summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-05-09 17:08:26 +0200
committerLeif Johansson <leifj@sunet.se>2015-05-09 17:08:26 +0200
commitcd7acf3cd7e6a193791220e59a92b07b301dbdc3 (patch)
tree0386232d357da175bcb940d8e8da2c8760fce342 /global/overlay/etc/puppet/modules/sunet
parentb426d3fae51f9a15bd99a54a67c6878e4b3f9506 (diff)
drop old modulessunet-ops-2015-05-09-v12
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp7
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp38
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp46
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp56
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp12
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp44
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp19
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp14
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/flog.pp82
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp38
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp49
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp91
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp22
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp53
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb115
-rwxr-xr-xglobal/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb98
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb7
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb5
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb18
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb8
-rwxr-xr-xglobal/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb37
-rwxr-xr-xglobal/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb721
-rw-r--r--global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb262
23 files changed, 0 insertions, 1842 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp
deleted file mode 100644
index 348d9c5..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-# Add a user to a group
-define sunet::add_user_to_group($username, $group) {
- exec {"add_user_${username}_to_group_${group}_exec":
- command => "adduser --quiet $username $group",
- path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin', '/bin', ],
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp
deleted file mode 100644
index d6400d7..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define sunet::cloudimage (
- $image_url = "https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img",
- $dhcp = true,
- $size = "1G",
- $bridge = "br0",
- $memory = "1024",
- $cpus = "1",
- $resolver = undef,
- $ip = undef,
- $netmask = undef,
- $gateway = undef,
- $ip6 = undef,
- $netmask6 = "64",
- $gateway6 = undef,
- $tagpattern = undef,
- $repo = undef
-)
-{
- package {'mtools': ensure => latest }
- package {'libvirt-bin': ensure => latest }
- package {'uuid-runtime': ensure => latest }
- package {'virtinst': ensure => latest }
-
- $image_url_a = split($image_url,"/")
- $image_name = $image_url_a[-1]
- $image_src = "/var/lib/libvirt/images/${image_name}"
- file { "/var/lib/libvirt/images/${name}": ensure => directory } ->
- exec {"wget -O${image_src} ${image_url}":
- onlyif => "test ! -f ${image_src}"
- }
- file { "/var/lib/libvirt/images/${name}/${name}-init.sh":
- content => template("sunet/cloudimage/mk_cloud_image.erb"),
- mode => "0755"
- } ->
- exec { "/var/lib/libvirt/images/${name}/${name}-init.sh":
- onlyif => "test ! -f /var/lib/libvirt/images/${name}/${name}.img"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
deleted file mode 100644
index 4b56a03..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
+++ /dev/null
@@ -1,46 +0,0 @@
-# Common use of docker::run
-define sunet::docker_run(
- $image,
- $imagetag = hiera('sunet_docker_default_tag', 'latest'),
- $volumes = [],
- $ports = [],
- $env = [],
- $net = 'bridge',
- $extra_parameters = [],
- $command = "",
- $hostname = undef,
-) {
-
- # Make container use unbound resolver on dockerhost
- # If docker was just installed, facter will not know the IP of docker0. Thus the pick.
- $dns = $net ? {
- 'host' => [], # docker refuses --dns with --net host
- default => [pick($::ipaddress_docker0, '172.17.42.1')],
- }
-
- $image_tag = "${image}:${imagetag}"
- docker::image { $image_tag : } ->
-
- docker::run {$name :
- use_name => true,
- image => $image_tag,
- volumes => flatten([$volumes,
- '/etc/passwd:/etc/passwd:ro', # uid consistency
- '/etc/group:/etc/group:ro', # gid consistency
- ]),
- hostname => $hostname,
- ports => $ports,
- env => $env,
- net => $net,
- extra_parameters => flatten([$extra_parameters,
- '--rm',
- ]),
- dns => $dns,
- verify_checksum => false, # Rely on registry security for now. eduID risk #31.
- command => $command,
- pre_start => 'run-parts /usr/local/etc/docker.d',
- post_start => 'run-parts /usr/local/etc/docker.d',
- pre_stop => 'run-parts /usr/local/etc/docker.d',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
deleted file mode 100644
index 67f75f9..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
+++ /dev/null
@@ -1,56 +0,0 @@
-# Install docker from https://get.docker.com/ubuntu
-class sunet::dockerhost {
- apt::source {'docker_official':
- location => 'https://get.docker.com/ubuntu',
- release => 'docker',
- repos => 'main',
- key => 'A88D21E9',
- include_src => false
- }
- package {'lxc-docker':
- ensure => latest,
- }
-
- class {'docker':
- manage_package => false,
- }
-
- package { 'unbound': ensure => 'latest' }
- service { 'unbound': ensure => 'running' }
-
- file { '/usr/local/etc/docker.d/20unbound':
- ensure => file,
- path => '/usr/local/etc/docker.d/20unbound',
- mode => '0755',
- content => template('sunet/dockerhost/20unbound.erb'),
- }
-
- file { '/etc/logrotate.d/docker-containers':
- ensure => file,
- path => '/etc/logrotate.d/docker-containers',
- mode => '0644',
- content => template('sunet/dockerhost/logrotate_docker-containers.erb'),
- }
-
- file { '/etc/unbound/unbound.conf.d/docker.conf':
- ensure => file,
- path => '/etc/unbound/unbound.conf.d/docker.conf',
- mode => '0644',
- content => template('sunet/dockerhost/unbound_docker.conf.erb'),
- notify => Service['unbound'],
- }
-
- ufw::allow { 'allow-docker-resolving_udp':
- port => '53',
- ip => $::ipaddress_docker0, # both IPv4 and IPv6
- from => '172.16.0.0/12',
- proto => 'udp',
- }
- ufw::allow { 'allow-docker-resolving_tcp':
- port => '53',
- ip => $::ipaddress_docker0, # both IPv4 and IPv6
- from => '172.16.0.0/12',
- proto => 'tcp',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
deleted file mode 100644
index 9956e00..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-define sunet::encrypted_swap() {
-
- package { 'ecryptfs-utils':
- ensure => 'installed'
- } ->
-
- exec {'sunet_ecryptfs_setup_swap':
- command => '/usr/bin/ecryptfs-setup-swap -f',
- onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
deleted file mode 100644
index a80d355..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ /dev/null
@@ -1,44 +0,0 @@
-define sunet::etcd_node(
- $disco_url = undef,
- $etcd_version = 'v2.0.8',
- $proxy = true
-)
-{
- include stdlib
-
- file { ["/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
- $common_args = ["--discovery ${disco_url}",
- "--name ${::hostname}",
- "--data-dir /data",
- "--key-file /etc/ssl/private/${::fqdn}_infra.key",
- "--ca-file /etc/ssl/certs/infra.crt",
- "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
- if $proxy {
- $args = concat($common_args,["--proxy on","--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379"])
- } else {
- $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
- "--advertise-client-urls http://${::ipaddress_eth1}:2379",
- "--listen-peer-urls http://0.0.0.0:2380",
- "--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379",
- "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
- "--peer-ca-file /etc/ssl/certs/infra.crt",
- "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
- }
- sunet::docker_run { "etcd_${name}":
- image => 'quay.io/coreos/etcd',
- imagetag => $etcd_version,
- volumes => ["/data/${name}:/data","/etc/ssl:/etc/ssl"],
- command => join($args," "),
- ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"]
- }
- if !$proxy {
- ufw::allow { "allow-etcd-peer":
- ip => "${::ipaddress_eth1}",
- port => 2380
- }
- ufw::allow { "allow-etcd-client":
- ip => "${::ipaddress_eth1}",
- port => 2379
- }
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
deleted file mode 100644
index 8ff7325..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-define sunet::ethernet_bonding() {
- # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1,
- # for all physical hosts that are running Ubuntu.
- #
- # Bonding requires setup in /etc/network/interfaces as well.
- #
- if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' {
- if $::operatingsystemrelease <= '12.04' {
- package {'ifenslave': ensure => 'present' }
- } else {
- package {'ifenslave-2.6': ensure => 'present' }
- }
-
- file_line { 'load_module_at_boot':
- path => '/etc/modules',
- line => 'bonding',
- }
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
deleted file mode 100644
index 01a9662..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
+++ /dev/null
@@ -1,14 +0,0 @@
-class sunet::fail2ban {
-
- package {'fail2ban':
- ensure => 'latest'
- } ->
- service {'fail2ban':
- ensure => 'running'
- }
- exec {"fail2ban_defaults":
- refreshonly => true,
- subscribe => Service['fail2ban'],
- command => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp b/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp
deleted file mode 100644
index 553e83b..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-class sunet::flog {
-
- $postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA')
-
- file {'/var/docker':
- ensure => 'directory',
- } ->
- sunet::system_user {'postgres-system-user':
- username => 'postgres',
- group => 'postgres',
- } ->
- sunet::add_user_to_group { 'postgres_ssl_cert_access':
- username => 'postgres',
- group => 'ssl-cert',
- } ->
- sunet::system_user {'www-data-system-user':
- username => 'www-data',
- group => 'www-data',
- } ->
- sunet::system_user {'memcache-system-user':
- username => 'memcache',
- group => 'memcache',
- } ->
- file {'/var/docker/postgresql_data':
- ensure => 'directory',
- owner => 'postgres',
- group => 'root',
- mode => '0770',
- } ->
- file {'/var/docker/postgresql_data/backup':
- ensure => 'directory',
- owner => 'postgres',
- group => 'root',
- mode => '0770',
- } ->
- file {'/var/log/flog_db':
- ensure => 'directory',
- owner => 'root',
- group => 'postgres',
- mode => '1775',
- } ->
- file {'/var/log/flog_app':
- ensure => 'directory',
- owner => 'root',
- group => 'www-data',
- mode => '1775',
- } ->
- file {'/var/log/flog_cron':
- ensure => 'directory',
- owner => 'root',
- group => 'www-data',
- mode => '1775',
- } ->
- file { "/opt/flog/nginx/certs/flog.sunet.se.key":
- ensure => file,
- path => "/opt/flog/nginx/certs/flog.sunet.se.key",
- mode => '0640',
- content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'),
- } ->
- file { "/opt/flog/dotenv":
- ensure => file,
- path => "/opt/flog/dotenv",
- mode => '0640',
- content => template('sunet/flog/dotenv.erb'),
- } ->
- sunet::docker_run {'flog_db':
- image => 'docker.sunet.se/flog/postgresql-9.3',
- volumes => ['/etc/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
- } ->
- sunet::docker_run {'flog_app':
- image => 'docker.sunet.se/flog/flog_app',
- volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
- } ->
- sunet::docker_run {'memcached':
- image => 'docker.sunet.se/library/memcached',
- } ->
- sunet::docker_run {'flog_nginx':
- image => 'docker.sunet.se/flog/nginx',
- ports => ['80:80', '443:443'],
- volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
deleted file mode 100644
index 3658142..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
- $pkcs11_pin=undef,
- $pkcs11_key_slot="0",
- $pkcs11_key_id="abcd",
- $autosign_dir=undef,
- $autosign_type="peer",
- $public_repo_url=undef,
- $public_repo_dir=undef)
-{
- apt::ppa {'ppa:leifj/ici': } ->
- package { 'ici': ensure => latest } ->
- exec { '${name}_setup_ca':
- command => "/usr/bin/ici ${name} init",
- creates => "/var/lib/ici/${name}"
- } ->
- file { '${name}_ca_config':
- path => "/var/lib/ici/${name}/ca.config",
- content => template("sunet/ici_ca/ca.config.erb")
- }
- if $public_repo_dir and $public_repo_url {
- cron {'ici_publish':
- command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} gencrl && /usr/bin/ici ${name} publish ${public_repo_dir}",
- user => "root",
- minute => "*/5"
- }
- }
-}
-
-define sunet::ici_ca::autosign($ca=undef,
- $autosign_dir=undef,
- $autosign_type="client")
-{
- cron {"ici_autosign_${name}":
- command => "test -f /var/lib/ici/${ca}/ca.crt && /usr/bin/ici ${ca} issue -t ${autosign_type} -d 365 --copy-extensions ${autosign_dir}",
- user => "root",
- minute => "*/5"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
deleted file mode 100644
index 91ccf6c..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ /dev/null
@@ -1,49 +0,0 @@
-class sunet::nagios {
-
- $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111')
- $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111')
- $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}"
-
- package {'nagios-nrpe-server':
- ensure => 'installed',
- }
- service {'nagios-nrpe-server':
- ensure => 'running',
- enable => 'true',
- require => Package['nagios-nrpe-server'],
- }
- file { "/etc/nagios/nrpe.cfg" :
- notify => Service['nagios-nrpe-server'],
- ensure => 'file',
- mode => '0640',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/nrpe.cfg.erb'),
- }
- file { "/usr/lib/nagios/plugins/check_uptime.pl" :
- ensure => 'file',
- mode => '0751',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/check_uptime.pl.erb'),
- }
- file { "/usr/lib/nagios/plugins/check_reboot" :
- ensure => 'file',
- mode => '0751',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/check_reboot.erb'),
- }
- ufw::allow { "allow-nrpe-v4":
- from => "${nagios_ip_v4}",
- ip => 'any',
- proto => 'tcp',
- port => 5666
- }
- ufw::allow { "allow-nrpe-v6":
- from => "${nagios_ip_v6}",
- ip => 'any',
- proto => 'tcp',
- port => 5666
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
deleted file mode 100644
index d89302f..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ /dev/null
@@ -1,91 +0,0 @@
-define sunet::server() {
-
- # fail2ban
- class { 'sunet::fail2ban': }
-
- # Set up encrypted swap
- sunet::encrypted_swap { 'sunet_encrypted_swap': }
-
- # Add prerequisites for ethernet bonding, if physical server
- sunet::ethernet_bonding { 'sunet_ethernet_bonding': }
-
-# Removed until SWAMID hosts can have their ufw module updated / ft
-# # Ignore IPv6 multicast
-# ufw::deny { 'ignore_v6_multicast':
-# ip => 'ff02::1',
-# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
-# }
-
-# # Ignore IPv6 multicast PIM router talk
-# ufw::deny { 'ignore_v6_multicast_PIM':
-# ip => 'ff02::d',
-# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
-# }
-
- include augeas
- augeas { "sshd_config":
- context => "/files/etc/ssh/sshd_config",
- changes => [
- "set PasswordAuthentication no",
- "set X11Forwarding no",
- "set LogLevel VERBOSE", # log pubkey used for root login
- ],
- notify => Service['ssh'],
- } ->
- file_line {
- 'no_sftp_subsystem':
- path => '/etc/ssh/sshd_config',
- match => 'Subsystem sftp /usr/lib/openssh/sftp-server',
- line => '#Subsystem sftp /usr/lib/openssh/sftp-server',
- notify => Service['ssh'],
- }
-
- # already declared in puppet-cosmos/manifests/ntp.pp
- #service { 'ntp':
- # ensure => 'running',
- #}
-
- # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers
- line { 'no_pool_ntp_org_servers':
- file => '/etc/ntp.conf',
- line => '^server .*\.pool\.ntp\.org',
- ensure => 'comment',
- notify => Service['ntp'],
- }
-
- file { '/var/cache/scriptherder':
- ensure => 'directory',
- path => '/var/cache/scriptherder',
- mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder
- }
-
-
-}
-
-# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5
-define line($file, $line, $ensure = 'present') {
- case $ensure {
- default : { err ( "unknown ensure value ${ensure}" ) }
- present: {
- exec { "/bin/echo '${line}' >> '${file}'":
- unless => "/bin/grep -qFx '${line}' '${file}'"
- }
- }
- absent: {
- exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":
- onlyif => "/bin/grep -qFx '${line}' '${file}'"
- }
- }
- uncomment: {
- exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'":
- onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l"
- }
- }
- comment: {
- exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'":
- onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0"
- }
- }
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp
deleted file mode 100644
index 819ef4a..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp
+++ /dev/null
@@ -1,22 +0,0 @@
-define sunet::system_user(
- $username,
- $group,
- $system = true,
- $shell = '/bin/false'
- ) {
-
- user { $username :
- ensure => present,
- name => $username,
- membership => minimum,
- system => $system,
- require => Group[ $group ],
- shell => $shell,
- }
-
- group { $group :
- ensure => present,
- name => $group,
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
deleted file mode 100644
index 6f6abed..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ /dev/null
@@ -1,53 +0,0 @@
-# a basic wp setup using docker
-
-define sunet::wordpress (
-$db_host = undef,
-$wordpress_version = "4.1.1",
-$myqsl_version = "5.7")
-{
- include augeas
- $db_hostname = $db_host ? {
- undef => "${name}_mysql.docker",
- default => $db_host
- }
- $pwd = hiera("${name}_db_password",'NOT_SET_IN_HIERA')
- file {"/data/${name}": ensure => directory } ->
- file {"/data/${name}/html": ensure => directory } ->
- sunet::docker_run { "${name}_wordpress":
- image => "wordpress",
- imagetag => $wordpress_version,
- volumes => ["/data/${name}/html:/var/www/html"],
- ports => ["8080:80"],
- env => [ "SERVICE_NAME=${name}",
- "WORDPRESS_DB_HOST=${db_hostname}",
- "WORDPRESS_DB_USER=${name}",
- "WORDPRESS_DB_NAME=${name}",
- "WORDPRESS_DB_PASSWORD=${pwd}" ]
- }
-
- if (!$db_host) {
- file {"/data/${name}/db": ensure => directory }
- group { 'mysql': ensure => 'present', system => true } ->
- user { 'mysql': ensure => 'present', groups => 'mysql', system => true } ->
- sunet::docker_run { "${name}_mysql":
- image => "mysql",
- imagetag => $mysql_version,
- volumes => ["/data/${name}/db:/var/lib/mysql"],
- env => ["MYSQL_USER=${name}",
- "MYSQL_PASSWORD=${pwd}",
- "MYSQL_ROOT_PASSWORD=${pwd}",
- "MYSQL_DATABASE=${name}"]
- }
- package {'automysqlbackup': ensure => latest } ->
- augeas { 'automysqlbackup_settings':
- incl => "/etc/default/automysqlbackup",
- lens => "Shellvars.lns",
- changes => [
- "set USERNAME ${name}",
- "set PASSWORD ${pwd}",
- "set DBHOST ${db_hostname}",
- "set DBNAMES ${name}"
- ]
- }
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb b/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb
deleted file mode 100644
index 3f139db..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/bash
-
-# do not edit by hand
-
-src_image="<%= @image_src %>"
-size="<%= @size %>"
-dhcp="<%= @dhcp ? 'yes' : 'no' %>"
-hostname="<%= @name %>"
-bridge="<%= @bridge %>"
-cpus="<%= @cpus %>"
-mem="<%= @memory %>"
-repo="<%= @repo %>"
-tag="<%= @tagpattern %>"
-ip="<%= @ip %>"
-gateway="<%= @gateway %>"
-netmask="<%= @netmask %>"
-resolver="<%= @resolver %>"
-ip6="<%= @ip6 %>"
-gateway6="<%= @gateway6 %>"
-netmask6="<%= @netmask6 %>"
-password="<%= @password %>"
-
-
-cd "/var/lib/libvirt/cloud-init"
-
-id=$(uuidgen)
-
-seed=${hostname}_seed.img
-disk=${hostname}.img
-
-rm -f ${seed}
-truncate --size 2M ${seed}
-mkfs.vfat -n cidata ${seed} 2>/dev/null
-
-if [ "x${password}" != "x" ]; then
- pass="password: ${password}"
-fi
-
-user_data=$(mktemp)
-cat > ${user_data} <<EOF
-#cloud-config
-user: root
-ssh_pwauth: False
-ssh_authorized_keys:
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7 leifj+00060AD478D6@sunet.se
-runcmd:
- - ["mkdir","/tmp/seed"]
- - ["mount","/dev/vdb","/tmp/seed"]
- - ["cp","/tmp/seed/bootstrap-cosmos.sh","/tmp/seed/cosmos_1.2-2_all.deb","/root"]
- - ["cd","/root"]
- - "cd /root && /root/bootstrap-cosmos.sh ${hostname} ${repo} ${tag}"
-disable_root: 0
-EOF
-
-meta_data=$(mktemp)
-cat > ${meta_data} <<EOF
-#cloud-config
-instance-id: iid-${id}
-local-hostname: ${hostname}
-disable_root: 0
-EOF
-
-dns=""
-if [ "x${resolver}" != "x" ]; then
- dns="dns-nameservers ${resolver}"
-fi
-
-if [ "x${dhcp}" = "xyes" ]; then
-cat >> ${meta_data} <<EOF
-network-interfaces: |
- auto eth0
- iface eth0 inet dhcp
- ${dns}
-EOF
-else
- if [ "x${ip}" != "x" ]; then
- cat >> ${meta_data} <<EOF
-network-interfaces: |
- auto eth0
- iface eth0 inet static
- address ${ip}
- netmask ${netmask}
- gateway ${gateway}
- ${dns}
-
-EOF
- fi
-
- if [ "x${ip6}" != "x" ]; then
- cat >> ${meta_data} <<EOF
-network-interfaces: |
- auto eth0
- iface eth0 inet6 static
- address ${ip6}
- netmask ${netmask6}
- gateway ${gateway6}
- ${dns}
-
-EOF
- fi
-fi
-
-mcopy -i ${seed} ${user_data} ::user-data 2>/dev/null
-mcopy -i ${seed} ${meta_data} ::meta-data 2>/dev/null
-mcopy -i ${seed} /etc/cosmos/apt/bootstrap-cosmos.sh /etc/cosmos/apt/cosmos_1.2-2_all.deb ::
-mkdir -p "/var/lib/libvirt/images/${hostname}"
-mv ${seed} "/var/lib/libvirt/images/${hostname}"
-virsh pool-refresh default
-
-virsh vol-clone --pool default ${src_image} ${hostname}/${disk}
-
-virt-install -r ${mem} -n ${hostname} --vcpus=${cpus} --autostart --memballoon virtio --network bridge=${bridge} --boot hd --disk path=/var/lib/libvirt/images/${hostname}/${disk},format=qcow2,bus=virtio --disk path=/var/lib/libvirt/images/${hostname}/${seed},bus=virtio
-
-rm -f ${user_data}
-rm -f ${meta_data}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb
deleted file mode 100755
index 0374ac7..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/bash
-#
-# This script registers/removes docker containers IP addresses
-# from the local unbound resolver in the post-start / pre-stop actions.
-#
-# For action pre-start, it checks if there is a CID file that needs to be
-# cleaned away to not prevent the new container from starting.
-#
-
-# sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7
-# sunet_docker_pre-post: ACTION pre-stop
-# sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service
-# sunet_docker_pre-post: NAME eduid-mm-service
-#for e in "CID" "ACTION" "IMAGE" "NAME"; do
-# logger -t sunet_docker_pre-post "$e `printenv $e`"
-#done
-
-logtag="sunet_docker_pre-post[$ACTION]"
-logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'"
-
-if [ "x$ACTION" = "xpre-start" ]; then
- # Work-around: if unbound is not running when a container starts, it will get
- # an incorrect /etc/resolv.conf (SUNET resolvers). It will then later on be
- # unable to resolv .docker hostnames.
- service unbound status > /dev/null
- if [ $? -ne 0 ]; then
- for retry in 1 2 3 4 5 6 7 8 9 10; do
- sleep 3
- logger -t "${logtag}" "Waiting for service unbound"
- service unbound status > /dev/null
- if [ $? -eq 0 ]; then
- break
- fi
- done
- fi
-
- service unbound status > /dev/null
- if [ $? -ne 0 ]; then
- logger -t "${logtag}" "Service unbound not running! Aborting."
- exit 0
- fi
- if [ -f "${CIDFILE}" ]; then
- # Clean away the CID file in pre-start if the container is in fact not running
- docker inspect "${CID}" 2>/dev/null || (
- logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})";
- rm -f "${CIDFILE}"
- )
- fi
-
- # Remove any stopped container with this name to prevent the docker start script
- # from just restarting that one (instead of starting the currently tagged image,
- # which might be newer than the one used by the old container)
- docker inspect "${NAME}" && docker rm "${NAME}"
- exit 0
-fi
-
-if [ "x${CID}" = "x" ]; then
- CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
-
- if [ "x${CID}" = "x" ]; then
- # sometimes containers start slow...
- for retry in 1 2 3 4 5; do
- sleep 1
- logger -t "${logtag}" "Retrying CID lookup for ${NAME}"
- CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
- if [ "x${CID}" != "x" ]; then
- break
- fi
- done
- fi
-
- if [ "x${CID}" = "x" ]; then
- logger -t "${logtag}" "No CID provided or found! Aborting."
- exit 0
- fi
-
- logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'"
-fi
-
-# Remove registered name.
-# XXX this does NOT handle multiple instances of the same image running on
-# a single Docker host!
-logger -t "${logtag}" "Un-registering ${NAME}.docker"
-unbound-control local_data_remove "${NAME}.docker." > /dev/null
-
-# If it is a container starting up, register it's IP address
-if [ "x$ACTION" = "xpost-start" ]; then
- ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null)
- if [ "x${ip}" = "x" ]; then
- logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting."
- exit 0
- fi
- unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null
- # Register reverse pointer - there is no local_data_ptr command unfortunately
- ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}')
- unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker."
- logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}"
-fi
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb
deleted file mode 100644
index 6cf5fe9..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-/var/lib/docker/containers/*/*.log {
- rotate 7
- daily
- compress
- delaycompress
- copytruncate
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb
deleted file mode 100644
index f6bb382..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb
+++ /dev/null
@@ -1,5 +0,0 @@
-server:
- local-zone: docker. static
- interface: 127.0.0.1
- interface: 172.17.42.1
- access-control: 172.16.0.0/12 allow
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb b/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb
deleted file mode 100644
index bcd167b..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb
+++ /dev/null
@@ -1,18 +0,0 @@
-ALLOWED_HOSTS='flog.sunet.se flog_app.docker 192.36.125.10 2001:6b0:7::10'
-EDUROAM_META_DATA='/opt/flog/institution.xml'
-SENTRY_DSN='https://1ac5a19b73d04d91995055a81710e537:c31c3e5a162f477e8d6a9665aa134f8a@sentry.nordu.net/4'
-EMAIL_HOST='localhost'
-EMAIL_HOST_PASSWORD=''
-EMAIL_HOST_USER=''
-EMAIL_PORT=''
-DB_ENGINE='django.db.backends.postgresql_psycopg2'
-DB_NAME='flog'
-DB_USER='flog'
-DB_PASSWORD='<%= @postgres_password %>'
-DB_HOST='flog_db.docker'
-DB_PORT=5432
-#CACHE_BACKEND='django.core.cache.backends.db.DatabaseCache'
-#CACHE_LOCATION='flog_cache_table'
-CACHE_BACKEND='django.core.cache.backends.memcached.MemcachedCache'
-CACHE_LOCATION='memcached.docker:11211'
-STATIC_URL='/static/'
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
deleted file mode 100644
index 86eb224..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-ICI_CA_KEY_ID=<%= @pkcs11_key_id %>
-ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %>
-ICI_PKCS11=<%= @pkcs11_module %>
-ICI_PKCS11_PIN=<%= @pkcs11_pin %>
-ICI_MD=sha256
-ICI_PUBLIC_URL=<%= @public_repo_url %>
-SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf
-export SOFTHSM_CONF
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb
deleted file mode 100755
index aa0bd5d..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-declare -rx PROGNAME=${0##*/}
-declare -rx PROGPATH=${0%/*}/
-
-function cleanup {
- #if [ -e "$TMPFILE" ] ; then
- #rm "$TMPFILE"
- #fi
- exit $1
-}
-
-if [ -r "${PROGPATH}utils.sh" ] ; then
- source "${PROGPATH}utils.sh"
-else
- echo "Can't find utils.sh."
- printf "Currently being run from %s\n" "$PROGPATH"
- # since we couldn't define STATE_UNKNOWN since reading utils.sh failed, we use 3 here but everywhere else after this use cleanup $STATE
- cleanup 3
-fi
-
-STATE=$STATE_UNKNOWN
-
-
-if [ -f /var/run/reboot-required.pkgs ]
-then
- pkg=`cat /var/run/reboot-required.pkgs`
-fi
-
-if [ -f /var/run/reboot-required ]
-then
- echo "Reboot WARNING: System reboot required by package $pkg"
- cleanup $STATE_WARNING;
-fi
- echo "Reboot OK: No reboot required"
- cleanup $STATE_OK;
-cleanup $STATE;
-
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
deleted file mode 100755
index dda05e4..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
+++ /dev/null
@@ -1,721 +0,0 @@
-#!/usr/bin/perl -w
-#
-# ============================== SUMMARY =====================================
-#
-# Program : check_uptime.pl
-# Version : 0.52
-# Date : June 19, 2012
-# Authors : William Leibzon - william@leibzon.org
-# Licence : GPL - summary below, full text at http://www.fsf.org/licenses/gpl.txt
-#
-# =========================== PROGRAM LICENSE =================================
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-# ===================== INFORMATION ABOUT THIS PLUGIN =========================
-#
-# This plugin returns uptime of the system returning data in text (readable)
-# format as well as in minutes for performance graphing. The plugin can either
-# run on local system unix system (that supports standard 'uptime' command
-# or check remote system by SNMP. The plugin can report one CRITICAL or
-# WARNING alert if system has been rebooted since last check.
-#
-# ====================== SETUP AND PLUGIN USE NOTES =========================
-#
-# The plugin can either retrieve information from local system (when you
-# run it through check_nrpe for example) or by SNMP from remote system.
-#
-# On local system it will execute standard unix 'uptime' and 'uname -a'.
-#
-# On a remote system it'll retrieve data from sysSystem for system type
-# and use that to decide if further data should be retrieved from
-# sysUptime (OID 1.3.6.1.2.1.1.3.0) for windows or
-# hostUptime (OID 1.3.6.1.2.1.25.1.1.0) for unix system or
-# snmpEngineTime (OID 1.3.6.1.6.3.10.2.1.3) for cisco switches
-#
-# For information on available options please execute it with --help i.e:
-# check_uptime.pl --help
-#
-# As I dont have time for extensive documentation below is all very brief:
-#
-# 1. You can also specify warning and critical thresholds which will
-# give warning or critical alert if system has been up for lees then
-# specified number of minutes. Example:
-# check_uptime.pl -w 5
-# Will give warning alert if system has been up for less then 5 minutes
-#
-# 2. For performance data results you can use '-f' option which will give
-# total number of minutes the system has been up.
-#
-# 3. A special case is use of performance to feed data from previous run
-# back into the plugin. This is used to cache results about what type
-# of system it is (you can also directly specify this with -T option)
-# and also means -w and -c threshold values are ignored and instead
-# plugin will issue ONE alert (warning or critical) if system uptime
-# changes from highier value to lower
-#
-# ============================ EXAMPLES =======================================
-#
-# 1. Local server (use with NRPE or on nagios host), warning on < 5 minutes:
-#
-# define command {
-# command_name check_uptime
-# command_line $USER1$/check_uptime.pl -f -w 5
-# }
-#
-# 2. Local server (use with NRPE or on nagios host),
-# one critical alert on reboot:
-#
-# define command {
-# command_name check_uptime
-# command_line $USER1$/check_uptime.pl -f -c -P "SERVICEPERFDATA$"
-# }
-#
-# 3. Remote server SNMP v2, one warning alert on reboot,
-# autodetect and cache type of server:
-#
-# define command {
-# command_name check_snmp_uptime_v2
-# command_line $USER1$/check_uptime.pl -2 -f -w -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -P "$SERVICEPERFDATA$"
-# }
-#
-# 4. Remote server SNMP v3, rest as above
-#
-#define command {
-# command_name check_snmp_uptime_v3
-# command_line $USER1$/check_uptime.pl -f -w -H $HOSTADDRESS$ -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ -L sha,aes -P "$SERVICEPERFDATA$"
-# }
-#
-# 5. Example of service definition using above
-#
-# define service{
-# use std-service
-# hostgroup_name all_snmp_hosts
-# service_description SNMP Uptime
-# max_check_attempts 1
-# check_command check_snmp_uptime
-# }
-#
-# 6. And this is optional dependency definition for above which makes
-# every SNMP service (service beloning to SNMP servicegroup) on
-# same host dependent on this SNMP Uptime check. Then if SNMP
-# daemon goes down you only receive one alert
-#
-# define servicedependency{
-# service_description SNMP Uptime
-# dependent_servicegroup_name snmp
-# }
-#
-# ============================= VERSION HISTORY ==============================
-#
-# 0.1 - sometime 2006 : Simple script for tracking local system uptime
-# 0.2 - sometime 2008 : Update to get uptime by SNMP, its now alike my other plugins
-# 0.3 - Nov 14, 2009 : Added getting system info line and using that to decide
-# format of uptime line and how to process it. Added support
-# for getting uptime with SNMP from windows systems.
-# Added documentation header alike my other plugins.
-# Planned to release it to public, but forgot.
-# 0.4 - Dec 19, 2011 : Update to support SNMP v3, released to public
-# 0.41 - Jan 13, 2012 : Added bug fix by Rom_UA posted as comment on Nagios Exchange
-# Added version history you're reading right now.
-# 0.42 - Feb 13, 2012 : Bug fix to not report WARNING if uptime is not correct output
-# 0.5 - Feb 29, 2012 : Added support for "netswitch" engine type that retrieves
-# snmpEngineTime. Added proper support for sysUpTime interpreting
-# it as 1/100s of a second and converting to days,hours,minutes
-# Changed internal processing structure, now reported uptime
-# info text is based on uptime_minutes and not separate.
-# 0.51 - Jun 05, 2012 : Bug fixed for case when when snmp system info is < 3 words.
-# 0.52 - Jun 19, 2012 : For switches if snmpEngineTime OID is not available,
-# the plugin will revert back to checking hostUptime and
-# then sysUptime. Entire logic has in fact been changed
-# to support trying more than just two OIDs. Also added
-# support to specify filename to '-v' option for debug
-# output to go to instead of console and for '--debug'
-# option as an alias to '--verbose'.
-#
-# TODO:
-# 0) Add '--extra-opts' to allow to read options from a file as specified
-# at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins
-# 1) Add support for ">", "<" and other threshold qualifiers
-# as done in check_snmp_temperature.pl or check_mysqld.pl
-# 2) Support for more types, in particular network equipment such as cisco: [DONE]
-# sysUpTime is a 32-bit counter in 1/100 of a second, it rolls over after 496 days
-# snmpEngineTime (.1.3.6.1.6.3.10.2.1.3) returns the uptime in seconds and will not
-# roll over, however some cisco switches (29xx) are buggy and it gets reset too.
-# Routers running 12.0(3)T or higher can use the snmpEngineTime object from
-# the SNMP-FRAMEWORK-MIB. This keeps track of seconds since SNMP engine started.
-# 3) Add threshold into perfout as ';warn;crit'
-#
-# ========================== START OF PROGRAM CODE ===========================
-
-use strict;
-use Getopt::Long;
-
-# Nagios specific
-our $TIMEOUT;
-our %ERRORS;
-eval 'use utils qw(%ERRORS $TIMEOUT)';
-if ($@) {
- $TIMEOUT = 10;
- %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
-}
-
-our $no_snmp=0;
-eval 'use Net::SNMP';
-if ($@) {
- $no_snmp=1;
-}
-
-# Version
-my $Version='0.52';
-
-# SNMP OID
-my $oid_sysSystem = '1.3.6.1.2.1.1.1.0'; # windows and some unix
-my $oid_hostUptime = '1.3.6.1.2.1.25.1.1.0'; # hostUptime, usually unix systems
-my $oid_sysUptime = '1.3.6.1.2.1.1.3.0'; # sysUpTime, windows
-my $oid_engineTime = '1.3.6.1.6.3.10.2.1.3'; # SNMP-FRAMEWORK-MIB
-
-my @oid_uptime_types = ( ['', '', ''], # type 0 is reserved
- [ 'local', '', ''], # type 1 is local
- [ 'win', 'sysUpTime', $oid_sysUptime ], # type 2 is windows
- [ 'unix-host', 'hostUpTime', $oid_hostUptime ], # type 3 is unix-host
- [ 'unix-sys', 'sysUpTime', $oid_sysUptime ], # type 4 is unix-sys
- [ 'net', 'engineTime', $oid_engineTime ]); # type 5 is netswitch
-
-# Not used, but perhaps later
-my $oid_hrLoad = '1.3.6.1.2.1.25.3.3.1.2.1';
-my $oid_sysLoadInt1 = '1.3.6.1.4.1.2021.10.1.5.1';
-my $oid_sysLoadInt5 = '1.3.6.1.4.1.2021.10.1.5.2';
-my $oid_sysLoadInt15 = '1.3.6.1.4.1.2021.10.1.5.3';
-
-# Standard options
-my $o_host = undef; # hostname
-my $o_timeout= undef; # Timeout (Default 10)
-my $o_help= undef; # wan't some help ?
-my $o_verb= undef; # verbose mode
-my $o_version= undef; # print version
-my $o_label= undef; # change label instead of printing uptime
-my $o_perf= undef; # Output performance data (uptime in minutes)
-my $o_prevperf= undef; # performance data given with $SERVICEPERFDATA$ macro
-my $o_warn= undef; # WARNING alert if system has been up for < specified number of minutes
-my $o_crit= undef; # CRITICAL alert if system has been up for < specified number of minutes
-my $o_type= undef; # type of check (local, auto, unix, win)
-
-# Login and other options specific to SNMP
-my $o_port = 161; # SNMP port
-my $o_community = undef; # community
-my $o_version2 = undef; # use snmp v2c
-my $o_login= undef; # Login for snmpv3
-my $o_passwd= undef; # Pass for snmpv3
-my $v3protocols= undef; # V3 protocol list.
-my $o_authproto= 'md5'; # Auth protocol
-my $o_privproto= 'des'; # Priv protocol
-my $o_privpass= undef; # priv password
-
-## Additional global variables
-my %prev_perf= (); # array that is populated with previous performance data
-my $check_type = 0;
-
-sub p_version { print "check_uptime version : $Version\n"; }
-
-sub print_usage {
- print "Usage: $0 [-v [debugfilename]] [-T local|unix-host|unix-sys|win|net] [-H <host> (-C <snmp_community>) [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>) [-p <port>]] [-w <warn minutes> -s <crit minutes>] [-f] [-P <previous perf data from nagios \$SERVICEPERFDATA\$>] [-t <timeout>] | [-V] [--label <string>]\n";
-}
-
-sub isnnum { # Return true if arg is not a number
- my $num = shift;
- if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
- return 1;
-}
-
-sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); }
-
-sub help {
- print "\nUptime Plugin for Nagios (check_uptime) v. ",$Version,"\n";
- print "GPL licence, (c) 2008-2012 William Leibzon\n\n";
- print_usage();
- print <<EOT;
-
-Debug & Console Options:
- -v, --verbose[=FILENAME], --debug[=FILENAME]
- print extra debugging information.
- if filename is specified instead of STDOUT the debug data is written to that file
- -h, --help
- print this help message
- -V, --version
- prints version number
-
-Standard Options:
- -T, --type=auto|local|unix-host|unis-sys|windows|netswitch
- Type of system:
- local : localhost (executes 'uptime' command), default if no -C or -l
- unix-host : SNMP check from hostUptime ($oid_hostUptime) OID
- unix-sys : SNMP check from sysUptime ($oid_sysUptime) OID
- win | windows : SNMP check from sysUptime ($oid_sysUptime) OID
- net | netswitch : SNMP check from snmpEngineTime ($oid_engineTime) OID
- auto : Autodetect what system by checking sysSystem OID first, default
- -w, --warning[=minutes]
- Report nagios WARNING alert if system has been up for less then specified
- number of minutes. If no minutes are specified but previous preformance
- data is fed back with -P option then alert is sent ONLY ONCE when
- uptime changes from greater value to smaller
- -c, --critical[=minutes]
- Report nagios CRITICAL alert if system has been up for less then
- specified number of minutes or ONE ALERT if -P option is used and
- system's previous uptime is larger then current on
- -f, --perfparse
- Perfparse compatible output
- -P, --prev_perfdata
- Previous performance data (normally put '-P \$SERVICEPERFDATA\$' in
- nagios command definition). This is recommended if you dont specify
- type of system with -T so that previously checked type of system info
- is reused. This is also used to decide on warning/critical condition
- if number of seconds is not specified with -w or -c.
- --label=[string]
- Optional custom label before results prefixed to results
- -t, --timeout=INTEGER
- timeout for SNMP in seconds (Default: 15)
-
-SNMP Access Options:
- -H, --hostname=HOST
- name or IP address of host to check (if not localhost)
- -C, --community=COMMUNITY NAME
- community name for the SNMP agent (used with v1 or v2c protocols)
- -2, --v2c
- use snmp v2c (can not be used with -l, -x)
- -l, --login=LOGIN ; -x, --passwd=PASSWD
- Login and auth password for snmpv3 authentication
- If no priv password exists, implies AuthNoPriv
- -X, --privpass=PASSWD
- Priv password for snmpv3 (AuthPriv protocol)
- -L, --protocols=<authproto>,<privproto>
- <authproto> : Authentication protocol (md5|sha : default md5)
- <privproto> : Priv protocols (des|aes : default des)
- -p, --port=PORT
- SNMP port (Default 161)
-EOT
-}
-
-# For verbose output (updated 06/06/12 to write to debug file if specified)
-sub verb {
- my $t=shift;
- if (defined($o_verb)) {
- if ($o_verb eq "") {
- print $t,"\n";
- }
- else {
- if (!open(DEBUGFILE, ">>$o_verb")) {
- print $t, "\n";
- }
- else {
- print DEBUGFILE $t,"\n";
- close DEBUGFILE;
- }
- }
- }
-}
-
-# load previous performance data
-sub process_perf {
- my %pdh;
- my ($nm,$dt);
- foreach (split(' ',$_[0])) {
- if (/(.*)=(.*)/) {
- ($nm,$dt)=($1,$2);
- verb("prev_perf: $nm = $dt");
- # in some of my plugins time_ is to profile how long execution takes for some part of plugin
- # $pdh{$nm}=$dt if $nm !~ /^time_/;
- $pdh{$nm}=$dt;
- }
- }
- return %pdh;
-}
-
-sub type_from_name {
- my $type=shift;
- for(my $i=1; $i<scalar(@oid_uptime_types); $i++) {
- if ($oid_uptime_types[$i][0] eq $type) {
- return $i;
- }
- }
- return -1;
-}
-
-
-sub check_options {
- Getopt::Long::Configure ("bundling");
- GetOptions(
- 'v:s' => \$o_verb, 'verbose:s' => \$o_verb, "debug:s" => \$o_verb,
- 'h' => \$o_help, 'help' => \$o_help,
- 'H:s' => \$o_host, 'hostname:s' => \$o_host,
- 'p:i' => \$o_port, 'port:i' => \$o_port,
- 'C:s' => \$o_community, 'community:s' => \$o_community,
- '2' => \$o_version2, 'v2c' => \$o_version2,
- 'l:s' => \$o_login, 'login:s' => \$o_login,
- 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd,
- 'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass,
- 'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols,
- 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout,
- 'V' => \$o_version, 'version' => \$o_version,
- 'f' => \$o_perf, 'perfparse' => \$o_perf,
- 'w:i' => \$o_warn, 'warning:i' => \$o_warn,
- 'c:i' => \$o_crit, 'critical:i' => \$o_crit,
- 'label:s' => \$o_label,
- 'P:s' => \$o_prevperf, 'prev_perfdata:s' => \$o_prevperf,
- 'T:s' => \$o_type, 'type:s' => \$o_type,
- );
- if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
- if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
-
- $o_type = "win" if defined($o_type) && $o_type eq 'windows';
- $o_type = "net" if defined($o_type) && $o_type eq 'netswitch';
- if (defined($o_type) && $o_type ne 'auto' && type_from_name($o_type)==-1) {
- print "Invalid system type specified\n"; print_usage(); exit $ERRORS{"UNNKNOWN"};
- }
-
- if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) {
- $o_type='local' if !defined($o_type) || $o_type eq 'auto';
- if ($o_type ne 'local') {
- print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
- }
- if (defined($o_host)) {
- print "Why are you specifying hostname without SNMP parameters?\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
- }
- }
- else {
- $o_type='auto' if !defined($o_type);
- if ($o_type eq 'local' ) {
- print "Why are you specifying SNMP login for local system???\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
- }
- if (!defined($o_host)) {
- print "Hostname required for SNMP check.\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
- }
- if ($no_snmp) {
- print "Can't locate Net/SNMP.pm\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
- }
- }
-
- # check snmp information
- if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
- { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
- if (defined ($v3protocols)) {
- if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
- my @v3proto=split(/,/,$v3protocols);
- if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0]; } # Auth protocol
- if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv protocol
- if ((defined ($v3proto[1])) && (!defined($o_privpass)))
- { print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
- }
-
- if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60)))
- { print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
- if (!defined($o_timeout)) {$o_timeout=$TIMEOUT+5;}
-
- if (defined($o_prevperf)) {
- if (defined($o_perf)) {
- %prev_perf=process_perf($o_prevperf);
- $check_type = $prev_perf{type} if $o_type eq 'auto' && exists($prev_perf{tye}) && exists($oid_uptime_types[$prev_perf{type}][0]);
- }
- else {
- print "need -f option first \n"; print_usage(); exit $ERRORS{"UNKNOWN"};
- }
- }
-
- if ($o_type eq 'auto') {
- $check_type=0;
- }
- else {
- $check_type = type_from_name($o_type);
- }
-}
-
-sub create_snmp_session {
- my ($session,$error);
-
- if ( defined($o_login) && defined($o_passwd)) {
- # SNMPv3 login
- if (!defined ($o_privpass)) {
- verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
- ($session, $error) = Net::SNMP->session(
- -hostname => $o_host,
- -version => '3',
- -port => $o_port,
- -username => $o_login,
- -authpassword => $o_passwd,
- -authprotocol => $o_authproto,
- -timeout => $o_timeout
- );
- } else {
- verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
- ($session, $error) = Net::SNMP->session(
- -hostname => $o_host,
- -version => '3',
- -username => $o_login,
- -port => $o_port,
- -authpassword => $o_passwd,
- -authprotocol => $o_authproto,
- -privpassword => $o_privpass,
- -privprotocol => $o_privproto,
- -timeout => $o_timeout
- );
- }
- } else {
- if (defined ($o_version2)) {
- # SNMPv2c Login
- verb("SNMP v2c login");
- ($session, $error) = Net::SNMP->session(
- -hostname => $o_host,
- -version => 2,
- -community => $o_community,
- -port => $o_port,
- -timeout => $o_timeout
- );
- } else {
- # SNMPV1 login
- verb("SNMP v1 login");
- ($session, $error) = Net::SNMP->session(
- -hostname => $o_host,
- -community => $o_community,
- -port => $o_port,
- -timeout => $o_timeout
- );
- }
- }
- if (!defined($session)) {
- printf("ERROR opening session: %s.\n", $error);
- exit $ERRORS{"UNKNOWN"};
- }
-
- return $session;
-}
-
-$SIG{'ALRM'} = sub {
- print "Alarm timeout\n";
- exit $ERRORS{"UNKNOWN"};
-};
-
-########## MAIN #######
-my $system_info="";
-my $uptime_info=undef;
-my $uptime_minutes=undef;
-my $perf_out="";
-my $status=0;
-my $uptime_output;
-my ($days, $hrs, $mins);
-
-check_options();
-
-# Check gobal timeout if snmp screws up
-if (defined($o_timeout)) {
- verb("Alarm at $o_timeout + 5");
- alarm($o_timeout+5);
-}
-
-if ($check_type==1) { # local
- # Process unix uptime command output
- $uptime_output=`uptime`;
- verb("Local Uptime Result is: $uptime_output");
- if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
- ($days, $hrs, $mins) = ($1, $2, $3);
- }
- elsif ($uptime_output =~ /up\s+(\d+)\shours?\s+(\d+)/) {
- ($days, $hrs, $mins) = (0, $1, $2);
- }
- elsif ($uptime_output =~ /up\s+(\d+)\:(\d+)/) {
- ($days, $hrs, $mins) = (0, $1, $2);
- }
- elsif ($uptime_output =~ /up\s+(\d+)\s+min/) {
- ($days, $hrs, $mins) = (0,0,$1);
- }
- elsif ($uptime_output =~ /up\s+(d+)s+days?,s+(d+)s+min/) {
- ($days, $hrs, $mins) = ($1,0,$2);
- }
- else {
- $uptime_info = "up ".$uptime_output;
- }
- if (defined($days) && defined($hrs) && defined($mins)) {
- $uptime_minutes = $days*24*60+$hrs*60+$mins;
- }
- my @temp=split(' ',`uname -a`);
- if (scalar(@temp)<3) {
- $system_info=`uname -a`;
- }
- else {
- $system_info=join(' ',$temp[0],$temp[1],$temp[2]);
- }
-}
-else {
- # SNMP connection
- my $session=create_snmp_session();
- my $result=undef;
- my $oid="";
- my $guessed_check_type=0;
-
- if ($check_type==0){
- $result = $session->get_request(-varbindlist=>[$oid_sysSystem]);
- if (!defined($result)) {
- printf("ERROR: Can not retrieve $oid_sysSystem table: %s.\n", $session->error);
- $session->close;
- exit $ERRORS{"UNKNOWN"};
- }
- verb("$o_host SysInfo Result from OID $oid_sysSystem: $result->{$oid_sysSystem}");
- if ($result->{$oid_sysSystem} =~ /Windows/) {
- $guessed_check_type=2;
- verb('Guessing Type: 2 = windows');
- }
- if ($result->{$oid_sysSystem} =~ /Cisco/) {
- $guessed_check_type=5;
- verb('Guessing Type: 5 = netswitch');
- }
- if ($guessed_check_type==0) {
- $guessed_check_type=3; # will try hostUptime first
- }
- $oid=$oid_uptime_types[$guessed_check_type][2];
- }
- else {
- $oid=$oid_uptime_types[$check_type][2];
- }
-
- do {
- $result = $session->get_request(-varbindlist=>[$oid,$oid_sysSystem]);
- if (!defined($result)) {
- if ($check_type!=0) {
- printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
- $session->close;
- exit $ERRORS{"UNKNOWN"};
- }
- else {
- if ($session->error =~ /noSuchName/) {
- if ($guessed_check_type==4) {
- verb("Received noSuchName error for sysUpTime OID $oid. Giving up.");
- $guessed_check_type=0;
- }
- if ($guessed_check_type==3) {
- verb("Received noSuchName error for hostUpTime OID $oid, will now try sysUpTime");
- $guessed_check_type=4;
- }
- else {
- verb("Received noSuchName error for OID $oid, will now try hostUpTime");
- $guessed_check_type=3;
- }
- if ($guessed_check_type!=0) {
- $oid=$oid_uptime_types[$guessed_check_type][2];
- }
- }
- else {
- printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
- $session->close;
- exit $ERRORS{"UNKNOWN"};
- }
- }
- }
- else {
- if ($check_type==0) {
- $check_type=$guessed_check_type;
- }
- }
- }
- while (!defined($result) && $guessed_check_type!=0);
-
- $session->close;
- if ($check_type==0 && $guessed_check_type==0) {
- printf("ERROR: Can not autodetermine proper uptime OID table. Giving up.\n");
- exit $ERRORS{"UNKNOWN"};
- }
-
- my ($days, $hrs, $mins);
- $uptime_output=$result->{$oid};
- verb("$o_host Uptime Result from OID $oid: $uptime_output");
-
- if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
- ($days, $hrs, $mins) = ($1, $2, $3);
- }
- elsif ($uptime_output =~ /(\d+)\s+hours?,\s+(\d+)\:(\d+)/) {
- ($days, $hrs, $mins) = (0, $1, $2);
- }
- elsif ($uptime_output =~ /(\d+)\s+min/) {
- ($days, $hrs, $mins) = (0, 0, $1);
- }
- if (defined($days) && defined($hrs) && defined($mins)) {
- $uptime_minutes = $days*24*60+$hrs*60+$mins;
- }
- elsif ($uptime_output =~ /^(\d+)$/) {
- my $upnum = $1;
- if ($oid eq $oid_sysUptime) {
- $uptime_minutes = $upnum/100/60;
- }
- elsif ($oid eq $oid_engineTime) {
- $uptime_minutes = $upnum/60;
- }
- }
- else {
- $uptime_info = "up ".$uptime_output;
- }
- my @temp=split(' ',$result->{$oid_sysSystem});
- if (scalar(@temp)<3) {
- $system_info=$result->{$oid_sysSystem};
- }
- else {
- $system_info=join(' ',$temp[0],$temp[1],$temp[2]);
- }
-}
-
-if (defined($uptime_minutes) && !defined($uptime_info)) {
- ($hrs,$mins) = div_mod($uptime_minutes,60);
- ($days,$hrs) = div_mod($hrs,24);
- $uptime_info = "up ";
- $uptime_info .= "$days days " if $days>0;
- $uptime_info .= "$hrs hours " if $hrs>0;
- $uptime_info .= "$mins minutes";
-}
-
-verb("System Type: $check_type (".$oid_uptime_types[$check_type][0].")");
-verb("System Info: $system_info") if $system_info;
-verb("Uptime Text: $uptime_info") if defined($uptime_info);
-verb("Uptime Minutes: $uptime_minutes") if defined($uptime_minutes);
-
-if (!defined($uptime_info)) {
- $uptime_info = "Can not determine uptime";
- $status = 3;
-}
-
-if (defined($o_perf)) {
- $perf_out = "type=$check_type";
- $perf_out .= " uptime_minutes=$uptime_minutes" if defined($uptime_minutes);
-}
-
-if (defined($uptime_minutes)) {
- if (defined($o_prevperf)) {
- $status = 1 if defined($o_warn) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
- $status = 2 if defined($o_crit) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
- }
- else {
- $status = 1 if defined($o_warn) && !isnnum($o_warn) && $o_warn >= $uptime_minutes;
- $status = 2 if defined($o_crit) && !isnnum($o_crit) && $o_crit >= $uptime_minutes;
- }
-}
-alarm(0);
-
-my $exit_status="UNKNOWN";
-$exit_status="OK" if $status==0;
-$exit_status="WARNING" if $status==1;
-$exit_status="CRITICAL" if $status==2;
-$exit_status="UNKNOWN" if $status==3;
-$exit_status="$o_label $exit_status" if defined($o_label);
-print "$exit_status: $system_info";
-print " - $uptime_info";
-print " | ",$perf_out if $perf_out;
-print "\n";
-exit $status;
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
deleted file mode 100644
index 960dd61..0000000
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
+++ /dev/null
@@ -1,262 +0,0 @@
-<%# nrpe.cfg %>
-
-# ###################################################
-# # #
-# # # This file is managed with
-# # #
-# # # ##### # # ##### ##### ###### #####
-# # # # # # # # # # # # #
-# # # # # # # # # # # ##### #
-# # # ##### # # ##### ##### # #
-# # # # # # # # # #
-# # # # #### # # ###### #
-# # #
-# # # ... so you can't just change it locally.
-# # #
-# # ###################################################
-
-#############################################################################
-# Sample NRPE Config File
-# Written by: Ethan Galstad (nagios@nagios.org)
-#
-# Last Modified: 11-23-2007
-#
-# NOTES:
-# This is a sample configuration file for the NRPE daemon. It needs to be
-# located on the remote host that is running the NRPE daemon, not the host
-# from which the check_nrpe client is being executed.
-#############################################################################
-
-
-# LOG FACILITY
-# The syslog facility that should be used for logging purposes.
-
-log_facility=daemon
-
-
-
-# PID FILE
-# The name of the file in which the NRPE daemon should write it's process ID
-# number. The file is only written if the NRPE daemon is started by the root
-# user and is running in standalone mode.
-
-pid_file=/var/run/nagios/nrpe.pid
-
-
-
-# PORT NUMBER
-# Port number we should wait for connections on.
-# NOTE: This must be a non-priviledged port (i.e. > 1024).
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-server_port=5666
-
-
-
-# SERVER ADDRESS
-# Address that nrpe should bind to in case there are more than one interface
-# and you do not want nrpe to bind on all interfaces.
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-#server_address=127.0.0.1
-
-
-
-# NRPE USER
-# This determines the effective user that the NRPE daemon should run as.
-# You can either supply a username or a UID.
-#
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-nrpe_user=nagios
-
-
-
-# NRPE GROUP
-# This determines the effective group that the NRPE daemon should run as.
-# You can either supply a group name or a GID.
-#
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-nrpe_group=nagios
-
-
-
-# ALLOWED HOST ADDRESSES
-# This is an optional comma-delimited list of IP address or hostnames
-# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
-# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
-# supported.
-#
-# Note: The daemon only does rudimentary checking of the client's IP
-# address. I would highly recommend adding entries in your /etc/hosts.allow
-# file to allow only the specified host to connect to the port
-# you are running this daemon on.
-#
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-allowed_hosts= <%= @allowed_hosts %>
-
-# COMMAND ARGUMENT PROCESSING
-# This option determines whether or not the NRPE daemon will allow clients
-# to specify arguments to commands that are executed. This option only works
-# if the daemon was configured with the --enable-command-args configure script
-# option.
-#
-# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
-# Read the SECURITY file for information on some of the security implications
-# of enabling this variable.
-#
-# Values: 0=do not allow arguments, 1=allow command arguments
-
-dont_blame_nrpe=0
-
-
-
-# BASH COMMAND SUBTITUTION
-# This option determines whether or not the NRPE daemon will allow clients
-# to specify arguments that contain bash command substitutions of the form
-# $(...). This option only works if the daemon was configured with both
-# the --enable-command-args and --enable-bash-command-substitution configure
-# script options.
-#
-# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
-# Read the SECURITY file for information on some of the security implications
-# of enabling this variable.
-#
-# Values: 0=do not allow bash command substitutions,
-# 1=allow bash command substitutions
-
-allow_bash_command_substitution=0
-
-
-
-# COMMAND PREFIX
-# This option allows you to prefix all commands with a user-defined string.
-# A space is automatically added between the specified prefix string and the
-# command line from the command definition.
-#
-# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
-# Usage scenario:
-# Execute restricted commmands using sudo. For this to work, you need to add
-# the nagios user to your /etc/sudoers. An example entry for alllowing
-# execution of the plugins from might be:
-#
-# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
-#
-# This lets the nagios user run all commands in that directory (and only them)
-# without asking for a password. If you do this, make sure you don't give
-# random users write access to that directory or its contents!
-
-# command_prefix=/usr/bin/sudo
-
-
-
-# DEBUGGING OPTION
-# This option determines whether or not debugging messages are logged to the
-# syslog facility.
-# Values: 0=debugging off, 1=debugging on
-
-debug=0
-
-
-
-# COMMAND TIMEOUT
-# This specifies the maximum number of seconds that the NRPE daemon will
-# allow plugins to finish executing before killing them off.
-
-command_timeout=60
-
-
-
-# CONNECTION TIMEOUT
-# This specifies the maximum number of seconds that the NRPE daemon will
-# wait for a connection to be established before exiting. This is sometimes
-# seen where a network problem stops the SSL being established even though
-# all network sessions are connected. This causes the nrpe daemons to
-# accumulate, eating system resources. Do not set this too low.
-
-connection_timeout=300
-
-
-
-# WEEK RANDOM SEED OPTION
-# This directive allows you to use SSL even if your system does not have
-# a /dev/random or /dev/urandom (on purpose or because the necessary patches
-# were not applied). The random number generator will be seeded from a file
-# which is either a file pointed to by the environment valiable $RANDFILE
-# or $HOME/.rnd. If neither exists, the pseudo random number generator will
-# be initialized and a warning will be issued.
-# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
-
-#allow_weak_random_seed=1
-
-
-
-# INCLUDE CONFIG FILE
-# This directive allows you to include definitions from an external config file.
-
-#include=<somefile.cfg>
-
-
-
-# INCLUDE CONFIG DIRECTORY
-# This directive allows you to include definitions from config files (with a
-# .cfg extension) in one or more directories (with recursion).
-
-#include_dir=<somedirectory>
-#include_dir=<someotherdirectory>
-
-
-
-# COMMAND DEFINITIONS
-# Command definitions that this daemon will run. Definitions
-# are in the following format:
-#
-# command[<command_name>]=<command_line>
-#
-# When the daemon receives a request to return the results of <command_name>
-# it will execute the command specified by the <command_line> argument.
-#
-# Unlike Nagios, the command line cannot contain macros - it must be
-# typed exactly as it should be executed.
-#
-# Note: Any plugins that are used in the command lines must reside
-# on the machine that this daemon is running on! The examples below
-# assume that you have plugins installed in a /usr/local/nagios/libexec
-# directory. Also note that you will have to modify the definitions below
-# to match the argument format the plugins expect. Remember, these are
-# examples only!
-
-
-# The following examples use hardcoded command arguments...
-
-command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
-command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
-command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
-command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
-command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
-command[check_uptime]=/usr/lib/nagios/plugins/check_uptime.pl -f
-command[check_reboot]=/usr/lib/nagios/plugins/check_reboot
-
-# The following examples allow user-supplied arguments and can
-# only be used if the NRPE daemon was compiled with support for
-# command arguments *AND* the dont_blame_nrpe directive in this
-# config file is set to '1'. This poses a potential security risk, so
-# make sure you read the SECURITY file before doing this.
-
-#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
-#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
-#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
-
-#
-# local configuration:
-# if you'd prefer, you can instead place directives here
-include=/etc/nagios/nrpe_local.cfg
-
-#
-# you can place your config snipplets into nrpe.d/
-# only snipplets ending in .cfg will get included
-include_dir=/etc/nagios/nrpe.d/
-