cloud-mu 3.6.10 → 3.6.12

data/cookbooks/nagios/recipes/_load_databag_config.rb

@@ -0,0 +1,153 @@
+#
+# Author:: Sander Botman <sbotman@schubergphilis.com>
+# Cookbook:: nagios
+# Recipe:: _load_databag_config
+#
+# Copyright:: 2014, Sander Botman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Loading all databag information
+nagios_bags = NagiosDataBags.new
+
+hostgroups = nagios_bags.get(node['nagios']['hostgroups_databag'])
+hostgroups.each do |group|
+  next if group['search_query'].nil?
+  if node['nagios']['multi_environment_monitoring']
+    query_environments = node['nagios']['monitored_environments'].map do |environment|
+      "chef_environment:#{environment}"
+    end.join(' OR ')
+    result = search(:node, "(#{group['search_query']}) AND (#{query_environments})")
+  else
+    result = search(:node, "#{group['search_query']} AND chef_environment:#{node.chef_environment}")
+  end
+
+  result.each do |n|
+    n.automatic_attrs['roles'] = [group['hostgroup_name']]
+    Nagios.instance.push(n)
+  end
+end
+
+services = nagios_bags.get(node['nagios']['services_databag'])
+services.each do |item|
+  next unless item['activate_check_in_environment'].nil? || item['activate_check_in_environment'].include?(node.chef_environment)
+  name = item['service_description'] || item['id']
+  check_command = name.downcase.start_with?('check_') ? name.downcase : 'check_' + name.downcase
+  command_name = item['check_command'].nil? ? check_command : item['check_command']
+  service_name = name.downcase.start_with?('check_') ? name.gsub('check_', '') : name.downcase
+  item['check_command'] = command_name
+
+  nagios_command command_name do
+    options item
+  end
+
+  nagios_service service_name do
+    options item
+  end
+end
+
+contactgroups = nagios_bags.get(node['nagios']['contactgroups_databag'])
+contactgroups.each do |item|
+  name = item['contactgroup_name'] || item['id']
+  nagios_contactgroup name do
+    options item
+  end
+end
+
+eventhandlers = nagios_bags.get(node['nagios']['eventhandlers_databag'])
+eventhandlers.each do |item|
+  name = item['command_name'] || item['id']
+  nagios_command name do
+    options item
+  end
+end
+
+contacts = nagios_bags.get(node['nagios']['contacts_databag'])
+contacts.each do |item|
+  name = item['contact_name'] || item['id']
+  nagios_contact name do
+    options item
+  end
+end
+
+hostescalations = nagios_bags.get(node['nagios']['hostescalations_databag'])
+hostescalations.each do |item|
+  name = item['host_description'] || item['id']
+  nagios_hostescalation name do
+    options item
+  end
+end
+
+hosttemplates = nagios_bags.get(node['nagios']['hosttemplates_databag'])
+hosttemplates.each do |item|
+  name = item['host_name'] || item['id']
+  item['name'] = name if item['name'].nil?
+  nagios_host name do
+    options item
+  end
+end
+
+servicedependencies = nagios_bags.get(node['nagios']['servicedependencies_databag'])
+servicedependencies.each do |item|
+  name = item['service_description'] || item['id']
+  nagios_servicedependency name do
+    options item
+  end
+end
+
+serviceescalations = nagios_bags.get(node['nagios']['serviceescalations_databag'])
+serviceescalations.each do |item|
+  name = item['service_description'] || item['id']
+  nagios_serviceescalation name do
+    options item
+  end
+end
+
+servicegroups = nagios_bags.get(node['nagios']['servicegroups_databag'])
+servicegroups.each do |item|
+  name = item['servicegroup_name'] || item['id']
+  nagios_servicegroup name do
+    options item
+  end
+end
+
+templates = nagios_bags.get(node['nagios']['templates_databag'])
+templates.each do |item|
+  name = item['name'] || item['id']
+  item['name'] = name
+  nagios_service name do
+    options item
+  end
+end
+
+timeperiods = nagios_bags.get(node['nagios']['timeperiods_databag'])
+timeperiods.each do |item|
+  name = item['timeperiod_name'] || item['id']
+  nagios_timeperiod name do
+    options item
+  end
+end
+
+unmanaged_hosts = nagios_bags.get(node['nagios']['unmanagedhosts_databag'])
+unmanaged_hosts.each do |item|
+  if node['nagios']['multi_environment_monitoring'].nil?
+    next if item['environment'].nil? || item['environment'] != node.chef_environment
+  else
+    envs = node['nagios']['monitored_environments']
+    next if item['environment'].nil? || !envs.include?(item['environment'])
+  end
+  name = item['host_name'] || item['id']
+  nagios_host name do
+    options item
+  end
+end

data/cookbooks/nagios/recipes/_load_default_config.rb

@@ -0,0 +1,241 @@
+#
+# Author:: Sander Botman <sbotman@schubergphilis.com>
+# Cookbook:: nagios
+# Recipe:: _load_default_config
+#
+# Copyright:: 2014, Sander Botman
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Find nodes to monitor.
+# Search in all environments if multi_environment_monitoring is enabled.
+Chef::Log.info('Beginning search for nodes.  This may take some time depending on your node count')
+
+multi_env = node['nagios']['monitored_environments']
+multi_env_search = multi_env.empty? ? '' : ' AND (chef_environment:' + multi_env.join(' OR chef_environment:') + ')'
+
+nodes = if node['nagios']['multi_environment_monitoring']
+          search(:node, "name:*#{multi_env_search}")
+        else
+          search(:node, "name:* AND chef_environment:#{node.chef_environment}")
+        end
+
+if nodes.empty?
+  Chef::Log.info('No nodes returned from search, using this node so hosts.cfg has data')
+  nodes << node
+end
+
+# Pushing current node to prevent empty hosts.cfg
+Nagios.instance.push(node)
+
+# Pushing all nodes into the Nagios.instance model
+exclude_tag = nagios_array(node['nagios']['exclude_tag_host'])
+nodes.each do |n|
+  if n.respond_to?('tags')
+    Nagios.instance.push(n) unless nagios_array(n.tags).any? { |tag| exclude_tag.include?(tag) }
+  else
+    Nagios.instance.push(n)
+  end
+end
+
+# 24x7 timeperiod
+nagios_timeperiod '24x7' do
+  options 'alias' => '24 Hours A Day, 7 Days A Week',
+          'times' => { 'sunday' => '00:00-24:00',
+                       'monday' => '00:00-24:00',
+                       'tuesday' => '00:00-24:00',
+                       'wednesday' => '00:00-24:00',
+                       'thursday' => '00:00-24:00',
+                       'friday' => '00:00-24:00',
+                       'saturday' => '00:00-24:00' }
+end
+
+# Host checks
+nagios_command 'check_host_alive' do
+  options 'command_line' => '$USER1$/check_ping -H $HOSTADDRESS$ -w 2000,80% -c 3000,100% -p 1'
+end
+
+# Service checks
+nagios_command 'check_nagios' do
+  options 'command_line' => '$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_nagios -t 20'
+end
+
+# nrpe remote host checks
+nagios_command 'check_nrpe_alive' do
+  options 'command_line' => '$USER1$/check_nrpe -H $HOSTADDRESS$ -t 20'
+end
+
+nagios_command 'check_nrpe' do
+  options 'command_line' => '$USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t 20'
+end
+
+# host_notify_by_email command
+nagios_command 'host_notify_by_email' do
+  options 'command_line' => '/usr/bin/printf "%b" "$LONGDATETIME$\n\n$HOSTALIAS$ $NOTIFICATIONTYPE$ $HOSTSTATE$\n\n$HOSTOUTPUT$\n\nLogin: ssh://$HOSTNAME$" | ' + node['nagios']['server']['mail_command'] + ' -s "$NOTIFICATIONTYPE$ - $HOSTALIAS$ $HOSTSTATE$!" $CONTACTEMAIL$'
+end
+
+# service_notify_by_email command
+nagios_command 'service_notify_by_email' do
+  options 'command_line' => '/usr/bin/printf "%b" "$LONGDATETIME$ - $SERVICEDESC$ $SERVICESTATE$\n\n$HOSTALIAS$  $NOTIFICATIONTYPE$\n\n$SERVICEOUTPUT$\n\nLogin: ssh://$HOSTNAME$" | ' + node['nagios']['server']['mail_command'] + ' -s "** $NOTIFICATIONTYPE$ - $HOSTALIAS$ - $SERVICEDESC$ - $SERVICESTATE$" $CONTACTEMAIL$'
+end
+
+# host_notify_by_sms_email command
+nagios_command 'host_notify_by_sms_email' do
+  options 'command_line' => '/usr/bin/printf "%b" "$HOSTALIAS$ $NOTIFICATIONTYPE$ $HOSTSTATE$\n\n$HOSTOUTPUT$" | ' + node['nagios']['server']['mail_command'] + ' -s "$HOSTALIAS$ $HOSTSTATE$!" $CONTACTPAGER$'
+end
+
+# service_notify_by_sms_email command
+nagios_command 'service_notify_by_sms_email' do
+  options 'command_line' => '/usr/bin/printf "%b" "$SERVICEDESC$ $NOTIFICATIONTYPE$ $SERVICESTATE$\n\n$SERVICEOUTPUT$" | ' + node['nagios']['server']['mail_command'] + ' -s "$HOSTALIAS$ $SERVICEDESC$ $SERVICESTATE$!" $CONTACTPAGER$'
+end
+
+# root contact
+nagios_contact 'root' do
+  options 'alias' => 'Root',
+          'service_notification_period' => '24x7',
+          'host_notification_period' => '24x7',
+          'service_notification_options' => 'w,u,c,r',
+          'host_notification_options' => 'd,r',
+          'service_notification_commands' => 'service_notify_by_email',
+          'host_notification_commands' => 'host_notify_by_email',
+          'email' => 'root@localhost'
+end
+
+# admin contact
+nagios_contact 'admin' do
+  options 'alias' => 'Admin',
+          'service_notification_period' => '24x7',
+          'host_notification_period' => '24x7',
+          'service_notification_options' => 'w,u,c,r',
+          'host_notification_options' => 'd,r',
+          'service_notification_commands' => 'service_notify_by_email',
+          'host_notification_commands' => 'host_notify_by_email'
+end
+
+nagios_contact 'default-contact' do
+  options 'name' => 'default-contact',
+          'service_notification_period' => '24x7',
+          'host_notification_period' => '24x7',
+          'service_notification_options' => 'w,u,c,r,f',
+          'host_notification_options' => 'd,u,r,f,s',
+          'service_notification_commands' => 'service_notify_by_email',
+          'host_notification_commands' => 'host_notify_by_email'
+end
+
+nagios_host 'default-host' do
+  options 'name' => 'default-host',
+          'notifications_enabled' => 1,
+          'event_handler_enabled' => 1,
+          'flap_detection_enabled' => nagios_boolean(nagios_attr(:default_host)[:flap_detection]),
+          'process_perf_data' => nagios_boolean(nagios_attr(:default_host)[:process_perf_data]),
+          'retain_status_information' => 1,
+          'retain_nonstatus_information' => 1,
+          'notification_period' => '24x7',
+          'register' => 0,
+          'action_url' => nagios_attr(:default_host)[:action_url]
+end
+
+nagios_host 'server' do
+  options 'name' => 'server',
+          'use' => 'default-host',
+          'check_period' => nagios_attr(:default_host)[:check_period],
+          'check_interval' => nagios_interval(nagios_attr(:default_host)[:check_interval]),
+          'retry_interval' => nagios_interval(nagios_attr(:default_host)[:retry_interval]),
+          'max_check_attempts' => nagios_attr(:default_host)[:max_check_attempts],
+          'check_command' => nagios_attr(:default_host)[:check_command],
+          'notification_interval' => nagios_interval(nagios_attr(:default_host)[:notification_interval]),
+          'notification_options' => nagios_attr(:default_host)[:notification_options],
+          'contact_groups' => nagios_attr(:default_contact_groups),
+          'register' => 0
+end
+
+# Defaut host template
+Nagios.instance.default_host = node['nagios']['host_template']
+
+# Users
+# use the users_helper.rb library to build arrays of users and contacts
+nagios_users = NagiosUsers.new(node)
+nagios_users.users.each do |item|
+  o = Nagios::Contact.create(item['id'])
+  o.import(item.to_hash)
+  o.import(item['nagios'].to_hash) unless item['nagios'].nil?
+  o.use = 'default-contact'
+end
+
+nagios_contactgroup 'admins' do
+  options 'alias' => 'Nagios Administrators',
+          'members' => nagios_users.return_user_contacts
+end
+
+nagios_contactgroup 'admins-sms' do
+  options 'alias' => 'Sysadmin SMS',
+          'members' => nagios_users.return_user_contacts
+end
+
+# Services
+nagios_service 'default-service' do
+  options 'name' => 'default-service',
+          'active_checks_enabled' => 1,
+          'passive_checks_enabled' => 1,
+          'parallelize_check' => 1,
+          'obsess_over_service' => 1,
+          'check_freshness' => 0,
+          'notifications_enabled' => 1,
+          'event_handler_enabled' => 1,
+          'flap_detection_enabled' => nagios_boolean(nagios_attr(:default_service)[:flap_detection]),
+          'process_perf_data' => nagios_boolean(nagios_attr(:default_service)[:process_perf_data]),
+          'retain_status_information' => 1,
+          'retain_nonstatus_information' => 1,
+          'is_volatile' => 0,
+          'check_period' => '24x7',
+          'max_check_attempts' => nagios_attr(:default_service)[:max_check_attempts],
+          'check_interval' => nagios_interval(nagios_attr(:default_service)[:check_interval]),
+          'retry_interval' => nagios_interval(nagios_attr(:default_service)[:retry_interval]),
+          'contact_groups' => nagios_attr(:default_contact_groups),
+          'notification_options' => 'w,u,c,r',
+          'notification_interval' => nagios_interval(nagios_attr(:default_service)[:notification_interval]),
+          'notification_period' => '24x7',
+          'register' => 0,
+          'action_url' => nagios_attr(:default_service)[:action_url]
+end
+
+# Default service template
+Nagios.instance.default_service = 'default-service'
+
+# Define the log monitoring template (monitoring logs is very different)
+nagios_service 'default-logfile' do
+  options 'name' => 'default-logfile',
+          'use' => 'default-service',
+          'check_period' => '24x7',
+          'max_check_attempts' => 1,
+          'check_interval' => nagios_interval(nagios_attr(:default_service)[:check_interval]),
+          'retry_interval' => nagios_interval(nagios_attr(:default_service)[:retry_interval]),
+          'contact_groups' => nagios_attr(:default_contact_groups),
+          'notification_options' => 'w,u,c,r',
+          'notification_period' => '24x7',
+          'register' => 0,
+          'is_volatile' => 1
+end
+
+nagios_service 'service-template' do
+  options 'name' => 'service-template',
+          'max_check_attempts' => nagios_attr(:default_service)[:max_check_attempts],
+          'check_interval' => nagios_interval(nagios_attr(:default_service)[:check_interval]),
+          'retry_interval' => nagios_interval(nagios_attr(:default_service)[:retry_interval]),
+          'notification_interval' => nagios_interval(nagios_attr(:default_service)[:notification_interval]),
+          'register' => 0
+end
+
+nagios_resource 'USER1' do
+  options 'value' => node['nagios']['plugin_dir']
+end

data/cookbooks/nagios/recipes/apache.rb

@@ -0,0 +1,114 @@
+#
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: apache
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.default['nagios']['server']['web_server'] = 'apache'
+
+php_install 'php' do
+  packages node['nagios']['php_packages']
+end
+
+apache2_install 'nagios' do
+  listen node['nagios']['enable_ssl'] ? %w(80 443) : %w(80)
+  mpm node['nagios']['apache_mpm']
+end
+
+apache2_module 'cgi'
+apache2_module 'rewrite'
+if apache_mod_php_supported?
+  apache2_mod_php 'nagios'
+  apache_php_handler = 'application/x-httpd-php'
+else
+  apache2_module 'proxy'
+  apache2_module 'proxy_fcgi'
+  apache2_mod_proxy 'proxy'
+  php_fpm_pool 'nagios' do
+    user default_apache_user
+    group default_apache_group
+    listen_user default_apache_user
+    listen_group default_apache_group
+  end
+  apache_php_handler = "proxy:unix:#{php_fpm_socket}|fcgi://localhost"
+end
+
+apache2_module 'ssl' if node['nagios']['enable_ssl']
+
+apache2_site '000-default' do
+  action :disable
+  notifies :reload, 'apache2_service[nagios]'
+end
+
+template "#{apache_dir}/sites-available/#{node['nagios']['server']['vname']}.conf" do
+  source 'apache2.conf.erb'
+  mode '0644'
+  variables(
+    nagios_url: node['nagios']['url'],
+    https: node['nagios']['enable_ssl'],
+    ssl_cert_file: node['nagios']['ssl_cert_file'],
+    ssl_cert_key: node['nagios']['ssl_cert_key'],
+    apache_log_dir: default_log_dir,
+    apache_php_handler: apache_php_handler
+  )
+  notifies :restart, 'apache2_service[nagios]' if File.symlink?("#{apache_dir}/sites-enabled/#{node['nagios']['server']['vname']}.conf")
+end
+
+file "#{apache_dir}/conf.d/#{node['nagios']['server']['vname']}.conf" do
+  action :delete
+end
+
+apache2_site node['nagios']['server']['vname']
+
+node.default['nagios']['web_user'] = default_apache_user
+node.default['nagios']['web_group'] = default_apache_group
+
+# configure the appropriate authentication method for the web server
+case node['nagios']['server_auth_method']
+when 'openid'
+  apache2_module 'auth_openid' do
+    notifies :reload, 'apache2_service[nagios]'
+  end
+when 'cas'
+  apache2_module 'auth_cas' do
+    notifies :reload, 'apache2_service[nagios]'
+  end
+when 'ldap'
+  package 'mod_ldap' if platform_family?('rhel')
+
+  %w(ldap authnz_ldap).each do |m|
+    apache2_module m do
+      notifies :reload, 'apache2_service[nagios]'
+    end
+  end
+when 'htauth'
+  Chef::Log.info('Authentication method htauth configured in server.rb')
+else
+  Chef::Log.info('Default method htauth configured in server.rb')
+end
+
+apache2_service 'nagios' do
+  action [:enable, :start]
+  subscribes :restart, 'apache2_install[nagios]'
+  subscribes :reload, 'apache2_module[cgi]'
+  subscribes :reload, 'apache2_module[rewrite]'
+  subscribes :reload, 'apache2_mod_php[nagios]' if apache_mod_php_supported?
+  subscribes :reload, 'apache2_module[proxy]' unless apache_mod_php_supported?
+  subscribes :reload, 'apache2_module[proxy_fcgi]' unless apache_mod_php_supported?
+  subscribes :reload, 'apache2_mod_proxy[proxy]' unless apache_mod_php_supported?
+  subscribes :reload, 'apache2_module[ssl]' if node['nagios']['enable_ssl']
+end
+
+include_recipe 'nagios::server'

data/cookbooks/nagios/recipes/default.rb

@@ -0,0 +1,41 @@
+#
+# Author:: Joshua Sierles <joshua@37signals.com>
+# Author:: Joshua Timberman <joshua@chef.io>
+# Author:: Nathan Haneysmith <nathan@chef.io>
+# Author:: Seth Chisamore <schisamo@chef.io>
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: default
+#
+# Copyright:: 2009, 37signals
+# Copyright 2009-2016, Chef Software, Inc.
+# Copyright 2013-2014, Limelight Networks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# configure either Apache2 or NGINX
+case node['nagios']['server']['web_server']
+when 'nginx'
+  Chef::Log.info 'Setting up Nagios server via NGINX'
+  include_recipe 'nagios::nginx'
+when 'apache'
+  Chef::Log.info 'Setting up Nagios server via Apache2'
+  include_recipe 'nagios::apache'
+when 'none'
+  Chef::Log.info 'Setting up Nagios server without web server'
+  include_recipe 'nagios::server'
+else
+  Chef::Log.fatal('Unknown web server option provided for Nagios server: ' \
+                  "#{node['nagios']['server']['web_server']} provided. Allowed:" \
+                  "'nginx', 'apache', or 'none'")
+end

data/cookbooks/nagios/recipes/nginx.rb

@@ -0,0 +1,114 @@
+#
+# Author:: Tim Smith <tsmith@chef.io>
+# Cookbook:: nagios
+# Recipe:: nginx
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+node.default['nagios']['server']['web_server'] = 'nginx'
+
+nginx_install 'nagios' do
+  source platform_family?('rhel') ? 'epel' : 'distro'
+  ohai_plugin_enabled false
+end
+
+nginx_config 'nagios' do
+  default_site_enabled false
+  notifies :restart, 'nginx_service[nagios]', :delayed
+end
+
+php_install 'nagios'
+
+php_fpm_pool 'nagios' do
+  user nagios_nginx_user
+  group nagios_nginx_group
+  listen_user nagios_nginx_user
+  listen_group nagios_nginx_group
+end
+
+package nagios_array(node['nagios']['server']['nginx_dispatch']['packages'])
+
+if platform_family?('rhel')
+  template '/etc/sysconfig/spawn-fcgi' do
+    source 'spawn-fcgi.erb'
+    notifies :start, 'service[spawn-fcgi]', :delayed
+    variables(
+      nginx_user: nagios_nginx_user
+    )
+  end
+end
+
+nagios_array(node['nagios']['server']['nginx_dispatch']['services']).each do |svc|
+  service svc do
+    action [:enable, :start]
+  end
+end
+
+dispatch_type = node['nagios']['server']['nginx_dispatch']['type']
+
+nginx_site 'nagios' do
+  template 'nginx.conf.erb'
+  cookbook 'nagios'
+  variables(
+    allowed_ips: node['nagios']['allowed_ips'],
+    cgi: %w(cgi both).include?(dispatch_type),
+    cgi_bin_dir: platform_family?('rhel') ? '/usr/lib64' : '/usr/lib',
+    chef_env: node.chef_environment == '_default' ? 'default' : node.chef_environment,
+    docroot: node['nagios']['docroot'],
+    fqdn: node['fqdn'],
+    htpasswd_file: File.join(node['nagios']['conf_dir'], 'htpasswd.users'),
+    https: node['nagios']['enable_ssl'],
+    listen_port: node['nagios']['http_port'],
+    log_dir: node['nagios']['log_dir'],
+    nagios_url: node['nagios']['url'],
+    nginx_dispatch_cgi_url: node['nagios']['server']['nginx_dispatch']['cgi_url'],
+    nginx_dispatch_php_url: "unix:#{php_fpm_socket}",
+    php: %w(php both).include?(dispatch_type),
+    public_domain: node['public_domain'] || node['domain'],
+    server_name: node['nagios']['server']['name'],
+    server_vname: node['nagios']['server']['vname'],
+    ssl_cert_file: node['nagios']['ssl_cert_file'],
+    ssl_cert_key: node['nagios']['ssl_cert_key']
+  )
+  notifies :reload, 'nginx_service[nagios]', :delayed
+  action [:create, :enable]
+end
+
+nginx_service 'nagios' do
+  action :enable
+  delayed_action :start
+end
+
+node.default['nagios']['web_user'] = nagios_nginx_user
+node.default['nagios']['web_group'] = nagios_nginx_user
+
+# configure the appropriate authentication method for the web server
+case node['nagios']['server_auth_method']
+when 'openid'
+  Chef::Log.fatal('OpenID authentication for Nagios is not supported on NGINX')
+  Chef::Log.fatal("Set node['nagios']['server_auth_method'] attribute in your Nagios role")
+  raise 'OpenID authentication not supported on NGINX'
+when 'cas'
+  Chef::Log.fatal('CAS authentication for Nagios is not supported on NGINX')
+  Chef::Log.fatal("Set node['nagios']['server_auth_method'] attribute in your Nagios role")
+  raise 'CAS authentivation not supported on NGINX'
+when 'ldap'
+  Chef::Log.fatal('LDAP authentication for Nagios is not supported on NGINX')
+  Chef::Log.fatal("Set node['nagios']['server_auth_method'] attribute in your Nagios role")
+  raise 'LDAP authentication not supported on NGINX'
+else
+  # setup htpasswd auth
+  Chef::Log.info('Default method htauth configured in server.rb')
+end
+
+include_recipe 'nagios::server'