From ac6b29edd669e28ed384b76368a76d4b592d15d3 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:07:57 +0200 Subject: more etcd work --- .../etc/puppet/modules/sunet/manifests/etcd_node.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp new file mode 100644 index 0000000..68df7d2 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -0,0 +1,16 @@ +define etcd_node( + $disco_url = undef, + $etcd_version = 'v2.0.8' +) { + file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } + sunet::docker_run { "etcd_${name}": + image => 'quay.io/coreos/etcd', + version => $etcd_version, + extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + "-listen-peer-urls http://${::ipaddress_eth1}:2380", + "-discovery ${disco_url}", + "-name ${::hostname}", + "-data-dir /data/${name}/${::hostname}"], + ports => ["2380:2380"] + } +} -- cgit v1.1 From ba7258ce70516b1dee8437b57a3e713382699e5f Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:09:37 +0200 Subject: more etcd work --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 68df7d2..a6659b2 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -1,4 +1,4 @@ -define etcd_node( +define sunet::etcd_node( $disco_url = undef, $etcd_version = 'v2.0.8' ) { -- cgit v1.1 From 9881de1ec8952e31b6868a016b579450d3daa069 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:10:47 +0200 Subject: more etcd work --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index a6659b2..6a61f89 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -4,13 +4,13 @@ define sunet::etcd_node( ) { file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } sunet::docker_run { "etcd_${name}": - image => 'quay.io/coreos/etcd', - version => $etcd_version, + image => 'quay.io/coreos/etcd', + imagetag => $etcd_version, extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "-listen-peer-urls http://${::ipaddress_eth1}:2380", "-discovery ${disco_url}", "-name ${::hostname}", "-data-dir /data/${name}/${::hostname}"], - ports => ["2380:2380"] + ports => ["2380:2380"] } } -- cgit v1.1 From 1ab589a2d4567865e9389ba8bc7e656ac5220a44 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:33:01 +0200 Subject: etcd work --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 6a61f89..c114cd2 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -11,6 +11,6 @@ define sunet::etcd_node( "-discovery ${disco_url}", "-name ${::hostname}", "-data-dir /data/${name}/${::hostname}"], - ports => ["2380:2380"] + ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From 3d1ab0bddf7929b94fafdc8347e96c992c93ffff Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:47:11 +0200 Subject: etc foo --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index c114cd2..3d17691 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -1,16 +1,13 @@ define sunet::etcd_node( $disco_url = undef, $etcd_version = 'v2.0.8' -) { +) +{ file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", - "-listen-peer-urls http://${::ipaddress_eth1}:2380", - "-discovery ${disco_url}", - "-name ${::hostname}", - "-data-dir /data/${name}/${::hostname}"], + command => "-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 -listen-peer-urls http://${::ipaddress_eth1}:2380 -discovery ${disco_url} -name ${::hostname} -data-dir /data/${name}/${::hostname}", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From 16aa4925923841cecc37d7efa14e63d421569ce9 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 12:52:51 +0200 Subject: support command in docker run --- global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp index 8df416b..2552644 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp @@ -7,6 +7,7 @@ define sunet::docker_run( $env = [], $net = 'bridge', $extra_parameters = [], + $command = "" ) { # Make container use unbound resolver on dockerhost @@ -34,6 +35,7 @@ define sunet::docker_run( ]), dns => $dns, verify_checksum => false, # Rely on registry security for now. eduID risk #31. + command => $command, pre_start => 'run-parts /usr/local/etc/docker.d', post_start => 'run-parts /usr/local/etc/docker.d', pre_stop => 'run-parts /usr/local/etc/docker.d', -- cgit v1.1 From 60b460b309d92c854e681a8178e04476866de330 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:18:39 +0200 Subject: infra ca & etc tls config --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 3d17691..3509114 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,7 +7,8 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - command => "-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 -listen-peer-urls http://${::ipaddress_eth1}:2380 -discovery ${disco_url} -name ${::hostname} -data-dir /data/${name}/${::hostname}", + volumes => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"] + command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From ae85c78ff1901412ba960d0aa14b80a6cac22802 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:20:22 +0200 Subject: infra ca & etc tls config --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 3509114..ee0966f 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,7 +7,7 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"] + volumes => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"], command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } -- cgit v1.1 From 8d537696dc0e044b1c9afc2c5284662d370bcf4f Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:30:31 +0200 Subject: infra ca & etc tls config --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index ee0966f..1874804 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,8 +7,8 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + volumes => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"], + command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /data --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From a014ad4df5932fca5a3221b9cb31f6ca304b248b Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:35:49 +0200 Subject: no datadir --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 1874804..2b5438d 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,8 +7,7 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /data --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From d22afe6a73cd9514d3ee83737d06a7c8302d591e Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:36:25 +0200 Subject: no datadir --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 2b5438d..c4d3e78 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,6 +7,7 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, + volumes => ["/etc/ssl:/etc/ssl"], command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } -- cgit v1.1 From 04d799dd38b7bb3cba2b67b71cf2e3532d1ba637 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 13:44:00 +0200 Subject: try to mount th secret datadir --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index c4d3e78..058dadd 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,7 +7,7 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/etc/ssl:/etc/ssl"], + volumes => ["/data/${name}/${::hostname}:/go/src/app/${::hostname}.etcd","/etc/ssl:/etc/ssl"], command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } -- cgit v1.1 From c27fcd33e1ba94220264dc56dc7606aa680e750c Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 14:03:06 +0200 Subject: silly datadir --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 058dadd..22b26a7 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,8 +7,8 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}/${::hostname}:/go/src/app/${::hostname}.etcd","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + volumes => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"], + command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --data-dir /data --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From 9610479421abbef0a3db47d5be39287d64f2814d Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 14:15:02 +0200 Subject: silly datadir --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 22b26a7..a01d60b 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,8 +7,8 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --data-dir /data --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"], + command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380"] } } -- cgit v1.1 From e381cc05493964438da47cb65662990e86b34e8d Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 14:44:44 +0200 Subject: flags flags --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index a01d60b..d69b1c3 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -8,7 +8,7 @@ define sunet::etcd_node( image => 'quay.io/coreos/etcd', imagetag => $etcd_version, volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", - ports => ["${::ipaddress_eth1}:2380:2380"] + command => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] } } -- cgit v1.1 From c772ff2d8ee44415f0e2d1da7bf09b7a73c1cdf0 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 14:49:40 +0200 Subject: ufw for etcd --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index d69b1c3..e9ae803 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -11,4 +11,12 @@ define sunet::etcd_node( command => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] } + ufw::allow { "allow-etcd-peer": + ip => "${::ipaddress_eth1}", + port => 2380 + } + ufw::allow { "allow-etcd-client": + ip => "${::ipaddress_eth1}", + port => 2379 + } } -- cgit v1.1 From 718d1a4d36580cd402f0f108955f5ebf788d38d1 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:21:34 +0200 Subject: move fail2ban to separate manifest file --- .../etc/puppet/modules/sunet/manifests/fail2ban.pp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp new file mode 100644 index 0000000..8dc6e31 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -0,0 +1,20 @@ +class sunet::fail2ban { + + include augeas + + package {'fail2ban': + ensure => 'latest' + } -> + service {'fail2ban': + ensure => 'running' + } + augeas { "fail2ban_defaults": + context => "/files/etc/fail2ban/jail.conf", + incl => "/etc/fail2ban/jail.conf", + lens => "Shellvars.lns", + changes => [ + 'set bantime "600800"', + ], + notify => Service['fail2ban'], + } +} -- cgit v1.1 From f1b1cd5c7991f13f11f1b93851ec01269975c863 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:25:45 +0200 Subject: fail2ban is an ini file --- global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index 8dc6e31..c63215e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -11,7 +11,7 @@ class sunet::fail2ban { augeas { "fail2ban_defaults": context => "/files/etc/fail2ban/jail.conf", incl => "/etc/fail2ban/jail.conf", - lens => "Shellvars.lns", + lens => "IniFile.lns", changes => [ 'set bantime "600800"', ], -- cgit v1.1 From 48d88a05e6b4797de2f28d6edc382e4c5cf101fa Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:31:29 +0200 Subject: fail2ban is an ini file --- global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index c63215e..a9911da 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -11,7 +11,7 @@ class sunet::fail2ban { augeas { "fail2ban_defaults": context => "/files/etc/fail2ban/jail.conf", incl => "/etc/fail2ban/jail.conf", - lens => "IniFile.lns", + lens => "Puppet.lns", changes => [ 'set bantime "600800"', ], -- cgit v1.1 From 967476dd7570ad6c9400096bb46d21faf4306117 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:39:54 +0200 Subject: client version --- .../overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp index a9911da..01a9662 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp @@ -1,20 +1,14 @@ class sunet::fail2ban { - include augeas - package {'fail2ban': ensure => 'latest' } -> service {'fail2ban': ensure => 'running' } - augeas { "fail2ban_defaults": - context => "/files/etc/fail2ban/jail.conf", - incl => "/etc/fail2ban/jail.conf", - lens => "Puppet.lns", - changes => [ - 'set bantime "600800"', - ], - notify => Service['fail2ban'], + exec {"fail2ban_defaults": + refreshonly => true, + subscribe => Service['fail2ban'], + command => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800" } } -- cgit v1.1 From 5b4a547ac671c0eb2a8b8c3c002352c5ac3be624 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:45:47 +0200 Subject: deploy fail2ban --- global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp index 14df323..d89302f 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -1,5 +1,8 @@ define sunet::server() { + # fail2ban + class { 'sunet::fail2ban': } + # Set up encrypted swap sunet::encrypted_swap { 'sunet_encrypted_swap': } @@ -84,4 +87,5 @@ define line($file, $line, $ensure = 'present') { } } } + } -- cgit v1.1 From f94d6450abfa20d3e855216eb094abdfedae0b29 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Tue, 14 Apr 2015 15:48:05 +0200 Subject: nagios placeholder --- global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp new file mode 100644 index 0000000..58a10bc --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -0,0 +1,3 @@ +class sunet::nagios { + +} -- cgit v1.1 From 9f64c5737b4c57944bb33d78409cded63d07351a Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 22:17:39 +0200 Subject: proxy nodes --- .../puppet/modules/sunet/manifests/etcd_node.pp | 42 ++++++++++++++++------ 1 file changed, 32 insertions(+), 10 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index e9ae803..4eb9776 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -1,22 +1,44 @@ define sunet::etcd_node( $disco_url = undef, - $etcd_version = 'v2.0.8' -) + $etcd_version = 'v2.0.8', + $proxy = true +) { + include stdlib + file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } + $args = ["--discovery ${disco_url}", + "--name ${::hostname}", + "--key-file /etc/ssl/private/${::fqdn}_infra.key", + "--ca-file /etc/ssl/certs/infra.crt", + "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] + if ($proxy) { + $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) + } else { + $args = concat($args, + "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + "--advertise-client-urls http://${::ipaddress_eth1}:2379", + "--listen-peer-urls http://0.0.0.0:2380", + "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", + "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key", + "--peer-ca-file /etc/ssl/certs/infra.crt", + "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]) + } sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"], - command => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt", + command => join($args," "), ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] } - ufw::allow { "allow-etcd-peer": - ip => "${::ipaddress_eth1}", - port => 2380 - } - ufw::allow { "allow-etcd-client": - ip => "${::ipaddress_eth1}", - port => 2379 + if (not $proxy) { + ufw::allow { "allow-etcd-peer": + ip => "${::ipaddress_eth1}", + port => 2380 + } + ufw::allow { "allow-etcd-client": + ip => "${::ipaddress_eth1}", + port => 2379 + } } } -- cgit v1.1 From f8586d18a3f069774235044e1145c09a121edb0c Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 23:46:52 +0200 Subject: proxy --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 4eb9776..429950e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -16,7 +16,7 @@ define sunet::etcd_node( $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) } else { $args = concat($args, - "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "--advertise-client-urls http://${::ipaddress_eth1}:2379", "--listen-peer-urls http://0.0.0.0:2380", "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", -- cgit v1.1 From fcc7ab131530166ea997a238aac7bf6182f5f6de Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 23:48:26 +0200 Subject: fix if --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 429950e..97927b4 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -12,7 +12,7 @@ define sunet::etcd_node( "--key-file /etc/ssl/private/${::fqdn}_infra.key", "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] - if ($proxy) { + if $proxy { $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) } else { $args = concat($args, @@ -31,7 +31,7 @@ define sunet::etcd_node( command => join($args," "), ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] } - if (not $proxy) { + if !$proxy { ufw::allow { "allow-etcd-peer": ip => "${::ipaddress_eth1}", port => 2380 -- cgit v1.1 From 9df927868a9c66f4ba568dc33ec925eed079baaa Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 23:50:35 +0200 Subject: concat --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 97927b4..6b3898f 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -13,16 +13,15 @@ define sunet::etcd_node( "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] if $proxy { - $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) + $args += ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"] } else { - $args = concat($args, - ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + $args += ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "--advertise-client-urls http://${::ipaddress_eth1}:2379", "--listen-peer-urls http://0.0.0.0:2380", "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key", "--peer-ca-file /etc/ssl/certs/infra.crt", - "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]) + "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] } sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', -- cgit v1.1 From 465cfea95609aaf6ea4402c3ac41be3250a37ba7 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 23:58:29 +0200 Subject: scoping hell part1 --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 6b3898f..0a50db6 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -7,15 +7,15 @@ define sunet::etcd_node( include stdlib file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } - $args = ["--discovery ${disco_url}", + $common_args = ["--discovery ${disco_url}", "--name ${::hostname}", "--key-file /etc/ssl/private/${::fqdn}_infra.key", "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] if $proxy { - $args += ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"] + $args = $common_args + ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"] } else { - $args += ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + $args = $common_args + ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "--advertise-client-urls http://${::ipaddress_eth1}:2379", "--listen-peer-urls http://0.0.0.0:2380", "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", -- cgit v1.1 From 18216c529fe3c4ba2e793c948cd901de3a76eed6 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Thu, 16 Apr 2015 23:59:51 +0200 Subject: scoping hell part2 --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 0a50db6..96e88cf 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -13,15 +13,15 @@ define sunet::etcd_node( "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] if $proxy { - $args = $common_args + ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"] + $args = concat($common_args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) } else { - $args = $common_args + ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", + $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "--advertise-client-urls http://${::ipaddress_eth1}:2379", "--listen-peer-urls http://0.0.0.0:2380", "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key", "--peer-ca-file /etc/ssl/certs/infra.crt", - "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] + "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]) } sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', -- cgit v1.1 From cb8a3cc80f6f5d08762fb30108f398bfd25a0eb1 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 00:10:06 +0200 Subject: ports ports --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 96e88cf..1644d8b 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -13,12 +13,12 @@ define sunet::etcd_node( "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] if $proxy { - $args = concat($common_args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]) + $args = concat($common_args,["--proxy on","--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379"]) } else { $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", "--advertise-client-urls http://${::ipaddress_eth1}:2379", "--listen-peer-urls http://0.0.0.0:2380", - "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379", + "--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379", "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key", "--peer-ca-file /etc/ssl/certs/infra.crt", "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]) @@ -28,7 +28,7 @@ define sunet::etcd_node( imagetag => $etcd_version, volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"], command => join($args," "), - ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"] + ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"] } if !$proxy { ufw::allow { "allow-etcd-peer": -- cgit v1.1 From de4cd333d5b773c4bcb7908bbe72863433963225 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 00:43:20 +0200 Subject: datadir part n --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 1644d8b..7ebfd17 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -9,6 +9,7 @@ define sunet::etcd_node( file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } $common_args = ["--discovery ${disco_url}", "--name ${::hostname}", + "--data-dir /data", "--key-file /etc/ssl/private/${::fqdn}_infra.key", "--ca-file /etc/ssl/certs/infra.crt", "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] @@ -26,7 +27,7 @@ define sunet::etcd_node( sunet::docker_run { "etcd_${name}": image => 'quay.io/coreos/etcd', imagetag => $etcd_version, - volumes => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"], + volumes => ["/data/${name}:/data","/etc/ssl:/etc/ssl"], command => join($args," "), ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"] } -- cgit v1.1 From 2fd221bd8ab2f2d0b7353b1b2d90bac1816a086d Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 00:50:42 +0200 Subject: proxy on appservers --- global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp index 7ebfd17..a80d355 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp @@ -6,7 +6,7 @@ define sunet::etcd_node( { include stdlib - file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } + file { ["/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } $common_args = ["--discovery ${disco_url}", "--name ${::hostname}", "--data-dir /data", -- cgit v1.1 From eb06e3007ad406e5b79907513f13bd6a2a075f1f Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 00:55:24 +0200 Subject: certs --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index 8daef2e..196b7fe 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -10,7 +10,6 @@ $myqsl_version = "5.7") default => $db_host } $pwd = hiera("${name}_db_password",'NOT_SET_IN_HIERA') - file {"/data": ensure => directory } -> file {"/data/${name}": ensure => directory } -> file {"/data/${name}/html": ensure => directory } -> sunet::docker_run { "${name}_wordpress": -- cgit v1.1 From ddc16e894133dc37dafb7a2aaa6ae023db9ffb13 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 08:52:38 +0200 Subject: hostname --- global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp index 2552644..4b56a03 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp @@ -7,7 +7,8 @@ define sunet::docker_run( $env = [], $net = 'bridge', $extra_parameters = [], - $command = "" + $command = "", + $hostname = undef, ) { # Make container use unbound resolver on dockerhost @@ -27,6 +28,7 @@ define sunet::docker_run( '/etc/passwd:/etc/passwd:ro', # uid consistency '/etc/group:/etc/group:ro', # gid consistency ]), + hostname => $hostname, ports => $ports, env => $env, net => $net, -- cgit v1.1 From f5e307d669f27759dbeaa54d8c49785a64f7e5c5 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Fri, 17 Apr 2015 11:12:45 +0200 Subject: service name --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index 196b7fe..d9eeae4 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -17,7 +17,8 @@ $myqsl_version = "5.7") imagetag => $wordpress_version, volumes => ["/data/${name}/html:/var/www/html"], ports => ["8080:80"], - env => [ "WORDPRESS_DB_HOST=${db_hostname}", + env => [ "SERVICE_NAME=${name}", + "WORDPRESS_DB_HOST=${db_hostname}", "WORDPRESS_DB_USER=${name}", "WORDPRESS_DB_NAME=${name}", "WORDPRESS_DB_PASSWORD=${pwd}" ] -- cgit v1.1 From 4b9cf9c80c5850a7b6dd77759bb73e51e8cbdaa7 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Wed, 22 Apr 2015 12:57:43 +0200 Subject: Added nagioshost class. --- .../sunet/templates/nagioshost/check_uptime.pl.erb | 721 +++++++++++++++++++++ .../sunet/templates/nagioshost/nrpe.cfg.erb | 261 ++++++++ 2 files changed, 982 insertions(+) create mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb create mode 100644 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb new file mode 100755 index 0000000..dda05e4 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb @@ -0,0 +1,721 @@ +#!/usr/bin/perl -w +# +# ============================== SUMMARY ===================================== +# +# Program : check_uptime.pl +# Version : 0.52 +# Date : June 19, 2012 +# Authors : William Leibzon - william@leibzon.org +# Licence : GPL - summary below, full text at http://www.fsf.org/licenses/gpl.txt +# +# =========================== PROGRAM LICENSE ================================= +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# ===================== INFORMATION ABOUT THIS PLUGIN ========================= +# +# This plugin returns uptime of the system returning data in text (readable) +# format as well as in minutes for performance graphing. The plugin can either +# run on local system unix system (that supports standard 'uptime' command +# or check remote system by SNMP. The plugin can report one CRITICAL or +# WARNING alert if system has been rebooted since last check. +# +# ====================== SETUP AND PLUGIN USE NOTES ========================= +# +# The plugin can either retrieve information from local system (when you +# run it through check_nrpe for example) or by SNMP from remote system. +# +# On local system it will execute standard unix 'uptime' and 'uname -a'. +# +# On a remote system it'll retrieve data from sysSystem for system type +# and use that to decide if further data should be retrieved from +# sysUptime (OID 1.3.6.1.2.1.1.3.0) for windows or +# hostUptime (OID 1.3.6.1.2.1.25.1.1.0) for unix system or +# snmpEngineTime (OID 1.3.6.1.6.3.10.2.1.3) for cisco switches +# +# For information on available options please execute it with --help i.e: +# check_uptime.pl --help +# +# As I dont have time for extensive documentation below is all very brief: +# +# 1. You can also specify warning and critical thresholds which will +# give warning or critical alert if system has been up for lees then +# specified number of minutes. Example: +# check_uptime.pl -w 5 +# Will give warning alert if system has been up for less then 5 minutes +# +# 2. For performance data results you can use '-f' option which will give +# total number of minutes the system has been up. +# +# 3. A special case is use of performance to feed data from previous run +# back into the plugin. This is used to cache results about what type +# of system it is (you can also directly specify this with -T option) +# and also means -w and -c threshold values are ignored and instead +# plugin will issue ONE alert (warning or critical) if system uptime +# changes from highier value to lower +# +# ============================ EXAMPLES ======================================= +# +# 1. Local server (use with NRPE or on nagios host), warning on < 5 minutes: +# +# define command { +# command_name check_uptime +# command_line $USER1$/check_uptime.pl -f -w 5 +# } +# +# 2. Local server (use with NRPE or on nagios host), +# one critical alert on reboot: +# +# define command { +# command_name check_uptime +# command_line $USER1$/check_uptime.pl -f -c -P "SERVICEPERFDATA$" +# } +# +# 3. Remote server SNMP v2, one warning alert on reboot, +# autodetect and cache type of server: +# +# define command { +# command_name check_snmp_uptime_v2 +# command_line $USER1$/check_uptime.pl -2 -f -w -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -P "$SERVICEPERFDATA$" +# } +# +# 4. Remote server SNMP v3, rest as above +# +#define command { +# command_name check_snmp_uptime_v3 +# command_line $USER1$/check_uptime.pl -f -w -H $HOSTADDRESS$ -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ -L sha,aes -P "$SERVICEPERFDATA$" +# } +# +# 5. Example of service definition using above +# +# define service{ +# use std-service +# hostgroup_name all_snmp_hosts +# service_description SNMP Uptime +# max_check_attempts 1 +# check_command check_snmp_uptime +# } +# +# 6. And this is optional dependency definition for above which makes +# every SNMP service (service beloning to SNMP servicegroup) on +# same host dependent on this SNMP Uptime check. Then if SNMP +# daemon goes down you only receive one alert +# +# define servicedependency{ +# service_description SNMP Uptime +# dependent_servicegroup_name snmp +# } +# +# ============================= VERSION HISTORY ============================== +# +# 0.1 - sometime 2006 : Simple script for tracking local system uptime +# 0.2 - sometime 2008 : Update to get uptime by SNMP, its now alike my other plugins +# 0.3 - Nov 14, 2009 : Added getting system info line and using that to decide +# format of uptime line and how to process it. Added support +# for getting uptime with SNMP from windows systems. +# Added documentation header alike my other plugins. +# Planned to release it to public, but forgot. +# 0.4 - Dec 19, 2011 : Update to support SNMP v3, released to public +# 0.41 - Jan 13, 2012 : Added bug fix by Rom_UA posted as comment on Nagios Exchange +# Added version history you're reading right now. +# 0.42 - Feb 13, 2012 : Bug fix to not report WARNING if uptime is not correct output +# 0.5 - Feb 29, 2012 : Added support for "netswitch" engine type that retrieves +# snmpEngineTime. Added proper support for sysUpTime interpreting +# it as 1/100s of a second and converting to days,hours,minutes +# Changed internal processing structure, now reported uptime +# info text is based on uptime_minutes and not separate. +# 0.51 - Jun 05, 2012 : Bug fixed for case when when snmp system info is < 3 words. +# 0.52 - Jun 19, 2012 : For switches if snmpEngineTime OID is not available, +# the plugin will revert back to checking hostUptime and +# then sysUptime. Entire logic has in fact been changed +# to support trying more than just two OIDs. Also added +# support to specify filename to '-v' option for debug +# output to go to instead of console and for '--debug' +# option as an alias to '--verbose'. +# +# TODO: +# 0) Add '--extra-opts' to allow to read options from a file as specified +# at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins +# 1) Add support for ">", "<" and other threshold qualifiers +# as done in check_snmp_temperature.pl or check_mysqld.pl +# 2) Support for more types, in particular network equipment such as cisco: [DONE] +# sysUpTime is a 32-bit counter in 1/100 of a second, it rolls over after 496 days +# snmpEngineTime (.1.3.6.1.6.3.10.2.1.3) returns the uptime in seconds and will not +# roll over, however some cisco switches (29xx) are buggy and it gets reset too. +# Routers running 12.0(3)T or higher can use the snmpEngineTime object from +# the SNMP-FRAMEWORK-MIB. This keeps track of seconds since SNMP engine started. +# 3) Add threshold into perfout as ';warn;crit' +# +# ========================== START OF PROGRAM CODE =========================== + +use strict; +use Getopt::Long; + +# Nagios specific +our $TIMEOUT; +our %ERRORS; +eval 'use utils qw(%ERRORS $TIMEOUT)'; +if ($@) { + $TIMEOUT = 10; + %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +} + +our $no_snmp=0; +eval 'use Net::SNMP'; +if ($@) { + $no_snmp=1; +} + +# Version +my $Version='0.52'; + +# SNMP OID +my $oid_sysSystem = '1.3.6.1.2.1.1.1.0'; # windows and some unix +my $oid_hostUptime = '1.3.6.1.2.1.25.1.1.0'; # hostUptime, usually unix systems +my $oid_sysUptime = '1.3.6.1.2.1.1.3.0'; # sysUpTime, windows +my $oid_engineTime = '1.3.6.1.6.3.10.2.1.3'; # SNMP-FRAMEWORK-MIB + +my @oid_uptime_types = ( ['', '', ''], # type 0 is reserved + [ 'local', '', ''], # type 1 is local + [ 'win', 'sysUpTime', $oid_sysUptime ], # type 2 is windows + [ 'unix-host', 'hostUpTime', $oid_hostUptime ], # type 3 is unix-host + [ 'unix-sys', 'sysUpTime', $oid_sysUptime ], # type 4 is unix-sys + [ 'net', 'engineTime', $oid_engineTime ]); # type 5 is netswitch + +# Not used, but perhaps later +my $oid_hrLoad = '1.3.6.1.2.1.25.3.3.1.2.1'; +my $oid_sysLoadInt1 = '1.3.6.1.4.1.2021.10.1.5.1'; +my $oid_sysLoadInt5 = '1.3.6.1.4.1.2021.10.1.5.2'; +my $oid_sysLoadInt15 = '1.3.6.1.4.1.2021.10.1.5.3'; + +# Standard options +my $o_host = undef; # hostname +my $o_timeout= undef; # Timeout (Default 10) +my $o_help= undef; # wan't some help ? +my $o_verb= undef; # verbose mode +my $o_version= undef; # print version +my $o_label= undef; # change label instead of printing uptime +my $o_perf= undef; # Output performance data (uptime in minutes) +my $o_prevperf= undef; # performance data given with $SERVICEPERFDATA$ macro +my $o_warn= undef; # WARNING alert if system has been up for < specified number of minutes +my $o_crit= undef; # CRITICAL alert if system has been up for < specified number of minutes +my $o_type= undef; # type of check (local, auto, unix, win) + +# Login and other options specific to SNMP +my $o_port = 161; # SNMP port +my $o_community = undef; # community +my $o_version2 = undef; # use snmp v2c +my $o_login= undef; # Login for snmpv3 +my $o_passwd= undef; # Pass for snmpv3 +my $v3protocols= undef; # V3 protocol list. +my $o_authproto= 'md5'; # Auth protocol +my $o_privproto= 'des'; # Priv protocol +my $o_privpass= undef; # priv password + +## Additional global variables +my %prev_perf= (); # array that is populated with previous performance data +my $check_type = 0; + +sub p_version { print "check_uptime version : $Version\n"; } + +sub print_usage { + print "Usage: $0 [-v [debugfilename]] [-T local|unix-host|unix-sys|win|net] [-H (-C ) [-2] | (-l login -x passwd [-X pass -L ,) [-p ]] [-w -s ] [-f] [-P ] [-t ] | [-V] [--label ]\n"; +} + +sub isnnum { # Return true if arg is not a number + my $num = shift; + if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;} + return 1; +} + +sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); } + +sub help { + print "\nUptime Plugin for Nagios (check_uptime) v. ",$Version,"\n"; + print "GPL licence, (c) 2008-2012 William Leibzon\n\n"; + print_usage(); + print <, + : Authentication protocol (md5|sha : default md5) + : Priv protocols (des|aes : default des) + -p, --port=PORT + SNMP port (Default 161) +EOT +} + +# For verbose output (updated 06/06/12 to write to debug file if specified) +sub verb { + my $t=shift; + if (defined($o_verb)) { + if ($o_verb eq "") { + print $t,"\n"; + } + else { + if (!open(DEBUGFILE, ">>$o_verb")) { + print $t, "\n"; + } + else { + print DEBUGFILE $t,"\n"; + close DEBUGFILE; + } + } + } +} + +# load previous performance data +sub process_perf { + my %pdh; + my ($nm,$dt); + foreach (split(' ',$_[0])) { + if (/(.*)=(.*)/) { + ($nm,$dt)=($1,$2); + verb("prev_perf: $nm = $dt"); + # in some of my plugins time_ is to profile how long execution takes for some part of plugin + # $pdh{$nm}=$dt if $nm !~ /^time_/; + $pdh{$nm}=$dt; + } + } + return %pdh; +} + +sub type_from_name { + my $type=shift; + for(my $i=1; $i \$o_verb, 'verbose:s' => \$o_verb, "debug:s" => \$o_verb, + 'h' => \$o_help, 'help' => \$o_help, + 'H:s' => \$o_host, 'hostname:s' => \$o_host, + 'p:i' => \$o_port, 'port:i' => \$o_port, + 'C:s' => \$o_community, 'community:s' => \$o_community, + '2' => \$o_version2, 'v2c' => \$o_version2, + 'l:s' => \$o_login, 'login:s' => \$o_login, + 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd, + 'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass, + 'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols, + 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, + 'V' => \$o_version, 'version' => \$o_version, + 'f' => \$o_perf, 'perfparse' => \$o_perf, + 'w:i' => \$o_warn, 'warning:i' => \$o_warn, + 'c:i' => \$o_crit, 'critical:i' => \$o_crit, + 'label:s' => \$o_label, + 'P:s' => \$o_prevperf, 'prev_perfdata:s' => \$o_prevperf, + 'T:s' => \$o_type, 'type:s' => \$o_type, + ); + if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}}; + if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}}; + + $o_type = "win" if defined($o_type) && $o_type eq 'windows'; + $o_type = "net" if defined($o_type) && $o_type eq 'netswitch'; + if (defined($o_type) && $o_type ne 'auto' && type_from_name($o_type)==-1) { + print "Invalid system type specified\n"; print_usage(); exit $ERRORS{"UNNKNOWN"}; + } + + if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) { + $o_type='local' if !defined($o_type) || $o_type eq 'auto'; + if ($o_type ne 'local') { + print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"} + } + if (defined($o_host)) { + print "Why are you specifying hostname without SNMP parameters?\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; + } + } + else { + $o_type='auto' if !defined($o_type); + if ($o_type eq 'local' ) { + print "Why are you specifying SNMP login for local system???\n"; print_usage(); exit $ERRORS{"UNKNOWN"} + } + if (!defined($o_host)) { + print "Hostname required for SNMP check.\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; + } + if ($no_snmp) { + print "Can't locate Net/SNMP.pm\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; + } + } + + # check snmp information + if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) ) + { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + if (defined ($v3protocols)) { + if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + my @v3proto=split(/,/,$v3protocols); + if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0]; } # Auth protocol + if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv protocol + if ((defined ($v3proto[1])) && (!defined($o_privpass))) + { print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + } + + if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) + { print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} + if (!defined($o_timeout)) {$o_timeout=$TIMEOUT+5;} + + if (defined($o_prevperf)) { + if (defined($o_perf)) { + %prev_perf=process_perf($o_prevperf); + $check_type = $prev_perf{type} if $o_type eq 'auto' && exists($prev_perf{tye}) && exists($oid_uptime_types[$prev_perf{type}][0]); + } + else { + print "need -f option first \n"; print_usage(); exit $ERRORS{"UNKNOWN"}; + } + } + + if ($o_type eq 'auto') { + $check_type=0; + } + else { + $check_type = type_from_name($o_type); + } +} + +sub create_snmp_session { + my ($session,$error); + + if ( defined($o_login) && defined($o_passwd)) { + # SNMPv3 login + if (!defined ($o_privpass)) { + verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -version => '3', + -port => $o_port, + -username => $o_login, + -authpassword => $o_passwd, + -authprotocol => $o_authproto, + -timeout => $o_timeout + ); + } else { + verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -version => '3', + -username => $o_login, + -port => $o_port, + -authpassword => $o_passwd, + -authprotocol => $o_authproto, + -privpassword => $o_privpass, + -privprotocol => $o_privproto, + -timeout => $o_timeout + ); + } + } else { + if (defined ($o_version2)) { + # SNMPv2c Login + verb("SNMP v2c login"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -version => 2, + -community => $o_community, + -port => $o_port, + -timeout => $o_timeout + ); + } else { + # SNMPV1 login + verb("SNMP v1 login"); + ($session, $error) = Net::SNMP->session( + -hostname => $o_host, + -community => $o_community, + -port => $o_port, + -timeout => $o_timeout + ); + } + } + if (!defined($session)) { + printf("ERROR opening session: %s.\n", $error); + exit $ERRORS{"UNKNOWN"}; + } + + return $session; +} + +$SIG{'ALRM'} = sub { + print "Alarm timeout\n"; + exit $ERRORS{"UNKNOWN"}; +}; + +########## MAIN ####### +my $system_info=""; +my $uptime_info=undef; +my $uptime_minutes=undef; +my $perf_out=""; +my $status=0; +my $uptime_output; +my ($days, $hrs, $mins); + +check_options(); + +# Check gobal timeout if snmp screws up +if (defined($o_timeout)) { + verb("Alarm at $o_timeout + 5"); + alarm($o_timeout+5); +} + +if ($check_type==1) { # local + # Process unix uptime command output + $uptime_output=`uptime`; + verb("Local Uptime Result is: $uptime_output"); + if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) { + ($days, $hrs, $mins) = ($1, $2, $3); + } + elsif ($uptime_output =~ /up\s+(\d+)\shours?\s+(\d+)/) { + ($days, $hrs, $mins) = (0, $1, $2); + } + elsif ($uptime_output =~ /up\s+(\d+)\:(\d+)/) { + ($days, $hrs, $mins) = (0, $1, $2); + } + elsif ($uptime_output =~ /up\s+(\d+)\s+min/) { + ($days, $hrs, $mins) = (0,0,$1); + } + elsif ($uptime_output =~ /up\s+(d+)s+days?,s+(d+)s+min/) { + ($days, $hrs, $mins) = ($1,0,$2); + } + else { + $uptime_info = "up ".$uptime_output; + } + if (defined($days) && defined($hrs) && defined($mins)) { + $uptime_minutes = $days*24*60+$hrs*60+$mins; + } + my @temp=split(' ',`uname -a`); + if (scalar(@temp)<3) { + $system_info=`uname -a`; + } + else { + $system_info=join(' ',$temp[0],$temp[1],$temp[2]); + } +} +else { + # SNMP connection + my $session=create_snmp_session(); + my $result=undef; + my $oid=""; + my $guessed_check_type=0; + + if ($check_type==0){ + $result = $session->get_request(-varbindlist=>[$oid_sysSystem]); + if (!defined($result)) { + printf("ERROR: Can not retrieve $oid_sysSystem table: %s.\n", $session->error); + $session->close; + exit $ERRORS{"UNKNOWN"}; + } + verb("$o_host SysInfo Result from OID $oid_sysSystem: $result->{$oid_sysSystem}"); + if ($result->{$oid_sysSystem} =~ /Windows/) { + $guessed_check_type=2; + verb('Guessing Type: 2 = windows'); + } + if ($result->{$oid_sysSystem} =~ /Cisco/) { + $guessed_check_type=5; + verb('Guessing Type: 5 = netswitch'); + } + if ($guessed_check_type==0) { + $guessed_check_type=3; # will try hostUptime first + } + $oid=$oid_uptime_types[$guessed_check_type][2]; + } + else { + $oid=$oid_uptime_types[$check_type][2]; + } + + do { + $result = $session->get_request(-varbindlist=>[$oid,$oid_sysSystem]); + if (!defined($result)) { + if ($check_type!=0) { + printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error); + $session->close; + exit $ERRORS{"UNKNOWN"}; + } + else { + if ($session->error =~ /noSuchName/) { + if ($guessed_check_type==4) { + verb("Received noSuchName error for sysUpTime OID $oid. Giving up."); + $guessed_check_type=0; + } + if ($guessed_check_type==3) { + verb("Received noSuchName error for hostUpTime OID $oid, will now try sysUpTime"); + $guessed_check_type=4; + } + else { + verb("Received noSuchName error for OID $oid, will now try hostUpTime"); + $guessed_check_type=3; + } + if ($guessed_check_type!=0) { + $oid=$oid_uptime_types[$guessed_check_type][2]; + } + } + else { + printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error); + $session->close; + exit $ERRORS{"UNKNOWN"}; + } + } + } + else { + if ($check_type==0) { + $check_type=$guessed_check_type; + } + } + } + while (!defined($result) && $guessed_check_type!=0); + + $session->close; + if ($check_type==0 && $guessed_check_type==0) { + printf("ERROR: Can not autodetermine proper uptime OID table. Giving up.\n"); + exit $ERRORS{"UNKNOWN"}; + } + + my ($days, $hrs, $mins); + $uptime_output=$result->{$oid}; + verb("$o_host Uptime Result from OID $oid: $uptime_output"); + + if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) { + ($days, $hrs, $mins) = ($1, $2, $3); + } + elsif ($uptime_output =~ /(\d+)\s+hours?,\s+(\d+)\:(\d+)/) { + ($days, $hrs, $mins) = (0, $1, $2); + } + elsif ($uptime_output =~ /(\d+)\s+min/) { + ($days, $hrs, $mins) = (0, 0, $1); + } + if (defined($days) && defined($hrs) && defined($mins)) { + $uptime_minutes = $days*24*60+$hrs*60+$mins; + } + elsif ($uptime_output =~ /^(\d+)$/) { + my $upnum = $1; + if ($oid eq $oid_sysUptime) { + $uptime_minutes = $upnum/100/60; + } + elsif ($oid eq $oid_engineTime) { + $uptime_minutes = $upnum/60; + } + } + else { + $uptime_info = "up ".$uptime_output; + } + my @temp=split(' ',$result->{$oid_sysSystem}); + if (scalar(@temp)<3) { + $system_info=$result->{$oid_sysSystem}; + } + else { + $system_info=join(' ',$temp[0],$temp[1],$temp[2]); + } +} + +if (defined($uptime_minutes) && !defined($uptime_info)) { + ($hrs,$mins) = div_mod($uptime_minutes,60); + ($days,$hrs) = div_mod($hrs,24); + $uptime_info = "up "; + $uptime_info .= "$days days " if $days>0; + $uptime_info .= "$hrs hours " if $hrs>0; + $uptime_info .= "$mins minutes"; +} + +verb("System Type: $check_type (".$oid_uptime_types[$check_type][0].")"); +verb("System Info: $system_info") if $system_info; +verb("Uptime Text: $uptime_info") if defined($uptime_info); +verb("Uptime Minutes: $uptime_minutes") if defined($uptime_minutes); + +if (!defined($uptime_info)) { + $uptime_info = "Can not determine uptime"; + $status = 3; +} + +if (defined($o_perf)) { + $perf_out = "type=$check_type"; + $perf_out .= " uptime_minutes=$uptime_minutes" if defined($uptime_minutes); +} + +if (defined($uptime_minutes)) { + if (defined($o_prevperf)) { + $status = 1 if defined($o_warn) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes; + $status = 2 if defined($o_crit) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes; + } + else { + $status = 1 if defined($o_warn) && !isnnum($o_warn) && $o_warn >= $uptime_minutes; + $status = 2 if defined($o_crit) && !isnnum($o_crit) && $o_crit >= $uptime_minutes; + } +} +alarm(0); + +my $exit_status="UNKNOWN"; +$exit_status="OK" if $status==0; +$exit_status="WARNING" if $status==1; +$exit_status="CRITICAL" if $status==2; +$exit_status="UNKNOWN" if $status==3; +$exit_status="$o_label $exit_status" if defined($o_label); +print "$exit_status: $system_info"; +print " - $uptime_info"; +print " | ",$perf_out if $perf_out; +print "\n"; +exit $status; diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb new file mode 100644 index 0000000..348aa93 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb @@ -0,0 +1,261 @@ +<%# nrpe.cfg %> + +# ################################################### +# # # +# # # This file is managed with +# # # +# # # ##### # # ##### ##### ###### ##### +# # # # # # # # # # # # # +# # # # # # # # # # # ##### # +# # # ##### # # ##### ##### # # +# # # # # # # # # # +# # # # #### # # ###### # +# # # +# # # ... so you can't just change it locally. +# # # +# # ################################################### + +############################################################################# +# Sample NRPE Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 11-23-2007 +# +# NOTES: +# This is a sample configuration file for the NRPE daemon. It needs to be +# located on the remote host that is running the NRPE daemon, not the host +# from which the check_nrpe client is being executed. +############################################################################# + + +# LOG FACILITY +# The syslog facility that should be used for logging purposes. + +log_facility=daemon + + + +# PID FILE +# The name of the file in which the NRPE daemon should write it's process ID +# number. The file is only written if the NRPE daemon is started by the root +# user and is running in standalone mode. + +pid_file=/var/run/nagios/nrpe.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# NOTE: This must be a non-priviledged port (i.e. > 1024). +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +server_port=5666 + + + +# SERVER ADDRESS +# Address that nrpe should bind to in case there are more than one interface +# and you do not want nrpe to bind on all interfaces. +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +#server_address=127.0.0.1 + + + +# NRPE USER +# This determines the effective user that the NRPE daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_user=nagios + + + +# NRPE GROUP +# This determines the effective group that the NRPE daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +nrpe_group=nagios + + + +# ALLOWED HOST ADDRESSES +# This is an optional comma-delimited list of IP address or hostnames +# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask +# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently +# supported. +# +# Note: The daemon only does rudimentary checking of the client's IP +# address. I would highly recommend adding entries in your /etc/hosts.allow +# file to allow only the specified host to connect to the port +# you are running this daemon on. +# +# NOTE: This option is ignored if NRPE is running under either inetd or xinetd + +allowed_hosts= <%= @allowed_hosts %> + +# COMMAND ARGUMENT PROCESSING +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments to commands that are executed. This option only works +# if the daemon was configured with the --enable-command-args configure script +# option. +# +# *** ENABLING THIS OPTION IS A SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow arguments, 1=allow command arguments + +dont_blame_nrpe=0 + + + +# BASH COMMAND SUBTITUTION +# This option determines whether or not the NRPE daemon will allow clients +# to specify arguments that contain bash command substitutions of the form +# $(...). This option only works if the daemon was configured with both +# the --enable-command-args and --enable-bash-command-substitution configure +# script options. +# +# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** +# Read the SECURITY file for information on some of the security implications +# of enabling this variable. +# +# Values: 0=do not allow bash command substitutions, +# 1=allow bash command substitutions + +allow_bash_command_substitution=0 + + + +# COMMAND PREFIX +# This option allows you to prefix all commands with a user-defined string. +# A space is automatically added between the specified prefix string and the +# command line from the command definition. +# +# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** +# Usage scenario: +# Execute restricted commmands using sudo. For this to work, you need to add +# the nagios user to your /etc/sudoers. An example entry for alllowing +# execution of the plugins from might be: +# +# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ +# +# This lets the nagios user run all commands in that directory (and only them) +# without asking for a password. If you do this, make sure you don't give +# random users write access to that directory or its contents! + +# command_prefix=/usr/bin/sudo + + + +# DEBUGGING OPTION +# This option determines whether or not debugging messages are logged to the +# syslog facility. +# Values: 0=debugging off, 1=debugging on + +debug=0 + + + +# COMMAND TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# allow plugins to finish executing before killing them off. + +command_timeout=60 + + + +# CONNECTION TIMEOUT +# This specifies the maximum number of seconds that the NRPE daemon will +# wait for a connection to be established before exiting. This is sometimes +# seen where a network problem stops the SSL being established even though +# all network sessions are connected. This causes the nrpe daemons to +# accumulate, eating system resources. Do not set this too low. + +connection_timeout=300 + + + +# WEEK RANDOM SEED OPTION +# This directive allows you to use SSL even if your system does not have +# a /dev/random or /dev/urandom (on purpose or because the necessary patches +# were not applied). The random number generator will be seeded from a file +# which is either a file pointed to by the environment valiable $RANDFILE +# or $HOME/.rnd. If neither exists, the pseudo random number generator will +# be initialized and a warning will be issued. +# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness + +#allow_weak_random_seed=1 + + + +# INCLUDE CONFIG FILE +# This directive allows you to include definitions from an external config file. + +#include= + + + +# INCLUDE CONFIG DIRECTORY +# This directive allows you to include definitions from config files (with a +# .cfg extension) in one or more directories (with recursion). + +#include_dir= +#include_dir= + + + +# COMMAND DEFINITIONS +# Command definitions that this daemon will run. Definitions +# are in the following format: +# +# command[]= +# +# When the daemon receives a request to return the results of +# it will execute the command specified by the argument. +# +# Unlike Nagios, the command line cannot contain macros - it must be +# typed exactly as it should be executed. +# +# Note: Any plugins that are used in the command lines must reside +# on the machine that this daemon is running on! The examples below +# assume that you have plugins installed in a /usr/local/nagios/libexec +# directory. Also note that you will have to modify the definitions below +# to match the argument format the plugins expect. Remember, these are +# examples only! + + +# The following examples use hardcoded command arguments... + +command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 + + +# The following examples allow user-supplied arguments and can +# only be used if the NRPE daemon was compiled with support for +# command arguments *AND* the dont_blame_nrpe directive in this +# config file is set to '1'. This poses a potential security risk, so +# make sure you read the SECURITY file before doing this. + +#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ +#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ +#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ +#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ + +# +# local configuration: +# if you'd prefer, you can instead place directives here +include=/etc/nagios/nrpe_local.cfg + +# +# you can place your config snipplets into nrpe.d/ +# only snipplets ending in .cfg will get included +include_dir=/etc/nagios/nrpe.d/ + -- cgit v1.1 From 08fc0687691c7b6a84889c328cd11509b7e8caad Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Wed, 22 Apr 2015 14:16:09 +0200 Subject: autobackup --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index d9eeae4..1d96d4e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -37,5 +37,15 @@ $myqsl_version = "5.7") "MYSQL_ROOT_PASSWORD=${pwd}", "MYSQL_DATABASE=${name}"] } + package {'automysqlbackup': require => latest } -> + auges { 'automysqlbackup_settings': + incl => "/etc/default/automysqlbackup", + lens => "Shellvars.lns", + changes => [ + "set USERNAME=${name}", + "set PASSWORD=${pwd}", + "set DBHOST=${db_hostname}" + ] + } } } -- cgit v1.1 From 05092b377014dd9907bcea9b7576c23f05110626 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Wed, 22 Apr 2015 14:18:51 +0200 Subject: include --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index 1d96d4e..ac61bc9 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -5,6 +5,7 @@ $db_host = undef, $wordpress_version = "4.1.1", $myqsl_version = "5.7") { + include augeas $db_hostname = $db_host ? { undef => "${name}_mysql.docker", default => $db_host @@ -38,7 +39,7 @@ $myqsl_version = "5.7") "MYSQL_DATABASE=${name}"] } package {'automysqlbackup': require => latest } -> - auges { 'automysqlbackup_settings': + augeas { 'automysqlbackup_settings': incl => "/etc/default/automysqlbackup", lens => "Shellvars.lns", changes => [ -- cgit v1.1 From 92f00dba5b869e777d323d844d502a85d93e79cf Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Wed, 22 Apr 2015 14:19:44 +0200 Subject: bad leifj --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index ac61bc9..2335af5 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -38,7 +38,7 @@ $myqsl_version = "5.7") "MYSQL_ROOT_PASSWORD=${pwd}", "MYSQL_DATABASE=${name}"] } - package {'automysqlbackup': require => latest } -> + package {'automysqlbackup': ensure => latest } -> augeas { 'automysqlbackup_settings': incl => "/etc/default/automysqlbackup", lens => "Shellvars.lns", -- cgit v1.1 From c6be206b75642eaf63e64bfbc3bad07e9af22b33 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Wed, 22 Apr 2015 14:34:15 +0200 Subject: bad leifj --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index 2335af5..d183032 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -43,9 +43,9 @@ $myqsl_version = "5.7") incl => "/etc/default/automysqlbackup", lens => "Shellvars.lns", changes => [ - "set USERNAME=${name}", - "set PASSWORD=${pwd}", - "set DBHOST=${db_hostname}" + "set USERNAME ${name}", + "set PASSWORD ${pwd}", + "set DBHOST ${db_hostname}" ] } } -- cgit v1.1 From 0eaf0a1eaa03d972acf3c6ec2c49684687a1d1d0 Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 14:38:07 +0200 Subject: added template --- .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb index dda05e4..d52eeec 100755 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb @@ -1,3 +1,5 @@ +<%# check_uptime.pl %> + #!/usr/bin/perl -w # # ============================== SUMMARY ===================================== -- cgit v1.1 From 9a6c9b342db6b00f2786edca1d974540a766b1cf Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 14:58:29 +0200 Subject: nagios configuration update --- .../etc/puppet/modules/sunet/manifests/nagios.pp | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index 58a10bc..6b7d836 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -1,3 +1,37 @@ class sunet::nagios { + $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111') + $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111') + $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}" + + package {'nagios-nrpe-server': + ensure => 'installed', + } -> + service {'nagios-nrpe-server': + ensure => 'running' + } -> + file { "/etc/nagios/nrpe.cfg" : + ensure => 'file', + mode => '0640', + group => 'nagios', + content => template('sunet/nagioshost/nrpe.cfg.erb'), + } -> + file { "/usr/lib/nagios/plugins/check_uptime.pl" : + ensure => 'file', + mode => '0640', + group => 'nagios', + content => template('sunet/nagioshost/check_uptime.pl.erb'), + } -> + ufw::allow { "allow-nrpe-v4": + from => "${nagios_ip_v4}", + ip => 'any', + proto => 'tcp', + port => 5666 + } -> + ufw::allow { "allow-nrpe-v6": + from => "${nagios_ip_v6}", + ip => 'any', + proto => 'tcp', + port => 5666 + } } -- cgit v1.1 From bb0e5333540a0fddc8946cee37fde6f317403dd5 Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 15:37:31 +0200 Subject: added some default nrpe checks --- .../overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb index 348aa93..960dd61 100644 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb @@ -236,7 +236,8 @@ command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 - +command[check_uptime]=/usr/lib/nagios/plugins/check_uptime.pl -f +command[check_reboot]=/usr/lib/nagios/plugins/check_reboot # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for -- cgit v1.1 From 5a10e87213b5d83209c4f25544fd186bcff9790d Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 15:49:01 +0200 Subject: nrpe plugin permission + fixes --- global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 2 +- .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index 6b7d836..b05100e 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -18,7 +18,7 @@ class sunet::nagios { } -> file { "/usr/lib/nagios/plugins/check_uptime.pl" : ensure => 'file', - mode => '0640', + mode => '0751', group => 'nagios', content => template('sunet/nagioshost/check_uptime.pl.erb'), } -> diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb index d52eeec..e599218 100755 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb @@ -1,5 +1,4 @@ <%# check_uptime.pl %> - #!/usr/bin/perl -w # # ============================== SUMMARY ===================================== -- cgit v1.1 From 3aa12a2570f187b179c8631f4eaab0c83d1662b7 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Wed, 22 Apr 2015 15:51:57 +0200 Subject: only backup the one db --- global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp index d183032..6f6abed 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp @@ -45,7 +45,8 @@ $myqsl_version = "5.7") changes => [ "set USERNAME ${name}", "set PASSWORD ${pwd}", - "set DBHOST ${db_hostname}" + "set DBHOST ${db_hostname}", + "set DBNAMES ${name}" ] } } -- cgit v1.1 From de3da0b361a561a79fcd152c61274f811e1c51ff Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 15:55:11 +0200 Subject: removed <%# check_uptime.pl %> global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb --- .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb | 1 - 1 file changed, 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb index e599218..dda05e4 100755 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb @@ -1,4 +1,3 @@ -<%# check_uptime.pl %> #!/usr/bin/perl -w # # ============================== SUMMARY ===================================== -- cgit v1.1 From a60382a9ef96e350036c693ddf7b6be3ec5083fd Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Wed, 22 Apr 2015 16:00:50 +0200 Subject: Added notify and dependencies for nagios service and files. --- global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index b05100e..c09679d 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -8,18 +8,23 @@ class sunet::nagios { ensure => 'installed', } -> service {'nagios-nrpe-server': - ensure => 'running' + ensure => 'running', + enable => 'true', + require => Package['nagios-nrpe-server'], } -> file { "/etc/nagios/nrpe.cfg" : + notify => Service['nagios-nrpe-server'], ensure => 'file', mode => '0640', group => 'nagios', + require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/nrpe.cfg.erb'), } -> file { "/usr/lib/nagios/plugins/check_uptime.pl" : ensure => 'file', mode => '0751', group => 'nagios', + require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/check_uptime.pl.erb'), } -> ufw::allow { "allow-nrpe-v4": -- cgit v1.1 From 877abf0d9b4f0b05425f82bb648d7f9c2215c3fa Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 16:13:19 +0200 Subject: typo --- .../etc/puppet/modules/sunet/manifests/nagios.pp | 7 ++++ .../sunet/templates/nagioshost/check_reboot.erb | 37 ++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index c09679d..cbd47a0 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -27,6 +27,13 @@ class sunet::nagios { require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/check_uptime.pl.erb'), } -> + file { "/usr/lib/nagios/plugins/check_reboot" : + ensure => 'file', + mode => '0751', + group => 'nagios', + require => Package['nagios-nrpe-server'], + content => template('sunet/nagioshost/check_reboot'), + } -> ufw::allow { "allow-nrpe-v4": from => "${nagios_ip_v4}", ip => 'any', diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb new file mode 100755 index 0000000..aa0bd5d --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb @@ -0,0 +1,37 @@ +#!/bin/bash +declare -rx PROGNAME=${0##*/} +declare -rx PROGPATH=${0%/*}/ + +function cleanup { + #if [ -e "$TMPFILE" ] ; then + #rm "$TMPFILE" + #fi + exit $1 +} + +if [ -r "${PROGPATH}utils.sh" ] ; then + source "${PROGPATH}utils.sh" +else + echo "Can't find utils.sh." + printf "Currently being run from %s\n" "$PROGPATH" + # since we couldn't define STATE_UNKNOWN since reading utils.sh failed, we use 3 here but everywhere else after this use cleanup $STATE + cleanup 3 +fi + +STATE=$STATE_UNKNOWN + + +if [ -f /var/run/reboot-required.pkgs ] +then + pkg=`cat /var/run/reboot-required.pkgs` +fi + +if [ -f /var/run/reboot-required ] +then + echo "Reboot WARNING: System reboot required by package $pkg" + cleanup $STATE_WARNING; +fi + echo "Reboot OK: No reboot required" + cleanup $STATE_OK; +cleanup $STATE; + -- cgit v1.1 From 7242a1cf051cf6a73e47d9a9fb68ed6c6ae43778 Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 16:14:24 +0200 Subject: added plugin --- global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index cbd47a0..48bf5ca 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -6,12 +6,12 @@ class sunet::nagios { package {'nagios-nrpe-server': ensure => 'installed', - } -> + } service {'nagios-nrpe-server': ensure => 'running', enable => 'true', require => Package['nagios-nrpe-server'], - } -> + } file { "/etc/nagios/nrpe.cfg" : notify => Service['nagios-nrpe-server'], ensure => 'file', @@ -19,27 +19,27 @@ class sunet::nagios { group => 'nagios', require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/nrpe.cfg.erb'), - } -> + } file { "/usr/lib/nagios/plugins/check_uptime.pl" : ensure => 'file', mode => '0751', group => 'nagios', require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/check_uptime.pl.erb'), - } -> + } file { "/usr/lib/nagios/plugins/check_reboot" : ensure => 'file', mode => '0751', group => 'nagios', require => Package['nagios-nrpe-server'], content => template('sunet/nagioshost/check_reboot'), - } -> + } ufw::allow { "allow-nrpe-v4": from => "${nagios_ip_v4}", ip => 'any', proto => 'tcp', port => 5666 - } -> + } ufw::allow { "allow-nrpe-v6": from => "${nagios_ip_v6}", ip => 'any', -- cgit v1.1 From 0008d057cde159d7039c5f93fe69d5b9f7ee6bfb Mon Sep 17 00:00:00 2001 From: Dennis Wallberg Date: Wed, 22 Apr 2015 16:17:46 +0200 Subject: typo fixed --- global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global/overlay/etc/puppet/modules') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp index 48bf5ca..91ccf6c 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp @@ -32,7 +32,7 @@ class sunet::nagios { mode => '0751', group => 'nagios', require => Package['nagios-nrpe-server'], - content => template('sunet/nagioshost/check_reboot'), + content => template('sunet/nagioshost/check_reboot.erb'), } ufw::allow { "allow-nrpe-v4": from => "${nagios_ip_v4}", -- cgit v1.1