tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nagios: Add support for Kerberos KDC service target.

Browse source
This commit is contained in:
Timo Makinen 2016-06-23 11:37:48 +03:00
parent 71a89cd122
commit 37e36b3aae
4 changed files with 120 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
nagios/files/check_kdc Executable file
View file

@ -0,0 +1,92 @@
#!/bin/sh
#
# Check kerberos 5 KDC server.
#
# usage:
#
# check_kdc -H <hostname> [-P <principal>] [-k <keytab>]
#
print_usage() {
echo "`basename $0` -H <hostname> -r <realm> [-P <principal>] [-k <keytab>]"
}
# set defaults
TARGET=""
REALM=""
PRINCIPAL="host/`hostname`"
KEYTAB="/etc/krb5.keytab"
while test -n "$1" ; do
case "$1" in
--help|-h)
print_usage
exit 0
;;
-H)
TARGET="$2"
shift
;;
-P)
PRINCIPAL="$2"
shift
;;
-k)
KEYTAB="$2"
shift
;;
-r)
REALM="$2"
shift
;;
*)
echo "Unknown argument: $1" 1>&2
print_usage 1>&2
exit 3
esac
shift
done
if [ "${TARGET}" = "" ]; then
echo "Missing hostname" 1>&2
print_usage 1>&2
exit 3
elif [ "${REALM}" = "" ]; then
# try to get realm from principal
REALM=`echo "${PRINCIPAL}" | sed -n 's/.*@\(.*\)$/\1/p'`
if [ "${REALM}" = "" ]; then
echo "Missing realm" 1>&2
print_usage 1>&2
exit 3
fi
fi
export KRB5_CONFIG="`mktemp /tmp/krb5.conf.XXXXXXXXXX`"
cat <<EOF > ${KRB5_CONFIG}
[libdefaults]
default_realm = ${REALM}
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
${REALM} = {
kdc = ${TARGET}
}
EOF
MESSAGE="`kinit -k -t ${KEYTAB} -c MEMORY: -P ${PRINCIPAL} 2>&1`"
if [ $? -eq 0 ]; then
MESSAGE="OK"
RETVAL=0
else
MESSAGE="CRITICAL: `echo ${MESSAGE} | sed -e 's/^kinit: //'`"
RETVAL=2
fi
kdestroy -c MEMORY: > /dev/null 2>&1
rm -f ${KRB5_CONFIG}
echo ${MESSAGE}
exit ${RETVAL}

8
nagios/files/commands.cfg
View file

@ -155,6 +155,13 @@ define command{
} }
# 'check_kdc' command definition
define command{
command_name check_kdc
command_line $USER1$/check_kdc -H $HOSTADDRESS$ $ARG1$
}
# 'check_ldap' command definition # 'check_ldap' command definition
define command{ define command{
command_name check_ldap command_name check_ldap
@ -273,7 +280,6 @@ define command{
} }
################################################################################ ################################################################################
# #
# SAMPLE PERFORMANCE DATA COMMANDS # SAMPLE PERFORMANCE DATA COMMANDS

9
nagios/manifests/init.pp
View file

@ -303,6 +303,15 @@ class nagios::server::manual inherits nagios::common {
require => Package["nagios"], require => Package["nagios"],
before => Service["nagios"], before => Service["nagios"],
} }
file { "${nagios::common::libdir}/check_kdc":
ensure => present,
mode => "0755",
owner => "root",
group => "root",
source => "puppet:///modules/nagios/check_kdc",
require => Package["nagios"],
before => Service["nagios"],
}
} }

12
nagios/manifests/target.pp
View file

@ -198,6 +198,18 @@ class nagios::target::jabber inherits nagios::target {
} }
# Configure kerberos kdc service target.
#
class nagios::target::kdc($principal, $keytab="/etc/nagios/nagios.keytab") inherits nagios::target {
@@nagios::service { "${::homename}_kdc":
command => "check_kdc!-P ${principal} -k ${keytab}",
description => "Kerberos KDC",
}
}
# Configure ldap service target. # Configure ldap service target.
# #
class nagios::target::ldap inherits nagios::target { class nagios::target::ldap inherits nagios::target {