diff --git a/manifests/client.pp b/manifests/client.pp index 6d8fd242..733d0b56 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -4,7 +4,7 @@ # class nagios::client ( $nagios_host_name = $::nagios_host_name, - $nagios_server = $::nagios_server, + $nagios_server = 'default', # nrpe.cfg $nrpe_log_facility = 'daemon', $nrpe_pid_file = $nagios::params::nrpe_pid_file, @@ -23,7 +23,7 @@ $host_check_period = $::nagios_host_check_period, $host_check_command = $::nagios_host_check_command, $host_contact_groups = $::nagios_host_contact_groups, - $host_hostgroups = $::nagios_host_hostgroups, + $host_hostgroups = undef, $host_notes = $::nagios_host_notes, $host_notes_url = $::nagios_host_notes_url, $host_notification_period = $::nagios_host_notification_period, diff --git a/manifests/params.pp b/manifests/params.pp index 64c8445b..868aaf38 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -94,5 +94,8 @@ } } + # This probably needs specialization per OS (needs the final /) + $cgi_dir = "/usr/${libdir}/nagios/cgi-bin/" + $html_dir = "/usr/share/nagios/html/" } diff --git a/manifests/server.pp b/manifests/server.pp index 5aa8b7fe..39e75673 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,6 +1,7 @@ class nagios::server ( # For the tag of the stored configuration to realize $nagios_server = 'default', + $puppetlabs_apache = false, $apache_httpd = true, $apache_httpd_ssl = true, $apache_httpd_modules = [ @@ -18,7 +19,7 @@ ], # The apache config snippet, more useful as a template when using a custom $apache_httpd_conf_content = template('nagios/apache_httpd/httpd-nagios.conf.erb'), - $apache_allowed_from = [], # Allow access to the web in the previous template + $apache_allowed_from = '127.0.0.1', # Allow access to the web in the previous template $apache_httpd_htpasswd_source = "puppet:///modules/${module_name}/apache_httpd/htpasswd", $php = true, $php_apc = true, @@ -150,24 +151,8 @@ require => Package['nagios'], } - file { '/etc/httpd/conf.d/nagios.conf': - owner => 'root', - group => 'root', - mode => '0644', - content => $apache_httpd_conf_content, - notify => Service['httpd'], - require => Package['nagios'], - } - if $apache_httpd_htpasswd_source != false { - file { '/etc/nagios/.htpasswd': - owner => 'root', - group => 'apache', - mode => '0640', - source => $apache_httpd_htpasswd_source, - require => Package['nagios'], - } - } + # Configure apache with apache_httpd module only if requested if $apache_httpd { require apache_httpd::install require apache_httpd::service::ssl @@ -176,14 +161,75 @@ modules => $apache_httpd_modules, keepalive => 'On', } + + file { '/etc/httpd/conf.d/nagios.conf': + owner => 'root', + group => 'root', + mode => '0644', + content => $apache_httpd_conf_content, + notify => Service['httpd'], + require => Package['nagios'], + } + + if $apache_httpd_htpasswd_source != false { + file { '/etc/nagios/.htpasswd': + owner => 'root', + group => 'apache', + mode => '0640', + source => $apache_httpd_htpasswd_source, + require => Package['nagios'], + } + } + + if $php { + include php::mod_php5 + php::ini { '/etc/php.ini': } + if $php_apc { php::module { 'pecl-apc': } } + } } - if $php { - include php::mod_php5 - php::ini { '/etc/php.ini': } - if $php_apc { php::module { 'pecl-apc': } } + # Configure apache with puppetlabs-apache module only if requested + if $puppetlabs_apache { + #class {'apache': default_vhost => false, default_ssl_vhost => false} + include apache + include apache::mod::php + include apache::mod::ssl + apache::vhost { 'nagios': + port => 443, + ssl => true, + docroot => $nagios::params::html_dir, + # Avoided scriptaliases because they will go AFTER the aliases and therefore not work + aliases => [ + { alias => '/nagios/cgi-bin/', path => $nagios::params::cgi_dir }, + { alias => '/nagios/', path => $nagios::params::html_dir } + ], + directories => [ + { path => $nagios::params::cgi_dir, + 'addhandlers' => [{ handler => 'cgi-script', extensions => ['.cgi']}], + 'options' => 'ExecCGI', + 'order' => 'Deny,Allow', + 'deny' => 'from all', + 'allow' => "from ${apache_allowed_from}", + 'auth_type' => 'Basic', + 'auth_user_file' => '/etc/nagios/.htpasswd', + 'auth_name' => 'Nagios', + 'auth_require' => 'valid-user', + } , { + path => $nagios::params::html_dir, + 'options' => 'FollowSymlinks', + 'order' => 'Deny,Allow', + 'deny' => 'from all', + 'allow' => "from ${apache_allowed_from}", + 'auth_type' => 'Basic', + 'auth_user_file' => '/etc/nagios/.htpasswd', + 'auth_name' => 'Nagios', + 'auth_require' => 'valid-user', + } + ], # end directories + } # end vhost } + # Configuration files file { '/etc/nagios/cgi.cfg': owner => 'root', diff --git a/templates/apache_httpd/httpd-nagios.conf.erb b/templates/apache_httpd/httpd-nagios.conf.erb index d9c509d9..88484201 100644 --- a/templates/apache_httpd/httpd-nagios.conf.erb +++ b/templates/apache_httpd/httpd-nagios.conf.erb @@ -3,12 +3,7 @@ ScriptAlias /nagios/cgi-bin/ /usr/<%= scope.lookupvar("nagios::params::libdir") Options ExecCGI Order Deny,Allow Deny from all - Allow from 127.0.0.1 -<% if @apache_allowed_from -%> -<% @apache_allowed_from.each do |val| -%> - Allow from <%= val %> -<% end -%> -<% end -%> + Allow from <%= @apache_allowed_from %> AuthType Basic AuthUserFile /etc/nagios/.htpasswd AuthName "Nagios" @@ -20,12 +15,7 @@ Alias /nagios/ /usr/share/nagios/html/ Options FollowSymlinks Order Deny,Allow Deny from all - Allow from 127.0.0.1 -<% if @apache_allowed_from -%> -<% @apache_allowed_from.each do |val| -%> - Allow from <%= val %> -<% end -%> -<% end -%> + Allow from <%= @apache_allowed_from %> AuthType Basic AuthUserFile /etc/nagios/.htpasswd AuthName "Nagios"