cloud-mu 1.9.0.pre.beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (618) hide show
  1. checksums.yaml +7 -0
  2. data/Berksfile +56 -0
  3. data/Berksfile.lock +250 -0
  4. data/Jenkinsfile +184 -0
  5. data/LICENSE.md +37 -0
  6. data/README.md +26 -0
  7. data/bin/mu-aws-setup +376 -0
  8. data/bin/mu-cleanup +68 -0
  9. data/bin/mu-configure +1133 -0
  10. data/bin/mu-deploy +166 -0
  11. data/bin/mu-firewall-allow-clients +30 -0
  12. data/bin/mu-gcp-setup +200 -0
  13. data/bin/mu-gen-docs +34 -0
  14. data/bin/mu-gen-env +42 -0
  15. data/bin/mu-load-config.rb +158 -0
  16. data/bin/mu-node-manage +683 -0
  17. data/bin/mu-self-update +228 -0
  18. data/bin/mu-ssh +23 -0
  19. data/bin/mu-tunnel-nagios +144 -0
  20. data/bin/mu-upload-chef-artifacts +757 -0
  21. data/bin/mu-user-manage +275 -0
  22. data/cookbooks/awscli/LICENSE +37 -0
  23. data/cookbooks/awscli/README.md +58 -0
  24. data/cookbooks/awscli/attributes/default.rb +1 -0
  25. data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
  26. data/cookbooks/awscli/metadata.rb +20 -0
  27. data/cookbooks/awscli/recipes/default.rb +56 -0
  28. data/cookbooks/awscli/templates/default/config.erb +18 -0
  29. data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
  30. data/cookbooks/mu-activedirectory/LICENSE +37 -0
  31. data/cookbooks/mu-activedirectory/README.md +6 -0
  32. data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
  33. data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
  34. data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
  35. data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
  36. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
  37. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
  38. data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
  39. data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
  40. data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
  41. data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
  42. data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
  43. data/cookbooks/mu-activedirectory/metadata.rb +17 -0
  44. data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
  45. data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
  46. data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
  47. data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
  48. data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
  49. data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
  50. data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
  51. data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
  52. data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
  53. data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
  54. data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
  55. data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
  56. data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
  57. data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
  58. data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
  59. data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
  60. data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
  61. data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
  62. data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
  63. data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
  64. data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
  65. data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
  66. data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
  67. data/cookbooks/mu-firewall/LICENSE +37 -0
  68. data/cookbooks/mu-firewall/README.md +5 -0
  69. data/cookbooks/mu-firewall/attributes/default.rb +3 -0
  70. data/cookbooks/mu-firewall/metadata.rb +16 -0
  71. data/cookbooks/mu-firewall/recipes/default.rb +10 -0
  72. data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
  73. data/cookbooks/mu-glusterfs/LICENSE +37 -0
  74. data/cookbooks/mu-glusterfs/README.md +5 -0
  75. data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
  76. data/cookbooks/mu-glusterfs/metadata.rb +17 -0
  77. data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
  78. data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
  79. data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
  80. data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
  81. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
  82. data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
  83. data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
  84. data/cookbooks/mu-jenkins/LICENSE +37 -0
  85. data/cookbooks/mu-jenkins/README.md +105 -0
  86. data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
  87. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
  88. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
  89. data/cookbooks/mu-jenkins/metadata.rb +21 -0
  90. data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
  91. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
  92. data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
  93. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
  94. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
  95. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
  96. data/cookbooks/mu-master/CHANGELOG.md +13 -0
  97. data/cookbooks/mu-master/LICENSE +37 -0
  98. data/cookbooks/mu-master/README.md +6 -0
  99. data/cookbooks/mu-master/attributes/default.rb +95 -0
  100. data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
  101. data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
  102. data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
  103. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  104. data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
  105. data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
  106. data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
  107. data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
  108. data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
  109. data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
  110. data/cookbooks/mu-master/files/default/pam_sshd +18 -0
  111. data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
  112. data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
  113. data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
  114. data/cookbooks/mu-master/files/default/vimrc +19 -0
  115. data/cookbooks/mu-master/libraries/mu.rb +29 -0
  116. data/cookbooks/mu-master/metadata.rb +30 -0
  117. data/cookbooks/mu-master/providers/user.rb +41 -0
  118. data/cookbooks/mu-master/recipes/389ds.rb +164 -0
  119. data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
  120. data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
  121. data/cookbooks/mu-master/recipes/default.rb +451 -0
  122. data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
  123. data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
  124. data/cookbooks/mu-master/recipes/init.rb +542 -0
  125. data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
  126. data/cookbooks/mu-master/recipes/sssd.rb +89 -0
  127. data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
  128. data/cookbooks/mu-master/recipes/vault.rb +111 -0
  129. data/cookbooks/mu-master/resources/user.rb +19 -0
  130. data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
  131. data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
  132. data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
  133. data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
  134. data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
  135. data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
  136. data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
  137. data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
  138. data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
  139. data/cookbooks/mu-mongo/LICENSE +37 -0
  140. data/cookbooks/mu-mongo/README.md +5 -0
  141. data/cookbooks/mu-mongo/attributes/default.rb +22 -0
  142. data/cookbooks/mu-mongo/files/default/keyfile +16 -0
  143. data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
  144. data/cookbooks/mu-mongo/metadata.rb +17 -0
  145. data/cookbooks/mu-mongo/recipes/default.rb +149 -0
  146. data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
  147. data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
  148. data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
  149. data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
  150. data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
  151. data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
  152. data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
  153. data/cookbooks/mu-openvpn/LICENSE +37 -0
  154. data/cookbooks/mu-openvpn/README.md +6 -0
  155. data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
  156. data/cookbooks/mu-openvpn/metadata.rb +18 -0
  157. data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
  158. data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
  159. data/cookbooks/mu-php54/CHANGELOG.md +12 -0
  160. data/cookbooks/mu-php54/LICENSE +37 -0
  161. data/cookbooks/mu-php54/README.md +0 -0
  162. data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
  163. data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
  164. data/cookbooks/mu-php54/metadata.rb +21 -0
  165. data/cookbooks/mu-php54/recipes/default.rb +97 -0
  166. data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
  167. data/cookbooks/mu-splunk/LICENSE +37 -0
  168. data/cookbooks/mu-splunk/README.md +451 -0
  169. data/cookbooks/mu-splunk/attributes/default.rb +95 -0
  170. data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
  171. data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
  172. data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
  173. data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
  174. data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
  175. data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
  176. data/cookbooks/mu-splunk/metadata.json +30 -0
  177. data/cookbooks/mu-splunk/metadata.rb +17 -0
  178. data/cookbooks/mu-splunk/recipes/client.rb +143 -0
  179. data/cookbooks/mu-splunk/recipes/default.rb +31 -0
  180. data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
  181. data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
  182. data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
  183. data/cookbooks/mu-splunk/recipes/server.rb +53 -0
  184. data/cookbooks/mu-splunk/recipes/service.rb +95 -0
  185. data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
  186. data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
  187. data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
  188. data/cookbooks/mu-splunk/recipes/user.rb +34 -0
  189. data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
  190. data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
  191. data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
  192. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
  193. data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
  194. data/cookbooks/mu-tools/CHANGELOG.md +12 -0
  195. data/cookbooks/mu-tools/LICENSE +37 -0
  196. data/cookbooks/mu-tools/README.md +188 -0
  197. data/cookbooks/mu-tools/attributes/default.rb +142 -0
  198. data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
  199. data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
  200. data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
  201. data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
  202. data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
  203. data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
  204. data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
  205. data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
  206. data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
  207. data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
  208. data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
  209. data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
  210. data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
  211. data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
  212. data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
  213. data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
  214. data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
  215. data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
  216. data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
  217. data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
  218. data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
  219. data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
  220. data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
  221. data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
  222. data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
  223. data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
  224. data/cookbooks/mu-tools/files/default/mypol.te +37 -0
  225. data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
  226. data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
  227. data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
  228. data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
  229. data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
  230. data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
  231. data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
  232. data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
  233. data/cookbooks/mu-tools/files/default/ntrights +0 -0
  234. data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
  235. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
  236. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
  237. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
  238. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
  239. data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
  240. data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
  241. data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
  242. data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
  243. data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
  244. data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
  245. data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
  246. data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
  247. data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
  248. data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
  249. data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
  250. data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
  251. data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
  252. data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
  253. data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
  254. data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
  255. data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
  256. data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
  257. data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
  258. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
  259. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
  260. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
  261. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
  262. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
  263. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
  264. data/cookbooks/mu-tools/libraries/helper.rb +292 -0
  265. data/cookbooks/mu-tools/metadata.rb +28 -0
  266. data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
  267. data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
  268. data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
  269. data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
  270. data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
  271. data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
  272. data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
  273. data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
  274. data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
  275. data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
  276. data/cookbooks/mu-tools/recipes/efs.rb +70 -0
  277. data/cookbooks/mu-tools/recipes/eks.rb +160 -0
  278. data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
  279. data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
  280. data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
  281. data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
  282. data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
  283. data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
  284. data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
  285. data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
  286. data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
  287. data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
  288. data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
  289. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
  290. data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
  291. data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
  292. data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
  293. data/cookbooks/mu-tools/recipes/updates.rb +96 -0
  294. data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
  295. data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
  296. data/cookbooks/mu-tools/resources/disk.rb +88 -0
  297. data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
  298. data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
  299. data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
  300. data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
  301. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
  302. data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
  303. data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
  304. data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
  305. data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
  306. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
  307. data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
  308. data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
  309. data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
  310. data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
  311. data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
  312. data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
  313. data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
  314. data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
  315. data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
  316. data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
  317. data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
  318. data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
  319. data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
  320. data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
  321. data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
  322. data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
  323. data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
  324. data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
  325. data/cookbooks/mu-utility/CHANGELOG.md +12 -0
  326. data/cookbooks/mu-utility/LICENSE +37 -0
  327. data/cookbooks/mu-utility/README.md +6 -0
  328. data/cookbooks/mu-utility/attributes/default.rb +1 -0
  329. data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
  330. data/cookbooks/mu-utility/metadata.rb +16 -0
  331. data/cookbooks/mu-utility/recipes/apt.rb +23 -0
  332. data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
  333. data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
  334. data/cookbooks/mu-utility/recipes/luks.rb +18 -0
  335. data/cookbooks/mu-utility/recipes/nat.rb +104 -0
  336. data/cookbooks/mu-utility/recipes/php.rb +33 -0
  337. data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
  338. data/cookbooks/mu-utility/recipes/remi.rb +44 -0
  339. data/cookbooks/mu-utility/recipes/vim.rb +26 -0
  340. data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
  341. data/cookbooks/mu-utility/recipes/zip.rb +26 -0
  342. data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
  343. data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
  344. data/cookbooks/nagios/Berksfile +8 -0
  345. data/cookbooks/nagios/CHANGELOG.md +589 -0
  346. data/cookbooks/nagios/CONTRIBUTING.md +11 -0
  347. data/cookbooks/nagios/LICENSE +37 -0
  348. data/cookbooks/nagios/README.md +328 -0
  349. data/cookbooks/nagios/TESTING.md +2 -0
  350. data/cookbooks/nagios/attributes/config.rb +171 -0
  351. data/cookbooks/nagios/attributes/default.rb +228 -0
  352. data/cookbooks/nagios/chefignore +102 -0
  353. data/cookbooks/nagios/definitions/command.rb +33 -0
  354. data/cookbooks/nagios/definitions/contact.rb +33 -0
  355. data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
  356. data/cookbooks/nagios/definitions/host.rb +33 -0
  357. data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
  358. data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
  359. data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
  360. data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
  361. data/cookbooks/nagios/definitions/resource.rb +33 -0
  362. data/cookbooks/nagios/definitions/service.rb +33 -0
  363. data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
  364. data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
  365. data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
  366. data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
  367. data/cookbooks/nagios/libraries/base.rb +314 -0
  368. data/cookbooks/nagios/libraries/command.rb +91 -0
  369. data/cookbooks/nagios/libraries/contact.rb +230 -0
  370. data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
  371. data/cookbooks/nagios/libraries/custom_option.rb +36 -0
  372. data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
  373. data/cookbooks/nagios/libraries/default.rb +90 -0
  374. data/cookbooks/nagios/libraries/host.rb +412 -0
  375. data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
  376. data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
  377. data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
  378. data/cookbooks/nagios/libraries/nagios.rb +282 -0
  379. data/cookbooks/nagios/libraries/resource.rb +59 -0
  380. data/cookbooks/nagios/libraries/service.rb +455 -0
  381. data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
  382. data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
  383. data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
  384. data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
  385. data/cookbooks/nagios/libraries/users_helper.rb +54 -0
  386. data/cookbooks/nagios/metadata.rb +25 -0
  387. data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
  388. data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
  389. data/cookbooks/nagios/recipes/apache.rb +48 -0
  390. data/cookbooks/nagios/recipes/default.rb +204 -0
  391. data/cookbooks/nagios/recipes/nginx.rb +82 -0
  392. data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
  393. data/cookbooks/nagios/recipes/server_package.rb +40 -0
  394. data/cookbooks/nagios/recipes/server_source.rb +164 -0
  395. data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
  396. data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
  397. data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
  398. data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
  399. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
  400. data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
  401. data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
  402. data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
  403. data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
  404. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
  405. data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
  406. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
  407. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
  408. data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
  409. data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
  410. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
  411. data/cookbooks/s3fs/CHANGELOG.md +13 -0
  412. data/cookbooks/s3fs/LICENSE +37 -0
  413. data/cookbooks/s3fs/README.md +6 -0
  414. data/cookbooks/s3fs/attributes/default.rb +15 -0
  415. data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
  416. data/cookbooks/s3fs/metadata.rb +16 -0
  417. data/cookbooks/s3fs/recipes/default.rb +91 -0
  418. data/data_bags/demo/app.json +7 -0
  419. data/data_bags/nagios_services/chef.json +6 -0
  420. data/data_bags/nagios_services/linux_diskspace.json +5 -0
  421. data/data_bags/nagios_services/momma_cat.json +6 -0
  422. data/data_bags/nagios_services/mu-master-memory.json +5 -0
  423. data/data_bags/nagios_services/nagios_ui.json +6 -0
  424. data/data_bags/nagios_services/node_ssh.json +6 -0
  425. data/data_bags/nagios_services/ssh.json +6 -0
  426. data/demo/lambda_test.yaml +29 -0
  427. data/environments/DEV.json +8 -0
  428. data/environments/PROD.json +8 -0
  429. data/environments/dev.json +8 -0
  430. data/environments/development.json +8 -0
  431. data/environments/prod.json +8 -0
  432. data/extras/README.md +1 -0
  433. data/extras/admin-role-binding.yaml +16 -0
  434. data/extras/admin-user.yaml +6 -0
  435. data/extras/aws-auth-cm.yaml.erb +12 -0
  436. data/extras/clean-stock-amis +48 -0
  437. data/extras/git-fix-permissions-hook +12 -0
  438. data/extras/gitlab-eks-helper.sh.erb +20 -0
  439. data/extras/image-generators/README.md +2 -0
  440. data/extras/image-generators/aws/centos6.yaml +18 -0
  441. data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
  442. data/extras/image-generators/aws/centos7.yaml +17 -0
  443. data/extras/image-generators/aws/rhel7.yaml +17 -0
  444. data/extras/image-generators/aws/win2k12.yaml +16 -0
  445. data/extras/image-generators/aws/win2k16.yaml +16 -0
  446. data/extras/image-generators/aws/windows.yaml +18 -0
  447. data/extras/image-generators/gcp/centos6.yaml +17 -0
  448. data/extras/lambda_waf_domain_blacklist.py +103 -0
  449. data/extras/platform_berksfile_base +50 -0
  450. data/extras/ruby_rpm/build.sh +17 -0
  451. data/extras/ruby_rpm/muby.spec +44 -0
  452. data/extras/vault_tools/README.md +6 -0
  453. data/extras/vault_tools/export_vaults.sh +3 -0
  454. data/extras/vault_tools/recreate_vaults.sh +5 -0
  455. data/extras/vault_tools/test_vaults.sh +5 -0
  456. data/install/README.md +8 -0
  457. data/install/cfn_create_mu_master.json +1034 -0
  458. data/install/chef-server.rb.erb +19 -0
  459. data/install/deprecated-bash-library.sh +1891 -0
  460. data/install/images/Usage.png +0 -0
  461. data/install/installer +71 -0
  462. data/install/jenkinskeys.rb +8 -0
  463. data/install/user-dot-murc.erb +14 -0
  464. data/modules/html.erb +19 -0
  465. data/modules/mommacat.ru +426 -0
  466. data/modules/mu/cleanup.rb +339 -0
  467. data/modules/mu/cloud.rb +1446 -0
  468. data/modules/mu/clouds/README.md +201 -0
  469. data/modules/mu/clouds/aws/alarm.rb +319 -0
  470. data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
  471. data/modules/mu/clouds/aws/collection.rb +373 -0
  472. data/modules/mu/clouds/aws/container_cluster.rb +667 -0
  473. data/modules/mu/clouds/aws/database.rb +1836 -0
  474. data/modules/mu/clouds/aws/dnszone.rb +911 -0
  475. data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
  476. data/modules/mu/clouds/aws/folder.rb +92 -0
  477. data/modules/mu/clouds/aws/function.rb +349 -0
  478. data/modules/mu/clouds/aws/group.rb +251 -0
  479. data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
  480. data/modules/mu/clouds/aws/log.rb +363 -0
  481. data/modules/mu/clouds/aws/msg_queue.rb +480 -0
  482. data/modules/mu/clouds/aws/notification.rb +139 -0
  483. data/modules/mu/clouds/aws/role.rb +656 -0
  484. data/modules/mu/clouds/aws/search_domain.rb +646 -0
  485. data/modules/mu/clouds/aws/server.rb +2294 -0
  486. data/modules/mu/clouds/aws/server_pool.rb +1388 -0
  487. data/modules/mu/clouds/aws/storage_pool.rb +495 -0
  488. data/modules/mu/clouds/aws/user.rb +382 -0
  489. data/modules/mu/clouds/aws/userdata/README.md +4 -0
  490. data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
  491. data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
  492. data/modules/mu/clouds/aws/vpc.rb +1943 -0
  493. data/modules/mu/clouds/aws.rb +1009 -0
  494. data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
  495. data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
  496. data/modules/mu/clouds/cloudformation/collection.rb +117 -0
  497. data/modules/mu/clouds/cloudformation/database.rb +278 -0
  498. data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
  499. data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
  500. data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
  501. data/modules/mu/clouds/cloudformation/log.rb +170 -0
  502. data/modules/mu/clouds/cloudformation/server.rb +370 -0
  503. data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
  504. data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
  505. data/modules/mu/clouds/cloudformation.rb +733 -0
  506. data/modules/mu/clouds/docker.rb +30 -0
  507. data/modules/mu/clouds/google/container_cluster.rb +290 -0
  508. data/modules/mu/clouds/google/database.rb +152 -0
  509. data/modules/mu/clouds/google/firewall_rule.rb +267 -0
  510. data/modules/mu/clouds/google/group.rb +164 -0
  511. data/modules/mu/clouds/google/loadbalancer.rb +479 -0
  512. data/modules/mu/clouds/google/server.rb +1510 -0
  513. data/modules/mu/clouds/google/server_pool.rb +274 -0
  514. data/modules/mu/clouds/google/user.rb +266 -0
  515. data/modules/mu/clouds/google/userdata/README.md +4 -0
  516. data/modules/mu/clouds/google/userdata/linux.erb +137 -0
  517. data/modules/mu/clouds/google/userdata/windows.erb +275 -0
  518. data/modules/mu/clouds/google/vpc.rb +890 -0
  519. data/modules/mu/clouds/google.rb +811 -0
  520. data/modules/mu/config/README.md +11 -0
  521. data/modules/mu/config/alarm.rb +271 -0
  522. data/modules/mu/config/cache_cluster.rb +172 -0
  523. data/modules/mu/config/collection.rb +87 -0
  524. data/modules/mu/config/container_cluster.rb +103 -0
  525. data/modules/mu/config/container_cluster.yml +36 -0
  526. data/modules/mu/config/database.rb +458 -0
  527. data/modules/mu/config/database.yml +26 -0
  528. data/modules/mu/config/dnszone.rb +327 -0
  529. data/modules/mu/config/firewall_rule.rb +118 -0
  530. data/modules/mu/config/folder.rb +70 -0
  531. data/modules/mu/config/function.rb +140 -0
  532. data/modules/mu/config/group.rb +64 -0
  533. data/modules/mu/config/loadbalancer.rb +482 -0
  534. data/modules/mu/config/log.rb +47 -0
  535. data/modules/mu/config/log.yml +6 -0
  536. data/modules/mu/config/msg_queue.rb +47 -0
  537. data/modules/mu/config/msg_queue.yml +9 -0
  538. data/modules/mu/config/notification.rb +44 -0
  539. data/modules/mu/config/project.rb +71 -0
  540. data/modules/mu/config/role.rb +102 -0
  541. data/modules/mu/config/search_domain.rb +61 -0
  542. data/modules/mu/config/search_domain.yml +25 -0
  543. data/modules/mu/config/server.rb +587 -0
  544. data/modules/mu/config/server.yml +8 -0
  545. data/modules/mu/config/server_pool.rb +216 -0
  546. data/modules/mu/config/server_pool.yml +71 -0
  547. data/modules/mu/config/storage_pool.rb +145 -0
  548. data/modules/mu/config/user.rb +78 -0
  549. data/modules/mu/config/vpc.rb +743 -0
  550. data/modules/mu/config/vpc.yml +6 -0
  551. data/modules/mu/config.rb +2000 -0
  552. data/modules/mu/defaults/README.md +2 -0
  553. data/modules/mu/defaults/amazon_images.yaml +121 -0
  554. data/modules/mu/defaults/google_images.yaml +16 -0
  555. data/modules/mu/deploy.rb +686 -0
  556. data/modules/mu/groomer.rb +123 -0
  557. data/modules/mu/groomers/README.md +58 -0
  558. data/modules/mu/groomers/chef.rb +1024 -0
  559. data/modules/mu/kittens.rb +11319 -0
  560. data/modules/mu/logger.rb +208 -0
  561. data/modules/mu/master/README.md +27 -0
  562. data/modules/mu/master/chef.rb +471 -0
  563. data/modules/mu/master/ldap.rb +1005 -0
  564. data/modules/mu/master.rb +415 -0
  565. data/modules/mu/mommacat.rb +2703 -0
  566. data/modules/mu-load-config.rb +1 -0
  567. data/modules/mu.rb +724 -0
  568. data/modules/scratchpad.erb +1 -0
  569. data/modules/tests/super_complex_bok.yml +41 -0
  570. data/modules/tests/super_simple_bok.yml +40 -0
  571. data/mu.gemspec +62 -0
  572. data/roles/demo-dbservice-configure.json +19 -0
  573. data/roles/demo-portal-configure.json +19 -0
  574. data/roles/mu-master-jenkins.json +24 -0
  575. data/roles/mu-master-nagios-only.json +13 -0
  576. data/roles/mu-master.json +12 -0
  577. data/roles/mu-node.json +19 -0
  578. data/roles/mu-splunk-server.json +13 -0
  579. data/roles/mu-splunk.json +13 -0
  580. data/test/clean_up.py +25 -0
  581. data/test/demo-test-profile/README.md +3 -0
  582. data/test/demo-test-profile/controls/flask.rb +84 -0
  583. data/test/demo-test-profile/inspec.lock +7 -0
  584. data/test/demo-test-profile/inspec.yml +11 -0
  585. data/test/etco-test-profile/README.md +3 -0
  586. data/test/etco-test-profile/controls/all-in-one.rb +182 -0
  587. data/test/etco-test-profile/inspec.lock +7 -0
  588. data/test/etco-test-profile/inspec.yml +11 -0
  589. data/test/exec_inspec.py +246 -0
  590. data/test/exec_mu_install.py +241 -0
  591. data/test/exec_retry.py +44 -0
  592. data/test/mu-master-test/README.md +3 -0
  593. data/test/mu-master-test/controls/all_in_one.rb +557 -0
  594. data/test/mu-master-test/inspec.lock +3 -0
  595. data/test/mu-master-test/inspec.yml +11 -0
  596. data/test/mu-tools-test/README.md +3 -0
  597. data/test/mu-tools-test/controls/base.rb +265 -0
  598. data/test/mu-tools-test/inspec.lock +3 -0
  599. data/test/mu-tools-test/inspec.yml +8 -0
  600. data/test/simple-server-php-test/README.md +3 -0
  601. data/test/simple-server-php-test/controls/apachephp.rb +25 -0
  602. data/test/simple-server-php-test/controls/example.rb +19 -0
  603. data/test/simple-server-php-test/inspec.lock +7 -0
  604. data/test/simple-server-php-test/inspec.yml +12 -0
  605. data/test/simple-server-rails-test/README.md +3 -0
  606. data/test/simple-server-rails-test/controls/rails.rb +188 -0
  607. data/test/simple-server-rails-test/inspec.lock +7 -0
  608. data/test/simple-server-rails-test/inspec.yml +11 -0
  609. data/test/simple-windows-test/README.md +3 -0
  610. data/test/simple-windows-test/controls/windows.rb +20 -0
  611. data/test/simple-windows-test/inspec.lock +7 -0
  612. data/test/simple-windows-test/inspec.yml +11 -0
  613. data/test/smoke_test.rb +75 -0
  614. data/test/wordpress-test/README.md +3 -0
  615. data/test/wordpress-test/controls/wordpress.rb +97 -0
  616. data/test/wordpress-test/inspec.lock +7 -0
  617. data/test/wordpress-test/inspec.yml +11 -0
  618. metadata +979 -0
@@ -0,0 +1,328 @@
1
+ # nagios cookbook
2
+
3
+ [![Join the chat at https://gitter.im/schubergphilis/nagios](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/schubergphilis/nagios?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://travis-ci.org/schubergphilis/nagios.svg)](https://travis-ci.org/schubergphilis/nagios) [![Cookbook Version](https://img.shields.io/cookbook/v/nagios.svg)](https://supermarket.chef.io/cookbooks/nagios)
4
+
5
+ Installs and configures Nagios server. Chef nodes are automatically discovered using search, and Nagios host groups are created based on Chef roles and optionally environments as well.
6
+
7
+ ## Requirements
8
+
9
+ ### Chef
10
+
11
+ Chef version 12.1+ is required
12
+
13
+ Because of the heavy use of search, this recipe will not work with Chef Solo, as it cannot do any searches without a server.
14
+
15
+ This cookbook relies heavily on multiple data bags. See **Data Bag** below.
16
+
17
+ The system running this cookbooks should have a role named 'monitoring' so that NRPE clients can authorize monitoring from that system. This role name is configurable via an attribute. See **Attributes** below.
18
+
19
+ The functionality that was previously in the nagios::client recipe has been moved to its own NRPE cookbook at <https://github.com/schubergphilis/nrpe>
20
+
21
+ ### Platform
22
+
23
+ - Debian 7+
24
+ - Ubuntu 12.04+
25
+ - Red Hat Enterprise Linux (CentOS/Amazon/Scientific/Oracle) 5.X, 6.X
26
+
27
+ **Notes**: This cookbook has been tested on the listed platforms. It may work on other platforms with or without modification.
28
+
29
+ ### Cookbooks
30
+
31
+ - apache2 2.0 or greater
32
+ - build-essential
33
+ - chef_nginx
34
+ - nginx_simplecgi
35
+ - php
36
+ - yum-epel
37
+
38
+ ## Attributes
39
+
40
+ ### config
41
+
42
+ [The config file](https://github.com/schubergphilis/nagios/blob/master/attributes/config.rb) contains the Nagios configuration options. Consult the [nagios documentation](http://nagios.sourceforge.net/docs/3_0/configmain.html) for available settings and allowed options. Configuration entries of which multiple entries are allowed, need to be specified as an Array.
43
+
44
+ Example: `default['nagios']['conf']['cfg_dir'] = [ '/etc/nagios/conf.d' , '/usr/local/nagios/conf.d' ]`
45
+
46
+ ### default
47
+ * `node['nagios']['user']` - Nagios user, default 'nagios'.
48
+ * `node['nagios']['group']` - Nagios group, default 'nagios'.
49
+ * `node['nagios']['plugin_dir']` - location where Nagios plugins go, default '/usr/lib/nagios/plugins'.
50
+ * `node['nagios']['multi_environment_monitoring']` - Chef server will monitor hosts in all environments, not just its own, default 'false'
51
+ * `node['nagios']['monitored_environments']` - If multi_environment_monitoring is 'true' nagios will monitor nodes in all environments. If monitored_environments is defined then nagios will monitor only hosts in the list of environments defined. For ex: ['prod', 'beta'] will monitor only hosts in 'prod' and 'beta' chef_environments. Defaults to '[]' - and all chef environments will be monitored by default.
52
+ * `node['nagios']['monitoring_interface']` - If set, will use the specified interface for all nagios monitoring network traffic. Defaults to `nil`
53
+ * `node['nagios']['exclude_tag_host']` - If set, hosts tagged with this value will be excluded from nagios monitoring. Defaults to ''
54
+
55
+ * `node['nagios']['server']['install_method']` - whether to install from package or source. Default chosen by platform based on known packages available for Nagios: debian/ubuntu 'package', redhat/centos/fedora/scientific: source
56
+ * `node['nagios']['server']['install_yum-epel']` - whether to install the EPEL repo or not (only applies to RHEL platform family). The default value is `true`. Set this to `false` if you do not wish to install the EPEL RPM; in this scenario you will need to make the relevant packages available via another method e.g. local repo, or install from source.
57
+ * `node['nagios']['server']['service_name']` - name of the service used for Nagios, default chosen by platform, debian/ubuntu "nagios3", redhat family "nagios", all others, "nagios"
58
+ * `node['nagios']['home']` - Nagios main home directory, default "/usr/lib/nagios3"
59
+ * `node['nagios']['conf_dir']` - location where main Nagios config lives, default "/etc/nagios3"
60
+ * `node['nagios']['resource_dir']` - location for recources, default "/etc/nagios3"
61
+ * `node['nagios']['config_dir']` - location where included configuration files live, default "/etc/nagios3/conf.d"
62
+ * `node['nagios']['log_dir']` - location of Nagios logs, default "/var/log/nagios3"
63
+ * `node['nagios']['cache_dir']` - location of cached data, default "/var/cache/nagios3"
64
+ * `node['nagios']['state_dir']` - Nagios runtime state information, default "/var/lib/nagios3"
65
+ * `node['nagios']['run_dir']` - where pidfiles are stored, default "/var/run/nagios3"
66
+ * `node['nagios']['docroot']` - Nagios webui docroot, default "/usr/share/nagios3/htdocs"
67
+ * `node['nagios']['enable_ssl']` - boolean for whether Nagios web server should be https, default false
68
+ * `node['nagios']['ssl_cert_file']` = Location of SSL Certificate File. default "/etc/nagios3/certificates/nagios-server.pem"
69
+ * `node['nagios']['ssl_cert_chain_file']` = Optional location of SSL Intermediate Certificate File. No default.
70
+ * `node['nagios']['ssl_cert_key']` = Location of SSL Certificate Key. default "/etc/nagios3/certificates/nagios-server.pem"
71
+ * `node['nagios']['http_port']` - port that the Apache/Nginx virtual site should listen on, determined whether ssl is enabled (443 if so, otherwise 80). Note: You will also need to configure the listening port for either NGINX or Apache within those cookbooks.
72
+ * `node['nagios']['server_name']` - common name to use in a server cert, default "nagios"
73
+ * `node['nagios']['server']['server_alias']` - alias name for the webserver for use with Apache. Defaults to nil
74
+ * `node['nagios']['ssl_req']` - info to use in a cert, default `/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=#{node['nagios']['server_name']}/emailAddress=ops@#{node['nagios']['server_name']}`
75
+
76
+ * `node['nagios']['server']['url']` - url to download the server source from if installing from source
77
+ * `node['nagios']['server']['version']` - version of the server source to download
78
+ * `node['nagios']['server']['checksum']` - checksum of the source files
79
+ * `node['nagios']['server']['patch_url']` - url to download patches from if installing from source
80
+ * `node['nagios']['server']['patches']` - array of patch filenames to apply if installing from source
81
+ * `node['nagios']['url']` - URL to host Nagios from - defaults to nil and instead uses FQDN
82
+
83
+ * `node['nagios']['conf']['enable_notifications']` - set to 1 to enable notification.
84
+ * `node['nagios']['conf']['interval_length']` - minimum interval. Defaults to '1'.
85
+ * `node['nagios']['conf']['use_timezone']` - set the timezone for nagios AND apache. Defaults to UTC.
86
+
87
+ * `node['nagios']['check_external_commands']`
88
+ * `node['nagios']['default_contact_groups']`
89
+ * `node['nagios']['default_user_name']` - Specify a defaut guest user to allow page access without authentication. **Only** use this if nagios is running behind a secure webserver and users have been authenticated in some manner. You'll likely want to change `node['nagios']['server_auth_require']` to `all granted`. Defaults to `nil`.
90
+ * `node['nagios']['sysadmin_email']` - default notification email.
91
+ * `node['nagios']['sysadmin_sms_email']` - default notification sms.
92
+ * `node['nagios']['server_auth_method']` - authentication with the server can be done with openid (using `apache2::mod_auth_openid`), cas (using `apache2::mod_auth_cas`),ldap (using `apache2::mod_authnz_ldap`), or htauth (basic). The default is htauth. "openid" will utilize openid authentication, "cas" will utilize cas authentication, "ldap" will utilize LDAP authentication, and any other value will use htauth (basic).
93
+ * `node['nagios']['cas_login_url']` - login url for cas if using cas authentication.
94
+ * `node['nagios']['cas_validate_url']` - validation url for cas if using cas authentication.
95
+ * `node['nagios']['cas_validate_server']` - whether to validate the server cert. Defaults to off.
96
+ * `node['nagios']['cas_root_proxy_url']` - if set, sets the url that the cas server redirects to after auth.
97
+ * `node['nagios']['ldap_bind_dn']` - DN used to bind to the server when searching for ldap entries.
98
+ * `node['nagios']['ldap_bind_password']` - bind password used with the DN provided for searching ldap.
99
+ * `node['nagios']['ldap_url']` - ldap url and search parameters.
100
+ * `node['nagios']['ldap_authoritative']` - accepts "on" or "off". controls other authentication modules from authenticating the user if this one fails.
101
+ * `node['nagios']['ldap_group_attribute']` - Set the Apache AuthLDAPGroupAttribute directive to a non-default value.
102
+ * `node['nagios']['ldap_group_attribute_is_dn']` - accepts "on" or "off". Set the Apache AuthLDAPGroupAttributeIsDN directive. Apache's default behavior is currently "on."
103
+ * `node['nagios']['ldap_verify_cert']` - accepts "on" or "off". Set the Apache mod_ldap LDAPVerifyServerCert directive. Apache's default behavior is currently "on."
104
+ * `node['nagios']['ldap_trusted_mode']` - Set the Apache mod_ldap LDAPTrustedMode directive.
105
+ * `node['nagios']['ldap_trusted_global_cert']` - Set the Apache mod_ldap LDAPTrustedGlobalCert directive.
106
+ * `node['nagios']['users_databag']` - the databag containing users to search for. defaults to users
107
+ * `node['nagios']['users_databag_group']` - users databag group considered Nagios admins. defaults to sysadmin
108
+ * `node['nagios']['services_databag']` - the databag containing services to search for. defaults to nagios_services
109
+ * `node['nagios']['servicegroups_databag']` - the databag containing servicegroups to search for. defaults to nagios_servicegroups
110
+ * `node['nagios']['templates_databag']` - the databag containing templates to search for. defaults to nagios_templates
111
+ * `node['nagios']['hostgroups_databag']` - the databag containing hostgroups to search for. defaults to nagios_hostgroups
112
+ * `node['nagios']['hosttemplates_databag']` - the databag containing host templates to search for. defaults to nagios_hosttemplates
113
+ * `node['nagios']['eventhandlers_databag']` - the databag containing eventhandlers to search for. defaults to nagios_eventhandlers
114
+ * `node['nagios']['unmanagedhosts_databag']` - the databag containing unmanagedhosts to search for. defaults to nagios_unmanagedhosts
115
+ * `node['nagios']['serviceescalations_databag']` - the databag containing serviceescalations to search for. defaults to nagios_serviceescalations
116
+ * `node['nagios']['hostescalations_databag']` - the databag containing hostescalations to search for. defaults to nagios_hostescalations
117
+ * `node['nagios']['contacts_databag']` - the databag containing contacts to search for. defaults to nagios_contacts
118
+ * `node['nagios']['contactgroups_databag']` - the databag containing contactgroups to search for. defaults to nagios_contactgroups
119
+ * `node['nagios']['servicedependencies_databag']` - the databag containing servicedependencies to search for. defaults to nagios_servicedependencies
120
+ * `node['nagios']['host_name_attribute']` - node attribute to use for naming the host. Must be unique across monitored nodes. Defaults to hostname
121
+ * `node['nagios']['regexp_matching']` - Attribute to enable [regexp matching](http://nagios.sourceforge.net/docs/3_0/configmain.html#use_regexp_matching). Defaults to 0.
122
+ * `node['nagios']['large_installation_tweaks']` - Attribute to enable [large installation tweaks](http://nagios.sourceforge.net/docs/3_0/largeinstalltweaks.html). Defaults to 0.
123
+ * `node['nagios']['templates']` - These set directives in the default host template. Unless explicitly overridden, they will be inherited by the host definitions for each discovered node and `nagios_unmanagedhosts` data bag. For more information about these directives, see the Nagios documentation for [host definitions](http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#host).
124
+ * `node['nagios']['hosts_template']` - Host template you want to inherit properties/variables from, default 'server'. For more information, see the nagios doc on [Object Inheritance](http://nagios.sourceforge.net/docs/3_0/objectinheritance.html).
125
+ * `node['nagios']['brokers']` - Hash of broker modules to include in the config. Hash key is the path to the broker module, the value is any parameters to pass to it.
126
+
127
+
128
+ * `node['nagios']['default_host']['flap_detection']` - Defaults to `true`.
129
+ * `node['nagios']['default_host']['process_perf_data']` - Defaults to `false`.
130
+ * `node['nagios']['default_host']['check_period']` - Defaults to `'24x7'`.
131
+ * `node['nagios']['default_host']['check_interval']` - In seconds. Must be divisible by `node['nagios']['interval_length']`. Defaults to `15`.
132
+ * `node['nagios']['default_host']['retry_interval']` - In seconds. Must be divisible by `node['nagios']['interval_length']`. Defaults to `15`.
133
+ * `node['nagios']['default_host']['max_check_attempts']` - Defaults to `1`.
134
+ * `node['nagios']['default_host']['check_command']` - Defaults to the pre-defined command `'check-host-alive'`.
135
+ * `node['nagios']['default_host']['notification_interval']` - In seconds. Must be divisible by `node['nagios']['interval_length']`. Defaults to `300`.
136
+ * `node['nagios']['default_host']['notification_options']` - Defaults to `'d,u,r'`.
137
+ * `node['nagios']['default_host']['action_url']` - Defines a action url. Defaults to `nil`.
138
+
139
+ * `node['nagios']['default_service']['process_perf_data']` - Defaults to `false`.
140
+ * `node['nagios']['default_service']['action_url']` - Defines a action url. Defaults to `nil`.
141
+
142
+ * `node['nagios']['server']['web_server']` - web server to use. supports Apache or Nginx, default "apache"
143
+ * `node['nagios']['server']['nginx_dispatch']` - nginx dispatch method. supports cgi or php, default "cgi"
144
+ * `node['nagios']['server']['stop_apache']` - stop apache service if using nginx, default false
145
+ * `node['nagios']['server']['redirect_root']` - if using Apache, should http://server/ redirect to http://server/nagios3 automatically, default false
146
+ * `node['nagios']['server']['normalize_hostname']` - If set to true, normalize all hostnames in hosts.cfg to lowercase. Defaults to false.
147
+
148
+ These are nagios cgi.config options.
149
+
150
+ * `node['nagios']['cgi']['show_context_help']` - Defaults to 1
151
+ * `node['nagios']['cgi']['authorized_for_system_information']` - Defaults to '*'
152
+ * `node['nagios']['cgi']['authorized_for_configuration_information']` - Defaults to '*'
153
+ * `node['nagios']['cgi']['authorized_for_system_commands']` - Defaults to '*'
154
+ * `node['nagios']['cgi']['authorized_for_all_services']` - Defaults to '*'
155
+ * `node['nagios']['cgi']['authorized_for_all_hosts']` - Defaults to '*'
156
+ * `node['nagios']['cgi']['authorized_for_all_service_commands']` - Defaults to '*'
157
+ * `node['nagios']['cgi']['authorized_for_all_host_commands']` - Defaults to '*'
158
+ * `node['nagios']['cgi']['default_statusmap_layout']` - Defaults to 5
159
+ * `node['nagios']['cgi']['default_statuswrl_layout']` - Defaults to 4
160
+ * `node['nagios']['cgi']['result_limit']` - Defaults to 100
161
+ * `node['nagios']['cgi']['escape_html_tags']` - Defaults to 0
162
+ * `node['nagios']['cgi']['action_url_target']` - Defaults to '_blank'
163
+ * `node['nagios']['cgi']['notes_url_target']` - Defaults to '_blank'
164
+ * `node['nagios']['cgi']['lock_author_names']` - Defaults to 1
165
+
166
+
167
+ Recipes
168
+ -------
169
+
170
+ ## Recipes
171
+
172
+ ### default
173
+
174
+ Includes the correct client installation recipe based on platform, either `nagios::server_package` or `nagios::server_source`.
175
+
176
+ The server recipe sets up Apache as the web front end by default. This recipe also does a number of searches to dynamically build the hostgroups to monitor, hosts that belong to them and admins to notify of events/alerts.
177
+
178
+ Searches are confined to the node's `chef_environment` unless multi-environment monitoring is enabled.
179
+
180
+ The recipe does the following:
181
+
182
+ 1. Searches for users in 'users' databag belonging to a 'sysadmin' group, and authorizes them to access the Nagios web UI and also to receive notification e-mails.
183
+ 2. Searches all available roles/environments and builds a list which will become the Nagios hostgroups.
184
+ 3. Places nodes in Nagios hostgroups by role / environment membership.
185
+ 4. Installs various packages required for the server.
186
+ 5. Sets up configuration directories.
187
+ 6. Moves the package-installed Nagios configuration to a 'dist' directory.
188
+ 7. Disables the 000-default VirtualHost present on Debian/Ubuntu Apache2 package installations.
189
+ 8. Templates configuration files for services, contacts, contact groups, templates, hostgroups and hosts.
190
+ 9. Enables the Nagios web UI.
191
+ 10. Starts the Nagios server service
192
+
193
+ ### server_package
194
+
195
+ Installs the Nagios server from packages. Default for Debian / Ubuntu systems.
196
+
197
+ ### server_source
198
+
199
+ Installs the Nagios server from source. Default for Red Hat / Fedora based systems as native packages for Nagios are not available in the default repositories.
200
+
201
+ ### pagerduty
202
+
203
+ Installs pagerduty plugin for nagios. If you only have a single pagerduty key, you can simply set a `node['nagios']['pagerduty_key']` attribute on your server. For multiple pagerduty key configuration see Pager Duty under Data Bags.
204
+
205
+ This recipe was written based on the [Nagios Integration Guide](http://www.pagerduty.com/docs/guides/nagios-integration-guide) from PagerDuty which explains how to get an API key for your Nagios server.
206
+
207
+ ## Data Bags
208
+
209
+ [See Wiki for more databag information](https://github.com/schubergphilis/nagios/wiki/config)
210
+
211
+ ### Pager Duty
212
+
213
+ You can define pagerduty contacts and keys by creating nagios_pagerduty data bags that contain the contact and the relevant key. Setting admin_contactgroup to "true" will add this pagerduty contact to the admin contact group created by this cookbook.
214
+
215
+ ```javascript
216
+ {
217
+ "id": "pagerduty_critical",
218
+ "admin_contactgroup": "true",
219
+ "key": "a33e5ef0ac96772fbd771ddcccd3ccd0"
220
+ }
221
+ ```
222
+
223
+ You can add these contacts to any contactgroups you create.
224
+
225
+ ## Monitoring Role
226
+
227
+ Create a role to use for the monitoring server. The role name should match the value of the attribute "`node['nrpe']['server_role']`" on your clients. By default, this is '`monitoring`'. For example:
228
+
229
+ ```ruby
230
+ # roles/monitoring.rb
231
+ name 'monitoring'
232
+ description 'Monitoring server'
233
+ run_list(
234
+ 'recipe[nagios::default]'
235
+ )
236
+
237
+ default_attributes(
238
+ 'nagios' => {
239
+ 'server_auth_method' => 'htauth'
240
+ }
241
+ )
242
+ ```
243
+
244
+ ```bash
245
+ $ knife role from file monitoring.rb
246
+ ```
247
+
248
+ ## Usage
249
+
250
+ ### server setup
251
+
252
+ Create a role named '`monitoring`', and add the nagios server recipe to the `run_list`. See **Monitoring Role** above for an example.
253
+
254
+ Apply the nrpe cookbook to nodes in order to install the NRPE client
255
+
256
+ By default the Nagios server will only monitor systems in its same environment. To change this set the `multi_environment_monitoring` attribute. See **Attributes**
257
+
258
+ Create data bag items in the `users` data bag for each administer you would like to be able to login to the Nagios server UI. Pay special attention to the method you would like to use to authorization users (openid or htauth). See **Users** and **Atttributes**
259
+
260
+ At this point you now have a minimally functional Nagios server, however the server will lack any service checks outside of the single Nagios Server health check.
261
+
262
+ ### defining checks
263
+
264
+ NRPE commands are defined in recipes using the nrpe_check LWRP provider in the nrpe cookbooks. For base system monitoring such as load, ssh, memory, etc you may want to create a cookbook in your environment that defines each monitoring command via the LWRP.
265
+
266
+ With NRPE commands created using the LWRP you will need to define Nagios services to use those commands. These services are defined using the `nagios_services` data bag and applied to roles and/or environments. See **Services**
267
+
268
+ ### enabling notifications
269
+
270
+ You need to set `default['nagios']['notifications_enabled'] = 1` attribute on your Nagios server to enable email notifications.
271
+
272
+ For email notifications to work an appropriate mail program package and local MTA need to be installed so that /usr/bin/mail or /bin/mail is available on the system.
273
+
274
+ Example:
275
+
276
+ Include [postfix cookbook](https://github.com/opscode-cookbooks/postfix) to be installed on your Nagios server node.
277
+
278
+ Add override_attributes to your `monitoring` role:
279
+
280
+ ```ruby
281
+ # roles/monitoring.rb
282
+ name 'monitoring'
283
+ description 'Monitoring Server'
284
+ run_list(
285
+ 'recipe[nagios:default]',
286
+ 'recipe[postfix]'
287
+ )
288
+
289
+ override_attributes(
290
+ 'nagios' => { 'notifications_enabled' => '1' },
291
+ 'postfix' => { 'myhostname':'your_hostname', 'mydomain':'example.com' }
292
+ )
293
+
294
+ default_attributes(
295
+ 'nagios' => { 'server_auth_method' => 'htauth' }
296
+ )
297
+ ```
298
+
299
+ ```bash
300
+ $ knife role from file monitoring.rb
301
+ ```
302
+
303
+ ## License & Authors
304
+
305
+ - Author:: Joshua Sierles [joshua@37signals.com](mailto:joshua@37signals.com)
306
+ - Author:: Nathan Haneysmith [nathan@chef.io](mailto:nathan@chef.io)
307
+ - Author:: Joshua Timberman [joshua@chef.io](mailto:joshua@chef.io)
308
+ - Author:: Seth Chisamore [schisamo@chef.io](mailto:schisamo@chef.io)
309
+ - Author:: Tim Smith [tsmith@chef.io](mailto:tsmith@chef.io)
310
+
311
+ ```text
312
+ Copyright 2009, 37signals
313
+ Copyright 2009-2017, Chef Software, Inc
314
+ Copyright 2012, Webtrends Inc.
315
+ Copyright 2013-2014, Limelight Networks, Inc.
316
+
317
+ Licensed under the Apache License, Version 2.0 (the "License");
318
+ you may not use this file except in compliance with the License.
319
+ You may obtain a copy of the License at
320
+
321
+ http://www.apache.org/licenses/LICENSE-2.0
322
+
323
+ Unless required by applicable law or agreed to in writing, software
324
+ distributed under the License is distributed on an "AS IS" BASIS,
325
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
326
+ See the License for the specific language governing permissions and
327
+ limitations under the License.
328
+ ```
@@ -0,0 +1,2 @@
1
+ Please refer to
2
+ https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD
@@ -0,0 +1,171 @@
1
+ #
2
+ # Author:: Sander Botman <sbotman@schubergphilis.com>
3
+ # Cookbook Name:: nagios
4
+ # Attributes:: config
5
+ #
6
+ # Copyright 2015, Sander Botman
7
+ #
8
+ # Licensed under the Apache License, Version 2.0 (the "License");
9
+ # you may not use this file except in compliance with the License.
10
+ # You may obtain a copy of the License at
11
+ #
12
+ # http://www.apache.org/licenses/LICENSE-2.0
13
+ #
14
+ # Unless required by applicable law or agreed to in writing, software
15
+ # distributed under the License is distributed on an "AS IS" BASIS,
16
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17
+ # See the License for the specific language governing permissions and
18
+ # limitations under the License.
19
+ #
20
+ #
21
+ # This class holds all nagios configuration options.
22
+ #
23
+
24
+ default['nagios']['conf']['log_file'] = "#{node['nagios']['log_dir']}/#{node['nagios']['server']['name']}.log"
25
+ default['nagios']['conf']['cfg_dir'] = node['nagios']['config_dir']
26
+ default['nagios']['conf']['object_cache_file'] = "#{node['nagios']['cache_dir']}/objects.cache"
27
+ default['nagios']['conf']['precached_object_file'] = "#{node['nagios']['cache_dir']}/objects.precache"
28
+ default['nagios']['conf']['resource_file'] = "#{node['nagios']['resource_dir']}/resource.cfg"
29
+ default['nagios']['conf']['temp_file'] = "#{node['nagios']['cache_dir']}/#{node['nagios']['server']['name']}.tmp"
30
+ default['nagios']['conf']['temp_path'] = '/tmp'
31
+ default['nagios']['conf']['status_file'] = "#{node['nagios']['cache_dir']}/status.dat"
32
+ default['nagios']['conf']['status_update_interval'] = '10'
33
+ default['nagios']['conf']['nagios_user'] = node['nagios']['user']
34
+ default['nagios']['conf']['nagios_group'] = node['nagios']['group']
35
+ default['nagios']['conf']['enable_notifications'] = '1'
36
+ default['nagios']['conf']['execute_service_checks'] = '1'
37
+ default['nagios']['conf']['accept_passive_service_checks'] = '1'
38
+ default['nagios']['conf']['execute_host_checks'] = '1'
39
+ default['nagios']['conf']['accept_passive_host_checks'] = '1'
40
+ default['nagios']['conf']['enable_event_handlers'] = '1'
41
+ default['nagios']['conf']['log_rotation_method'] = 'd'
42
+ default['nagios']['conf']['log_archive_path'] = "#{node['nagios']['log_dir']}/archives"
43
+ default['nagios']['conf']['check_external_commands'] = '1'
44
+ default['nagios']['conf']['command_check_interval'] = '-1'
45
+ default['nagios']['conf']['command_file'] = "#{node['nagios']['state_dir']}/rw/#{node['nagios']['server']['name']}.cmd"
46
+ default['nagios']['conf']['external_command_buffer_slots'] = '4096' # Deprecated, Starting with Nagios Core 4, this variable has no effect.
47
+ default['nagios']['conf']['check_for_updates'] = '0'
48
+ default['nagios']['conf']['lock_file'] = "#{node['nagios']['run_dir']}/#{node['nagios']['server']['vname']}.pid"
49
+ default['nagios']['conf']['retain_state_information'] = '1'
50
+ default['nagios']['conf']['state_retention_file'] = "#{node['nagios']['state_dir']}/retention.dat"
51
+ default['nagios']['conf']['retention_update_interval'] = '60'
52
+ default['nagios']['conf']['use_retained_program_state'] = '1'
53
+ default['nagios']['conf']['use_retained_scheduling_info'] = '1'
54
+ default['nagios']['conf']['use_syslog'] = '1'
55
+ default['nagios']['conf']['log_notifications'] = '1'
56
+ default['nagios']['conf']['log_service_retries'] = '1'
57
+ default['nagios']['conf']['log_host_retries'] = '1'
58
+ default['nagios']['conf']['log_event_handlers'] = '1'
59
+ default['nagios']['conf']['log_initial_states'] = '0'
60
+ default['nagios']['conf']['log_external_commands'] = '1'
61
+ default['nagios']['conf']['log_passive_checks'] = '1'
62
+ default['nagios']['conf']['sleep_time'] = '1' # Deprecated, Starting with Nagios Core 4, this variable has no effect.
63
+ default['nagios']['conf']['service_inter_check_delay_method'] = 's'
64
+ default['nagios']['conf']['max_service_check_spread'] = '5'
65
+ default['nagios']['conf']['service_interleave_factor'] = 's'
66
+ default['nagios']['conf']['max_concurrent_checks'] = '0'
67
+ default['nagios']['conf']['check_result_reaper_frequency'] = '10'
68
+ default['nagios']['conf']['max_check_result_reaper_time'] = '30'
69
+ default['nagios']['conf']['check_result_path'] = "#{node['nagios']['state_dir']}/spool/checkresults"
70
+ default['nagios']['conf']['max_check_result_file_age'] = '3600'
71
+ default['nagios']['conf']['host_inter_check_delay_method'] = 's'
72
+ default['nagios']['conf']['max_host_check_spread'] = '5'
73
+ default['nagios']['conf']['interval_length'] = '1'
74
+ default['nagios']['conf']['auto_reschedule_checks'] = '0'
75
+ default['nagios']['conf']['auto_rescheduling_interval'] = '30'
76
+ default['nagios']['conf']['auto_rescheduling_window'] = '180'
77
+ default['nagios']['conf']['use_aggressive_host_checking'] = '0'
78
+ default['nagios']['conf']['translate_passive_host_checks'] = '0'
79
+ default['nagios']['conf']['passive_host_checks_are_soft'] = '0'
80
+ default['nagios']['conf']['enable_predictive_host_dependency_checks'] = '1'
81
+ default['nagios']['conf']['enable_predictive_service_dependency_checks'] = '1'
82
+ default['nagios']['conf']['cached_host_check_horizon'] = '15'
83
+ default['nagios']['conf']['cached_service_check_horizon'] = '15'
84
+ default['nagios']['conf']['use_large_installation_tweaks'] = '0'
85
+ default['nagios']['conf']['enable_environment_macros'] = '1'
86
+ default['nagios']['conf']['enable_flap_detection'] = '1'
87
+ default['nagios']['conf']['low_service_flap_threshold'] = '5.0'
88
+ default['nagios']['conf']['high_service_flap_threshold'] = '20.0'
89
+ default['nagios']['conf']['low_host_flap_threshold'] = '5.0'
90
+ default['nagios']['conf']['high_host_flap_threshold'] = '20.0'
91
+ default['nagios']['conf']['soft_state_dependencies'] = '0'
92
+ default['nagios']['conf']['service_check_timeout'] = '60'
93
+ default['nagios']['conf']['host_check_timeout'] = '30'
94
+ default['nagios']['conf']['event_handler_timeout'] = '30'
95
+ default['nagios']['conf']['notification_timeout'] = '30'
96
+ default['nagios']['conf']['ocsp_timeout'] = '5'
97
+ default['nagios']['conf']['ochp_timeout'] = '5'
98
+ default['nagios']['conf']['perfdata_timeout'] = '5'
99
+ default['nagios']['conf']['obsess_over_services'] = '0'
100
+ default['nagios']['conf']['obsess_over_hosts'] = '0'
101
+ default['nagios']['conf']['process_performance_data'] = '0'
102
+ default['nagios']['conf']['check_for_orphaned_services'] = '1'
103
+ default['nagios']['conf']['check_for_orphaned_hosts'] = '1'
104
+ default['nagios']['conf']['check_service_freshness'] = '1'
105
+ default['nagios']['conf']['service_freshness_check_interval'] = '60'
106
+ default['nagios']['conf']['check_host_freshness'] = '0'
107
+ default['nagios']['conf']['host_freshness_check_interval'] = '60'
108
+ default['nagios']['conf']['additional_freshness_latency'] = '15'
109
+ default['nagios']['conf']['enable_embedded_perl'] = '1'
110
+ default['nagios']['conf']['use_embedded_perl_implicitly'] = '1'
111
+ default['nagios']['conf']['date_format'] = 'iso8601'
112
+ default['nagios']['conf']['use_timezone'] = 'UTC'
113
+ default['nagios']['conf']['illegal_object_name_chars'] = '`~!$%^&*|\'"<>?,()='
114
+ default['nagios']['conf']['illegal_macro_output_chars'] = '`~$&|\'"<>#'
115
+ default['nagios']['conf']['use_regexp_matching'] = '0'
116
+ default['nagios']['conf']['use_true_regexp_matching'] = '0'
117
+ default['nagios']['conf']['admin_email'] = node['nagios']['sysadmin_email']
118
+ default['nagios']['conf']['admin_pager'] = node['nagios']['sysadmin_sms_email']
119
+ default['nagios']['conf']['event_broker_options'] = '-1'
120
+ default['nagios']['conf']['retained_host_attribute_mask'] = '0'
121
+ default['nagios']['conf']['retained_service_attribute_mask'] = '0'
122
+ default['nagios']['conf']['retained_process_host_attribute_mask'] = '0'
123
+ default['nagios']['conf']['retained_process_service_attribute_mask'] = '0'
124
+ default['nagios']['conf']['retained_contact_host_attribute_mask'] = '0'
125
+ default['nagios']['conf']['retained_contact_service_attribute_mask'] = '0'
126
+ default['nagios']['conf']['daemon_dumps_core'] = '0'
127
+ default['nagios']['conf']['debug_file'] = "#{node['nagios']['state_dir']}/#{node['nagios']['server']['name']}.debug"
128
+ default['nagios']['conf']['debug_level'] = '0'
129
+ default['nagios']['conf']['debug_verbosity'] = '1'
130
+ default['nagios']['conf']['max_debug_file_size'] = '1000000'
131
+
132
+ default['nagios']['conf']['cfg_file'] = nil
133
+ default['nagios']['conf']['query_socket'] = nil
134
+ default['nagios']['conf']['check_workers'] = nil
135
+ default['nagios']['conf']['log_current_states'] = nil
136
+ default['nagios']['conf']['bare_update_check'] = nil
137
+ default['nagios']['conf']['global_host_event_handler'] = nil
138
+ default['nagios']['conf']['global_service_event_handler'] = nil
139
+ default['nagios']['conf']['free_child_process_memory'] = nil
140
+ default['nagios']['conf']['ocsp_command'] = nil
141
+ default['nagios']['conf']['ochp_command'] = nil
142
+ default['nagios']['conf']['host_perfdata_command'] = nil
143
+ default['nagios']['conf']['service_perfdata_command'] = nil
144
+ default['nagios']['conf']['host_perfdata_file'] = nil
145
+ default['nagios']['conf']['service_perfdata_file'] = nil
146
+ default['nagios']['conf']['host_perfdata_file_template'] = nil
147
+ default['nagios']['conf']['service_perfdata_file_template'] = nil
148
+ default['nagios']['conf']['host_perfdata_file_mode'] = nil
149
+ default['nagios']['conf']['service_perfdata_file_mode'] = nil
150
+ default['nagios']['conf']['host_perfdata_file_processing_interval'] = nil
151
+ default['nagios']['conf']['service_perfdata_file_processing_interval'] = nil
152
+ default['nagios']['conf']['host_perfdata_file_processing_command'] = nil
153
+ default['nagios']['conf']['service_perfdata_file_processing_command'] = nil
154
+ default['nagios']['conf']['broker_module'] = nil
155
+
156
+ if node['nagios']['server']['install_method'] == 'source' ||
157
+ (node['platform_family'] == 'rhel' && node['platform_version'].to_i >= 6) ||
158
+ (node['platform'] == 'debian' && node['platform_version'].to_i >= 7) ||
159
+ (node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 14.04)
160
+ default['nagios']['conf']['allow_empty_hostgroup_assignment'] = '1'
161
+ default['nagios']['conf']['service_check_timeout_state'] = 'c'
162
+ end
163
+
164
+ case node['platform_family']
165
+ when 'debian'
166
+ default['nagios']['conf']['p1_file'] = "#{node['nagios']['home']}/p1.pl"
167
+ when 'rhel', 'fedora'
168
+ default['nagios']['conf']['p1_file'] = '/usr/sbin/p1.pl'
169
+ else
170
+ default['nagios']['conf']['p1_file'] = "#{node['nagios']['home']}/p1.pl"
171
+ end