cloud-mu 2.1.0beta → 3.0.0beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (291) hide show
  1. checksums.yaml +5 -5
  2. data/Berksfile +4 -5
  3. data/Berksfile.lock +179 -0
  4. data/README.md +1 -6
  5. data/ansible/roles/geerlingguy.firewall/templates/firewall.bash.j2 +0 -0
  6. data/ansible/roles/mu-installer/README.md +33 -0
  7. data/ansible/roles/mu-installer/defaults/main.yml +2 -0
  8. data/ansible/roles/mu-installer/handlers/main.yml +2 -0
  9. data/ansible/roles/mu-installer/meta/main.yml +60 -0
  10. data/ansible/roles/mu-installer/tasks/main.yml +13 -0
  11. data/ansible/roles/mu-installer/tests/inventory +2 -0
  12. data/ansible/roles/mu-installer/tests/test.yml +5 -0
  13. data/ansible/roles/mu-installer/vars/main.yml +2 -0
  14. data/bin/mu-adopt +125 -0
  15. data/bin/mu-aws-setup +4 -4
  16. data/bin/mu-azure-setup +265 -0
  17. data/bin/mu-azure-tests +43 -0
  18. data/bin/mu-cleanup +20 -8
  19. data/bin/mu-configure +224 -98
  20. data/bin/mu-deploy +8 -3
  21. data/bin/mu-gcp-setup +16 -8
  22. data/bin/mu-gen-docs +92 -8
  23. data/bin/mu-load-config.rb +52 -12
  24. data/bin/mu-momma-cat +36 -0
  25. data/bin/mu-node-manage +34 -27
  26. data/bin/mu-self-update +2 -2
  27. data/bin/mu-ssh +12 -8
  28. data/bin/mu-upload-chef-artifacts +11 -4
  29. data/bin/mu-user-manage +3 -0
  30. data/cloud-mu.gemspec +8 -11
  31. data/cookbooks/firewall/libraries/helpers_iptables.rb +2 -2
  32. data/cookbooks/firewall/metadata.json +1 -1
  33. data/cookbooks/firewall/recipes/default.rb +5 -9
  34. data/cookbooks/mu-firewall/attributes/default.rb +2 -0
  35. data/cookbooks/mu-firewall/metadata.rb +1 -1
  36. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +0 -0
  37. data/cookbooks/mu-master/Berksfile +2 -2
  38. data/cookbooks/mu-master/files/default/check_mem.pl +0 -0
  39. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  40. data/cookbooks/mu-master/metadata.rb +5 -4
  41. data/cookbooks/mu-master/recipes/389ds.rb +1 -1
  42. data/cookbooks/mu-master/recipes/basepackages.rb +30 -10
  43. data/cookbooks/mu-master/recipes/default.rb +59 -7
  44. data/cookbooks/mu-master/recipes/firewall-holes.rb +1 -1
  45. data/cookbooks/mu-master/recipes/init.rb +65 -47
  46. data/cookbooks/mu-master/recipes/{eks-kubectl.rb → kubectl.rb} +4 -10
  47. data/cookbooks/mu-master/recipes/sssd.rb +2 -1
  48. data/cookbooks/mu-master/recipes/update_nagios_only.rb +6 -6
  49. data/cookbooks/mu-master/templates/default/web_app.conf.erb +2 -2
  50. data/cookbooks/mu-master/templates/mods/ldap.conf.erb +4 -0
  51. data/cookbooks/mu-php54/Berksfile +1 -2
  52. data/cookbooks/mu-php54/metadata.rb +4 -5
  53. data/cookbooks/mu-php54/recipes/default.rb +1 -1
  54. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +0 -0
  55. data/cookbooks/mu-tools/Berksfile +3 -2
  56. data/cookbooks/mu-tools/files/default/Mu_CA.pem +33 -0
  57. data/cookbooks/mu-tools/libraries/helper.rb +20 -8
  58. data/cookbooks/mu-tools/metadata.rb +5 -2
  59. data/cookbooks/mu-tools/recipes/apply_security.rb +2 -3
  60. data/cookbooks/mu-tools/recipes/eks.rb +1 -1
  61. data/cookbooks/mu-tools/recipes/gcloud.rb +5 -30
  62. data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
  63. data/cookbooks/mu-tools/recipes/rsyslog.rb +1 -0
  64. data/cookbooks/mu-tools/recipes/selinux.rb +19 -0
  65. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +0 -1
  66. data/cookbooks/mu-tools/recipes/windows-client.rb +256 -122
  67. data/cookbooks/mu-tools/resources/disk.rb +3 -1
  68. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +1 -1
  69. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +1 -1
  70. data/cookbooks/mu-tools/templates/default/{kubeconfig.erb → kubeconfig-eks.erb} +0 -0
  71. data/cookbooks/mu-tools/templates/default/kubeconfig-gke.erb +27 -0
  72. data/cookbooks/mu-tools/templates/windows-10/sshd_config.erb +137 -0
  73. data/cookbooks/mu-utility/recipes/nat.rb +4 -0
  74. data/extras/alpha.png +0 -0
  75. data/extras/beta.png +0 -0
  76. data/extras/clean-stock-amis +2 -2
  77. data/extras/generate-stock-images +131 -0
  78. data/extras/git-fix-permissions-hook +0 -0
  79. data/extras/image-generators/AWS/centos6.yaml +17 -0
  80. data/extras/image-generators/{aws → AWS}/centos7-govcloud.yaml +0 -0
  81. data/extras/image-generators/{aws → AWS}/centos7.yaml +0 -0
  82. data/extras/image-generators/{aws → AWS}/rhel7.yaml +0 -0
  83. data/extras/image-generators/{aws → AWS}/win2k12.yaml +0 -0
  84. data/extras/image-generators/{aws → AWS}/win2k16.yaml +0 -0
  85. data/extras/image-generators/{aws → AWS}/windows.yaml +0 -0
  86. data/extras/image-generators/{gcp → Google}/centos6.yaml +1 -0
  87. data/extras/image-generators/Google/centos7.yaml +18 -0
  88. data/extras/python_rpm/build.sh +0 -0
  89. data/extras/release.png +0 -0
  90. data/extras/ruby_rpm/build.sh +0 -0
  91. data/extras/ruby_rpm/muby.spec +1 -1
  92. data/install/README.md +43 -5
  93. data/install/deprecated-bash-library.sh +0 -0
  94. data/install/installer +1 -1
  95. data/install/jenkinskeys.rb +0 -0
  96. data/install/mu-master.yaml +55 -0
  97. data/modules/mommacat.ru +41 -7
  98. data/modules/mu.rb +444 -149
  99. data/modules/mu/adoption.rb +500 -0
  100. data/modules/mu/cleanup.rb +235 -158
  101. data/modules/mu/cloud.rb +675 -138
  102. data/modules/mu/clouds/aws.rb +156 -24
  103. data/modules/mu/clouds/aws/alarm.rb +4 -14
  104. data/modules/mu/clouds/aws/bucket.rb +60 -18
  105. data/modules/mu/clouds/aws/cache_cluster.rb +8 -20
  106. data/modules/mu/clouds/aws/collection.rb +12 -22
  107. data/modules/mu/clouds/aws/container_cluster.rb +209 -118
  108. data/modules/mu/clouds/aws/database.rb +120 -45
  109. data/modules/mu/clouds/aws/dnszone.rb +7 -18
  110. data/modules/mu/clouds/aws/endpoint.rb +5 -15
  111. data/modules/mu/clouds/aws/firewall_rule.rb +144 -72
  112. data/modules/mu/clouds/aws/folder.rb +4 -11
  113. data/modules/mu/clouds/aws/function.rb +6 -16
  114. data/modules/mu/clouds/aws/group.rb +4 -12
  115. data/modules/mu/clouds/aws/habitat.rb +11 -13
  116. data/modules/mu/clouds/aws/loadbalancer.rb +40 -28
  117. data/modules/mu/clouds/aws/log.rb +5 -13
  118. data/modules/mu/clouds/aws/msg_queue.rb +9 -24
  119. data/modules/mu/clouds/aws/nosqldb.rb +4 -12
  120. data/modules/mu/clouds/aws/notifier.rb +6 -13
  121. data/modules/mu/clouds/aws/role.rb +69 -40
  122. data/modules/mu/clouds/aws/search_domain.rb +17 -20
  123. data/modules/mu/clouds/aws/server.rb +184 -94
  124. data/modules/mu/clouds/aws/server_pool.rb +33 -38
  125. data/modules/mu/clouds/aws/storage_pool.rb +5 -12
  126. data/modules/mu/clouds/aws/user.rb +59 -33
  127. data/modules/mu/clouds/aws/userdata/linux.erb +18 -30
  128. data/modules/mu/clouds/aws/userdata/windows.erb +9 -9
  129. data/modules/mu/clouds/aws/vpc.rb +214 -145
  130. data/modules/mu/clouds/azure.rb +978 -44
  131. data/modules/mu/clouds/azure/container_cluster.rb +413 -0
  132. data/modules/mu/clouds/azure/firewall_rule.rb +500 -0
  133. data/modules/mu/clouds/azure/habitat.rb +167 -0
  134. data/modules/mu/clouds/azure/loadbalancer.rb +205 -0
  135. data/modules/mu/clouds/azure/role.rb +211 -0
  136. data/modules/mu/clouds/azure/server.rb +810 -0
  137. data/modules/mu/clouds/azure/user.rb +257 -0
  138. data/modules/mu/clouds/azure/userdata/README.md +4 -0
  139. data/modules/mu/clouds/azure/userdata/linux.erb +137 -0
  140. data/modules/mu/clouds/azure/userdata/windows.erb +275 -0
  141. data/modules/mu/clouds/azure/vpc.rb +782 -0
  142. data/modules/mu/clouds/cloudformation.rb +12 -9
  143. data/modules/mu/clouds/cloudformation/firewall_rule.rb +5 -13
  144. data/modules/mu/clouds/cloudformation/server.rb +10 -1
  145. data/modules/mu/clouds/cloudformation/server_pool.rb +1 -0
  146. data/modules/mu/clouds/cloudformation/vpc.rb +0 -2
  147. data/modules/mu/clouds/google.rb +554 -117
  148. data/modules/mu/clouds/google/bucket.rb +173 -32
  149. data/modules/mu/clouds/google/container_cluster.rb +1112 -157
  150. data/modules/mu/clouds/google/database.rb +24 -47
  151. data/modules/mu/clouds/google/firewall_rule.rb +344 -89
  152. data/modules/mu/clouds/google/folder.rb +156 -79
  153. data/modules/mu/clouds/google/group.rb +272 -82
  154. data/modules/mu/clouds/google/habitat.rb +177 -52
  155. data/modules/mu/clouds/google/loadbalancer.rb +9 -34
  156. data/modules/mu/clouds/google/role.rb +1211 -0
  157. data/modules/mu/clouds/google/server.rb +491 -227
  158. data/modules/mu/clouds/google/server_pool.rb +233 -48
  159. data/modules/mu/clouds/google/user.rb +479 -125
  160. data/modules/mu/clouds/google/userdata/linux.erb +3 -3
  161. data/modules/mu/clouds/google/userdata/windows.erb +9 -9
  162. data/modules/mu/clouds/google/vpc.rb +381 -223
  163. data/modules/mu/config.rb +689 -214
  164. data/modules/mu/config/bucket.rb +1 -1
  165. data/modules/mu/config/cache_cluster.rb +1 -1
  166. data/modules/mu/config/cache_cluster.yml +0 -4
  167. data/modules/mu/config/container_cluster.rb +18 -9
  168. data/modules/mu/config/database.rb +6 -23
  169. data/modules/mu/config/firewall_rule.rb +9 -15
  170. data/modules/mu/config/folder.rb +22 -21
  171. data/modules/mu/config/habitat.rb +22 -21
  172. data/modules/mu/config/loadbalancer.rb +2 -2
  173. data/modules/mu/config/role.rb +9 -40
  174. data/modules/mu/config/server.rb +26 -5
  175. data/modules/mu/config/server_pool.rb +1 -1
  176. data/modules/mu/config/storage_pool.rb +2 -2
  177. data/modules/mu/config/user.rb +4 -0
  178. data/modules/mu/config/vpc.rb +350 -110
  179. data/modules/mu/defaults/{amazon_images.yaml → AWS.yaml} +37 -39
  180. data/modules/mu/defaults/Azure.yaml +17 -0
  181. data/modules/mu/defaults/Google.yaml +24 -0
  182. data/modules/mu/defaults/README.md +1 -1
  183. data/modules/mu/deploy.rb +168 -125
  184. data/modules/mu/groomer.rb +2 -1
  185. data/modules/mu/groomers/ansible.rb +104 -32
  186. data/modules/mu/groomers/chef.rb +96 -44
  187. data/modules/mu/kittens.rb +20602 -0
  188. data/modules/mu/logger.rb +38 -11
  189. data/modules/mu/master.rb +90 -8
  190. data/modules/mu/master/chef.rb +2 -3
  191. data/modules/mu/master/ldap.rb +0 -1
  192. data/modules/mu/master/ssl.rb +250 -0
  193. data/modules/mu/mommacat.rb +917 -513
  194. data/modules/scratchpad.erb +1 -1
  195. data/modules/tests/super_complex_bok.yml +0 -0
  196. data/modules/tests/super_simple_bok.yml +0 -0
  197. data/roles/mu-master.json +2 -1
  198. data/spec/azure_creds +5 -0
  199. data/spec/mu.yaml +56 -0
  200. data/spec/mu/clouds/azure_spec.rb +164 -27
  201. data/spec/spec_helper.rb +5 -0
  202. data/test/clean_up.py +0 -0
  203. data/test/exec_inspec.py +0 -0
  204. data/test/exec_mu_install.py +0 -0
  205. data/test/exec_retry.py +0 -0
  206. data/test/smoke_test.rb +0 -0
  207. metadata +90 -118
  208. data/cookbooks/mu-jenkins/Berksfile +0 -14
  209. data/cookbooks/mu-jenkins/CHANGELOG.md +0 -13
  210. data/cookbooks/mu-jenkins/LICENSE +0 -37
  211. data/cookbooks/mu-jenkins/README.md +0 -105
  212. data/cookbooks/mu-jenkins/attributes/default.rb +0 -42
  213. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +0 -73
  214. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +0 -44
  215. data/cookbooks/mu-jenkins/metadata.rb +0 -21
  216. data/cookbooks/mu-jenkins/recipes/default.rb +0 -195
  217. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +0 -54
  218. data/cookbooks/mu-jenkins/recipes/public_key.rb +0 -24
  219. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +0 -24
  220. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +0 -14
  221. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +0 -6
  222. data/cookbooks/nagios/Berksfile +0 -11
  223. data/cookbooks/nagios/CHANGELOG.md +0 -589
  224. data/cookbooks/nagios/CONTRIBUTING.md +0 -11
  225. data/cookbooks/nagios/LICENSE +0 -37
  226. data/cookbooks/nagios/README.md +0 -328
  227. data/cookbooks/nagios/TESTING.md +0 -2
  228. data/cookbooks/nagios/attributes/config.rb +0 -171
  229. data/cookbooks/nagios/attributes/default.rb +0 -228
  230. data/cookbooks/nagios/chefignore +0 -102
  231. data/cookbooks/nagios/definitions/command.rb +0 -33
  232. data/cookbooks/nagios/definitions/contact.rb +0 -33
  233. data/cookbooks/nagios/definitions/contactgroup.rb +0 -33
  234. data/cookbooks/nagios/definitions/host.rb +0 -33
  235. data/cookbooks/nagios/definitions/hostdependency.rb +0 -33
  236. data/cookbooks/nagios/definitions/hostescalation.rb +0 -34
  237. data/cookbooks/nagios/definitions/hostgroup.rb +0 -33
  238. data/cookbooks/nagios/definitions/nagios_conf.rb +0 -38
  239. data/cookbooks/nagios/definitions/resource.rb +0 -33
  240. data/cookbooks/nagios/definitions/service.rb +0 -33
  241. data/cookbooks/nagios/definitions/servicedependency.rb +0 -33
  242. data/cookbooks/nagios/definitions/serviceescalation.rb +0 -34
  243. data/cookbooks/nagios/definitions/servicegroup.rb +0 -33
  244. data/cookbooks/nagios/definitions/timeperiod.rb +0 -33
  245. data/cookbooks/nagios/libraries/base.rb +0 -314
  246. data/cookbooks/nagios/libraries/command.rb +0 -91
  247. data/cookbooks/nagios/libraries/contact.rb +0 -230
  248. data/cookbooks/nagios/libraries/contactgroup.rb +0 -112
  249. data/cookbooks/nagios/libraries/custom_option.rb +0 -36
  250. data/cookbooks/nagios/libraries/data_bag_helper.rb +0 -23
  251. data/cookbooks/nagios/libraries/default.rb +0 -90
  252. data/cookbooks/nagios/libraries/host.rb +0 -412
  253. data/cookbooks/nagios/libraries/hostdependency.rb +0 -181
  254. data/cookbooks/nagios/libraries/hostescalation.rb +0 -173
  255. data/cookbooks/nagios/libraries/hostgroup.rb +0 -119
  256. data/cookbooks/nagios/libraries/nagios.rb +0 -282
  257. data/cookbooks/nagios/libraries/resource.rb +0 -59
  258. data/cookbooks/nagios/libraries/service.rb +0 -455
  259. data/cookbooks/nagios/libraries/servicedependency.rb +0 -215
  260. data/cookbooks/nagios/libraries/serviceescalation.rb +0 -195
  261. data/cookbooks/nagios/libraries/servicegroup.rb +0 -144
  262. data/cookbooks/nagios/libraries/timeperiod.rb +0 -160
  263. data/cookbooks/nagios/libraries/users_helper.rb +0 -54
  264. data/cookbooks/nagios/metadata.rb +0 -25
  265. data/cookbooks/nagios/recipes/_load_databag_config.rb +0 -153
  266. data/cookbooks/nagios/recipes/_load_default_config.rb +0 -241
  267. data/cookbooks/nagios/recipes/apache.rb +0 -48
  268. data/cookbooks/nagios/recipes/default.rb +0 -204
  269. data/cookbooks/nagios/recipes/nginx.rb +0 -82
  270. data/cookbooks/nagios/recipes/pagerduty.rb +0 -143
  271. data/cookbooks/nagios/recipes/server_package.rb +0 -40
  272. data/cookbooks/nagios/recipes/server_source.rb +0 -164
  273. data/cookbooks/nagios/templates/default/apache2.conf.erb +0 -96
  274. data/cookbooks/nagios/templates/default/cgi.cfg.erb +0 -266
  275. data/cookbooks/nagios/templates/default/commands.cfg.erb +0 -13
  276. data/cookbooks/nagios/templates/default/contacts.cfg.erb +0 -37
  277. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +0 -25
  278. data/cookbooks/nagios/templates/default/hosts.cfg.erb +0 -15
  279. data/cookbooks/nagios/templates/default/htpasswd.users.erb +0 -6
  280. data/cookbooks/nagios/templates/default/nagios.cfg.erb +0 -22
  281. data/cookbooks/nagios/templates/default/nginx.conf.erb +0 -62
  282. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +0 -185
  283. data/cookbooks/nagios/templates/default/resource.cfg.erb +0 -27
  284. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +0 -15
  285. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +0 -14
  286. data/cookbooks/nagios/templates/default/services.cfg.erb +0 -14
  287. data/cookbooks/nagios/templates/default/templates.cfg.erb +0 -31
  288. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +0 -13
  289. data/extras/image-generators/aws/centos6.yaml +0 -18
  290. data/modules/mu/defaults/google_images.yaml +0 -16
  291. data/roles/mu-master-jenkins.json +0 -24
@@ -1,40 +0,0 @@
1
- #
2
- # Author:: Seth Chisamore <schisamo@getchef.com>
3
- # Author:: Tim Smith <tsmith@chef.io>
4
- # Cookbook Name:: nagios
5
- # Recipe:: server_package
6
- #
7
- # Copyright 2011-2016, Chef Software, Inc.
8
- #
9
- # Licensed under the Apache License, Version 2.0 (the "License");
10
- # you may not use this file except in compliance with the License.
11
- # You may obtain a copy of the License at
12
- #
13
- # http://www.apache.org/licenses/LICENSE-2.0
14
- #
15
- # Unless required by applicable law or agreed to in writing, software
16
- # distributed under the License is distributed on an "AS IS" BASIS,
17
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
- # See the License for the specific language governing permissions and
19
- # limitations under the License.
20
- #
21
-
22
- case node['platform_family']
23
- when 'rhel'
24
- include_recipe 'yum-epel' if node['nagios']['server']['install_yum-epel']
25
- when 'debian'
26
- # Nagios package requires to enter the admin password
27
- # We generate it randomly as it's overwritten later in the config templates
28
- random_initial_password = rand(36**16).to_s(36)
29
-
30
- %w(adminpassword adminpassword-repeat).each do |setting|
31
- execute "debconf-set-selections::#{node['nagios']['server']['vname']}-cgi::#{node['nagios']['server']['vname']}/#{setting}" do
32
- command "echo #{node['nagios']['server']['vname']}-cgi #{node['nagios']['server']['vname']}/#{setting} password #{random_initial_password} | debconf-set-selections"
33
- not_if "dpkg -l #{node['nagios']['server']['vname']}"
34
- end
35
- end
36
- end
37
-
38
- node['nagios']['server']['packages'].each do |pkg|
39
- package pkg
40
- end
@@ -1,164 +0,0 @@
1
- #
2
- # Author:: Seth Chisamore <schisamo@getchef.com>
3
- # Author:: Tim Smith <tsmith@chef.io>
4
- # Cookbook Name:: nagios
5
- # Recipe:: server_source
6
- #
7
- # Copyright 2011-2016, Chef Software, Inc.
8
- #
9
- # Licensed under the Apache License, Version 2.0 (the "License");
10
- # you may not use this file except in compliance with the License.
11
- # You may obtain a copy of the License at
12
- #
13
- # http://www.apache.org/licenses/LICENSE-2.0
14
- #
15
- # Unless required by applicable law or agreed to in writing, software
16
- # distributed under the License is distributed on an "AS IS" BASIS,
17
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18
- # See the License for the specific language governing permissions and
19
- # limitations under the License.
20
- #
21
-
22
- # Package pre-reqs
23
- include_recipe 'php::default'
24
- include_recipe 'php::module_gd'
25
-
26
- build_essential 'name' do
27
- compile_time True
28
- end
29
-
30
- # the source install of nagios from this recipe does not include embedded perl support
31
- # so unless the user explicitly set the p1_file attribute, we want to clear it
32
- # Note: the cookbook now defaults to Nagios 4.X which doesn't support embedded perl anyways
33
- node.default['nagios']['conf']['p1_file'] = nil
34
-
35
- pkgs = value_for_platform_family(
36
- %w( rhel fedora ) => %w( openssl-devel gd-devel tar ),
37
- 'debian' => %w( libssl-dev libgd2-xpm-dev bsd-mailx tar ),
38
- 'default' => %w( libssl-dev libgd2-xpm-dev bsd-mailx tar )
39
- )
40
-
41
- pkgs.each do |pkg|
42
- package pkg do
43
- action :install
44
- end
45
- end
46
-
47
- user node['nagios']['user'] do
48
- action :create
49
- end
50
-
51
- web_srv = node['nagios']['server']['web_server']
52
-
53
- group node['nagios']['group'] do
54
- members [
55
- node['nagios']['user'],
56
- web_srv == 'nginx' ? node['nginx']['user'] : node['apache']['user'],
57
- ]
58
- action :create
59
- end
60
-
61
- remote_file "#{Chef::Config[:file_cache_path]}/nagios_core.tar.gz" do
62
- source node['nagios']['server']['url']
63
- checksum node['nagios']['server']['checksum']
64
- end
65
-
66
- node['nagios']['server']['patches'].each do |patch|
67
- remote_file "#{Chef::Config[:file_cache_path]}/#{patch}" do
68
- source "#{node['nagios']['server']['patch_url']}/#{patch}"
69
- end
70
- end
71
-
72
- execute 'extract-nagios' do
73
- cwd Chef::Config[:file_cache_path]
74
- command 'tar zxvf nagios_core.tar.gz'
75
- not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/#{node['nagios']['server']['src_dir']}") }
76
- end
77
-
78
- node['nagios']['server']['patches'].each do |patch|
79
- bash "patch-#{patch}" do
80
- cwd Chef::Config[:file_cache_path]
81
- code <<-EOF
82
- cd #{node['nagios']['server']['src_dir']}
83
- patch -p1 --forward --silent --dry-run < '#{Chef::Config[:file_cache_path]}/#{patch}' >/dev/null
84
- if [ $? -eq 0 ]; then
85
- patch -p1 --forward < '#{Chef::Config[:file_cache_path]}/#{patch}'
86
- else
87
- exit 0
88
- fi
89
- EOF
90
- action :nothing
91
- subscribes :run, 'execute[extract-nagios]', :immediately
92
- end
93
- end
94
-
95
- bash 'compile-nagios' do
96
- cwd Chef::Config[:file_cache_path]
97
- code <<-EOH
98
- cd #{node['nagios']['server']['src_dir']}
99
- ./configure --prefix=/usr \
100
- --mandir=/usr/share/man \
101
- --bindir=/usr/sbin \
102
- --sbindir=#{node['nagios']['cgi-bin']} \
103
- --datadir=#{node['nagios']['docroot']} \
104
- --sysconfdir=#{node['nagios']['conf_dir']} \
105
- --infodir=/usr/share/info \
106
- --libexecdir=#{node['nagios']['plugin_dir']} \
107
- --localstatedir=#{node['nagios']['state_dir']} \
108
- --enable-event-broker \
109
- --with-nagios-user=#{node['nagios']['user']} \
110
- --with-nagios-group=#{node['nagios']['group']} \
111
- --with-command-user=#{node['nagios']['user']} \
112
- --with-command-group=#{node['nagios']['group']} \
113
- --with-init-dir=/etc/init.d \
114
- --with-lockfile=#{node['nagios']['run_dir']}/#{node['nagios']['server']['vname']}.pid \
115
- --with-mail=/usr/bin/mail \
116
- --with-perlcache \
117
- --with-htmurl=/ \
118
- --with-cgiurl=#{node['nagios']['cgi-path']}
119
- make all
120
- make install
121
- make install-init
122
- make install-config
123
- make install-commandmode
124
- #{node['nagios']['source']['add_build_commands'].join("\n")}
125
- EOH
126
- action :nothing
127
- subscribes :run, 'execute[extract-nagios]', :immediately
128
- end
129
-
130
- directory node['nagios']['config_dir'] do
131
- owner 'root'
132
- group 'root'
133
- mode '0755'
134
- recursive true
135
- end
136
-
137
- directory node['nagios']['conf']['check_result_path'] do
138
- owner node['nagios']['user']
139
- group node['nagios']['group']
140
- mode '0755'
141
- recursive true
142
- end
143
-
144
- %w( cache_dir log_dir run_dir ).each do |dir|
145
- directory "Nagios cookbook #{node['nagios'][dir]}" do
146
- path node['nagios'][dir]
147
- recursive true
148
- owner node['nagios']['user']
149
- group node['nagios']['group']
150
- mode '0755'
151
- end
152
- end
153
-
154
- directory ::File.join(node['nagios']['log_dir'], 'archives') do
155
- owner node['nagios']['user']
156
- group node['nagios']['group']
157
- mode '0755'
158
- end
159
-
160
- directory "/usr/lib/#{node['nagios']['server']['vname']}" do
161
- owner node['nagios']['user']
162
- group node['nagios']['group']
163
- mode '0755'
164
- end
@@ -1,96 +0,0 @@
1
- # Autogenerated by Chef.
2
-
3
- <% unless node['nagios']['ldap_verify_cert'].nil? %>LDAPVerifyServerCert <%= node['nagios']['ldap_verify_cert'] %><% end %>
4
- <% unless node['nagios']['ldap_trusted_mode'].nil? -%>LDAPTrustedMode <%= node['nagios']['ldap_trusted_mode'] %> <% end -%>
5
- <% unless node['nagios']['ldap_trusted_global_cert'].nil? -%>LDAPTrustedGlobalCert <%= node['nagios']['ldap_trusted_global_cert'] %> <% end -%>
6
-
7
- <VirtualHost *:<%= node['nagios']['http_port'] %>>
8
- ServerAdmin <%= node['nagios']['sysadmin_email'] %>
9
- <% if @nagios_url %>
10
- ServerName <%= @nagios_url %>
11
- <% else %>
12
- ServerName <%= node['fqdn'] %>
13
- <% if node['nagios']['server']['server_alias'] %>
14
- ServerAlias <%= node['nagios']['server']['server_alias'] %>
15
- <% end %>
16
- <% end %>
17
- DocumentRoot <%= node['nagios']['docroot'] %>
18
- CustomLog <%= node['apache']['log_dir'] %>/nagios_access.log combined
19
- ErrorLog <%= node['apache']['log_dir'] %>/nagios_error.log
20
-
21
- <% if node['platform_family'] == 'debian' && node['nagios']['server']['install_method'] == 'package'-%>
22
- Alias /stylesheets /etc/<%= node['nagios']['server']['vname'] %>/stylesheets
23
- Alias /nagios3/stylesheets /etc/<%= node['nagios']['server']['vname'] %>/stylesheets
24
- <% end -%>
25
- ScriptAlias <%= node['nagios']['cgi-path'] %> <%= node['nagios']['cgi-bin'] %>
26
- ScriptAlias /cgi-bin/statusjson.cgi <%= node['nagios']['cgi-bin'] %>/statusjson.cgi
27
- Alias /<%= node['nagios']['server']['vname'] %> <%= node['nagios']['docroot'] %>
28
-
29
- <Directory "<%= node['nagios']['cgi-bin'] %>">
30
- Options ExecCGI
31
- <% if node['nagios']['default_user_name'] -%>
32
- require all granted
33
- <% end -%>
34
- </Directory>
35
-
36
- <% if @https -%>
37
- SSLEngine On
38
- SSLProtocol all -SSLv3 -SSLv2
39
- SSLCertificateFile <%= @ssl_cert_file %>
40
- <% if node['nagios']['ssl_cert_chain_file'] %>
41
- SSLCertificateChainFile <%= node['nagios']['ssl_cert_chain_file'] %>
42
- <% end -%>
43
- SSLCertificateKeyFile <%= @ssl_cert_key %>
44
-
45
- <% end -%>
46
- <% case node['nagios']['server_auth_method'] -%>
47
- <% when "openid" -%>
48
- <Location />
49
- AuthName "Nagios Server"
50
- AuthType OpenID
51
- require user <%= node['apache']['allowed_openids'].join(' ') %>
52
- AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
53
- </Location>
54
- <% when "cas" -%>
55
- CASLoginURL <%= node['nagios']['cas_login_url'] %>
56
- CASValidateURL <%= node['nagios']['cas_validate_url'] %>
57
- CASValidateServer <%= node['nagios']['cas_validate_server'] %>
58
- <% if node['nagios']['cas_root_proxy_url'] -%>
59
- CASRootProxiedAs <%= node['nagios']['cas_root_proxy_url'] %>
60
- <% end -%>
61
-
62
- <Location />
63
- AuthType CAS
64
- require <%= node['nagios']['server_auth_require'] %>
65
- </Location>
66
- <% when "ldap" -%>
67
- <Location />
68
- AuthName "Nagios Server"
69
- AuthType Basic
70
- AuthBasicProvider ldap
71
- <% unless node['nagios']['ldap_group_attribute_is_dn'].nil? %>AuthLDAPGroupAttributeIsDN <%= node['nagios']['ldap_group_attribute_is_dn'] %><% end %>
72
- <% unless node['nagios']['ldap_group_attribute'].nil? -%>AuthLDAPGroupAttribute "<%= node['nagios']['ldap_group_attribute'] %>" <% end -%>
73
- <% unless node['nagios']['ldap_bind_dn'].nil? -%>AuthLDAPBindDN "<%= node['nagios']['ldap_bind_dn'] %>" <% end -%>
74
- <% unless node['nagios']['ldap_bind_password'].nil? -%>AuthLDAPBindPassword "<%= node['nagios']['ldap_bind_password'] %>"<% end -%>
75
- AuthLDAPURL "<%= node['nagios']['ldap_url'] %>"
76
- <% if node['apache']['version'] < "2.4" and !node['nagios']['ldap_authoritative'].nil? %>AuthzLDAPAuthoritative <%= node['nagios']['ldap_authoritative'] %><% end %>
77
- require <%= node['nagios']['server_auth_require'] %>
78
- </Location>
79
- <% else -%>
80
- <Location />
81
- AuthName "Nagios Server"
82
- AuthType Basic
83
- AuthUserFile "<%= node['nagios']['conf_dir'] %>/htpasswd.users"
84
- require <%= node['nagios']['server_auth_require'] %>
85
- <% unless node['nagios']['allowed_ips'].empty? -%>
86
- Order Deny,Allow
87
- Deny from All
88
- Allow from <%=node['nagios']['allowed_ips'].join(' ') %>
89
- Satisfy Any
90
- <% end -%>
91
- </Location>
92
- <% end -%>
93
-
94
- SetEnv TZ "<%= node['nagios']['conf']['use_timezone'] %>"
95
-
96
- </VirtualHost>
@@ -1,266 +0,0 @@
1
- # Autogenerated by Chef.
2
- #
3
- # MAIN CONFIGURATION FILE
4
- # This tells the CGIs where to find your main configuration file.
5
- # The CGIs will read the main and host config files for any other
6
- # data they might need.
7
-
8
- main_config_file=<%= node['nagios']['conf_dir'] %>/<%= node['nagios']['server']['name'] %>.cfg
9
-
10
- # PHYSICAL HTML PATH
11
- # This is the path where the HTML files for Nagios reside. This
12
- # value is used to locate the logo images needed by the statusmap
13
- # and statuswrl CGIs.
14
-
15
- physical_html_path=<%= node['nagios']['docroot'] %>
16
-
17
- # URL HTML PATH
18
- # This is the path portion of the URL that corresponds to the
19
- # physical location of the Nagios HTML files (as defined above).
20
- # This value is used by the CGIs to locate the online documentation
21
- # and graphics. If you access the Nagios pages with an URL like
22
- # http://www.myhost.com/nagios, this value should be '/nagios'
23
- # (without the quotes).
24
-
25
- url_html_path=/<%= node['nagios']['server']['vname'] %>
26
-
27
- # CONTEXT-SENSITIVE HELP
28
- # This option determines whether or not a context-sensitive
29
- # help icon will be displayed for most of the CGIs.
30
- # Values: 0 = disables context-sensitive help
31
- # 1 = enables context-sensitive help
32
-
33
- show_context_help=<%= node['nagios']['cgi']['show_context_help'] %>
34
-
35
- # NAGIOS PROCESS CHECK COMMAND
36
- # This is the full path and filename of the program used to check
37
- # the status of the Nagios process. It is used only by the CGIs
38
- # and is completely optional. However, if you don't use it, you'll
39
- # see warning messages in the CGIs about the Nagios process
40
- # not running and you won't be able to execute any commands from
41
- # the web interface. The program should follow the same rules
42
- # as plugins; the return codes are the same as for the plugins,
43
- # it should have timeout protection, it should output something
44
- # to STDIO, etc.
45
- #
46
- # Note: The command line for the check_nagios plugin below may
47
- # have to be tweaked a bit, as different versions of the plugin
48
- # use different command line arguments/syntaxes.
49
-
50
- <%= node['nagios']['server']['name'] %>_check_command=<%= node['nagios']['plugin_dir'] %>/check_nagios <%= node['nagios']['cache_dir'] %>/status.dat 5 '/usr/sbin/<%= @nagios_service_name %>'
51
-
52
- # AUTHENTICATION USAGE
53
- # This option controls whether or not the CGIs will use any
54
- # authentication when displaying host and service information, as
55
- # well as committing commands to Nagios for processing.
56
- #
57
- # Read the HTML documentation to learn how the authorization works!
58
- #
59
- # NOTE: It is a really *bad* idea to disable authorization, unless
60
- # you plan on removing the command CGI (cmd.cgi)! Failure to do
61
- # so will leave you wide open to kiddies messing with Nagios and
62
- # possibly hitting you with a denial of service attack by filling up
63
- # your drive by continuously writing to your command file!
64
- #
65
- # Setting this value to 0 will cause the CGIs to *not* use
66
- # authentication (bad idea), while any other value will make them
67
- # use the authentication functions (the default).
68
-
69
- use_authentication=1
70
-
71
- # DEFAULT USER
72
- # Setting this variable will define a default user name that can
73
- # access pages without authentication. This allows people within a
74
- # secure domain (i.e., behind a firewall) to see the current status
75
- # without authenticating. You may want to use this to avoid basic
76
- # authentication if you are not using a secure server since basic
77
- # authentication transmits passwords in the clear.
78
- #
79
- # Important: Do not define a default username unless you are
80
- # running a secure web server and are sure that everyone who has
81
- # access to the CGIs has been authenticated in some manner! If you
82
- # define this variable, anyone who has not authenticated to the web
83
- # server will inherit all rights you assign to this user!
84
-
85
- <% if node['nagios']['default_user_name'] -%>
86
- default_user_name=<%= @node['nagios']['default_user_name'] %>
87
- <% else -%>
88
- #default_user_name=guest
89
- <% end -%>
90
-
91
- # SYSTEM/PROCESS INFORMATION ACCESS
92
- # This option is a comma-delimited list of all usernames that
93
- # have access to viewing the Nagios process information as
94
- # provided by the Extended Information CGI (extinfo.cgi). By
95
- # default, *no one* has access to this unless you choose to
96
- # not use authorization. You may use an asterisk (*) to
97
- # authorize any user who has authenticated to the web server.
98
-
99
- authorized_for_system_information=<%= node['nagios']['cgi']['authorized_for_system_information'] %>
100
-
101
- # CONFIGURATION INFORMATION ACCESS
102
- # This option is a comma-delimited list of all usernames that
103
- # can view ALL configuration information (hosts, commands, etc).
104
- # By default, users can only view configuration information
105
- # for the hosts and services they are contacts for. You may use
106
- # an asterisk (*) to authorize any user who has authenticated
107
- # to the web server.
108
-
109
- authorized_for_configuration_information=<%= node['nagios']['cgi']['authorized_for_configuration_information'] %>
110
-
111
- # SYSTEM/PROCESS COMMAND ACCESS
112
- # This option is a comma-delimited list of all usernames that
113
- # can issue shutdown and restart commands to Nagios via the
114
- # command CGI (cmd.cgi). Users in this list can also change
115
- # the program mode to active or standby. By default, *no one*
116
- # has access to this unless you choose to not use authorization.
117
- # You may use an asterisk (*) to authorize any user who has
118
- # authenticated to the web server.
119
-
120
- authorized_for_system_commands=<%= node['nagios']['cgi']['authorized_for_system_commands'] %>
121
-
122
- # GLOBAL HOST/SERVICE VIEW ACCESS
123
- # These two options are comma-delimited lists of all usernames that
124
- # can view information for all hosts and services that are being
125
- # monitored. By default, users can only view information
126
- # for hosts or services that they are contacts for (unless you
127
- # you choose to not use authorization). You may use an asterisk (*)
128
- # to authorize any user who has authenticated to the web server.
129
-
130
-
131
- authorized_for_all_services=<%= node['nagios']['cgi']['authorized_for_all_services'] %>
132
- authorized_for_all_hosts=<%= node['nagios']['cgi']['authorized_for_all_hosts'] %>
133
-
134
- # GLOBAL HOST/SERVICE COMMAND ACCESS
135
- # These two options are comma-delimited lists of all usernames that
136
- # can issue host or service related commands via the command
137
- # CGI (cmd.cgi) for all hosts and services that are being monitored.
138
- # By default, users can only issue commands for hosts or services
139
- # that they are contacts for (unless you you choose to not use
140
- # authorization). You may use an asterisk (*) to authorize any
141
- # user who has authenticated to the web server.
142
-
143
- authorized_for_all_service_commands=<%= node['nagios']['cgi']['authorized_for_all_service_commands'] %>
144
- authorized_for_all_host_commands=<%= node['nagios']['cgi']['authorized_for_all_host_commands'] %>
145
-
146
- # STATUSMAP BACKGROUND IMAGE
147
- # This option allows you to specify an image to be used as a
148
- # background in the statusmap CGI. It is assumed that the image
149
- # resides in the HTML images path (i.e. /usr/local/nagios/share/images).
150
- # This path is automatically determined by appending "/images"
151
- # to the path specified by the 'physical_html_path' directive.
152
- # Note: The image file may be in GIF, PNG, JPEG, or GD2 format.
153
- # However, I recommend that you convert your image to GD2 format
154
- # (uncompressed), as this will cause less CPU load when the CGI
155
- # generates the image.
156
-
157
- #statusmap_background_image=smbackground.gd2
158
-
159
- # DEFAULT STATUSMAP LAYOUT METHOD
160
- # This option allows you to specify the default layout method
161
- # the statusmap CGI should use for drawing hosts. If you do
162
- # not use this option, the default is to use user-defined
163
- # coordinates. Valid options are as follows:
164
- # 0 = User-defined coordinates
165
- # 1 = Depth layers
166
- # 2 = Collapsed tree
167
- # 3 = Balanced tree
168
- # 4 = Circular
169
- # 5 = Circular (Marked Up)
170
-
171
- default_statusmap_layout=<%= node['nagios']['cgi']['default_statusmap_layout'] %>
172
-
173
- # DEFAULT STATUSWRL LAYOUT METHOD
174
- # This option allows you to specify the default layout method
175
- # the statuswrl (VRML) CGI should use for drawing hosts. If you
176
- # do not use this option, the default is to use user-defined
177
- # coordinates. Valid options are as follows:
178
- # 0 = User-defined coordinates
179
- # 2 = Collapsed tree
180
- # 3 = Balanced tree
181
- # 4 = Circular
182
-
183
- default_statuswrl_layout=<%= node['nagios']['cgi']['default_statuswrl_layout'] %>
184
-
185
- # STATUSWRL INCLUDE
186
- # This option allows you to include your own objects in the
187
- # generated VRML world. It is assumed that the file
188
- # resides in the HTML path (i.e. /usr/local/nagios/share).
189
-
190
- #statuswrl_include=myworld.wrl
191
-
192
- # PING SYNTAX
193
- # This option determines what syntax should be used when
194
- # attempting to ping a host from the WAP interface (using
195
- # the statuswml CGI. You must include the full path to
196
- # the ping binary, along with all required options. The
197
- # $HOSTADDRESS$ macro is substituted with the address of
198
- # the host before the command is executed.
199
- # Please note that the syntax for the ping binary is
200
- # notorious for being different on virtually ever *NIX
201
- # OS and distribution, so you may have to tweak this to
202
- # work on your system.
203
-
204
- ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
205
-
206
- # REFRESH RATE
207
- # This option allows you to specify the refresh rate in seconds
208
- # of various CGIs (status, statusmap, extinfo, and outages).
209
-
210
- refresh_rate=90
211
-
212
- # DEFAULT PAGE LIMIT
213
- # This option allows you to specify the default number of results
214
- # displayed on the status.cgi. This number can be adjusted from
215
- # within the UI after the initial page load. Setting this to 0
216
- # will show all results.
217
-
218
- result_limit=<%= node['nagios']['cgi']['result_limit'] %>
219
-
220
- # ESCAPE HTML TAGS
221
- # This option determines whether HTML tags in host and service
222
- # status output is escaped in the web interface. If enabled,
223
- # your plugin output will not be able to contain clickable links.
224
-
225
- escape_html_tags=<%= node['nagios']['cgi']['escape_html_tags'] %>
226
-
227
- # SOUND OPTIONS
228
- # These options allow you to specify an optional audio file
229
- # that should be played in your browser window when there are
230
- # problems on the network. The audio files are used only in
231
- # the status CGI. Only the sound for the most critical problem
232
- # will be played. Order of importance (higher to lower) is as
233
- # follows: unreachable hosts, down hosts, critical services,
234
- # warning services, and unknown services. If there are no
235
- # visible problems, the sound file optionally specified by
236
- # 'normal_sound' variable will be played.
237
- #
238
- #
239
- # <varname>=<sound_file>
240
- #
241
- # Note: All audio files must be placed in the /media subdirectory
242
- # under the HTML path (i.e. /usr/local/nagios/share/media/).
243
-
244
- #host_unreachable_sound=hostdown.wav
245
- #host_down_sound=hostdown.wav
246
- #service_critical_sound=critical.wav
247
- #service_warning_sound=warning.wav
248
- #service_unknown_sound=warning.wav
249
- #normal_sound=noproblem.wav
250
-
251
- # URL TARGET FRAMES
252
- # These options determine the target frames in which notes and
253
- # action URLs will open.
254
-
255
- action_url_target=<%= node['nagios']['cgi']['action_url_target'] %>
256
- notes_url_target=<%= node['nagios']['cgi']['notes_url_target'] %>
257
-
258
-
259
- # LOCK AUTHOR NAMES OPTION
260
- # This option determines whether users can change the author name
261
- # when submitting comments, scheduling downtime. If disabled, the
262
- # author names will be locked into their contact name, as defined in Nagios.
263
- # Values: 0 = allow editing author names
264
- # 1 = lock author names (disallow editing)
265
-
266
- lock_author_names=<%= node['nagios']['cgi']['lock_author_names'] %>