SERVICEDESC$" -S "$SERVICESTATEID$" -o "$SERVICEOUTPUT$"',
		67	require => File["/etc/naemon/send_nrdp.sh"];
		68	}
		69	}
		70	}


diff --git a/modules/profile/manifests/monitoring/contacts.pp b/modules/profile/manifests/monitoring/contacts.pp new file mode 100644 index 0000000..a751153 --- /dev/null +++ b/modules/profile/manifests/monitoring/contacts.pp
@@ -0,0 +1,16 @@
		1	class profile::monitoring::contacts inherits profile::monitoring::params {
		2	Nagios_contactgroup {
		3	ensure => "present",
		4	owner => "naemon",
		5	group => "naemon",
		6	target => $objects,
		7	notify => Service["naemon"],
		8	before => Service["naemon"],
		9	require => File["/etc/naemon"],
		10	}
		11
		12	nagios_contactgroup { "admins":
		13	alias => "System administrators",
		14	}
		15
		16	}


diff --git a/modules/profile/manifests/monitoring/external_service.pp b/modules/profile/manifests/monitoring/external_service.pp new file mode 100644 index 0000000..027dad8 --- /dev/null +++ b/modules/profile/manifests/monitoring/external_service.pp
@@ -0,0 +1,16 @@
		1	define profile::monitoring::external_service (
		2	Optional[String] $type = undef,
		3	Optional[Hash] $master = {},
		4	) {
		5	include profile::monitoring::params
		6	$service_description = $title
		7
		8	nagios_service { $service_description:
		9	service_description => $service_description,
		10	host_name => $::profile::monitoring::params::service_local["host_name"],
		11	use => $::profile::monitoring::params::service_types[$type],
		12	target => $::profile::monitoring::params::services_for_master,
		13	* => $master,
		14	}
		15
		16	}


diff --git a/modules/profile/manifests/monitoring/hosts.pp b/modules/profile/manifests/monitoring/hosts.pp new file mode 100644 index 0000000..f7802be --- /dev/null +++ b/modules/profile/manifests/monitoring/hosts.pp
@@ -0,0 +1,45 @@
		1	class profile::monitoring::hosts inherits profile::monitoring::params {
		2	$real_hostname = lookup("base_installation::real_hostname")
		3
		4	Nagios_hostgroup {
		5	ensure => "present",
		6	owner => "naemon",
		7	group => "naemon",
		8	target => $objects,
		9	notify => Service["naemon"],
		10	before => Service["naemon"],
		11	require => File["/etc/naemon"],
		12	}
		13
		14	Nagios_host {
		15	ensure => "present",
		16	owner => "naemon",
		17	group => "naemon",
		18	target => $objects,
		19	notify => Service["naemon"],
		20	before => Service["naemon"],
		21	require => File["/etc/naemon"],
		22	}
		23
		24	nagios_hostgroup { "linux-servers":
		25	alias => "Linux Servers",
		26	members => [$real_hostname],
		27	}
		28
		29	$host_linux_server = {
		30	check_command => "check-host-alive",
		31	check_interval => 5,
		32	check_period => "24x7",
		33	contact_groups => "admins",
		34	max_check_attempts => "10",
		35	notification_interval => "120",
		36	notification_options => "d,u,r",
		37	retry_interval => "1",
		38	}
		39
		40	nagios_host { $real_hostname:
		41	address => $real_hostname;
		42	default: * => $host_linux_server,
		43	}
		44
		45	}


diff --git a/modules/profile/manifests/monitoring/local_service.pp b/modules/profile/manifests/monitoring/local_service.pp new file mode 100644 index 0000000..1f975f0 --- /dev/null +++ b/modules/profile/manifests/monitoring/local_service.pp
@@ -0,0 +1,56 @@
		1	define profile::monitoring::local_service (
		2	Optional[Hash] $sudos = {},
		3	Optional[Hash] $common = {},
		4	Optional[Hash] $master = {},
		5	Optional[Hash] $local = {},
		6	) {
		7	include profile::monitoring::params
		8
		9	$service_description = $title
		10
		11	Nagios_service {
		12	ensure => "present",
		13	owner => "naemon",
		14	group => "naemon",
		15	notify => Service["naemon"],
		16	before => Service["naemon"],
		17	require => File["/etc/naemon"],
		18	}
		19
		20	$sudos.each \|$sudo_name, $content\| {
		21	ensure_resource("sudo::conf", $sudo_name, {
		22	content => $content,
		23	before => Nagios_service[$service_description],
		24	})
		25	}
		26
		27	[true, false].each \|$services_for_master\| {
		28	if $services_for_master {
		29	$default_local = {
		30	mode => "0644",
		31	target => $::profile::monitoring::params::services_for_master,
		32	check_interval => $::profile::monitoring::params::service_local["check_interval"],
		33	retry_interval => $::profile::monitoring::params::service_local["retry_interval"],
		34	host_name => $::profile::monitoring::params::service_local["host_name"],
		35	use => $::profile::monitoring::params::service_types["passive"],
		36	notify => [],
		37	}
		38	$t = "master - "
		39	$services_key = $master
		40	} else {
		41	$default_local = merge(
		42	$::profile::monitoring::params::service_local,
		43	{ target => $::profile::monitoring::params::objects }
		44	)
		45	$t = ""
		46	$services_key = $local
		47	}
		48
		49	$hash = merge($default_local, $common, $services_key)
		50
		51	nagios_service { "$t$service_description":
		52	service_description => $service_description,
		53	* => $hash
		54	}
		55	}
		56	}


diff --git a/modules/profile/manifests/monitoring/params.pp b/modules/profile/manifests/monitoring/params.pp new file mode 100644 index 0000000..27f895e --- /dev/null +++ b/modules/profile/manifests/monitoring/params.pp
@@ -0,0 +1,42 @@
		1	class profile::monitoring::params {
		2	$real_hostname = lookup("base_installation::real_hostname")
		3
		4	$services_for_master = "/etc/naemon/services_for_master.cfg"
		5	$objects = "/etc/naemon/objects.cfg"
		6	$plugins = "/etc/naemon/monitoring-plugins"
		7
		8	$service_types = {
		9	"passive" => "external-passive-service",
		10	"web" => "external-web-service",
		11	}
		12
		13	$service_generic = {
		14	active_checks_enabled => "1",
		15	check_freshness => "0",
		16	check_interval => "10",
		17	check_period => "24x7",
		18	contact_groups => "admins",
		19	event_handler_enabled => "1",
		20	flap_detection_enabled => "1",
		21	is_volatile => "0",
		22	max_check_attempts => "3",
		23	notification_interval => "60",
		24	notification_options => "w,u,c,r",
		25	notification_period => "24x7",
		26	notifications_enabled => "0",
		27	obsess_over_service => "1",
		28	passive_checks_enabled => "1",
		29	process_perf_data => "1",
		30	retain_nonstatus_information => "1",
		31	retain_status_information => "1",
		32	retry_interval => "2",
		33	}
		34
		35	$service_local = merge($service_generic, {
		36	host_name => $real_hostname,
		37	check_interval => "5",
		38	max_check_attempts => "4",
		39	retry_interval => "1",
		40	})
		41
		42	}


diff --git a/modules/profile/manifests/monitoring/services.pp b/modules/profile/manifests/monitoring/services.pp new file mode 100644 index 0000000..95c6efb --- /dev/null +++ b/modules/profile/manifests/monitoring/services.pp
@@ -0,0 +1,42 @@
		1	class profile::monitoring::services {
		2
		3	profile::monitoring::local_service {
		4	"Size on root partition":
		5	local => {
		6	check_command => "check_local_disk!20%!10%!/",
		7	};
		8	"Total number of process":
		9	local => {
		10	check_command => "check_local_procs!50!100!RSZDT",
		11	};
		12	"Average load":
		13	local => {
		14	check_command => "check_local_load!8.0,8.0,8.0!10.0,10.0,10.0",
		15	};
		16	"Swap usage":
		17	local => {
		18	check_command => "check_local_swap!20!10",
		19	};
		20	"fail2ban is active":
		21	sudos => {
		22	"naemon-fail2ban" => "naemon ALL=(root) NOPASSWD: /usr/bin/fail2ban-client ping",
		23	},
		24	local => {
		25	check_command => "check_command_output!fail2ban-client ping!pong!-r root",
		26	};
		27	"NTP is activated and working":
		28	local => {
		29	check_command => "check_ntp",
		30	};
		31	"No mdadm array is degraded":
		32	common => {
		33	ensure => (find_file("/proc/mdstat") == undef) ? { true => "absent", default =>"present" },
		34	},
		35	local => {
		36	check_command => "check_md_raid",
		37	};
		38	}
		39
		40	Profile::Monitoring::Local_service <\| \|>
		41	Profile::Monitoring::External_service <\| \|>
		42	}


diff --git a/modules/profile/manifests/monitoring/times.pp b/modules/profile/manifests/monitoring/times.pp new file mode 100644 index 0000000..42f5d9c --- /dev/null +++ b/modules/profile/manifests/monitoring/times.pp
@@ -0,0 +1,23 @@
		1	class profile::monitoring::times inherits profile::monitoring::params {
		2	Nagios_timeperiod {
		3	ensure => "present",
		4	owner => "naemon",
		5	group => "naemon",
		6	target => $objects,
		7	notify => Service["naemon"],
		8	before => Service["naemon"],
		9	require => File["/etc/naemon"],
		10	}
		11
		12	nagios_timeperiod { "24x7":
		13	alias => "24 Hours A Day, 7 Days A Week",
		14	monday => "00:00-24:00",
		15	tuesday => "00:00-24:00",
		16	wednesday => "00:00-24:00",
		17	thursday => "00:00-24:00",
		18	friday => "00:00-24:00",
		19	saturday => "00:00-24:00",
		20	sunday => "00:00-24:00",
		21	}
		22
		23	}


diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 97ce572..fedbcb1 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp
@@ -28,5 +28,13 @@ class profile::postgresql (
28		28
29	profile::postgresql::base_pg_hba_rules { "default": }	29	profile::postgresql::base_pg_hba_rules { "default": }
30		30
		31	@profile::monitoring::local_service { "Databases are present in postgresql":
		32	sudos => {
		33	"naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\\ nspname\\ from\\ pg_catalog.pg_namespace"
		34	},
		35	local => {
		36	check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace'!public!-r postgres",
		37	}
		38	}
31	}	39	}
32		40


diff --git a/modules/profile/manifests/postgresql/backup_dump.pp b/modules/profile/manifests/postgresql/backup_dump.pp index 53fb20e..e247cf0 100644 --- a/modules/profile/manifests/postgresql/backup_dump.pp +++ b/modules/profile/manifests/postgresql/backup_dump.pp
@@ -57,4 +57,13 @@ define profile::postgresql::backup_dump (
57	},	57	},
58	]	58	]
59	}	59	}
		60
		61	@profile::monitoring::local_service { "Last postgresql dump in $pg_backup_path is not too old":
		62	sudos => {
		63	"naemon-postgresql-dumps-$pg_host" => "naemon ALL=($pg_user) NOPASSWD: /usr/bin/find $pg_backup_path -mindepth 1 -maxdepth 1 -printf %T@?n",
		64	},
		65	local => {
		66	check_command => "check_last_file_date!$pg_backup_path!7!$pg_user",
		67	}
		68	}
60	}	69	}


diff --git a/modules/profile/manifests/postgresql/backup_pgbouncer.pp b/modules/profile/manifests/postgresql/backup_pgbouncer.pp index 45b8ed5..5fd7861 100644 --- a/modules/profile/manifests/postgresql/backup_pgbouncer.pp +++ b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
@@ -48,6 +48,16 @@ define profile::postgresql::backup_pgbouncer (
48	content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",	48	content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
49	}	49	}
50		50
		51	# Current pam configuration requires password for postgres
		52	# @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
		53	# sudos => {
		54	# "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"
		55	# },
		56	# local => {
		57	# check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace' ${pg_infos[pgbouncer_dbname]}!public!-r postgres",
		58	# }
		59	# }
		60
51	# pg_hba for accessed cluster	61	# pg_hba for accessed cluster
52	postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":	62	postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
53	description => "Allow local access to ${pg_infos[dbuser]} user",	63	description => "Allow local access to ${pg_infos[dbuser]} user",


diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp index 02315a6..99ac4c4 100644 --- a/modules/profile/manifests/postgresql/master.pp +++ b/modules/profile/manifests/postgresql/master.pp
@@ -59,5 +59,15 @@ define profile::postgresql::master (
59	handle_slot => true,	59	handle_slot => true,
60	add_self_role => true,	60	add_self_role => true,
61	}	61	}
		62
		63	@profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
		64	sudos => {
		65	"naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"
		66
		67	},
		68	local => {
		69	check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",
		70	}
		71	}
62	}	72	}
63	}	73	}


diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp index dc56c0b..b809a9d 100644 --- a/modules/profile/manifests/postgresql/ssl.pp +++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -78,5 +78,4 @@ define profile::postgresql::ssl (
78	content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"	78	content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
79	}	79	}
80	}	80	}
81
82	}	81	}