nagios: Add support for Kerberos KDC service target.

2016-06-23 11:37:48 +03:00 · 2016-06-23 11:37:48 +03:00 · 37e36b3aae
commit 37e36b3aae
parent 71a89cd122
4 changed files with 120 additions and 1 deletions
--- a/nagios/files/check_kdc
+++ b/nagios/files/check_kdc
@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Check kerberos 5 KDC server.
+#
+# usage:
+#
+#     check_kdc -H <hostname> [-P <principal>] [-k <keytab>]
+#
+
+print_usage() {
+    echo "`basename $0` -H <hostname> -r <realm> [-P <principal>] [-k <keytab>]"
+}
+
+# set defaults
+TARGET=""
+REALM=""
+PRINCIPAL="host/`hostname`"
+KEYTAB="/etc/krb5.keytab"
+
+while test -n "$1" ; do
+    case "$1" in
+	--help|-h)
+	    print_usage
+	    exit 0
+	    ;;
+	-H)
+	    TARGET="$2"
+	    shift
+	    ;;
+	-P)
+	    PRINCIPAL="$2"
+	    shift
+	    ;;
+	-k)
+	    KEYTAB="$2"
+	    shift
+	    ;;
+	-r)
+	    REALM="$2"
+	    shift
+	    ;;
+	*)
+	    echo "Unknown argument: $1" 1>&2
+	    print_usage 1>&2
+	    exit 3
+    esac
+    shift
+done
+
+if [ "${TARGET}" = "" ]; then
+    echo "Missing hostname" 1>&2
+    print_usage 1>&2
+    exit 3
+elif [ "${REALM}" = "" ]; then
+    # try to get realm from principal
+    REALM=`echo "${PRINCIPAL}" | sed -n 's/.*@\(.*\)$/\1/p'`
+    if [ "${REALM}" = "" ]; then
+	echo "Missing realm" 1>&2
+	print_usage 1>&2
+	exit 3
+    fi
+fi
+
+export KRB5_CONFIG="`mktemp /tmp/krb5.conf.XXXXXXXXXX`"
+
+cat <<EOF > ${KRB5_CONFIG}
+[libdefaults]
+  default_realm = ${REALM}
+  dns_lookup_realm = false
+  dns_lookup_kdc = false
+
+[realms]
+  ${REALM} = {
+    kdc = ${TARGET}
+  }
+EOF
+
+MESSAGE="`kinit -k -t ${KEYTAB} -c MEMORY: -P ${PRINCIPAL} 2>&1`"
+if [ $? -eq 0 ]; then
+    MESSAGE="OK"
+    RETVAL=0
+else
+    MESSAGE="CRITICAL: `echo ${MESSAGE} | sed -e 's/^kinit: //'`"
+    RETVAL=2
+fi
+
+kdestroy -c MEMORY: > /dev/null 2>&1
+
+rm -f ${KRB5_CONFIG}
+
+echo ${MESSAGE}
+exit ${RETVAL}
--- a/nagios/files/commands.cfg
+++ b/nagios/files/commands.cfg
@ -155,6 +155,13 @@ define command{
        }


+# 'check_kdc' command definition
+define command{
+	command_name	check_kdc
+	command_line	$USER1$/check_kdc -H $HOSTADDRESS$ $ARG1$
+	}
+
+
 # 'check_ldap' command definition
 define command{
 	command_name	check_ldap
@ -273,7 +280,6 @@ define command{
 	}


-
 ################################################################################
 #
 # SAMPLE PERFORMANCE DATA COMMANDS
--- a/nagios/manifests/init.pp
+++ b/nagios/manifests/init.pp
@ -303,6 +303,15 @@ class nagios::server::manual inherits nagios::common {
        require => Package["nagios"],
        before  => Service["nagios"],
    }
+    file { "${nagios::common::libdir}/check_kdc":
+        ensure  => present,
+        mode    => "0755",
+        owner   => "root",
+        group   => "root",
+        source  => "puppet:///modules/nagios/check_kdc",
+        require => Package["nagios"],
+        before  => Service["nagios"],
+    }

 }

--- a/nagios/manifests/target.pp
+++ b/nagios/manifests/target.pp
@ -198,6 +198,18 @@ class nagios::target::jabber inherits nagios::target {
 }


+# Configure kerberos kdc service target.
+#
+class nagios::target::kdc($principal, $keytab="/etc/nagios/nagios.keytab") inherits nagios::target {
+
+    @@nagios::service { "${::homename}_kdc":
+        command     => "check_kdc!-P ${principal} -k ${keytab}",
+        description => "Kerberos KDC",
+    }
+
+}
+
+
 # Configure ldap service target.
 #
 class nagios::target::ldap inherits nagios::target {