diff --git a/nagios/files/check_kdc b/nagios/files/check_kdc new file mode 100755 index 0000000..b6b04da --- /dev/null +++ b/nagios/files/check_kdc @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Check kerberos 5 KDC server. +# +# usage: +# +# check_kdc -H [-P ] [-k ] +# + +print_usage() { + echo "`basename $0` -H -r [-P ] [-k ]" +} + +# set defaults +TARGET="" +REALM="" +PRINCIPAL="host/`hostname`" +KEYTAB="/etc/krb5.keytab" + +while test -n "$1" ; do + case "$1" in + --help|-h) + print_usage + exit 0 + ;; + -H) + TARGET="$2" + shift + ;; + -P) + PRINCIPAL="$2" + shift + ;; + -k) + KEYTAB="$2" + shift + ;; + -r) + REALM="$2" + shift + ;; + *) + echo "Unknown argument: $1" 1>&2 + print_usage 1>&2 + exit 3 + esac + shift +done + +if [ "${TARGET}" = "" ]; then + echo "Missing hostname" 1>&2 + print_usage 1>&2 + exit 3 +elif [ "${REALM}" = "" ]; then + # try to get realm from principal + REALM=`echo "${PRINCIPAL}" | sed -n 's/.*@\(.*\)$/\1/p'` + if [ "${REALM}" = "" ]; then + echo "Missing realm" 1>&2 + print_usage 1>&2 + exit 3 + fi +fi + +export KRB5_CONFIG="`mktemp /tmp/krb5.conf.XXXXXXXXXX`" + +cat < ${KRB5_CONFIG} +[libdefaults] + default_realm = ${REALM} + dns_lookup_realm = false + dns_lookup_kdc = false + +[realms] + ${REALM} = { + kdc = ${TARGET} + } +EOF + +MESSAGE="`kinit -k -t ${KEYTAB} -c MEMORY: -P ${PRINCIPAL} 2>&1`" +if [ $? -eq 0 ]; then + MESSAGE="OK" + RETVAL=0 +else + MESSAGE="CRITICAL: `echo ${MESSAGE} | sed -e 's/^kinit: //'`" + RETVAL=2 +fi + +kdestroy -c MEMORY: > /dev/null 2>&1 + +rm -f ${KRB5_CONFIG} + +echo ${MESSAGE} +exit ${RETVAL} diff --git a/nagios/files/commands.cfg b/nagios/files/commands.cfg index cf186fe..e45b34a 100644 --- a/nagios/files/commands.cfg +++ b/nagios/files/commands.cfg @@ -155,6 +155,13 @@ define command{ } +# 'check_kdc' command definition +define command{ + command_name check_kdc + command_line $USER1$/check_kdc -H $HOSTADDRESS$ $ARG1$ + } + + # 'check_ldap' command definition define command{ command_name check_ldap @@ -273,7 +280,6 @@ define command{ } - ################################################################################ # # SAMPLE PERFORMANCE DATA COMMANDS diff --git a/nagios/manifests/init.pp b/nagios/manifests/init.pp index 2f438ae..a335800 100644 --- a/nagios/manifests/init.pp +++ b/nagios/manifests/init.pp @@ -303,6 +303,15 @@ class nagios::server::manual inherits nagios::common { require => Package["nagios"], before => Service["nagios"], } + file { "${nagios::common::libdir}/check_kdc": + ensure => present, + mode => "0755", + owner => "root", + group => "root", + source => "puppet:///modules/nagios/check_kdc", + require => Package["nagios"], + before => Service["nagios"], + } } diff --git a/nagios/manifests/target.pp b/nagios/manifests/target.pp index b552e3f..12d22e3 100644 --- a/nagios/manifests/target.pp +++ b/nagios/manifests/target.pp @@ -198,6 +198,18 @@ class nagios::target::jabber inherits nagios::target { } +# Configure kerberos kdc service target. +# +class nagios::target::kdc($principal, $keytab="/etc/nagios/nagios.keytab") inherits nagios::target { + + @@nagios::service { "${::homename}_kdc": + command => "check_kdc!-P ${principal} -k ${keytab}", + description => "Kerberos KDC", + } + +} + + # Configure ldap service target. # class nagios::target::ldap inherits nagios::target {