cloud-mu 3.6.10 → 3.6.11

data/cookbooks/nagios/recipes/pagerduty.rb

@@ -0,0 +1,95 @@
+#
+# Author:: Jake Vanderdray <jvanderdray@customink.com>
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: pagerduty
+#
+# Copyright:: 2011, CustomInk LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include_recipe 'nagios::server_package'
+
+package nagios_pagerduty_packages
+
+remote_file "#{node['nagios']['plugin_dir']}/notify_pagerduty.pl" do
+  owner 'root'
+  group 'root'
+  mode '0755'
+  source node['nagios']['pagerduty']['script_url']
+  action :create_if_missing
+end
+
+template "#{node['nagios']['cgi-bin']}/pagerduty.cgi" do
+  source 'pagerduty.cgi.erb'
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+  variables(
+    command_file: node['nagios']['conf']['command_file']
+  )
+end
+
+nagios_bags = NagiosDataBags.new
+pagerduty_contacts = nagios_bags.get('nagios_pagerduty')
+
+nagios_command 'notify-service-by-pagerduty' do
+  if node['nagios']['pagerduty']['proxy_url'].nil?
+    options 'command_line' => ::File.join(node['nagios']['plugin_dir'], 'notify_pagerduty.pl') + ' enqueue -f pd_nagios_object=service -f pd_description="$HOSTNAME$ : $SERVICEDESC$"'
+  else
+    options 'command_line' => ::File.join(node['nagios']['plugin_dir'], 'notify_pagerduty.pl') + ' enqueue -f pd_nagios_object=service -f pd_description="$HOSTNAME$ : $SERVICEDESC$"' + " --proxy #{node['nagios']['pagerduty']['proxy_url']}"
+  end
+end
+
+nagios_command 'notify-host-by-pagerduty' do
+  if node['nagios']['pagerduty']['proxy_url'].nil?
+    options 'command_line' => ::File.join(node['nagios']['plugin_dir'], 'notify_pagerduty.pl') + ' enqueue -f pd_nagios_object=host -f pd_description="$HOSTNAME$ : $SERVICEDESC$"'
+  else
+    options 'command_line' => ::File.join(node['nagios']['plugin_dir'], 'notify_pagerduty.pl') + ' enqueue -f pd_nagios_object=host -f pd_description="$HOSTNAME$ : $SERVICEDESC$"' + " --proxy #{node['nagios']['pagerduty']['proxy_url']}"
+  end
+end
+
+unless node['nagios']['pagerduty']['key'].nil? || node['nagios']['pagerduty']['key'].empty?
+  nagios_contact 'pagerduty' do
+    options 'alias' => 'PagerDuty Pseudo-Contact',
+            'service_notification_period' => '24x7',
+            'host_notification_period' => '24x7',
+            'service_notification_options' => node['nagios']['pagerduty']['service_notification_options'],
+            'host_notification_options' => node['nagios']['pagerduty']['host_notification_options'],
+            'service_notification_commands' => 'notify-service-by-pagerduty',
+            'host_notification_commands' => 'notify-host-by-pagerduty',
+            'pager' => node['nagios']['pagerduty']['key']
+  end
+end
+
+pagerduty_contacts.each do |contact|
+  name = contact['contact'] || contact['id']
+
+  nagios_contact name do
+    options 'alias' => "PagerDuty Pseudo-Contact #{name}",
+            'service_notification_period' => contact['service_notification_period'] || '24x7',
+            'host_notification_period' => contact['host_notification_period'] || '24x7',
+            'service_notification_options' => contact['service_notification_options'] || 'w,u,c,r',
+            'host_notification_options' => contact['host_notification_options'] || 'd,r',
+            'service_notification_commands' => 'notify-service-by-pagerduty',
+            'host_notification_commands' => 'notify-host-by-pagerduty',
+            'pager' => contact['key'] || contact['pagerduty_key'],
+            'contactgroups' => contact['contactgroups']
+  end
+end
+
+cron 'Flush Pagerduty' do
+  user node['nagios']['user']
+  mailto 'root@localhost'
+  command "#{::File.join(node['nagios']['plugin_dir'], 'notify_pagerduty.pl')} flush"
+end

data/cookbooks/nagios/recipes/server.rb

@@ -0,0 +1,182 @@
+#
+# Author:: Joshua Sierles <joshua@37signals.com>
+# Author:: Joshua Timberman <joshua@chef.io>
+# Author:: Nathan Haneysmith <nathan@chef.io>
+# Author:: Seth Chisamore <schisamo@chef.io>
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: server
+#
+# Copyright:: 2009, 37signals
+# Copyright 2009-2016, Chef Software, Inc.
+# Copyright 2013-2014, Limelight Networks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# (COOK-2350) workaround to allow for a nagios server install from source using
+# (COOK-2350) the override attribute on debian/ubuntu
+nagios_service_name = if platform_family?('debian') &&
+                         node['nagios']['server']['install_method'] == 'source'
+                        node['nagios']['server']['name']
+                      else
+                        node['nagios']['server']['service_name']
+                      end
+
+# install nagios service either from source of package
+include_recipe "nagios::server_#{node['nagios']['server']['install_method']}"
+
+# use the users_helper.rb library to build arrays of users and contacts
+nagios_users = NagiosUsers.new(node)
+
+if nagios_users.users.empty?
+  Chef::Log.fatal('Could not find users in the ' \
+    "\"#{node['nagios']['users_databag']}\"" \
+    "databag with the \"#{node['nagios']['users_databag_group']}\"" \
+    ' group. Users must be defined to allow for logins to the UI. ' \
+    'Make sure the databag exists and, if you have set the ' \
+    '"users_databag_group", that users in that group exist.')
+end
+
+if node['nagios']['server_auth_method'] == 'htauth'
+  # setup htpasswd auth
+  directory node['nagios']['conf_dir']
+
+  template "#{node['nagios']['conf_dir']}/htpasswd.users" do
+    cookbook node['nagios']['htauth']['template_cookbook']
+    source node['nagios']['htauth']['template_file']
+    owner node['nagios']['user']
+    group node['nagios']['web_group']
+    mode '0640'
+    variables(nagios_users: nagios_users.users)
+  end
+end
+
+# Setting all general options
+unless node['nagios'].nil?
+  unless node['nagios']['server'].nil?
+    Nagios.instance.normalize_hostname =
+      node['nagios']['server']['normalize_hostname']
+  end
+end
+
+Nagios.instance.host_name_attribute = node['nagios']['host_name_attribute']
+
+# loading default configuration data
+if node['nagios']['server']['load_default_config']
+  include_recipe 'nagios::_load_default_config'
+end
+
+# loading all databag configurations
+if node['nagios']['server']['load_databag_config']
+  include_recipe 'nagios::_load_databag_config'
+end
+
+directory "#{node['nagios']['conf_dir']}/dist" do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+end
+
+# Don't run on RHEL since the state directory is the same as the log directory and causes idempotency issues
+directory node['nagios']['state_dir'] do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0751'
+end unless platform_family?('rhel')
+
+directory "#{node['nagios']['state_dir']}/rw" do
+  owner node['nagios']['user']
+  group node['nagios']['web_group']
+  mode '2710'
+end
+
+cfg_files =
+  "#{node['nagios']['config_dir']}/*_#{node['nagios']['server']['name']}*.cfg"
+execute 'archive-default-nagios-object-definitions' do
+  command "mv #{cfg_files} #{node['nagios']['conf_dir']}/dist"
+  not_if { Dir.glob(cfg_files).empty? }
+end
+
+directory "#{node['nagios']['conf_dir']}/certificates" do
+  owner node['nagios']['web_user']
+  group node['nagios']['web_group']
+  mode '0700'
+end
+
+ssl_code = "umask 077
+openssl genrsa 2048 > nagios-server.key
+openssl req -subj #{node['nagios']['ssl_req']} -new -x509 -nodes -sha1 \
+  -days 3650 -key nagios-server.key > nagios-server.crt
+cat nagios-server.key nagios-server.crt > nagios-server.pem"
+
+bash 'Create SSL Certificates' do
+  cwd "#{node['nagios']['conf_dir']}/certificates"
+  code ssl_code
+  not_if { ::File.exist?(node['nagios']['ssl_cert_file']) }
+end
+
+nagios_conf node['nagios']['server']['name'] do
+  config_subdir false
+  cookbook node['nagios']['nagios_config']['template_cookbook']
+  source node['nagios']['nagios_config']['template_file']
+  variables(nagios_config: node['nagios']['conf'])
+end
+
+nagios_conf 'cgi' do
+  config_subdir false
+  cookbook node['nagios']['cgi']['template_cookbook']
+  source node['nagios']['cgi']['template_file']
+  variables(nagios_service_name: nagios_service_name)
+end
+
+# resource.cfg differs on RPM and tarball based systems
+if platform_family?('rhel')
+  template "#{node['nagios']['resource_dir']}/resource.cfg" do
+    cookbook node['nagios']['resources']['template_cookbook']
+    source node['nagios']['resources']['template_file']
+    owner node['nagios']['user']
+    group node['nagios']['group']
+    mode '0600'
+  end
+
+  directory node['nagios']['resource_dir'] do
+    owner 'root'
+    group node['nagios']['group']
+    mode '0755'
+  end
+end
+
+nagios_conf 'timeperiods'
+nagios_conf 'contacts'
+nagios_conf 'commands'
+nagios_conf 'hosts'
+nagios_conf 'hostgroups'
+nagios_conf 'templates'
+nagios_conf 'services'
+nagios_conf 'servicegroups'
+nagios_conf 'servicedependencies'
+
+service 'nagios' do
+  service_name nagios_service_name
+  if ::File.exist?("#{nagios_config_dir}/services.cfg")
+    action [:enable, :start]
+  else
+    action :enable
+  end
+end
+
+# Remove distribution included config files that aren't managed via this cookbook
+zap_directory nagios_distro_config_dir do
+  pattern '*.cfg'
+  only_if { ::Dir.exist?(nagios_distro_config_dir) }
+end

data/cookbooks/nagios/recipes/server_package.rb

@@ -0,0 +1,85 @@
+#
+# Author:: Seth Chisamore <schisamo@chef.io>
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: server_package
+#
+# Copyright:: 2011-2016, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+case node['platform_family']
+when 'rhel'
+  include_recipe 'yum-epel' if node['nagios']['server']['install_yum-epel']
+when 'debian'
+  # Nagios package requires to enter the admin password
+  # We generate it randomly as it's overwritten later in the config templates
+  random_initial_password = rand(36**16).to_s(36)
+
+  %w(adminpassword adminpassword-repeat).each do |setting|
+    execute "debconf-set-selections::#{node['nagios']['server']['vname']}-cgi::#{node['nagios']['server']['vname']}/#{setting}" do
+      command "echo #{node['nagios']['server']['vname']}-cgi #{node['nagios']['server']['vname']}/#{setting} password #{random_initial_password} | debconf-set-selections"
+      sensitive true
+      not_if "dpkg -l #{node['nagios']['server']['vname']}"
+    end
+  end
+end
+
+package node['nagios']['server']['packages']
+
+# File typically exists on Debian
+file "#{apache_dir}/conf-enabled/#{node['nagios']['server']['vname']}-cgi.conf" do
+  manage_symlink_source true
+  action :delete
+end
+
+# File typically exists on RHEL
+file "#{apache_dir}/conf.d/nagios.conf" do
+  action :delete
+end
+
+directory node['nagios']['config_dir'] do
+  owner 'root'
+  group 'root'
+  mode '0755'
+  recursive true
+end
+
+directory node['nagios']['conf']['check_result_path'] do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+  recursive true
+end
+
+%w( cache_dir log_dir run_dir ).each do |dir|
+  directory node['nagios'][dir] do
+    recursive true
+    owner node['nagios']['user']
+    group node['nagios']['group']
+    mode '0755'
+  end
+end
+
+directory ::File.join(node['nagios']['log_dir'], 'archives') do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+end
+
+directory "/usr/lib/#{node['nagios']['server']['vname']}" do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+end

data/cookbooks/nagios/recipes/server_source.rb

@@ -0,0 +1,137 @@
+#
+# Author:: Seth Chisamore <schisamo@chef.io>
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: server_source
+#
+# Copyright:: 2011-2016, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Package pre-reqs
+build_essential 'install compilation tools'
+
+php_install 'nagios' do
+  packages node['nagios']['php_packages']
+end
+
+package node['nagios']['php_gd_package']
+
+# the source install of nagios from this recipe does not include embedded perl support
+# so unless the user explicitly set the p1_file attribute, we want to clear it
+# Note: the cookbook now defaults to Nagios 4.X which doesn't support embedded perl anyways
+node.default['nagios']['conf']['p1_file'] = nil
+
+package node['nagios']['server']['dependencies']
+
+user node['nagios']['user'] do
+  action :create
+end
+
+web_srv = node['nagios']['server']['web_server']
+
+group node['nagios']['group'] do
+  members [
+    node['nagios']['user'],
+    web_srv == 'nginx' ? nginx_user : default_apache_user,
+  ]
+  action :create
+end
+
+nagios_version = node['nagios']['server']['version']
+
+node['nagios']['server']['patches'].each do |patch|
+  remote_file "#{Chef::Config[:file_cache_path]}/#{patch}" do
+    source "#{node['nagios']['server']['patch_url']}/#{patch}"
+  end
+end
+
+remote_file 'nagios source file' do
+  path ::File.join(Chef::Config[:file_cache_path], "nagios-#{nagios_version}.tar.gz")
+  source node['nagios']['server']['source_url']
+  checksum node['nagios']['server']['checksum']
+  notifies :run, 'execute[compile-nagios]', :immediately
+end
+
+execute 'compile-nagios' do
+  cwd Chef::Config[:file_cache_path]
+  command <<-EOH
+    tar xzf nagios-#{nagios_version}.tar.gz
+    cd nagios-#{nagios_version}
+    ./configure --prefix=/usr \
+        --mandir=/usr/share/man \
+        --bindir=/usr/sbin \
+        --sbindir=#{node['nagios']['cgi-bin']} \
+        --datadir=#{node['nagios']['docroot']} \
+        --sysconfdir=#{node['nagios']['conf_dir']} \
+        --infodir=/usr/share/info \
+        --libexecdir=#{node['nagios']['plugin_dir']} \
+        --localstatedir=#{node['nagios']['state_dir']} \
+        --with-cgibindir=#{node['nagios']['cgi-bin']} \
+        --enable-event-broker \
+        --with-nagios-user=#{node['nagios']['user']} \
+        --with-nagios-group=#{node['nagios']['group']} \
+        --with-command-user=#{node['nagios']['user']} \
+        --with-command-group=#{node['nagios']['group']} \
+        --with-init-dir=/etc/init.d \
+        --with-lockfile=#{node['nagios']['run_dir']}/#{node['nagios']['server']['vname']}.pid \
+        --with-mail=/usr/bin/mail \
+        --with-perlcache \
+        --with-htmurl=/ \
+        --with-cgiurl=#{node['nagios']['cgi-path']}
+    make all
+    make install
+    make install-cgis
+    make install-init
+    make install-config
+    make install-commandmode
+    #{node['nagios']['source']['add_build_commands'].join("\n")}
+  EOH
+  action :nothing
+end
+
+directory node['nagios']['config_dir'] do
+  owner 'root'
+  group 'root'
+  mode '0755'
+  recursive true
+end
+
+directory node['nagios']['conf']['check_result_path'] do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+  recursive true
+end
+
+%w(cache_dir log_dir run_dir).each do |dir|
+  directory node['nagios'][dir] do
+    recursive true
+    owner node['nagios']['user']
+    group node['nagios']['group']
+    mode '0755'
+  end
+end
+
+directory ::File.join(node['nagios']['log_dir'], 'archives') do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+end
+
+directory "/usr/lib/#{node['nagios']['server']['vname']}" do
+  owner node['nagios']['user']
+  group node['nagios']['group']
+  mode '0755'
+end

data/cookbooks/nagios/resources/command.rb

@@ -0,0 +1,34 @@
+#
+# Author:: Sander Botman <sbotman@schubergphilis.com>
+# Cookbook:: : nagios
+# Resource:: : command
+#
+# Copyright:: 2015, Sander Botman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+property :options, [Hash, Chef::DataBagItem], default: {}
+unified_mode true
+
+action :create do
+  o = Nagios::Command.create(new_resource.name)
+  o.import(new_resource.options)
+end
+
+action :delete do
+  Nagios.instance.delete('command', new_resource.name)
+end
+
+action_class do
+  require_relative '../libraries/command'
+end

data/cookbooks/nagios/resources/conf.rb

@@ -0,0 +1,52 @@
+#
+# Author:: Joshua Sierles <joshua@37signals.com>
+# Author:: Joshua Timberman <joshua@chef.io>
+# Author:: Nathan Haneysmith <nathan@chef.io>
+# Author:: Seth Chisamore <schisamo@chef.io>
+# Cookbook:: nagios
+# Resource:: nagios_conf
+#
+# Copyright:: 2009, 37signals
+# Copyright:: 2009-2016, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+property :variables, Hash, default: {}
+property :config_subdir, [true, false], default: true
+property :source, String
+property :cookbook, String, default: 'nagios'
+unified_mode true
+
+action :create do
+  conf_dir = new_resource.config_subdir ? node['nagios']['config_dir'] : node['nagios']['conf_dir']
+  source ||= "#{new_resource.name}.cfg.erb"
+
+  with_run_context(:root) do
+    template "#{conf_dir}/#{new_resource.name}.cfg" do
+      cookbook new_resource.cookbook if new_resource.cookbook
+      owner 'nagios'
+      group 'nagios'
+      source source
+      mode '0644'
+      variables new_resource.variables
+      notifies :restart, 'service[nagios]'
+      backup 0
+      action :nothing
+      delayed_action :create
+    end
+  end
+end
+
+action_class do
+  require_relative '../libraries/nagios'
+end

data/cookbooks/nagios/resources/contact.rb

@@ -0,0 +1,34 @@
+#
+# Author:: Sander Botman <sbotman@schubergphilis.com>
+# Cookbook:: : nagios
+# Resource:: : contact
+#
+# Copyright:: 2015, Sander Botman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+property :options, [Hash, Chef::DataBagItem], default: {}
+unified_mode true
+
+action :create do
+  o = Nagios::Contact.create(new_resource.name)
+  o.import(new_resource.options)
+end
+
+action :delete do
+  Nagios.instance.delete('contact', new_resource.name)
+end
+
+action_class do
+  require_relative '../libraries/contact'
+end

data/cookbooks/nagios/resources/contactgroup.rb

@@ -0,0 +1,35 @@
+#
+# Author:: Sander Botman <sbotman@schubergphilis.com>
+# Cookbook:: nagios
+# Resource:: contactgroup
+#
+# Copyright:: 2015, Sander Botman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+property :options, [Hash, Chef::DataBagItem], default: {}
+unified_mode true
+
+action :create do
+  o = Nagios::Contactgroup.create(new_resource.name)
+  o.import(new_resource.options)
+end
+
+action :delete do
+  Nagios.instance.delete('contactgroup', new_resource.name)
+end
+
+action_class do
+  require_relative '../libraries/contactgroup'
+end