From 816f9f23f0a4aa808a2f3ae6d8c9f10d8c60fc9e Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Nov 2013 18:29:35 +0100 Subject: [PATCH 1/5] Completely removed dependencies from apache (for now!) --- manifests/server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server.pp b/manifests/server.pp index b9d2e72e..aa22f8cd 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -155,7 +155,7 @@ group => 'root', mode => '0644', content => $apache_httpd_conf_content, - notify => Service['httpd'], + #notify => Service['httpd'], require => Package['nagios'], } if $apache_httpd_htpasswd_source != false { From ac610587fb9f7fa2d290bbabb3c5be9e4ace72a5 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Nov 2013 18:31:36 +0100 Subject: [PATCH 2/5] changed some default client values (to make remote checks work) --- manifests/client.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/client.pp b/manifests/client.pp index 6d8fd242..733d0b56 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -4,7 +4,7 @@ # class nagios::client ( $nagios_host_name = $::nagios_host_name, - $nagios_server = $::nagios_server, + $nagios_server = 'default', # nrpe.cfg $nrpe_log_facility = 'daemon', $nrpe_pid_file = $nagios::params::nrpe_pid_file, @@ -23,7 +23,7 @@ $host_check_period = $::nagios_host_check_period, $host_check_command = $::nagios_host_check_command, $host_contact_groups = $::nagios_host_contact_groups, - $host_hostgroups = $::nagios_host_hostgroups, + $host_hostgroups = undef, $host_notes = $::nagios_host_notes, $host_notes_url = $::nagios_host_notes_url, $host_notification_period = $::nagios_host_notification_period, From 449826dd074308ca343de4cc120622f76ae8f89f Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 Nov 2013 18:43:55 +0100 Subject: [PATCH 3/5] All apache_httpd dependencies put under a single conditional --- manifests/server.pp | 48 ++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index afda0dd6..3d89da2e 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,6 +1,7 @@ class nagios::server ( # For the tag of the stored configuration to realize $nagios_server = 'default', + $puppetlabs_apache = false, $apache_httpd = true, $apache_httpd_ssl = true, $apache_httpd_modules = [ @@ -150,24 +151,8 @@ require => Package['nagios'], } - file { '/etc/httpd/conf.d/nagios.conf': - owner => 'root', - group => 'root', - mode => '0644', - content => $apache_httpd_conf_content, - #notify => Service['httpd'], - require => Package['nagios'], - } - if $apache_httpd_htpasswd_source != false { - file { '/etc/nagios/.htpasswd': - owner => 'root', - group => 'apache', - mode => '0640', - source => $apache_httpd_htpasswd_source, - require => Package['nagios'], - } - } + # Configure apache with apache_httpd module only if requested if $apache_httpd { require apache_httpd::install require apache_httpd::service::ssl @@ -176,12 +161,31 @@ modules => $apache_httpd_modules, keepalive => 'On', } - } - if $php { - include php::mod_php5 - php::ini { '/etc/php.ini': } - if $php_apc { php::module { 'pecl-apc': } } + file { '/etc/httpd/conf.d/nagios.conf': + owner => 'root', + group => 'root', + mode => '0644', + content => $apache_httpd_conf_content, + notify => Service['httpd'], + require => Package['nagios'], + } + + if $apache_httpd_htpasswd_source != false { + file { '/etc/nagios/.htpasswd': + owner => 'root', + group => 'apache', + mode => '0640', + source => $apache_httpd_htpasswd_source, + require => Package['nagios'], + } + } + + if $php { + include php::mod_php5 + php::ini { '/etc/php.ini': } + if $php_apc { php::module { 'pecl-apc': } } + } } # Configuration files From c25d276331c892bd4dcdb31d6841e57240d4c7af Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Nov 2013 09:37:29 +0100 Subject: [PATCH 4/5] Added SSL configuration with puppetlabs-apache (bit bogus for now) --- manifests/server.pp | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/manifests/server.pp b/manifests/server.pp index 3d89da2e..013abbac 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -188,6 +188,43 @@ } } + # Configure apache with puppetlabs-apache module only if requested + if $puppetlabs_apache { + #class {'apache': default_vhost => false, default_ssl_vhost => false} + include apache + include apache::mod::php + include apache::mod::ssl + apache::vhost { 'nagios': + port => 443, + ssl => true, + docroot => '/usr/share/nagios/html/', + scriptaliases => [{ alias => '/nagios/cgi-bin/', path => '/usr/lib64/nagios/cgi-bin/' }], + directories => [ + { path => '/usr/lib64/nagios/cgi-bin/', + 'options' => 'ExecCGI', + 'order' => 'Deny,Allow', + 'deny' => 'from all', + 'allow' => 'from 127.0.0.1, 148.187.0.0/16', + 'auth_type' => 'Basic', + 'auth_user_file' => '/etc/nagios/.htpasswd', + 'auth_name' => 'Nagios', + 'require' => 'valid-user', + } , { + path => '/usr/share/nagios/html/', + 'options' => 'FollowSymlinks', + 'order' => 'Deny,Allow', + 'deny' => 'from all', + 'allow' => 'from 127.0.0.1, 148.187.0.0/16', + 'auth_type' => 'Basic', + 'auth_user_file' => '/etc/nagios/.htpasswd', + 'auth_name' => 'Nagios', + 'require' => 'valid-user', + } + ], # end directories + } # end vhost + } + + # Configuration files file { '/etc/nagios/cgi.cfg': owner => 'root', From 23dff3cce3ecb8f79bffc4ef2f9eea18acc1ff3c Mon Sep 17 00:00:00 2001 From: root Date: Fri, 22 Nov 2013 14:12:56 +0100 Subject: [PATCH 5/5] Fixed imporing puppetlabs-apache from nagios server, simple auth --- manifests/params.pp | 3 +++ manifests/server.pp | 23 ++++++++++++-------- templates/apache_httpd/httpd-nagios.conf.erb | 14 ++---------- 3 files changed, 19 insertions(+), 21 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 64c8445b..868aaf38 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -94,5 +94,8 @@ } } + # This probably needs specialization per OS (needs the final /) + $cgi_dir = "/usr/${libdir}/nagios/cgi-bin/" + $html_dir = "/usr/share/nagios/html/" } diff --git a/manifests/server.pp b/manifests/server.pp index 013abbac..39e75673 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -19,7 +19,7 @@ ], # The apache config snippet, more useful as a template when using a custom $apache_httpd_conf_content = template('nagios/apache_httpd/httpd-nagios.conf.erb'), - $apache_allowed_from = [], # Allow access to the web in the previous template + $apache_allowed_from = '127.0.0.1', # Allow access to the web in the previous template $apache_httpd_htpasswd_source = "puppet:///modules/${module_name}/apache_httpd/htpasswd", $php = true, $php_apc = true, @@ -197,28 +197,33 @@ apache::vhost { 'nagios': port => 443, ssl => true, - docroot => '/usr/share/nagios/html/', - scriptaliases => [{ alias => '/nagios/cgi-bin/', path => '/usr/lib64/nagios/cgi-bin/' }], + docroot => $nagios::params::html_dir, + # Avoided scriptaliases because they will go AFTER the aliases and therefore not work + aliases => [ + { alias => '/nagios/cgi-bin/', path => $nagios::params::cgi_dir }, + { alias => '/nagios/', path => $nagios::params::html_dir } + ], directories => [ - { path => '/usr/lib64/nagios/cgi-bin/', + { path => $nagios::params::cgi_dir, + 'addhandlers' => [{ handler => 'cgi-script', extensions => ['.cgi']}], 'options' => 'ExecCGI', 'order' => 'Deny,Allow', 'deny' => 'from all', - 'allow' => 'from 127.0.0.1, 148.187.0.0/16', + 'allow' => "from ${apache_allowed_from}", 'auth_type' => 'Basic', 'auth_user_file' => '/etc/nagios/.htpasswd', 'auth_name' => 'Nagios', - 'require' => 'valid-user', + 'auth_require' => 'valid-user', } , { - path => '/usr/share/nagios/html/', + path => $nagios::params::html_dir, 'options' => 'FollowSymlinks', 'order' => 'Deny,Allow', 'deny' => 'from all', - 'allow' => 'from 127.0.0.1, 148.187.0.0/16', + 'allow' => "from ${apache_allowed_from}", 'auth_type' => 'Basic', 'auth_user_file' => '/etc/nagios/.htpasswd', 'auth_name' => 'Nagios', - 'require' => 'valid-user', + 'auth_require' => 'valid-user', } ], # end directories } # end vhost diff --git a/templates/apache_httpd/httpd-nagios.conf.erb b/templates/apache_httpd/httpd-nagios.conf.erb index d9c509d9..88484201 100644 --- a/templates/apache_httpd/httpd-nagios.conf.erb +++ b/templates/apache_httpd/httpd-nagios.conf.erb @@ -3,12 +3,7 @@ ScriptAlias /nagios/cgi-bin/ /usr/<%= scope.lookupvar("nagios::params::libdir") Options ExecCGI Order Deny,Allow Deny from all - Allow from 127.0.0.1 -<% if @apache_allowed_from -%> -<% @apache_allowed_from.each do |val| -%> - Allow from <%= val %> -<% end -%> -<% end -%> + Allow from <%= @apache_allowed_from %> AuthType Basic AuthUserFile /etc/nagios/.htpasswd AuthName "Nagios" @@ -20,12 +15,7 @@ Alias /nagios/ /usr/share/nagios/html/ Options FollowSymlinks Order Deny,Allow Deny from all - Allow from 127.0.0.1 -<% if @apache_allowed_from -%> -<% @apache_allowed_from.each do |val| -%> - Allow from <%= val %> -<% end -%> -<% end -%> + Allow from <%= @apache_allowed_from %> AuthType Basic AuthUserFile /etc/nagios/.htpasswd AuthName "Nagios"