diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb index 8ba1343..30e9982 100644 --- a/apache/templates/site.https.conf.erb +++ b/apache/templates/site.https.conf.erb @@ -30,14 +30,14 @@ SSLCipherSuite RC4-SHA:HIGH:!ADH # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. -SSLCertificateFile <%= apache_ssldir %>/certs/<%= site_fqdn %>.crt +SSLCertificateFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile <%= apache_ssldir %>/private/<%= site_fqdn %>.key +SSLCertificateKeyFile <%= @apache_ssldir %>/private/<%= site_fqdn %>.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -47,7 +47,7 @@ SSLCertificateKeyFile <%= apache_ssldir %>/private/<%= site_fqdn %>.key # when the CA certificates are directly appended to the server # certificate for convinience. <% if ssl_chain != "" -%> -SSLCertificateChainFile <%= apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt +SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt <% end -%> # Certificate Authority (CA): diff --git a/backuppc/manifests/init.pp b/backuppc/manifests/init.pp index f1211fd..bd4f367 100644 --- a/backuppc/manifests/init.pp +++ b/backuppc/manifests/init.pp @@ -70,7 +70,10 @@ class backuppc::server { group => "root", require => Package["BackupPC"], } - + selinux::manage_fcontext { "${backuppc_datadir}(/.*)?": + type => "var_lib_t", + before => File[$backuppc_datadir], + } file { "/var/lib/BackupPC": ensure => $backuppc_datadir, force => true, diff --git a/custom/lib/puppet/provider/service/openbsd.rb b/custom/lib/puppet/provider/service/openbsd.rb index 2213044..1c4330a 100644 --- a/custom/lib/puppet/provider/service/openbsd.rb +++ b/custom/lib/puppet/provider/service/openbsd.rb @@ -4,7 +4,7 @@ Puppet::Type.type(:service).provide :openbsd, :parent => :base do desc "OpenBSD service management." - version = ["4.9", "5.0", "5.1"] + version = ["4.9", "5.0", "5.1", "5.2"] confine :operatingsystem => :openbsd confine :operatingsystemrelease => version defaultfor :operatingsystem => :openbsd diff --git a/dell/manifests/init.pp b/dell/manifests/init.pp new file mode 100644 index 0000000..657bc9d --- /dev/null +++ b/dell/manifests/init.pp @@ -0,0 +1,41 @@ + +class dell::common { + case $::operatingsystem { + "centos", "redhat": { + include yum::repo::dell + } + default: { + fail("Dell modules not supported in ${operatingsystem}") + } + } + +} + +# Tools and services for Dell iDRAC7 management +# +class dell::idrac7 { + include dell::common + + package { 'srvadmin-idrac7': + ensure => installed, + require => Class["yum::repo::dell"], + } + + # Enable OpenManage System services + exec { "srvadmin-service-enable": + command => "/opt/dell/srvadmin/sbin/srvadmin-services.sh enable", + creates => "/etc/rc2.d/S97dataeng", + user => "root", + group => "root", + require => Exec["srvadmin-service-start"], + } + + # Start OpenManage System services + exec { "srvadmin-service-start": + command => "/opt/dell/srvadmin/sbin/srvadmin-services.sh start", + unless => "/usr/bin/pgrep -f /opt/dell/srvadmin/sbin/dsm_sa_datamgrd", + user => "root", + group => "root", + require => Package["srvadmin-idrac7"], + } +} diff --git a/dovecot/files/empty b/dovecot/files/empty new file mode 100644 index 0000000..e69de29 diff --git a/dovecot/manifests/dovecot1.pp b/dovecot/manifests/dovecot1.pp new file mode 100644 index 0000000..0c060c8 --- /dev/null +++ b/dovecot/manifests/dovecot1.pp @@ -0,0 +1,73 @@ +class dovecot::server::v1 { + case $operatingsystem { + centos,fedora: { + $dovecot_ssl_dir = "/etc/pki/tls" + } + default: { + fail("Dovecot module not supported in ${operatingsystem}.") + } + } + + service { "dovecot": + ensure => running, + enable => true, + require => File["/etc/dovecot.conf"], + } + + if $dovecot_ssl_csr { + file { "$dovecot_ssl_dir/private/dovecot.csr": + ensure => present, + source => $dovecot_ssl_csr, + mode => "0640", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } + + if $dovecot_ssl_ca { + file { "$dovecot_ssl_dir/certs/dovecot.ca.crt": + ensure => present, + source => $dovecot_ssl_ca, + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } + + if $dovecot_ssl_cert { + file { "$dovecot_ssl_dir/certs/dovecot.crt": + ensure => present, + source => $dovecot_ssl_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } else { + fail("You need to define an ssl_cert in your node manifest.") + } + + if $dovecot_ssl_key { + file { "$dovecot_ssl_dir/private/dovecot.key": + ensure => present, + source => $dovecot_ssl_key, + mode => "0600", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } else { + fail("You need to define an ssl_key in your node manifest.") + } + + file { "/etc/dovecot.conf": + ensure => present, + content => template("dovecot/dovecot.conf.erb"), + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } +} diff --git a/dovecot/manifests/dovecot2.pp b/dovecot/manifests/dovecot2.pp new file mode 100644 index 0000000..3231398 --- /dev/null +++ b/dovecot/manifests/dovecot2.pp @@ -0,0 +1,89 @@ + +class dovecot::server::v2 { + case $operatingsystem { + centos,fedora: { + $dovecot_ssl_dir = "/etc/pki/tls" + } + default: { + fail("Dovecot module not supported in ${operatingsystem}.") + } + } + + service { "dovecot": + ensure => running, + enable => true, + require => File["/etc/dovecot/conf.d/98-puppet.conf", + "/etc/dovecot/conf.d/99-local.conf"], + } + + file { "/etc/dovecot/conf.d/98-puppet.conf": + ensure => present, + content => template("dovecot/puppet.conf.erb"), + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + require => Package["dovecot"], + } + + file { "/etc/dovecot/conf.d/99-local.conf": + ensure => present, + source => [ + "puppet:///files/dovecot/local.conf", + "puppet:///modules/dovecot/empty", + ], + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + require => Package["dovecot"], + } + + if $dovecot_ssl_csr { + file { "$dovecot_ssl_dir/private/dovecot.csr": + ensure => present, + source => $dovecot_ssl_csr, + mode => "0640", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } + + if $dovecot_ssl_ca { + file { "$dovecot_ssl_dir/certs/dovecot.ca.crt": + ensure => present, + source => $dovecot_ssl_ca, + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } + + if $dovecot_ssl_cert { + file { "$dovecot_ssl_dir/certs/dovecot.crt": + ensure => present, + source => $dovecot_ssl_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } else { + fail("You need to define an ssl_cert in your node manifest.") + } + + if $dovecot_ssl_key { + file { "$dovecot_ssl_dir/private/dovecot.key": + ensure => present, + source => $dovecot_ssl_key, + mode => "0600", + owner => "root", + group => "root", + notify => Service["dovecot"], + } + } else { + fail("You need to define an ssl_key in your node manifest.") + } +} diff --git a/dovecot/manifests/init.pp b/dovecot/manifests/init.pp index 7c37d90..ac45904 100644 --- a/dovecot/manifests/init.pp +++ b/dovecot/manifests/init.pp @@ -1,3 +1,6 @@ +import "dovecot1.pp" # Dovecot v1.x +import "dovecot2.pp" # Dovecot v2.x + class dovecot::common { case $::operatingsystem { @@ -24,79 +27,33 @@ class dovecot::common { # Puppet source for the X.509 key. # $dovecot_ssl_ca: # Puppet source for the optional X.509 ca certificate. - +# $dovecot_mailbox_format: +# Mailbox format to use in user's homedir ["mbox" | "mdbox"] +# $dovecot_zlib: +# Compress mailboxes with zlib ["yes" | "no"] class dovecot::server inherits dovecot::common { + if ! $dovecot_mailbox_format { + $dovecot_mailbox_format = "mbox" + } + case $::operatingsystem { "centos","redhat","fedora": { $dovecot_ssl_dir = "/etc/pki/tls" + + case $operatingsystemrelease { + /^6\./: { + include dovecot::server::v2 + } + default: { + include dovecot::server::v1 + } + } } default: { fail("Dovecot module not supported in ${::operatingsystem}.") } } - service { "dovecot": - ensure => running, - enable => true, - require => File["/etc/dovecot.conf"], - } - - if $dovecot_ssl_csr { - file { "$dovecot_ssl_dir/private/dovecot.csr": - ensure => present, - source => $dovecot_ssl_csr, - mode => "0640", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } - - if $dovecot_ssl_ca { - file { "$dovecot_ssl_dir/certs/dovecot.ca.crt": - ensure => present, - source => $dovecot_ssl_ca, - mode => "0644", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } - - if $dovecot_ssl_cert { - file { "$dovecot_ssl_dir/certs/dovecot.crt": - ensure => present, - source => $dovecot_ssl_cert, - mode => "0644", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } else { - fail("You need to define an ssl_cert in your node manifest.") - } - - if $dovecot_ssl_key { - file { "$dovecot_ssl_dir/private/dovecot.key": - ensure => present, - source => $dovecot_ssl_key, - mode => "0600", - owner => "root", - group => "root", - notify => Service["dovecot"], - } - } else { - fail("You need to define an ssl_key in your node manifest.") - } - - file { "/etc/dovecot.conf": - ensure => present, - content => template("dovecot/dovecot.conf.erb"), - mode => "0644", - owner => "root", - group => "root", - notify => Service["dovecot"], - } } diff --git a/dovecot/templates/puppet.conf.erb b/dovecot/templates/puppet.conf.erb new file mode 100644 index 0000000..d1def49 --- /dev/null +++ b/dovecot/templates/puppet.conf.erb @@ -0,0 +1,38 @@ + +ssl=required +ssl_cert = <<%= dovecot_ssl_dir %>/certs/dovecot.crt +ssl_key = <<%= dovecot_ssl_dir %>/private/dovecot.key +<% if has_variable?('dovecot_ssl_ca') -%> +ssl_ca = <<%= dovecot_ssl_dir %>/certs/dovecot.ca.crt +<% end -%> + +<% if has_variable=('dovecot_mailbox_format') && dovecot_mailbox_format == "mdbox" -%> +# mdbox settings +mdbox_rotate_size = 10M +mdbox_rotate_interval = 10d +<% end -%> + +# zlib +<% if has_variable?('dovecot_zlib') && dovecot_zlib == "yes" -%> +mail_plugins = $mail_plugins zlib +plugin { + zlib_save_level = 1 # 1..9 + zlib_save = gz # or bz2 +} +<% end -%> + +mail_location = <%= dovecot_mailbox_format %>:~/imapmail/ + +namespace { + separator = / + list = yes +} + +namespace { + separator = / + prefix = "#mbox/" + location = mbox:~/imapinbox/:INBOX=/var/mail/%u + inbox = yes + hidden = yes + list = no +} diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp index 9d632c2..367e1f1 100644 --- a/firewall/manifests/init.pp +++ b/firewall/manifests/init.pp @@ -17,6 +17,11 @@ # # $firewall_custom = [ "pass in quick carp", ] # +# Loading of extra modules is supported on centos. For example FTP +# support for iptables: +# +# $firewall_modules = [ "nf_conntrack_ftp", ] + class firewall { if ! $firewall_custom { @@ -117,6 +122,14 @@ class firewall::common::iptables { hasrestart => true, require => Package["iptables"], } + if $firewall_modules { + $firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>') + augeas { "iptables-config": + context => "/files/etc/sysconfig/iptables-config", + changes => [ "set IPTABLES_MODULES '${firewall_modules_str}'" ], + notify => Service["iptables"], + } + } } } diff --git a/firewall/templates/ip6tables.erb b/firewall/templates/ip6tables.erb index 0e30dfb..321a3dd 100644 --- a/firewall/templates/ip6tables.erb +++ b/firewall/templates/ip6tables.erb @@ -14,7 +14,7 @@ <% end -%> -A INPUT -p ipv6-icmp -j ACCEPT <% - firewall_rules.each do |rule| + @firewall_rules.each do |rule| rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) if not rule[3] or IPAddr.new(rule[3].strip()).ipv6? -%> @@ -22,7 +22,7 @@ <% end end - firewall_custom.each do |rule| + @firewall_custom.each do |rule| -%> <%= rule %> <% end -%> diff --git a/firewall/templates/iptables.erb b/firewall/templates/iptables.erb index d5f3cb8..9f7a267 100644 --- a/firewall/templates/iptables.erb +++ b/firewall/templates/iptables.erb @@ -8,7 +8,7 @@ -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT <% - firewall_rules.each do |rule| + @firewall_rules.each do |rule| rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) if not rule[3] or IPAddr.new(rule[3].strip()).ipv4? -%> @@ -16,7 +16,7 @@ <% end end - firewall_custom.each do |rule| + @firewall_custom.each do |rule| -%> <%= rule %> <% end -%> diff --git a/firewall/templates/pf.conf.erb b/firewall/templates/pf.conf.erb index 073ef16..32eac79 100644 --- a/firewall/templates/pf.conf.erb +++ b/firewall/templates/pf.conf.erb @@ -8,10 +8,10 @@ pass out all pass in quick inet proto icmp all pass in quick inet6 proto icmp6 all -<% firewall_rules.each do |rule| -%> +<% @firewall_rules.each do |rule| -%> <% rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) -%> pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %> <% end -%> -<% firewall_custom.each do |rule| -%> +<% @firewall_custom.each do |rule| -%> <%= rule %> <% end -%> diff --git a/inetd/manifests/init.pp b/inetd/manifests/init.pp index c1a9509..24fe6d2 100644 --- a/inetd/manifests/init.pp +++ b/inetd/manifests/init.pp @@ -50,7 +50,7 @@ class inetd::server::inetd { service { "inetd": ensure => running, - start => "inetd", + start => "/usr/sbin/inetd", enable => true, } diff --git a/ldap/templates/slapd-database.conf.erb b/ldap/templates/slapd-database.conf.erb index 4e2d5d2..8711540 100644 --- a/ldap/templates/slapd-database.conf.erb +++ b/ldap/templates/slapd-database.conf.erb @@ -58,9 +58,9 @@ include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/acl.<%= nam include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/index.<%= name %>.conf # map local users connecting via ldapi:/// -sasl-regexp "gidNumber=([\d]+)+uidNumber=0,cn=peercred,cn=external,cn=auth" +sasl-regexp "gidNumber=([^,]+)+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=manager,<%= name %>" -sasl-regexp "gidNumber=([\d]+)+uidNumber=([\d]+),cn=peercred,cn=external,cn=auth" +sasl-regexp "gidNumber=([^,]+)+uidNumber=([^,]+),cn=peercred,cn=external,cn=auth" ldap:///<%= name %>??sub?(&(uidNumber=$2)(objectClass=posixAccount)) # map sasl authenticated users diff --git a/libvirt/manifests/init.pp b/libvirt/manifests/init.pp index 260cc33..8c83869 100644 --- a/libvirt/manifests/init.pp +++ b/libvirt/manifests/init.pp @@ -35,8 +35,33 @@ class libvirt::client { # $libvirt_admingroup: # Group which has access to system libvirtd. # +# $libvirt_guest_on_boot +# Action to taken on host boot [start, ignore] (default: start) +# +# $libvirt_guest_on_shutdown +# Action to taken on host shutdown [suspend, shutdown] (default: suspend) +# +# $libvirt_parallel_shutdown +# If set to non-zero, shutdown will suspend guests concurrently. (default: 0) +# class libvirt::kvm inherits libvirt::client { + if !$libvirt_admingroup { + $libvirt_admingroup = "root" + } + + if !$libvirt_guest_on_boot { + $libvirt_guest_on_boot = "start" + } + + if !$libvirt_guest_on_shutdown { + $libvirt_guest_on_shutdown = "suspend" + } + + if !$libvirt_parallel_shutdown { + $libvirt_parallel_shutdown = 0 + } + case $::operatingsystem { "centos","redhat": { case $::operatingsystemrelease { @@ -58,6 +83,14 @@ class libvirt::kvm inherits libvirt::client { } } } + file { "/etc/sysconfig/libvirt-guests": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => template("libvirt/sysconfig-libvirt-guests.erb"), + require => Package["libvirt"], + } } "fedora": { package { "qemu-kvm": @@ -74,10 +107,6 @@ class libvirt::kvm inherits libvirt::client { } } - if !$libvirt_admingroup { - $libvirt_admingroup = "root" - } - file { "/etc/libvirt/libvirtd.conf": ensure => present, mode => "0644", @@ -92,6 +121,5 @@ class libvirt::kvm inherits libvirt::client { ensure => running, enable => true, } - } diff --git a/libvirt/templates/sysconfig-libvirt-guests.erb b/libvirt/templates/sysconfig-libvirt-guests.erb new file mode 100644 index 0000000..0fed189 --- /dev/null +++ b/libvirt/templates/sysconfig-libvirt-guests.erb @@ -0,0 +1,41 @@ +# URIs to check for running guests +# example: URIS='default xen:/// vbox+tcp://host/system lxc:///' +#URIS=default + +# action taken on host boot +# - start all guests which were running on shutdown are started on boot +# regardless on their autostart settings +# - ignore libvirt-guests init script won't start any guest on boot, however, +# guests marked as autostart will still be automatically started by +# libvirtd +ON_BOOT=<%= libvirt_guest_on_boot %> + +# Number of seconds to wait between each guest start. Set to 0 to allow +# parallel startup. +#START_DELAY=0 + +# action taken on host shutdown +# - suspend all running guests are suspended using virsh managedsave +# - shutdown all running guests are asked to shutdown. Please be careful with +# this settings since there is no way to distinguish between a +# guest which is stuck or ignores shutdown requests and a guest +# which just needs a long time to shutdown. When setting +# ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a +# value suitable for your guests. +ON_SHUTDOWN=<%= libvirt_guest_on_shutdown %> + +# If set to non-zero, shutdown will suspend guests concurrently. Number of +# guests on shutdown at any time will not exceed number set in this variable. +PARALLEL_SHUTDOWN=<%= libvirt_parallel_shutdown %> + +# Number of seconds we're willing to wait for a guest to shut down. If parallel +# shutdown is enabled, this timeout applies as a timeout for shutting down all +# guests on a single URI defined in the variable URIS. If this is 0, then there +# is no time out (use with caution, as guests might not respond to a shutdown +# request). The default value is 300 seconds (5 minutes). +#SHUTDOWN_TIMEOUT=300 + +# If non-zero, try to bypass the file system cache when saving and +# restoring guests, even though this may give slower operation for +# some file systems. +#BYPASS_CACHE=0 diff --git a/munin/manifests/init.pp b/munin/manifests/init.pp index 3440ea8..84523ba 100644 --- a/munin/manifests/init.pp +++ b/munin/manifests/init.pp @@ -239,11 +239,11 @@ class munin::server { mode => "0775", owner => "munin", group => $apache::sslserver::group, - seltype => "httpd_munin_content_t", + seltype => "httpd_munin_rw_content_t", require => Package["munin"], } - selinux::manage_fcontext { "/var/cache/munin": - type => "munin_var_lib_t", + selinux::manage_fcontext { "/var/cache/munin(/.*)?": + type => "httpd_munin_rw_content_t", before => File["/var/cache/munin"], } mount { "/var/cache/munin": diff --git a/mythtv/files/myth.find_orphans.pl b/mythtv/files/myth.find_orphans.pl new file mode 100755 index 0000000..6932c1d --- /dev/null +++ b/mythtv/files/myth.find_orphans.pl @@ -0,0 +1,294 @@ +#!/usr/bin/perl + +# check for recording anomalies - +# based somewhat on greg froese's "myth.rebuilddatabase.pl" +# -- Lincoln Dale , September 2006 +# 2007-03-11: Added pretty print of unknown files vs. orphaned thumbnails. +# (Robert Kulagowski) 2008-02-15: Added dryrun and rerecord options (David +# George) + +# The intent of this script is to be able to find orphaned rows in the +# 'recorded' table (entries which don't have matching media files) and +# orphaned media files (potentially taking up gigabytes of otherwise usable +# disk space) which have no matching row in the 'recorded' db table. +# +# By default, running the script will simply return a list of problems it +# finds. Running with --dodbdelete will remove db recorded rows for which +# there is no matching media file. Running with --dodelete will delete +# media files for which there is no matching db record. +# +# This script may be useful to fix up some orphaned db entries (causes +# mythweb to run very slowly) as well as reclaim some disk space from some +# orphaned media files. (in an ideal world, neither of these would ever +# happen, but I've seen both happen in reality). This script makes it easy +# to keep track of whether it has or hasn't happened, even if you have +# thousands of recordings and terabytes of stored media. +# +# no warranties expressed or implied. if you run this and it deletes all +# your recordings and sets mythtv to fill up all your disk space with The +# Home Shopping Network, its entirely your fault. +# +# The dryrun option will allow you to see the db entries/files that will be +# deleted without actually executing them. +# The rerecord option is useful if you lose a hard drive in your storage +# group to tell the scheduler to re-record the lost programs (if they happen +# to be shown again). + +my $progname = "myth.find_orphans.pl"; +my $revision = "0.21"; + +use DBI; +use Sys::Hostname; +use Getopt::Long; + +# +# options +# + +my $opt_host = hostname; +my $opt_dbhost = $opt_host; +my $opt_database = "mythconverg"; +my $opt_user = "mythtv"; +my $opt_pass = "mythtv"; +my $opt_ext = "{nuv,mpg,mpeg,avi}"; +my $opt_dir = ""; +my $opt_dodelete = 0; +my $opt_dodbdelete = 0; +my $debug = 0; +my $opt_help = 0; +my $opt_dryrun = 0; +my $opt_rerecord = 0; + +GetOptions( + 'host=s' => \$opt_host, + 'dbhost=s' => \$opt_dbhost, + 'database=s' => \$opt_database, + 'user=s' => \$opt_user, + 'pass=s' => \$opt_pass, + 'dir=s' => \$opt_dir, + 'dodelete' => \$opt_dodelete, + 'dodbdelete' => \$opt_dodbdelete, + 'dryrun' => \$opt_dryrun, + 'rerecord' => \$opt_rerecord, + 'debug+' => \$debug, + 'help' => \$opt_help, + 'h' => \$opt_help, + 'v' => \$opt_help); + +if ($opt_help) { + print<connect("dbi:mysql:database=$opt_database:host=$opt_dbhost","$opt_user","$opt_pass"))) { + die "Cannot connect to database $opt_database on host $opt_dbhost: $!\n"; +} + +if ($opt_dir eq "") { + &dir_lookup("SELECT dirname FROM storagegroup WHERE hostname=(?) AND groupname != 'DB Backups'"); + &dir_lookup("SELECT data FROM settings WHERE value='RecordFilePrefix' AND hostname=(?)"); + + printf STDERR "Recording directories ($opt_host): $opt_dir\n" if $debug; +} + +if ($opt_dir eq "") { + printf "ERROR: no directory found or specified\n"; + exit 1; +} + +foreach $d (split(/,/,$opt_dir)) { + $d =~ s/\/$//g; # strip trailing / + $dirs{$d}++; +} + + +# +# look in recorded table, make sure we can find every file .. +# + +my $q = "SELECT title, subtitle, description, starttime, endtime, chanid, basename FROM recorded WHERE hostname=(?) ORDER BY starttime"; +$sth = $dbh->prepare($q); +$sth->execute($opt_host) || die "Could not execute ($q): $!\n"; + +while (my @row=$sth->fetchrow_array) { + ($title, $subtitle, $description ,$starttime, $endtime, $channel, $basename) = @row; + + # see if we can find it... + $loc = find_file($basename); + if ($loc eq "") { + printf "Missing media: %s (title:%s, start:%s)\n",$basename,$title,$starttime; + $missing_recordings++; + + if ($opt_dodbdelete) { + $title =~ s/"/\\"/g; + $subtitle =~ s/"/\\"/g; + $description =~ s/"/\\"/g; + my $sql = sprintf "DELETE FROM oldrecorded WHERE title LIKE \"%s\" AND subtitle LIKE \"%s\" AND description LIKE \"%s\" LIMIT 1", $title, $subtitle, $description; + printf "unmarking program as recorded: %s\n",$sql; + $dbh->do($sql) || die "Could not execute $sql: $!\n"; + my $sql = sprintf "DELETE FROM recorded WHERE basename LIKE \"%s\" LIMIT 1",$basename; + printf "performing database delete: %s\n",$sql; + if (!$opt_dryrun) { + $dbh->do($sql) || die "Could not execute $sql: $!\n"; + } + + if ($opt_rerecord) { + my $sql = sprintf "UPDATE oldrecorded SET duplicate = 0 where title = \"%s\" and starttime = \"%s\" and chanid = \"%s\"", + $title, $starttime, $channel; + printf "updating oldrecorded: %s\n", $sql; + if (!$opt_dryrun) { + $dbh->do($sql) || die "Could not execute $sql: $!\n"; + } + } + } + } else { + $valid_recordings++; + $seen_basename{$basename}++; + $seen_basename{$basename.".png"}++; # thumbnail + } +} + +# +# look in recording directories, see if there are extra files not in database +# + +foreach my $this_dir (keys %dirs) { + opendir(DIR, $this_dir) || die "cannot open directory $this_dir: $!\n"; + foreach $this_file (readdir(DIR)) { + if (-f "$this_dir/$this_file") { + + next if ($this_file eq "nfslockfile.lock"); + + my $this_filesize = -s "$this_dir/$this_file"; + if ($seen_basename{$this_file} == 0) { + $sorted_filesizes{$this_filesize} .= sprintf "unknown file [%s]: %s/%s\n",pretty_filesize($this_filesize),$this_dir,$this_file; + $unknown_size += $this_filesize; + if (substr($this_file,-4) eq ".png") { + $unknown_thumbnail++; + } + else { + $unknown_files++; + } + + if ($opt_dodelete) { + printf STDERR "deleting [%s]: %s/%s\n",pretty_filesize($this_filesize),$this_dir,$this_file; + + if (!$opt_dryrun) { + unlink "$this_dir/$this_file"; + + if (-f "$this_dir/$this_file") { + $errors++; + printf "ERROR: could not delete $this_dir/$this_file\n"; + } + } + } + } else { + $known_files++; + $known_size += $this_filesize; + printf "KNOWN file [%s]: %s/%s\n",pretty_filesize($this_filesize),$this_dir,$this_file if $debug; + } + } else { + printf "NOT A FILE: %s/%s\n",$this_dir,$this_file if $debug; + } + } + closedir DIR; +} + + +# +# finished, report results +# + +foreach my $key (sort { $a <=> $b } keys %sorted_filesizes) { + printf $sorted_filesizes{$key}; +} + +printf "Summary:\n"; +printf " Host: %s, Directories: %s\n", $opt_host, join(" ",keys %dirs); +printf " %d ERRORS ENCOUNTERED (see above for details)\n",$errors if ($errors > 0); +printf " %d valid recording%s, %d missing recording%s %s\n", + $valid_recordings, ($valid_recordings != 1 ? "s" : ""), + $missing_recordings, ($missing_recordings != 1 ? "s" : ""), + ($missing_recordings > 0 ? ($opt_dodbdelete ? "were fixed" : "not fixed, check above is valid and use --dodbdelete to fix") : ""); +printf " %d known media files using %s\n %d orphaned thumbnails with no corresponding recording\n %d unknown files using %s %s\n", + $known_files, pretty_filesize($known_size), + $unknown_thumbnail,$unknown_files, pretty_filesize($unknown_size), + ($unknown_files > 0 ? ($opt_dodelete ? "were fixed" : "not fixed, check above and use --dodelete to clean up if the above output is accurate") : ""); + +exit(0); + +########################################################################### +# filesize bling + +sub pretty_filesize +{ + local($fsize) = @_; + return sprintf "%0.1fGB",($fsize / 1000000000) if ($fsize >= 1000000000); + return sprintf "%0.1fMB",($fsize / 1000000) if ($fsize >= 1000000); + return sprintf "%0.1fKB",($fsize / 1000) if ($fsize >= 1000); + return sprintf "%0.0fB",$fsize; +} + +########################################################################### +# find a file in directories without globbing + +sub find_file +{ + local($fname) = @_; + + foreach my $d (keys %dirs) { + my $f = $d."/".$fname; + if (-e $f) { + return $f; + } + } + return; +} + +########################################################################### + +sub dir_lookup +{ + my $query = shift; + + $sth = $dbh->prepare($query); + $sth->execute($opt_host) || die "Could not execute ($dir_query)"; + while (my @row = $sth->fetchrow_array) { + $opt_dir .= "," if ($opt_dir ne ""); + $opt_dir .= $row[0]; + } +} + +########################################################################### + diff --git a/mythtv/files/mythorphans b/mythtv/files/mythorphans index 9d5ee70..a6e367e 100755 --- a/mythtv/files/mythorphans +++ b/mythtv/files/mythorphans @@ -19,7 +19,7 @@ mysql -h "${DBHostName}" -u"${DBUserName}" -p"${DBPassword}" -s \ "${DBName}" | egrep -q "^[1-9][0-9]*\$" || exit 0 # find orphans and print stats if found -perl /usr/share/doc/mythtv-docs-${MYTHVERSION}/contrib/maintenance/myth.find_orphans.pl \ +perl /usr/local/bin/myth.find_orphans.pl \ --dbhost="${DBHostName}" \ --database="${DBName}" \ --user="${DBUserName}" \ diff --git a/mythtv/manifests/init.pp b/mythtv/manifests/init.pp index 0f3d9e9..c6375d3 100644 --- a/mythtv/manifests/init.pp +++ b/mythtv/manifests/init.pp @@ -118,11 +118,19 @@ class mythtv::backend { } file { "/etc/cron.daily/mythorphans": + ensure => present, + source => "puppet:///modules/mythtv/mythorphans", + mode => "0755", + owner => "root", + group => "root", + require => File["/usr/local/bin/myth.find_orphans.pl"], + } + file { "/usr/local/bin/myth.find_orphans.pl": ensure => present, - source => "puppet:///modules/mythtv/mythorphans", + source => "puppet:///modules/mythtv/myth.find_orphans.pl", mode => "0755", - owner => root, - group => root, + owner => "root", + group => "root", } } diff --git a/mythtv/templates/config.xml.erb b/mythtv/templates/config.xml.erb index 35153f2..fb0cbcc 100644 --- a/mythtv/templates/config.xml.erb +++ b/mythtv/templates/config.xml.erb @@ -10,4 +10,11 @@ + + <%= mythtv_dbhost %> + <%= mythtv_dbuser %> + <%= mythtv_dbpass %> + <%= mythtv_dbname %> + 3306 + diff --git a/nagios/files/commands.cfg b/nagios/files/commands.cfg new file mode 100644 index 0000000..50b9f6e --- /dev/null +++ b/nagios/files/commands.cfg @@ -0,0 +1,256 @@ +############################################################################### +# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 3.4.1 +# +# Last Modified: 05-31-2007 +# +# NOTES: This config file provides you with some example command definitions +# that you can reference in host, service, and contact definitions. +# +# You don't need to keep commands in a separate file from your other +# object definitions. This has been done just to make things easier to +# understand. +# +############################################################################### + + +################################################################################ +# +# SAMPLE NOTIFICATION COMMANDS +# +# These are some example notification commands. They may or may not work on +# your system without modification. As an example, some systems will require +# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below. +# +################################################################################ + + +# 'notify-host-by-email' command definition +define command{ + command_name notify-host-by-email + command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ + } + +# 'notify-service-by-email' command definition +define command{ + command_name notify-service-by-email + command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ + } + + + + + +################################################################################ +# +# SAMPLE HOST CHECK COMMANDS +# +################################################################################ + + +# This command checks to see if a host is "alive" by pinging it +# The check must result in a 100% packet loss or 5 second (5000ms) round trip +# average time to produce a critical error. +# Note: Five ICMP echo packets are sent (determined by the '-p 5' argument) + +# 'check-host-alive' command definition +define command{ + command_name check-host-alive + command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5 + } + + + + +################################################################################ +# +# SAMPLE SERVICE CHECK COMMANDS +# +# These are some example service check commands. They may or may not work on +# your system, as they must be modified for your plugins. See the HTML +# documentation on the plugins for examples of how to configure command definitions. +# +# NOTE: The following 'check_local_...' functions are designed to monitor +# various metrics on the host that Nagios is running on (i.e. this one). +################################################################################ + +# 'check_local_disk' command definition +define command{ + command_name check_local_disk + command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ + } + + +# 'check_local_load' command definition +define command{ + command_name check_local_load + command_line $USER1$/check_load -w $ARG1$ -c $ARG2$ + } + + +# 'check_local_procs' command definition +define command{ + command_name check_local_procs + command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ + } + + +# 'check_local_users' command definition +define command{ + command_name check_local_users + command_line $USER1$/check_users -w $ARG1$ -c $ARG2$ + } + + +# 'check_local_swap' command definition +define command{ + command_name check_local_swap + command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$ + } + + +# 'check_local_mrtgtraf' command definition +define command{ + command_name check_local_mrtgtraf + command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$ + } + + +################################################################################ +# NOTE: The following 'check_...' commands are used to monitor services on +# both local and remote hosts. +################################################################################ + +# 'check_ftp' command definition +define command{ + command_name check_ftp + command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_hpjd' command definition +define command{ + command_name check_hpjd + command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_snmp' command definition +define command{ + command_name check_snmp + command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_http' command definition +define command{ + command_name check_http + command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$ + } + + +# 'check_ssh' command definition +define command{ + command_name check_ssh + command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$ + } + + +# 'check_dhcp' command definition +define command{ + command_name check_dhcp + command_line $USER1$/check_dhcp $ARG1$ + } + + +# 'check_ping' command definition +define command{ + command_name check_ping + command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5 + } + + +# 'check_pop' command definition +define command{ + command_name check_pop + command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_imap' command definition +define command{ + command_name check_imap + command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_smtp' command definition +define command{ + command_name check_smtp + command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$ + } + + +# 'check_tcp' command definition +define command{ + command_name check_tcp + command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$ + } + + +# 'check_udp' command definition +define command{ + command_name check_udp + command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$ + } + + +# 'check_nt' command definition +define command{ + command_name check_nt + command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$ + } + + +# 'check_nrpe' command definition +define command{ + command_name check_nrpe + command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ + } + + + +################################################################################ +# +# SAMPLE PERFORMANCE DATA COMMANDS +# +# These are sample performance data commands that can be used to send performance +# data output to two text files (one for hosts, another for services). If you +# plan on simply writing performance data out to a file, consider using the +# host_perfdata_file and service_perfdata_file options in the main config file. +# +################################################################################ + + +# 'process-host-perfdata' command definition +define command{ + command_name process-host-perfdata + command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/log/nagios/host-perfdata.out + } + + +# 'process-service-perfdata' command definition +define command{ + command_name process-service-perfdata + command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/log/nagios/service-perfdata.out + } + + +define command{ + command_name notify-host-by-prowl + command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Host Alert" -F description="$HOSTNAME$ is $HOSTSTATE$ '$HOSTOUTPUT$'" "https://prowl.weks.net/publicapi/add" +} + +define command{ + command_name notify-service-by-prowl + command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Service Alert" -F description="$HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ '$SERVICEOUTPUT$'" "https://prowl.weks.net/publicapi/add" +} diff --git a/nagios/files/htaccess.Debian b/nagios/files/htaccess.Debian new file mode 100644 index 0000000..771dc93 --- /dev/null +++ b/nagios/files/htaccess.Debian @@ -0,0 +1,5 @@ +AuthType Basic +AuthName "Nagios" +AuthUserFile /etc/nagios3/htpasswd.users + +require valid-user diff --git a/nagios/files/htaccess.RedHat b/nagios/files/htaccess.RedHat new file mode 100644 index 0000000..d5f4dc7 --- /dev/null +++ b/nagios/files/htaccess.RedHat @@ -0,0 +1,5 @@ +AuthType Basic +AuthName "Nagios" +AuthUserFile /etc/nagios/passwd + +require valid-user diff --git a/nagios/files/nagios.cfg.Debian b/nagios/files/nagios.cfg.Debian new file mode 100644 index 0000000..d6c627e --- /dev/null +++ b/nagios/files/nagios.cfg.Debian @@ -0,0 +1,1313 @@ +# LOG FILE +# This is the main log file where service and host events are logged +# for historical purposes. This should be the first option specified +# in the config file!!! +log_file=/var/log/nagios3/nagios.log + +# Commands definitions +cfg_file=/etc/nagios3/commands.cfg + +# Debian uses by default a configuration directory where nagios3-common, +# other packages and the local admin can dump or link configuration +# files into. +cfg_dir=/etc/nagios3/conf.d + +# OBJECT CONFIGURATION FILE(S) +# These are the object configuration files in which you define hosts, +# host groups, contacts, contact groups, services, etc. +# You can split your object definitions across several config files +# if you wish (as shown below), or keep them all in a single config file. + +# You can specify individual object config files as shown below: +#cfg_file=/etc/nagios3/objects/commands.cfg +#cfg_file=/etc/nagios3/objects/contacts.cfg +#cfg_file=/etc/nagios3/objects/timeperiods.cfg +#cfg_file=/etc/nagios3/objects/templates.cfg + +# Definitions for monitoring a Windows machine +#cfg_file=/etc/nagios3/objects/windows.cfg + +# Definitions for monitoring a router/switch +#cfg_file=/etc/nagios3/objects/switch.cfg + +# Definitions for monitoring a network printer +#cfg_file=/etc/nagios3/objects/printer.cfg + + +# You can also tell Nagios to process all config files (with a .cfg +# extension) in a particular directory by using the cfg_dir +# directive as shown below: + +#cfg_dir=/etc/nagios3/servers +#cfg_dir=/etc/nagios3/printers +#cfg_dir=/etc/nagios3/switches +#cfg_dir=/etc/nagios3/routers + + + + +# OBJECT CACHE FILE +# This option determines where object definitions are cached when +# Nagios starts/restarts. The CGIs read object definitions from +# this cache file (rather than looking at the object config files +# directly) in order to prevent inconsistencies that can occur +# when the config files are modified after Nagios starts. + +object_cache_file=/var/cache/nagios3/objects.cache + + + +# PRE-CACHED OBJECT FILE +# This options determines the location of the precached object file. +# If you run Nagios with the -p command line option, it will preprocess +# your object configuration file(s) and write the cached config to this +# file. You can then start Nagios with the -u option to have it read +# object definitions from this precached file, rather than the standard +# object configuration files (see the cfg_file and cfg_dir options above). +# Using a precached object file can speed up the time needed to (re)start +# the Nagios process if you've got a large and/or complex configuration. +# Read the documentation section on optimizing Nagios to find our more +# about how this feature works. + +precached_object_file=/var/lib/nagios3/objects.precache + + + +# RESOURCE FILE +# This is an optional resource file that contains $USERx$ macro +# definitions. Multiple resource files can be specified by using +# multiple resource_file definitions. The CGIs will not attempt to +# read the contents of resource files, so information that is +# considered to be sensitive (usernames, passwords, etc) can be +# defined as macros in this file and restrictive permissions (600) +# can be placed on this file. + +resource_file=/etc/nagios3/resource.cfg + + + +# STATUS FILE +# This is where the current status of all monitored services and +# hosts is stored. Its contents are read and processed by the CGIs. +# The contents of the status file are deleted every time Nagios +# restarts. + +status_file=/var/cache/nagios3/status.dat + + + +# STATUS FILE UPDATE INTERVAL +# This option determines the frequency (in seconds) that +# Nagios will periodically dump program, host, and +# service status data. + +status_update_interval=10 + + + +# NAGIOS USER +# This determines the effective user that Nagios should run as. +# You can either supply a username or a UID. + +nagios_user=nagios + + + +# NAGIOS GROUP +# This determines the effective group that Nagios should run as. +# You can either supply a group name or a GID. + +nagios_group=nagios + + + +# EXTERNAL COMMAND OPTION +# This option allows you to specify whether or not Nagios should check +# for external commands (in the command file defined below). By default +# Nagios will *not* check for external commands, just to be on the +# cautious side. If you want to be able to use the CGI command interface +# you will have to enable this. +# Values: 0 = disable commands, 1 = enable commands + +check_external_commands=0 + + + +# EXTERNAL COMMAND CHECK INTERVAL +# This is the interval at which Nagios should check for external commands. +# This value works of the interval_length you specify later. If you leave +# that at its default value of 60 (seconds), a value of 1 here will cause +# Nagios to check for external commands every minute. If you specify a +# number followed by an "s" (i.e. 15s), this will be interpreted to mean +# actual seconds rather than a multiple of the interval_length variable. +# Note: In addition to reading the external command file at regularly +# scheduled intervals, Nagios will also check for external commands after +# event handlers are executed. +# NOTE: Setting this value to -1 causes Nagios to check the external +# command file as often as possible. + +#command_check_interval=15s +command_check_interval=-1 + + + +# EXTERNAL COMMAND FILE +# This is the file that Nagios checks for external command requests. +# It is also where the command CGI will write commands that are submitted +# by users, so it must be writeable by the user that the web server +# is running as (usually 'nobody'). Permissions should be set at the +# directory level instead of on the file, as the file is deleted every +# time its contents are processed. +# Debian Users: In case you didn't read README.Debian yet, _NOW_ is the +# time to do it. + +command_file=/var/lib/nagios3/rw/nagios.cmd + + + +# EXTERNAL COMMAND BUFFER SLOTS +# This settings is used to tweak the number of items or "slots" that +# the Nagios daemon should allocate to the buffer that holds incoming +# external commands before they are processed. As external commands +# are processed by the daemon, they are removed from the buffer. + +external_command_buffer_slots=4096 + + + +# LOCK FILE +# This is the lockfile that Nagios will use to store its PID number +# in when it is running in daemon mode. + +lock_file=/var/run/nagios3/nagios3.pid + + + +# TEMP FILE +# This is a temporary file that is used as scratch space when Nagios +# updates the status log, cleans the comment file, etc. This file +# is created, used, and deleted throughout the time that Nagios is +# running. + +temp_file=/var/cache/nagios3/nagios.tmp + + + +# TEMP PATH +# This is path where Nagios can create temp files for service and +# host check results, etc. + +temp_path=/tmp + + + +# EVENT BROKER OPTIONS +# Controls what (if any) data gets sent to the event broker. +# Values: 0 = Broker nothing +# -1 = Broker everything +# = See documentation + +event_broker_options=-1 + + + +# EVENT BROKER MODULE(S) +# This directive is used to specify an event broker module that should +# by loaded by Nagios at startup. Use multiple directives if you want +# to load more than one module. Arguments that should be passed to +# the module at startup are seperated from the module path by a space. +# +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# Do NOT overwrite modules while they are being used by Nagios or Nagios +# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation +# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios... +# +# The correct/safe way of updating a module is by using one of these methods: +# 1. Shutdown Nagios, replace the module file, restart Nagios +# 2. Delete the original module file, move the new module file into place, restart Nagios +# +# Example: +# +# broker_module= [moduleargs] + +#broker_module=/somewhere/module1.o +#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 + + + +# LOG ROTATION METHOD +# This is the log rotation method that Nagios should use to rotate +# the main log file. Values are as follows.. +# n = None - don't rotate the log +# h = Hourly rotation (top of the hour) +# d = Daily rotation (midnight every day) +# w = Weekly rotation (midnight on Saturday evening) +# m = Monthly rotation (midnight last day of month) + +log_rotation_method=d + + + +# LOG ARCHIVE PATH +# This is the directory where archived (rotated) log files should be +# placed (assuming you've chosen to do log rotation). + +log_archive_path=/var/log/nagios3/archives + + + +# LOGGING OPTIONS +# If you want messages logged to the syslog facility, as well as the +# Nagios log file set this option to 1. If not, set it to 0. + +use_syslog=1 + + + +# NOTIFICATION LOGGING OPTION +# If you don't want notifications to be logged, set this value to 0. +# If notifications should be logged, set the value to 1. + +log_notifications=1 + + + +# SERVICE RETRY LOGGING OPTION +# If you don't want service check retries to be logged, set this value +# to 0. If retries should be logged, set the value to 1. + +log_service_retries=1 + + + +# HOST RETRY LOGGING OPTION +# If you don't want host check retries to be logged, set this value to +# 0. If retries should be logged, set the value to 1. + +log_host_retries=1 + + + +# EVENT HANDLER LOGGING OPTION +# If you don't want host and service event handlers to be logged, set +# this value to 0. If event handlers should be logged, set the value +# to 1. + +log_event_handlers=1 + + + +# INITIAL STATES LOGGING OPTION +# If you want Nagios to log all initial host and service states to +# the main log file (the first time the service or host is checked) +# you can enable this option by setting this value to 1. If you +# are not using an external application that does long term state +# statistics reporting, you do not need to enable this option. In +# this case, set the value to 0. + +log_initial_states=0 + + + +# EXTERNAL COMMANDS LOGGING OPTION +# If you don't want Nagios to log external commands, set this value +# to 0. If external commands should be logged, set this value to 1. +# Note: This option does not include logging of passive service +# checks - see the option below for controlling whether or not +# passive checks are logged. + +log_external_commands=1 + + + +# PASSIVE CHECKS LOGGING OPTION +# If you don't want Nagios to log passive host and service checks, set +# this value to 0. If passive checks should be logged, set +# this value to 1. + +log_passive_checks=1 + + + +# GLOBAL HOST AND SERVICE EVENT HANDLERS +# These options allow you to specify a host and service event handler +# command that is to be run for every host or service state change. +# The global event handler is executed immediately prior to the event +# handler that you have optionally specified in each host or +# service definition. The command argument is the short name of a +# command definition that you define in your host configuration file. +# Read the HTML docs for more information. + +#global_host_event_handler=somecommand +#global_service_event_handler=somecommand + + + +# SERVICE INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" service checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all service checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! This is not a +# good thing for production, but is useful when testing the +# parallelization functionality. +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +service_inter_check_delay_method=s + + + +# MAXIMUM SERVICE CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all services should +# be completed. Default is 30 minutes. + +max_service_check_spread=30 + + + +# SERVICE CHECK INTERLEAVE FACTOR +# This variable determines how service checks are interleaved. +# Interleaving the service checks allows for a more even +# distribution of service checks and reduced load on remote +# hosts. Setting this value to 1 is equivalent to how versions +# of Nagios previous to 0.0.5 did service checks. Set this +# value to s (smart) for automatic calculation of the interleave +# factor unless you have a specific reason to change it. +# s = Use "smart" interleave factor calculation +# x = Use an interleave factor of x, where x is a +# number greater than or equal to 1. + +service_interleave_factor=s + + + +# HOST INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" host checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all host checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +host_inter_check_delay_method=s + + + +# MAXIMUM HOST CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all hosts should +# be completed. Default is 30 minutes. + +max_host_check_spread=30 + + + +# MAXIMUM CONCURRENT SERVICE CHECKS +# This option allows you to specify the maximum number of +# service checks that can be run in parallel at any given time. +# Specifying a value of 1 for this variable essentially prevents +# any service checks from being parallelized. A value of 0 +# will not restrict the number of concurrent checks that are +# being executed. + +max_concurrent_checks=0 + + + +# HOST AND SERVICE CHECK REAPER FREQUENCY +# This is the frequency (in seconds!) that Nagios will process +# the results of host and service checks. + +check_result_reaper_frequency=10 + + + + +# MAX CHECK RESULT REAPER TIME +# This is the max amount of time (in seconds) that a single +# check result reaper event will be allowed to run before +# returning control back to Nagios so it can perform other +# duties. + +max_check_result_reaper_time=30 + + + + +# CHECK RESULT PATH +# This is directory where Nagios stores the results of host and +# service checks that have not yet been processed. +# +# Note: Make sure that only one instance of Nagios has access +# to this directory! + +check_result_path=/var/lib/nagios3/spool/checkresults + + + + +# MAX CHECK RESULT FILE AGE +# This option determines the maximum age (in seconds) which check +# result files are considered to be valid. Files older than this +# threshold will be mercilessly deleted without further processing. + +max_check_result_file_age=3600 + + + + +# CACHED HOST CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous host check is considered current. +# Cached host states (from host checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to the host check logic. +# Too high of a value for this option may result in inaccurate host +# states being used by Nagios, while a lower value may result in a +# performance hit for host checks. Use a value of 0 to disable host +# check caching. + +cached_host_check_horizon=15 + + + +# CACHED SERVICE CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous service check is considered current. +# Cached service states (from service checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to predictive dependency checks. +# Use a value of 0 to disable service check caching. + +cached_service_check_horizon=15 + + + +# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of hosts when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# host dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_host_dependency_checks=1 + + + +# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of service when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# service dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_service_dependency_checks=1 + + + +# SOFT STATE DEPENDENCIES +# This option determines whether or not Nagios will use soft state +# information when checking host and service dependencies. Normally +# Nagios will only use the latest hard host or service state when +# checking dependencies. If you want it to use the latest state (regardless +# of whether its a soft or hard state type), enable this option. +# Values: +# 0 = Don't use soft state dependencies (default) +# 1 = Use soft state dependencies + +soft_state_dependencies=0 + + + +# TIME CHANGE ADJUSTMENT THRESHOLDS +# These options determine when Nagios will react to detected changes +# in system time (either forward or backwards). + +#time_change_threshold=900 + + + +# AUTO-RESCHEDULING OPTION +# This option determines whether or not Nagios will attempt to +# automatically reschedule active host and service checks to +# "smooth" them out over time. This can help balance the load on +# the monitoring server. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_reschedule_checks=0 + + + +# AUTO-RESCHEDULING INTERVAL +# This option determines how often (in seconds) Nagios will +# attempt to automatically reschedule checks. This option only +# has an effect if the auto_reschedule_checks option is enabled. +# Default is 30 seconds. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_interval=30 + + + +# AUTO-RESCHEDULING WINDOW +# This option determines the "window" of time (in seconds) that +# Nagios will look at when automatically rescheduling checks. +# Only host and service checks that occur in the next X seconds +# (determined by this variable) will be rescheduled. This option +# only has an effect if the auto_reschedule_checks option is +# enabled. Default is 180 seconds (3 minutes). +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_window=180 + + + +# SLEEP TIME +# This is the number of seconds to sleep between checking for system +# events and service checks that need to be run. + +sleep_time=0.25 + + + +# TIMEOUT VALUES +# These options control how much time Nagios will allow various +# types of commands to execute before killing them off. Options +# are available for controlling maximum time allotted for +# service checks, host checks, event handlers, notifications, the +# ocsp command, and performance data commands. All values are in +# seconds. + +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +perfdata_timeout=5 + + + +# RETAIN STATE INFORMATION +# This setting determines whether or not Nagios will save state +# information for services and hosts before it shuts down. Upon +# startup Nagios will reload all saved service and host state +# information before starting to monitor. This is useful for +# maintaining long-term data on state statistics, etc, but will +# slow Nagios down a bit when it (re)starts. Since its only +# a one-time penalty, I think its well worth the additional +# startup delay. + +retain_state_information=1 + + + +# STATE RETENTION FILE +# This is the file that Nagios should use to store host and +# service state information before it shuts down. The state +# information in this file is also read immediately prior to +# starting to monitor the network when Nagios is restarted. +# This file is used only if the retain_state_information +# variable is set to 1. + +state_retention_file=/var/lib/nagios3/retention.dat + + + +# RETENTION DATA UPDATE INTERVAL +# This setting determines how often (in minutes) that Nagios +# will automatically save retention data during normal operation. +# If you set this value to 0, Nagios will not save retention +# data at regular interval, but it will still save retention +# data before shutting down or restarting. If you have disabled +# state retention, this option has no effect. + +retention_update_interval=60 + + + +# USE RETAINED PROGRAM STATE +# This setting determines whether or not Nagios will set +# program status variables based on the values saved in the +# retention file. If you want to use retained program status +# information, set this value to 1. If not, set this value +# to 0. + +use_retained_program_state=1 + + + +# USE RETAINED SCHEDULING INFO +# This setting determines whether or not Nagios will retain +# the scheduling info (next check time) for hosts and services +# based on the values saved in the retention file. If you +# If you want to use retained scheduling info, set this +# value to 1. If not, set this value to 0. + +use_retained_scheduling_info=1 + + + +# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE) +# The following variables are used to specify specific host and +# service attributes that should *not* be retained by Nagios during +# program restarts. +# +# The values of the masks are bitwise ANDs of values specified +# by the "MODATTR_" definitions found in include/common.h. +# For example, if you do not want the current enabled/disabled state +# of flap detection and event handlers for hosts to be retained, you +# would use a value of 24 for the host attribute mask... +# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24 + +# This mask determines what host attributes are not retained +retained_host_attribute_mask=0 + +# This mask determines what service attributes are not retained +retained_service_attribute_mask=0 + +# These two masks determine what process attributes are not retained. +# There are two masks, because some process attributes have host and service +# options. For example, you can disable active host checks, but leave active +# service checks enabled. +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 + +# These two masks determine what contact attributes are not retained. +# There are two masks, because some contact attributes have host and +# service options. For example, you can disable host notifications for +# a contact, but leave service notifications enabled for them. +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 + + + +# INTERVAL LENGTH +# This is the seconds per unit interval as used in the +# host/contact/service configuration files. Setting this to 60 means +# that each interval is one minute long (60 seconds). Other settings +# have not been tested much, so your mileage is likely to vary... + +interval_length=60 + + + +# CHECK FOR UPDATES +# This option determines whether Nagios will automatically check to +# see if new updates (releases) are available. It is recommend that you +# enable this option to ensure that you stay on top of the latest critical +# patches to Nagios. Nagios is critical to you - make sure you keep it in +# good shape. Nagios will check once a day for new updates. Data collected +# by Nagios Enterprises from the update check is processed in accordance +# with our privacy policy - see http://api.nagios.org for details. + +check_for_updates=1 + + + +# BARE UPDATE CHECK +# This option deterines what data Nagios will send to api.nagios.org when +# it checks for updates. By default, Nagios will send information on the +# current version of Nagios you have installed, as well as an indicator as +# to whether this was a new installation or not. Nagios Enterprises uses +# this data to determine the number of users running specific version of +# Nagios. Enable this option if you do not want this information to be sent. + +bare_update_check=0 + + + +# AGGRESSIVE HOST CHECKING OPTION +# If you don't want to turn on aggressive host checking features, set +# this value to 0 (the default). Otherwise set this value to 1 to +# enable the aggressive check option. Read the docs for more info +# on what aggressive host check is or check out the source code in +# base/checks.c + +use_aggressive_host_checking=0 + + + +# SERVICE CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# service checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of service checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_service_checks=1 + + + +# PASSIVE SERVICE CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# service checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_service_checks=1 + + + +# HOST CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# host checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of host checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_host_checks=1 + + + +# PASSIVE HOST CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# host checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_host_checks=1 + + + +# NOTIFICATIONS OPTION +# This determines whether or not Nagios will sent out any host or +# service notifications when it is initially (re)started. +# Values: 1 = enable notifications, 0 = disable notifications + +enable_notifications=1 + + + +# EVENT HANDLER USE OPTION +# This determines whether or not Nagios will run any host or +# service event handlers when it is initially (re)started. Unless +# you're implementing redundant hosts, leave this option enabled. +# Values: 1 = enable event handlers, 0 = disable event handlers + +enable_event_handlers=1 + + + +# PROCESS PERFORMANCE DATA OPTION +# This determines whether or not Nagios will process performance +# data returned from service and host checks. If this option is +# enabled, host performance data will be processed using the +# host_perfdata_command (defined below) and service performance +# data will be processed using the service_perfdata_command (also +# defined below). Read the HTML docs for more information on +# performance data. +# Values: 1 = process performance data, 0 = do not process performance data + +process_performance_data=0 + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS +# These commands are run after every host and service check is +# performed. These commands are executed only if the +# enable_performance_data option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on performance data. + +#host_perfdata_command=process-host-perfdata +#service_perfdata_command=process-service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILES +# These files are used to store host and service performance data. +# Performance data is only written to these files if the +# enable_performance_data option (above) is set to 1. + +#host_perfdata_file=/tmp/host-perfdata +#service_perfdata_file=/tmp/service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES +# These options determine what data is written (and how) to the +# performance data files. The templates may contain macros, special +# characters (\t for tab, \r for carriage return, \n for newline) +# and plain text. A newline is automatically added after each write +# to the performance data file. Some examples of what you can do are +# shown below. + +#host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$ +#service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$ + + + +# HOST AND SERVICE PERFORMANCE DATA FILE MODES +# This option determines whether or not the host and service +# performance data files are opened in write ("w") or append ("a") +# mode. If you want to use named pipes, you should use the special +# pipe ("p") mode which avoid blocking at startup, otherwise you will +# likely want the defult append ("a") mode. + +#host_perfdata_file_mode=a +#service_perfdata_file_mode=a + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL +# These options determine how often (in seconds) the host and service +# performance data files are processed using the commands defined +# below. A value of 0 indicates the files should not be periodically +# processed. + +#host_perfdata_file_processing_interval=0 +#service_perfdata_file_processing_interval=0 + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS +# These commands are used to periodically process the host and +# service performance data files. The interval at which the +# processing occurs is determined by the options above. + +#host_perfdata_file_processing_command=process-host-perfdata-file +#service_perfdata_file_processing_command=process-service-perfdata-file + + + +# OBSESS OVER SERVICE CHECKS OPTION +# This determines whether or not Nagios will obsess over service +# checks and run the ocsp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over services, 0 = do not obsess (default) + +obsess_over_services=0 + + + +# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND +# This is the command that is run for every service check that is +# processed by Nagios. This command is executed only if the +# obsess_over_services option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ocsp_command=somecommand + + + +# OBSESS OVER HOST CHECKS OPTION +# This determines whether or not Nagios will obsess over host +# checks and run the ochp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over hosts, 0 = do not obsess (default) + +obsess_over_hosts=0 + + + +# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND +# This is the command that is run for every host check that is +# processed by Nagios. This command is executed only if the +# obsess_over_hosts option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ochp_command=somecommand + + + +# TRANSLATE PASSIVE HOST CHECKS OPTION +# This determines whether or not Nagios will translate +# DOWN/UNREACHABLE passive host check results into their proper +# state for this instance of Nagios. This option is useful +# if you have distributed or failover monitoring setup. In +# these cases your other Nagios servers probably have a different +# "view" of the network, with regards to the parent/child relationship +# of hosts. If a distributed monitoring server thinks a host +# is DOWN, it may actually be UNREACHABLE from the point of +# this Nagios instance. Enabling this option will tell Nagios +# to translate any DOWN or UNREACHABLE host states it receives +# passively into the correct state from the view of this server. +# Values: 1 = perform translation, 0 = do not translate (default) + +translate_passive_host_checks=0 + + + +# PASSIVE HOST CHECKS ARE SOFT OPTION +# This determines whether or not Nagios will treat passive host +# checks as being HARD or SOFT. By default, a passive host check +# result will put a host into a HARD state type. This can be changed +# by enabling this option. +# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT + +passive_host_checks_are_soft=0 + + + +# ORPHANED HOST/SERVICE CHECK OPTIONS +# These options determine whether or not Nagios will periodically +# check for orphaned host service checks. Since service checks are +# not rescheduled until the results of their previous execution +# instance are processed, there exists a possibility that some +# checks may never get rescheduled. A similar situation exists for +# host checks, although the exact scheduling details differ a bit +# from service checks. Orphaned checks seem to be a rare +# problem and should not happen under normal circumstances. +# If you have problems with service checks never getting +# rescheduled, make sure you have orphaned service checks enabled. +# Values: 1 = enable checks, 0 = disable checks + +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 + + + +# SERVICE FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of service results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_service_freshness=1 + + + +# SERVICE FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of service check results. If you have +# disabled service freshness checking, this option has no effect. + +service_freshness_check_interval=60 + + + +# HOST FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of host results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_host_freshness=0 + + + +# HOST FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of host check results. If you have +# disabled host freshness checking, this option has no effect. + +host_freshness_check_interval=60 + + + + +# ADDITIONAL FRESHNESS THRESHOLD LATENCY +# This setting determines the number of seconds that Nagios +# will add to any host and service freshness thresholds that +# it calculates (those not explicitly specified by the user). + +additional_freshness_latency=15 + + + + +# FLAP DETECTION OPTION +# This option determines whether or not Nagios will try +# and detect hosts and services that are "flapping". +# Flapping occurs when a host or service changes between +# states too frequently. When Nagios detects that a +# host or service is flapping, it will temporarily suppress +# notifications for that host/service until it stops +# flapping. Flap detection is very experimental, so read +# the HTML documentation before enabling this feature! +# Values: 1 = enable flap detection +# 0 = disable flap detection (default) + +enable_flap_detection=1 + + + +# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES +# Read the HTML documentation on flap detection for +# an explanation of what this option does. This option +# has no effect if flap detection is disabled. + +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 + + + +# DATE FORMAT OPTION +# This option determines how short dates are displayed. Valid options +# include: +# us (MM-DD-YYYY HH:MM:SS) +# euro (DD-MM-YYYY HH:MM:SS) +# iso8601 (YYYY-MM-DD HH:MM:SS) +# strict-iso8601 (YYYY-MM-DDTHH:MM:SS) +# + +date_format=iso8601 + + + + +# TIMEZONE OFFSET +# This option is used to override the default timezone that this +# instance of Nagios runs in. If not specified, Nagios will use +# the system configured timezone. +# +# NOTE: In order to display the correct timezone in the CGIs, you +# will also need to alter the Apache directives for the CGI path +# to include your timezone. Example: +# +# +# SetEnv TZ "Australia/Brisbane" +# ... +# + +#use_timezone=US/Mountain +#use_timezone=Australia/Brisbane + + + + +# P1.PL FILE LOCATION +# This value determines where the p1.pl perl script (used by the +# embedded Perl interpreter) is located. If you didn't compile +# Nagios with embedded Perl support, this option has no effect. + +p1_file=/usr/lib/nagios3/p1.pl + + + +# EMBEDDED PERL INTERPRETER OPTION +# This option determines whether or not the embedded Perl interpreter +# will be enabled during runtime. This option has no effect if Nagios +# has not been compiled with support for embedded Perl. +# Values: 0 = disable interpreter, 1 = enable interpreter + +enable_embedded_perl=1 + + + +# EMBEDDED PERL USAGE OPTION +# This option determines whether or not Nagios will process Perl plugins +# and scripts with the embedded Perl interpreter if the plugins/scripts +# do not explicitly indicate whether or not it is okay to do so. Read +# the HTML documentation on the embedded Perl interpreter for more +# information on how this option works. + +use_embedded_perl_implicitly=1 + + + +# ILLEGAL OBJECT NAME CHARACTERS +# This option allows you to specify illegal characters that cannot +# be used in host names, service descriptions, or names of other +# object types. + +illegal_object_name_chars=`~!$%^&*|'"<>?,()= + + + +# ILLEGAL MACRO OUTPUT CHARACTERS +# This option allows you to specify illegal characters that are +# stripped from macros before being used in notifications, event +# handlers, etc. This DOES NOT affect macros used in service or +# host check commands. +# The following macros are stripped of the characters you specify: +# $HOSTOUTPUT$ +# $HOSTPERFDATA$ +# $HOSTACKAUTHOR$ +# $HOSTACKCOMMENT$ +# $SERVICEOUTPUT$ +# $SERVICEPERFDATA$ +# $SERVICEACKAUTHOR$ +# $SERVICEACKCOMMENT$ + +illegal_macro_output_chars=`~$&|'"<> + + + +# REGULAR EXPRESSION MATCHING +# This option controls whether or not regular expression matching +# takes place in the object config files. Regular expression +# matching is used to match host, hostgroup, service, and service +# group names/descriptions in some fields of various object types. +# Values: 1 = enable regexp matching, 0 = disable regexp matching + +use_regexp_matching=0 + + + +# "TRUE" REGULAR EXPRESSION MATCHING +# This option controls whether or not "true" regular expression +# matching takes place in the object config files. This option +# only has an effect if regular expression matching is enabled +# (see above). If this option is DISABLED, regular expression +# matching only occurs if a string contains wildcard characters +# (* and ?). If the option is ENABLED, regexp matching occurs +# all the time (which can be annoying). +# Values: 1 = enable true matching, 0 = disable true matching + +use_true_regexp_matching=0 + + + +# ADMINISTRATOR EMAIL/PAGER ADDRESSES +# The email and pager address of a global administrator (likely you). +# Nagios never uses these values itself, but you can access them by +# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification +# commands. + +admin_email=root@localhost +admin_pager=pageroot@localhost + + + +# DAEMON CORE DUMP OPTION +# This option determines whether or not Nagios is allowed to create +# a core dump when it runs as a daemon. Note that it is generally +# considered bad form to allow this, but it may be useful for +# debugging purposes. Enabling this option doesn't guarantee that +# a core file will be produced, but that's just life... +# Values: 1 - Allow core dumps +# 0 - Do not allow core dumps (default) + +daemon_dumps_core=0 + + + +# LARGE INSTALLATION TWEAKS OPTION +# This option determines whether or not Nagios will take some shortcuts +# which can save on memory and CPU usage in large Nagios installations. +# Read the documentation for more information on the benefits/tradeoffs +# of enabling this option. +# Values: 1 - Enabled tweaks +# 0 - Disable tweaks (default) + +use_large_installation_tweaks=0 + + + +# ENABLE ENVIRONMENT MACROS +# This option determines whether or not Nagios will make all standard +# macros available as environment variables when host/service checks +# and system commands (event handlers, notifications, etc.) are +# executed. Enabling this option can cause performance issues in +# large installations, as it will consume a bit more memory and (more +# importantly) consume more CPU. +# Values: 1 - Enable environment variable macros (default) +# 0 - Disable environment variable macros + +enable_environment_macros=1 + + + +# CHILD PROCESS MEMORY OPTION +# This option determines whether or not Nagios will free memory in +# child processes (processed used to execute system commands and host/ +# service checks). If you specify a value here, it will override +# program defaults. +# Value: 1 - Free memory in child processes +# 0 - Do not free memory in child processes + +#free_child_process_memory=1 + + + +# CHILD PROCESS FORKING BEHAVIOR +# This option determines how Nagios will fork child processes +# (used to execute system commands and host/service checks). Normally +# child processes are fork()ed twice, which provides a very high level +# of isolation from problems. Fork()ing once is probably enough and will +# save a great deal on CPU usage (in large installs), so you might +# want to consider using this. If you specify a value here, it will +# program defaults. +# Value: 1 - Child processes fork() twice +# 0 - Child processes fork() just once + +#child_processes_fork_twice=1 + + + +# DEBUG LEVEL +# This option determines how much (if any) debugging information will +# be written to the debug file. OR values together to log multiple +# types of information. +# Values: +# -1 = Everything +# 0 = Nothing +# 1 = Functions +# 2 = Configuration +# 4 = Process information +# 8 = Scheduled events +# 16 = Host/service checks +# 32 = Notifications +# 64 = Event broker +# 128 = External commands +# 256 = Commands +# 512 = Scheduled downtime +# 1024 = Comments +# 2048 = Macros + +debug_level=0 + + + +# DEBUG VERBOSITY +# This option determines how verbose the debug log out will be. +# Values: 0 = Brief output +# 1 = More detailed +# 2 = Very detailed + +debug_verbosity=1 + + + +# DEBUG FILE +# This option determines where Nagios should write debugging information. + +debug_file=/var/log/nagios3/nagios.debug + + + +# MAX DEBUG FILE SIZE +# This option determines the maximum size (in bytes) of the debug file. If +# the file grows larger than this size, it will be renamed with a .old +# extension. If a file already exists with a .old extension it will +# automatically be deleted. This helps ensure your disk space usage doesn't +# get out of control when debugging Nagios. + +max_debug_file_size=1000000 + + diff --git a/nagios/files/nagios.cfg.RedHat b/nagios/files/nagios.cfg.RedHat new file mode 100644 index 0000000..5053ccf --- /dev/null +++ b/nagios/files/nagios.cfg.RedHat @@ -0,0 +1,1330 @@ +# LOG FILE +# This is the main log file where service and host events are logged +# for historical purposes. This should be the first option specified +# in the config file!!! +log_file=/var/log/nagios/nagios.log + +# Commands definitions +cfg_file=/etc/nagios/commands.cfg + +# Debian uses by default a configuration directory where nagios3-common, +# other packages and the local admin can dump or link configuration +# files into. +cfg_dir=/etc/nagios/conf.d + +# OBJECT CONFIGURATION FILE(S) +# These are the object configuration files in which you define hosts, +# host groups, contacts, contact groups, services, etc. +# You can split your object definitions across several config files +# if you wish (as shown below), or keep them all in a single config file. + +# You can specify individual object config files as shown below: +#cfg_file=/etc/nagios/objects/commands.cfg +#cfg_file=/etc/nagios/objects/contacts.cfg +#cfg_file=/etc/nagios/objects/timeperiods.cfg +#cfg_file=/etc/nagios/objects/templates.cfg + +# Definitions for monitoring the local (Linux) host +#cfg_file=/etc/nagios/objects/localhost.cfg + +# Definitions for monitoring a Windows machine +#cfg_file=/etc/nagios/objects/windows.cfg + +# Definitions for monitoring a router/switch +#cfg_file=/etc/nagios/objects/switch.cfg + +# Definitions for monitoring a network printer +#cfg_file=/etc/nagios/objects/printer.cfg + + +# You can also tell Nagios to process all config files (with a .cfg +# extension) in a particular directory by using the cfg_dir +# directive as shown below: + +#cfg_dir=/etc/nagios/servers +#cfg_dir=/etc/nagios/printers +#cfg_dir=/etc/nagios/switches +#cfg_dir=/etc/nagios/routers + + + + +# OBJECT CACHE FILE +# This option determines where object definitions are cached when +# Nagios starts/restarts. The CGIs read object definitions from +# this cache file (rather than looking at the object config files +# directly) in order to prevent inconsistencies that can occur +# when the config files are modified after Nagios starts. + +object_cache_file=/var/log/nagios/objects.cache + + + +# PRE-CACHED OBJECT FILE +# This options determines the location of the precached object file. +# If you run Nagios with the -p command line option, it will preprocess +# your object configuration file(s) and write the cached config to this +# file. You can then start Nagios with the -u option to have it read +# object definitions from this precached file, rather than the standard +# object configuration files (see the cfg_file and cfg_dir options above). +# Using a precached object file can speed up the time needed to (re)start +# the Nagios process if you've got a large and/or complex configuration. +# Read the documentation section on optimizing Nagios to find our more +# about how this feature works. + +precached_object_file=/var/log/nagios/objects.precache + + + +# RESOURCE FILE +# This is an optional resource file that contains $USERx$ macro +# definitions. Multiple resource files can be specified by using +# multiple resource_file definitions. The CGIs will not attempt to +# read the contents of resource files, so information that is +# considered to be sensitive (usernames, passwords, etc) can be +# defined as macros in this file and restrictive permissions (600) +# can be placed on this file. + +resource_file=/etc/nagios/private/resource.cfg + + + +# STATUS FILE +# This is where the current status of all monitored services and +# hosts is stored. Its contents are read and processed by the CGIs. +# The contents of the status file are deleted every time Nagios +# restarts. + +status_file=/var/log/nagios/status.dat + + + +# STATUS FILE UPDATE INTERVAL +# This option determines the frequency (in seconds) that +# Nagios will periodically dump program, host, and +# service status data. + +status_update_interval=10 + + + +# NAGIOS USER +# This determines the effective user that Nagios should run as. +# You can either supply a username or a UID. + +nagios_user=nagios + + + +# NAGIOS GROUP +# This determines the effective group that Nagios should run as. +# You can either supply a group name or a GID. + +nagios_group=nagios + + + +# EXTERNAL COMMAND OPTION +# This option allows you to specify whether or not Nagios should check +# for external commands (in the command file defined below). By default +# Nagios will *not* check for external commands, just to be on the +# cautious side. If you want to be able to use the CGI command interface +# you will have to enable this. +# Values: 0 = disable commands, 1 = enable commands + +check_external_commands=0 + + + +# EXTERNAL COMMAND CHECK INTERVAL +# This is the interval at which Nagios should check for external commands. +# This value works of the interval_length you specify later. If you leave +# that at its default value of 60 (seconds), a value of 1 here will cause +# Nagios to check for external commands every minute. If you specify a +# number followed by an "s" (i.e. 15s), this will be interpreted to mean +# actual seconds rather than a multiple of the interval_length variable. +# Note: In addition to reading the external command file at regularly +# scheduled intervals, Nagios will also check for external commands after +# event handlers are executed. +# NOTE: Setting this value to -1 causes Nagios to check the external +# command file as often as possible. + +#command_check_interval=15s +command_check_interval=-1 + + + +# EXTERNAL COMMAND FILE +# This is the file that Nagios checks for external command requests. +# It is also where the command CGI will write commands that are submitted +# by users, so it must be writeable by the user that the web server +# is running as (usually 'nobody'). Permissions should be set at the +# directory level instead of on the file, as the file is deleted every +# time its contents are processed. + +command_file=/var/spool/nagios/cmd/nagios.cmd + + + +# EXTERNAL COMMAND BUFFER SLOTS +# This settings is used to tweak the number of items or "slots" that +# the Nagios daemon should allocate to the buffer that holds incoming +# external commands before they are processed. As external commands +# are processed by the daemon, they are removed from the buffer. + +external_command_buffer_slots=4096 + + + +# LOCK FILE +# This is the lockfile that Nagios will use to store its PID number +# in when it is running in daemon mode. + +lock_file=/var/run/nagios.pid + + + +# TEMP FILE +# This is a temporary file that is used as scratch space when Nagios +# updates the status log, cleans the comment file, etc. This file +# is created, used, and deleted throughout the time that Nagios is +# running. + +temp_file=/var/log/nagios/nagios.tmp + + + +# TEMP PATH +# This is path where Nagios can create temp files for service and +# host check results, etc. + +temp_path=/tmp + + + +# EVENT BROKER OPTIONS +# Controls what (if any) data gets sent to the event broker. +# Values: 0 = Broker nothing +# -1 = Broker everything +# = See documentation + +event_broker_options=-1 + + + +# EVENT BROKER MODULE(S) +# This directive is used to specify an event broker module that should +# by loaded by Nagios at startup. Use multiple directives if you want +# to load more than one module. Arguments that should be passed to +# the module at startup are seperated from the module path by a space. +# +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# Do NOT overwrite modules while they are being used by Nagios or Nagios +# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation +# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios... +# +# The correct/safe way of updating a module is by using one of these methods: +# 1. Shutdown Nagios, replace the module file, restart Nagios +# 2. Delete the original module file, move the new module file into place, restart Nagios +# +# Example: +# +# broker_module= [moduleargs] + +#broker_module=/somewhere/module1.o +#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 + + + +# LOG ROTATION METHOD +# This is the log rotation method that Nagios should use to rotate +# the main log file. Values are as follows.. +# n = None - don't rotate the log +# h = Hourly rotation (top of the hour) +# d = Daily rotation (midnight every day) +# w = Weekly rotation (midnight on Saturday evening) +# m = Monthly rotation (midnight last day of month) + +log_rotation_method=d + + + +# LOG ARCHIVE PATH +# This is the directory where archived (rotated) log files should be +# placed (assuming you've chosen to do log rotation). + +log_archive_path=/var/log/nagios/archives + + + +# LOGGING OPTIONS +# If you want messages logged to the syslog facility, as well as the +# Nagios log file set this option to 1. If not, set it to 0. + +use_syslog=1 + + + +# NOTIFICATION LOGGING OPTION +# If you don't want notifications to be logged, set this value to 0. +# If notifications should be logged, set the value to 1. + +log_notifications=1 + + + +# SERVICE RETRY LOGGING OPTION +# If you don't want service check retries to be logged, set this value +# to 0. If retries should be logged, set the value to 1. + +log_service_retries=1 + + + +# HOST RETRY LOGGING OPTION +# If you don't want host check retries to be logged, set this value to +# 0. If retries should be logged, set the value to 1. + +log_host_retries=1 + + + +# EVENT HANDLER LOGGING OPTION +# If you don't want host and service event handlers to be logged, set +# this value to 0. If event handlers should be logged, set the value +# to 1. + +log_event_handlers=1 + + + +# INITIAL STATES LOGGING OPTION +# If you want Nagios to log all initial host and service states to +# the main log file (the first time the service or host is checked) +# you can enable this option by setting this value to 1. If you +# are not using an external application that does long term state +# statistics reporting, you do not need to enable this option. In +# this case, set the value to 0. + +log_initial_states=0 + + + +# EXTERNAL COMMANDS LOGGING OPTION +# If you don't want Nagios to log external commands, set this value +# to 0. If external commands should be logged, set this value to 1. +# Note: This option does not include logging of passive service +# checks - see the option below for controlling whether or not +# passive checks are logged. + +log_external_commands=1 + + + +# PASSIVE CHECKS LOGGING OPTION +# If you don't want Nagios to log passive host and service checks, set +# this value to 0. If passive checks should be logged, set +# this value to 1. + +log_passive_checks=1 + + + +# GLOBAL HOST AND SERVICE EVENT HANDLERS +# These options allow you to specify a host and service event handler +# command that is to be run for every host or service state change. +# The global event handler is executed immediately prior to the event +# handler that you have optionally specified in each host or +# service definition. The command argument is the short name of a +# command definition that you define in your host configuration file. +# Read the HTML docs for more information. + +#global_host_event_handler=somecommand +#global_service_event_handler=somecommand + + + +# SERVICE INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" service checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all service checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! This is not a +# good thing for production, but is useful when testing the +# parallelization functionality. +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +service_inter_check_delay_method=s + + + +# MAXIMUM SERVICE CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all services should +# be completed. Default is 30 minutes. + +max_service_check_spread=30 + + + +# SERVICE CHECK INTERLEAVE FACTOR +# This variable determines how service checks are interleaved. +# Interleaving the service checks allows for a more even +# distribution of service checks and reduced load on remote +# hosts. Setting this value to 1 is equivalent to how versions +# of Nagios previous to 0.0.5 did service checks. Set this +# value to s (smart) for automatic calculation of the interleave +# factor unless you have a specific reason to change it. +# s = Use "smart" interleave factor calculation +# x = Use an interleave factor of x, where x is a +# number greater than or equal to 1. + +service_interleave_factor=s + + + +# HOST INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" host checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all host checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +host_inter_check_delay_method=s + + + +# MAXIMUM HOST CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all hosts should +# be completed. Default is 30 minutes. + +max_host_check_spread=30 + + + +# MAXIMUM CONCURRENT SERVICE CHECKS +# This option allows you to specify the maximum number of +# service checks that can be run in parallel at any given time. +# Specifying a value of 1 for this variable essentially prevents +# any service checks from being parallelized. A value of 0 +# will not restrict the number of concurrent checks that are +# being executed. + +max_concurrent_checks=0 + + + +# HOST AND SERVICE CHECK REAPER FREQUENCY +# This is the frequency (in seconds!) that Nagios will process +# the results of host and service checks. + +check_result_reaper_frequency=10 + + + + +# MAX CHECK RESULT REAPER TIME +# This is the max amount of time (in seconds) that a single +# check result reaper event will be allowed to run before +# returning control back to Nagios so it can perform other +# duties. + +max_check_result_reaper_time=30 + + + + +# CHECK RESULT PATH +# This is directory where Nagios stores the results of host and +# service checks that have not yet been processed. +# +# Note: Make sure that only one instance of Nagios has access +# to this directory! + +check_result_path=/var/log/nagios/spool/checkresults + + + + +# MAX CHECK RESULT FILE AGE +# This option determines the maximum age (in seconds) which check +# result files are considered to be valid. Files older than this +# threshold will be mercilessly deleted without further processing. + +max_check_result_file_age=3600 + + + + +# CACHED HOST CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous host check is considered current. +# Cached host states (from host checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to the host check logic. +# Too high of a value for this option may result in inaccurate host +# states being used by Nagios, while a lower value may result in a +# performance hit for host checks. Use a value of 0 to disable host +# check caching. + +cached_host_check_horizon=15 + + + +# CACHED SERVICE CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous service check is considered current. +# Cached service states (from service checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to predictive dependency checks. +# Use a value of 0 to disable service check caching. + +cached_service_check_horizon=15 + + + +# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of hosts when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# host dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_host_dependency_checks=1 + + + +# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of service when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# service dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_service_dependency_checks=1 + + + +# SOFT STATE DEPENDENCIES +# This option determines whether or not Nagios will use soft state +# information when checking host and service dependencies. Normally +# Nagios will only use the latest hard host or service state when +# checking dependencies. If you want it to use the latest state (regardless +# of whether its a soft or hard state type), enable this option. +# Values: +# 0 = Don't use soft state dependencies (default) +# 1 = Use soft state dependencies + +soft_state_dependencies=0 + + + +# TIME CHANGE ADJUSTMENT THRESHOLDS +# These options determine when Nagios will react to detected changes +# in system time (either forward or backwards). + +#time_change_threshold=900 + + + +# AUTO-RESCHEDULING OPTION +# This option determines whether or not Nagios will attempt to +# automatically reschedule active host and service checks to +# "smooth" them out over time. This can help balance the load on +# the monitoring server. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_reschedule_checks=0 + + + +# AUTO-RESCHEDULING INTERVAL +# This option determines how often (in seconds) Nagios will +# attempt to automatically reschedule checks. This option only +# has an effect if the auto_reschedule_checks option is enabled. +# Default is 30 seconds. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_interval=30 + + + +# AUTO-RESCHEDULING WINDOW +# This option determines the "window" of time (in seconds) that +# Nagios will look at when automatically rescheduling checks. +# Only host and service checks that occur in the next X seconds +# (determined by this variable) will be rescheduled. This option +# only has an effect if the auto_reschedule_checks option is +# enabled. Default is 180 seconds (3 minutes). +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_window=180 + + + +# SLEEP TIME +# This is the number of seconds to sleep between checking for system +# events and service checks that need to be run. + +sleep_time=0.25 + + + +# TIMEOUT VALUES +# These options control how much time Nagios will allow various +# types of commands to execute before killing them off. Options +# are available for controlling maximum time allotted for +# service checks, host checks, event handlers, notifications, the +# ocsp command, and performance data commands. All values are in +# seconds. + +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +perfdata_timeout=5 + + + +# RETAIN STATE INFORMATION +# This setting determines whether or not Nagios will save state +# information for services and hosts before it shuts down. Upon +# startup Nagios will reload all saved service and host state +# information before starting to monitor. This is useful for +# maintaining long-term data on state statistics, etc, but will +# slow Nagios down a bit when it (re)starts. Since its only +# a one-time penalty, I think its well worth the additional +# startup delay. + +retain_state_information=1 + + + +# STATE RETENTION FILE +# This is the file that Nagios should use to store host and +# service state information before it shuts down. The state +# information in this file is also read immediately prior to +# starting to monitor the network when Nagios is restarted. +# This file is used only if the retain_state_information +# variable is set to 1. + +state_retention_file=/var/log/nagios/retention.dat + + + +# RETENTION DATA UPDATE INTERVAL +# This setting determines how often (in minutes) that Nagios +# will automatically save retention data during normal operation. +# If you set this value to 0, Nagios will not save retention +# data at regular interval, but it will still save retention +# data before shutting down or restarting. If you have disabled +# state retention, this option has no effect. + +retention_update_interval=60 + + + +# USE RETAINED PROGRAM STATE +# This setting determines whether or not Nagios will set +# program status variables based on the values saved in the +# retention file. If you want to use retained program status +# information, set this value to 1. If not, set this value +# to 0. + +use_retained_program_state=1 + + + +# USE RETAINED SCHEDULING INFO +# This setting determines whether or not Nagios will retain +# the scheduling info (next check time) for hosts and services +# based on the values saved in the retention file. If you +# If you want to use retained scheduling info, set this +# value to 1. If not, set this value to 0. + +use_retained_scheduling_info=1 + + + +# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE) +# The following variables are used to specify specific host and +# service attributes that should *not* be retained by Nagios during +# program restarts. +# +# The values of the masks are bitwise ANDs of values specified +# by the "MODATTR_" definitions found in include/common.h. +# For example, if you do not want the current enabled/disabled state +# of flap detection and event handlers for hosts to be retained, you +# would use a value of 24 for the host attribute mask... +# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24 + +# This mask determines what host attributes are not retained +retained_host_attribute_mask=0 + +# This mask determines what service attributes are not retained +retained_service_attribute_mask=0 + +# These two masks determine what process attributes are not retained. +# There are two masks, because some process attributes have host and service +# options. For example, you can disable active host checks, but leave active +# service checks enabled. +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 + +# These two masks determine what contact attributes are not retained. +# There are two masks, because some contact attributes have host and +# service options. For example, you can disable host notifications for +# a contact, but leave service notifications enabled for them. +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 + + + +# INTERVAL LENGTH +# This is the seconds per unit interval as used in the +# host/contact/service configuration files. Setting this to 60 means +# that each interval is one minute long (60 seconds). Other settings +# have not been tested much, so your mileage is likely to vary... + +interval_length=60 + + + +# CHECK FOR UPDATES +# This option determines whether Nagios will automatically check to +# see if new updates (releases) are available. It is recommend that you +# enable this option to ensure that you stay on top of the latest critical +# patches to Nagios. Nagios is critical to you - make sure you keep it in +# good shape. Nagios will check once a day for new updates. Data collected +# by Nagios Enterprises from the update check is processed in accordance +# with our privacy policy - see http://api.nagios.org for details. + +check_for_updates=1 + + + +# BARE UPDATE CHECK +# This option deterines what data Nagios will send to api.nagios.org when +# it checks for updates. By default, Nagios will send information on the +# current version of Nagios you have installed, as well as an indicator as +# to whether this was a new installation or not. Nagios Enterprises uses +# this data to determine the number of users running specific version of +# Nagios. Enable this option if you do not want this information to be sent. + +bare_update_check=0 + + + +# AGGRESSIVE HOST CHECKING OPTION +# If you don't want to turn on aggressive host checking features, set +# this value to 0 (the default). Otherwise set this value to 1 to +# enable the aggressive check option. Read the docs for more info +# on what aggressive host check is or check out the source code in +# base/checks.c + +use_aggressive_host_checking=0 + + + +# SERVICE CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# service checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of service checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_service_checks=1 + + + +# PASSIVE SERVICE CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# service checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_service_checks=1 + + + +# HOST CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# host checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of host checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_host_checks=1 + + + +# PASSIVE HOST CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# host checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_host_checks=1 + + + +# NOTIFICATIONS OPTION +# This determines whether or not Nagios will sent out any host or +# service notifications when it is initially (re)started. +# Values: 1 = enable notifications, 0 = disable notifications + +enable_notifications=1 + + + +# EVENT HANDLER USE OPTION +# This determines whether or not Nagios will run any host or +# service event handlers when it is initially (re)started. Unless +# you're implementing redundant hosts, leave this option enabled. +# Values: 1 = enable event handlers, 0 = disable event handlers + +enable_event_handlers=1 + + + +# PROCESS PERFORMANCE DATA OPTION +# This determines whether or not Nagios will process performance +# data returned from service and host checks. If this option is +# enabled, host performance data will be processed using the +# host_perfdata_command (defined below) and service performance +# data will be processed using the service_perfdata_command (also +# defined below). Read the HTML docs for more information on +# performance data. +# Values: 1 = process performance data, 0 = do not process performance data + +process_performance_data=0 + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS +# These commands are run after every host and service check is +# performed. These commands are executed only if the +# enable_performance_data option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on performance data. + +#host_perfdata_command=process-host-perfdata +#service_perfdata_command=process-service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILES +# These files are used to store host and service performance data. +# Performance data is only written to these files if the +# enable_performance_data option (above) is set to 1. + +#host_perfdata_file=/tmp/host-perfdata +#service_perfdata_file=/tmp/service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES +# These options determine what data is written (and how) to the +# performance data files. The templates may contain macros, special +# characters (\t for tab, \r for carriage return, \n for newline) +# and plain text. A newline is automatically added after each write +# to the performance data file. Some examples of what you can do are +# shown below. + +#host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$ +#service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$ + + + +# HOST AND SERVICE PERFORMANCE DATA FILE MODES +# This option determines whether or not the host and service +# performance data files are opened in write ("w") or append ("a") +# mode. If you want to use named pipes, you should use the special +# pipe ("p") mode which avoid blocking at startup, otherwise you will +# likely want the defult append ("a") mode. + +#host_perfdata_file_mode=a +#service_perfdata_file_mode=a + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL +# These options determine how often (in seconds) the host and service +# performance data files are processed using the commands defined +# below. A value of 0 indicates the files should not be periodically +# processed. + +#host_perfdata_file_processing_interval=0 +#service_perfdata_file_processing_interval=0 + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS +# These commands are used to periodically process the host and +# service performance data files. The interval at which the +# processing occurs is determined by the options above. + +#host_perfdata_file_processing_command=process-host-perfdata-file +#service_perfdata_file_processing_command=process-service-perfdata-file + + + +# OBSESS OVER SERVICE CHECKS OPTION +# This determines whether or not Nagios will obsess over service +# checks and run the ocsp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over services, 0 = do not obsess (default) + +obsess_over_services=0 + + + +# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND +# This is the command that is run for every service check that is +# processed by Nagios. This command is executed only if the +# obsess_over_services option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ocsp_command=somecommand + + + +# OBSESS OVER HOST CHECKS OPTION +# This determines whether or not Nagios will obsess over host +# checks and run the ochp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over hosts, 0 = do not obsess (default) + +obsess_over_hosts=0 + + + +# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND +# This is the command that is run for every host check that is +# processed by Nagios. This command is executed only if the +# obsess_over_hosts option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ochp_command=somecommand + + + +# TRANSLATE PASSIVE HOST CHECKS OPTION +# This determines whether or not Nagios will translate +# DOWN/UNREACHABLE passive host check results into their proper +# state for this instance of Nagios. This option is useful +# if you have distributed or failover monitoring setup. In +# these cases your other Nagios servers probably have a different +# "view" of the network, with regards to the parent/child relationship +# of hosts. If a distributed monitoring server thinks a host +# is DOWN, it may actually be UNREACHABLE from the point of +# this Nagios instance. Enabling this option will tell Nagios +# to translate any DOWN or UNREACHABLE host states it receives +# passively into the correct state from the view of this server. +# Values: 1 = perform translation, 0 = do not translate (default) + +translate_passive_host_checks=0 + + + +# PASSIVE HOST CHECKS ARE SOFT OPTION +# This determines whether or not Nagios will treat passive host +# checks as being HARD or SOFT. By default, a passive host check +# result will put a host into a HARD state type. This can be changed +# by enabling this option. +# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT + +passive_host_checks_are_soft=0 + + + +# ORPHANED HOST/SERVICE CHECK OPTIONS +# These options determine whether or not Nagios will periodically +# check for orphaned host service checks. Since service checks are +# not rescheduled until the results of their previous execution +# instance are processed, there exists a possibility that some +# checks may never get rescheduled. A similar situation exists for +# host checks, although the exact scheduling details differ a bit +# from service checks. Orphaned checks seem to be a rare +# problem and should not happen under normal circumstances. +# If you have problems with service checks never getting +# rescheduled, make sure you have orphaned service checks enabled. +# Values: 1 = enable checks, 0 = disable checks + +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 + + + +# SERVICE FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of service results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_service_freshness=1 + + + +# SERVICE FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of service check results. If you have +# disabled service freshness checking, this option has no effect. + +service_freshness_check_interval=60 + + + +# SERVICE CHECK TIMEOUT STATE +# This setting determines the state Nagios will report when a +# service check times out - that is does not respond within +# service_check_timeout seconds. This can be useful if a +# machine is running at too high a load and you do not want +# to consider a failed service check to be critical (the default). +# Valid settings are: +# c - Critical (default) +# u - Unknown +# w - Warning +# o - OK + +service_check_timeout_state=c + + + +# HOST FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of host results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_host_freshness=0 + + + +# HOST FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of host check results. If you have +# disabled host freshness checking, this option has no effect. + +host_freshness_check_interval=60 + + + + +# ADDITIONAL FRESHNESS THRESHOLD LATENCY +# This setting determines the number of seconds that Nagios +# will add to any host and service freshness thresholds that +# it calculates (those not explicitly specified by the user). + +additional_freshness_latency=15 + + + + +# FLAP DETECTION OPTION +# This option determines whether or not Nagios will try +# and detect hosts and services that are "flapping". +# Flapping occurs when a host or service changes between +# states too frequently. When Nagios detects that a +# host or service is flapping, it will temporarily suppress +# notifications for that host/service until it stops +# flapping. Flap detection is very experimental, so read +# the HTML documentation before enabling this feature! +# Values: 1 = enable flap detection +# 0 = disable flap detection (default) + +enable_flap_detection=1 + + + +# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES +# Read the HTML documentation on flap detection for +# an explanation of what this option does. This option +# has no effect if flap detection is disabled. + +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 + + + +# DATE FORMAT OPTION +# This option determines how short dates are displayed. Valid options +# include: +# us (MM-DD-YYYY HH:MM:SS) +# euro (DD-MM-YYYY HH:MM:SS) +# iso8601 (YYYY-MM-DD HH:MM:SS) +# strict-iso8601 (YYYY-MM-DDTHH:MM:SS) +# + +date_format=iso8601 + + + + +# TIMEZONE OFFSET +# This option is used to override the default timezone that this +# instance of Nagios runs in. If not specified, Nagios will use +# the system configured timezone. +# +# NOTE: In order to display the correct timezone in the CGIs, you +# will also need to alter the Apache directives for the CGI path +# to include your timezone. Example: +# +# +# SetEnv TZ "Australia/Brisbane" +# ... +# + +#use_timezone=US/Mountain +#use_timezone=Australia/Brisbane + + + + +# P1.PL FILE LOCATION +# This value determines where the p1.pl perl script (used by the +# embedded Perl interpreter) is located. If you didn't compile +# Nagios with embedded Perl support, this option has no effect. + +p1_file=/usr/sbin/p1.pl + + + +# EMBEDDED PERL INTERPRETER OPTION +# This option determines whether or not the embedded Perl interpreter +# will be enabled during runtime. This option has no effect if Nagios +# has not been compiled with support for embedded Perl. +# Values: 0 = disable interpreter, 1 = enable interpreter + +enable_embedded_perl=1 + + + +# EMBEDDED PERL USAGE OPTION +# This option determines whether or not Nagios will process Perl plugins +# and scripts with the embedded Perl interpreter if the plugins/scripts +# do not explicitly indicate whether or not it is okay to do so. Read +# the HTML documentation on the embedded Perl interpreter for more +# information on how this option works. + +use_embedded_perl_implicitly=1 + + + +# ILLEGAL OBJECT NAME CHARACTERS +# This option allows you to specify illegal characters that cannot +# be used in host names, service descriptions, or names of other +# object types. + +illegal_object_name_chars=`~!$%^&*|'"<>?,()= + + + +# ILLEGAL MACRO OUTPUT CHARACTERS +# This option allows you to specify illegal characters that are +# stripped from macros before being used in notifications, event +# handlers, etc. This DOES NOT affect macros used in service or +# host check commands. +# The following macros are stripped of the characters you specify: +# $HOSTOUTPUT$ +# $HOSTPERFDATA$ +# $HOSTACKAUTHOR$ +# $HOSTACKCOMMENT$ +# $SERVICEOUTPUT$ +# $SERVICEPERFDATA$ +# $SERVICEACKAUTHOR$ +# $SERVICEACKCOMMENT$ + +illegal_macro_output_chars=`~$&|'"<> + + + +# REGULAR EXPRESSION MATCHING +# This option controls whether or not regular expression matching +# takes place in the object config files. Regular expression +# matching is used to match host, hostgroup, service, and service +# group names/descriptions in some fields of various object types. +# Values: 1 = enable regexp matching, 0 = disable regexp matching + +use_regexp_matching=0 + + + +# "TRUE" REGULAR EXPRESSION MATCHING +# This option controls whether or not "true" regular expression +# matching takes place in the object config files. This option +# only has an effect if regular expression matching is enabled +# (see above). If this option is DISABLED, regular expression +# matching only occurs if a string contains wildcard characters +# (* and ?). If the option is ENABLED, regexp matching occurs +# all the time (which can be annoying). +# Values: 1 = enable true matching, 0 = disable true matching + +use_true_regexp_matching=0 + + + +# ADMINISTRATOR EMAIL/PAGER ADDRESSES +# The email and pager address of a global administrator (likely you). +# Nagios never uses these values itself, but you can access them by +# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification +# commands. + +admin_email=nagios@localhost +admin_pager=pagenagios@localhost + + + +# DAEMON CORE DUMP OPTION +# This option determines whether or not Nagios is allowed to create +# a core dump when it runs as a daemon. Note that it is generally +# considered bad form to allow this, but it may be useful for +# debugging purposes. Enabling this option doesn't guarantee that +# a core file will be produced, but that's just life... +# Values: 1 - Allow core dumps +# 0 - Do not allow core dumps (default) + +daemon_dumps_core=0 + + + +# LARGE INSTALLATION TWEAKS OPTION +# This option determines whether or not Nagios will take some shortcuts +# which can save on memory and CPU usage in large Nagios installations. +# Read the documentation for more information on the benefits/tradeoffs +# of enabling this option. +# Values: 1 - Enabled tweaks +# 0 - Disable tweaks (default) + +use_large_installation_tweaks=0 + + + +# ENABLE ENVIRONMENT MACROS +# This option determines whether or not Nagios will make all standard +# macros available as environment variables when host/service checks +# and system commands (event handlers, notifications, etc.) are +# executed. Enabling this option can cause performance issues in +# large installations, as it will consume a bit more memory and (more +# importantly) consume more CPU. +# Values: 1 - Enable environment variable macros (default) +# 0 - Disable environment variable macros + +enable_environment_macros=1 + + + +# CHILD PROCESS MEMORY OPTION +# This option determines whether or not Nagios will free memory in +# child processes (processed used to execute system commands and host/ +# service checks). If you specify a value here, it will override +# program defaults. +# Value: 1 - Free memory in child processes +# 0 - Do not free memory in child processes + +#free_child_process_memory=1 + + + +# CHILD PROCESS FORKING BEHAVIOR +# This option determines how Nagios will fork child processes +# (used to execute system commands and host/service checks). Normally +# child processes are fork()ed twice, which provides a very high level +# of isolation from problems. Fork()ing once is probably enough and will +# save a great deal on CPU usage (in large installs), so you might +# want to consider using this. If you specify a value here, it will +# program defaults. +# Value: 1 - Child processes fork() twice +# 0 - Child processes fork() just once + +#child_processes_fork_twice=1 + + + +# DEBUG LEVEL +# This option determines how much (if any) debugging information will +# be written to the debug file. OR values together to log multiple +# types of information. +# Values: +# -1 = Everything +# 0 = Nothing +# 1 = Functions +# 2 = Configuration +# 4 = Process information +# 8 = Scheduled events +# 16 = Host/service checks +# 32 = Notifications +# 64 = Event broker +# 128 = External commands +# 256 = Commands +# 512 = Scheduled downtime +# 1024 = Comments +# 2048 = Macros + +debug_level=0 + + + +# DEBUG VERBOSITY +# This option determines how verbose the debug log out will be. +# Values: 0 = Brief output +# 1 = More detailed +# 2 = Very detailed + +debug_verbosity=1 + + + +# DEBUG FILE +# This option determines where Nagios should write debugging information. + +debug_file=/var/log/nagios/nagios.debug + + + +# MAX DEBUG FILE SIZE +# This option determines the maximum size (in bytes) of the debug file. If +# the file grows larger than this size, it will be renamed with a .old +# extension. If a file already exists with a .old extension it will +# automatically be deleted. This helps ensure your disk space usage doesn't +# get out of control when debugging Nagios. + +max_debug_file_size=1000000 + + diff --git a/nagios/manifests/init.pp b/nagios/manifests/init.pp new file mode 100644 index 0000000..bab0403 --- /dev/null +++ b/nagios/manifests/init.pp @@ -0,0 +1,440 @@ +class nagios::server { + + case $operatingsystem { + "centos","redhat","fedora": { + $etcdir = "/etc/nagios" + $confdir = "${etcdir}/conf.d" + $package = "nagios" + $service = "nagios" + $scriptalias = "/nagios/cgi-bin/" + $cgibin = $architecture ? { + "x86_64" => "/usr/lib64/nagios/cgi-bin", + default => "/usr/lib/nagios/cgi-bin", + } + $htdocs = "/usr/share/nagios/html" + } + "ubuntu","debian": { + $etcdir = "/etc/nagios3" + $confdir = "${etcdir}/conf.d" + $package = "nagios3" + $service = "nagios3" + $scriptalias = "/cgi-bin/nagios3/" + $cgibin = "/usr/lib/cgi-bin/nagios3" + $htdocs = "/usr/share/nagios3/htdocs" + } + default: { + fail("nagios::server not supported on ${::operatingsystem}") + } + } + + package { "nagios": + name => $package, + ensure => installed, + } + + case $operatingsystem { + "centos","redhat","fedora": { + package { [ "nagios-plugins-all", + "nagios-plugins-nrpe", ]: + ensure => installed, + } + } + "ubuntu","debian": { + package { [ "nagios-plugins", + "nagios-nrpe-plugin", ]: + ensure => installed, + } + } + } + + service { "nagios": + name => $service, + ensure => running, + enable => true, + } + + apache::configfile { "nagios.conf": + content => template("nagios/nagios-httpd.conf.erb"), + } + + file { [ "${htdocs}/.htaccess", "${cgibin}/.htaccess" ]: + ensure => present, + mode => "0644", + owner => "root", + group => "root", + source => [ "puppet:///files/nagios/htaccess", + "puppet:///modules/nagios/htaccess.${osfamily}", ], + require => Package["nagios"], + } + + file { "/etc/nagios/nagios.cfg": + name => "${etcdir}/nagios.cfg", + ensure => present, + mode => "0644", + owner => "root", + group => "root", + source => "puppet:///modules/nagios/nagios.cfg.${osfamily}", + require => Package["nagios"], + notify => Service["nagios"], + } + + file { "/etc/nagios/cgi.cfg": + name => "${etcdir}/cgi.cfg", + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => template("nagios/cgi.cfg.erb"), + require => Package["nagios"], + notify => Service["nagios"], + } + + file { "/etc/nagios/commands.cfg": + name => "${etcdir}/commands.cfg", + ensure => present, + mode => "0644", + owner => "root", + group => "root", + source => "puppet:///modules/nagios/commands.cfg", + require => Package["nagios"], + notify => Service["nagios"], + } + + file { "/etc/nagios/conf.d": + name => $confdir, + ensure => directory, + mode => "0640", + owner => "root", + group => "nagios", + purge => true, + force => true, + recurse => true, + source => "puppet:///modules/custom/empty", + require => Package["nagios"], + } + + file { "${confdir}/contactgroup_all.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contactgroup["all"], + require => File["/etc/nagios/conf.d"], + } + nagios_contactgroup { "all": + target => "${confdir}/contactgroup_all.cfg", + members => "*", + notify => Service["nagios"], + } + + file { "${confdir}/host_default.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Host["default"], + require => File["/etc/nagios/conf.d"], + } + nagios_host { "default": + target => "${confdir}/host_default.cfg", + register => "0", + notifications_enabled => "1", + event_handler_enabled => "1", + flap_detection_enabled => "1", + failure_prediction_enabled => "1", + process_perf_data => "1", + retain_status_information => "1", + retain_nonstatus_information => "1", + check_command => "check-host-alive", + max_check_attempts => "5", + notification_interval => "0", + notification_period => "24x7", + notification_options => "d,u,r", + contact_groups => "all", + notify => Service["nagios"], + } + + file { "${confdir}/service_default.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Service["default"], + require => File["/etc/nagios/conf.d"], + } + nagios_service { "default": + target => "${confdir}/service_default.cfg", + register => "0", + active_checks_enabled => "1", + passive_checks_enabled => "1", + parallelize_check => "1", + obsess_over_service => "1", + check_freshness => "0", + notifications_enabled => "1", + event_handler_enabled => "1", + flap_detection_enabled => "1", + failure_prediction_enabled => "1", + process_perf_data => "1", + retain_status_information => "1", + retain_nonstatus_information => "1", + notification_interval => "0", + is_volatile => "0", + check_period => "24x7", + normal_check_interval => "5", + retry_check_interval => "1", + max_check_attempts => "2", + notification_period => "24x7", + notification_options => "w,u,c,r", + contact_groups => "all", + notify => Service["nagios"], + } + + file { "${confdir}/timeperiod_24x7.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Timeperiod["24x7"], + require => File["/etc/nagios/conf.d"], + } + nagios_timeperiod { "24x7": + target => "${confdir}/timeperiod_24x7.cfg", + alias => "24x7", + monday => "00:00-24:00", + tuesday => "00:00-24:00", + wednesday => "00:00-24:00", + thursday => "00:00-24:00", + friday => "00:00-24:00", + saturday => "00:00-24:00", + sunday => "00:00-24:00", + notify => Service["nagios"], + } + + Nagios::Host <<||>> { + confdir => $confdir, + notify => Service["nagios"], + } + Nagios::Service <<||>> { + confdir => $confdir, + notify => Service["nagios"], + } + +} + + +define nagios::contact::email($confdir=$nagios::server::confdir) { + + file { "${confdir}/contact_${name}.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contact[$name], + require => File["/etc/nagios/conf.d"], + } + nagios_contact { $name: + target => "${confdir}/contact_${name}.cfg", + host_notification_commands => "notify-host-by-email", + host_notification_options => "d,r", + host_notification_period => "24x7", + service_notification_commands => "notify-service-by-email", + service_notification_options => "w,u,c,r", + service_notification_period => "24x7", + email => $name, + notify => Service["nagios"], + } + +} + + +define nagios::contact::prowl($confdir=$nagios::server::confdir) { + + file { "${confdir}/contact_${name}.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contact[$name], + require => File["/etc/nagios/conf.d"], + } + nagios_contact { $name: + target => "${confdir}/contact_${name}.cfg", + host_notification_commands => "notify-host-by-prowl", + host_notification_options => "d,r", + host_notification_period => "24x7", + service_notification_commands => "notify-service-by-prowl", + service_notification_options => "w,u,c,r", + service_notification_period => "24x7", + address1 => $name, + notify => Service["nagios"], + } + +} + + +define nagios::host($confdir, $operatingsystem) { + + file { "${confdir}/host_${name}.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Host[$name], + require => File["/etc/nagios/conf.d"], + } + nagios_host { $name: + ensure => present, + use => "default", + target => "${confdir}/host_${name}.cfg" + } + +# file { "${confdir}/hostextinfo_${name}.cfg": +# ensure => present, +# mode => "0640", +# owner => "root", +# group => "nagios", +# before => Nagios_Hostextinfo[$name], +# require => File["/etc/nagios/conf.d"], +# } +# nagios_hostextinfo { $name: +# ensure => present, +# icon_image_alt => $operatingsystem, +# icon_image => "base/${operatingsystem}.png", +# statusmap_image => "base/${operatingsystem}.gd2", +# target => "${confdir}/hostextinfo_${name}.cfg" +# } + +} + + +define nagios::service($confdir, $host, $command, $description) { + + file { "${confdir}/service_${name}.cfg": + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Service[$name], + require => File["/etc/nagios/conf.d"], + } + nagios_service { $name: + host_name => $host, + check_command => $command, + service_description => $description, + use => "default", + target => "${confdir}/service_${name}.cfg" + } + +} + + +class nagios::target { + + @@nagios::host { $fqdn: + operatingsystem => inline_template("<%= operatingsystem.downcase %>") + } + +} + + +class nagios::target::nrpe { + + if !$nagios_allow { + $nagios_allow = "127.0.0.1" + } + + include nagios::target + + case $operatingsystem { + "centos","redhat","fedora": { + package { [ "nrpe", + "nagios-plugins-disk", + "nagios-plugins-load", + "nagios-plugins-procs", + "nagios-plugins-users", ]: + ensure => installed, + before => [ Augeas["nrpe-allow"], Service["nrpe"] ], + } + $service = "nrpe" + } + "ubuntu","debian": { + package { [ "nagios-nrpe-server", + "nagios-plugins-basic", ]: + ensure => installed, + before => [ Augeas["nrpe-allow"], Service["nrpe"] ], + } + $service = "nagios-nrpe-server" + } + } + + service { "nrpe": + name => $service, + ensure => running, + enable => true, + } + + augeas { "nrpe-allow": + context => "/files/etc/nagios/nrpe.cfg", + changes => "set allowed_hosts '${nagios_allow}'", + notify => Service["nrpe"], + } + + @@nagios::service { "${fqdn}_load": + host => $fqdn, + command => "check_nrpe!check_load", + description => "Load", + } + +} + + +class nagios::target::ssh { + + include nagios::target + + @@nagios::service { "${fqdn}_ssh": + host => $fqdn, + command => "check_ssh", + description => "SSH", + } + +} + + +class nagios::target::http { + + include nagios::target + + @@nagios::service { "${fqdn}_http": + host => $fqdn, + command => "check_http", + description => "HTTP", + } + +} + + +class nagios::target::https { + + include nagios::target + + @@nagios::service { "${fqdn}_https": + host => $fqdn, + command => "check_http!--ssl", + description => "HTTPS", + } + +} + + +class nagios::target::smtp { + + include nagios::target + + @@nagios::service { "${fqdn}_smtp": + host => $fqdn, + command => "check_smtp", + description => "SMTP", + } + +} diff --git a/nagios/templates/cgi.cfg.erb b/nagios/templates/cgi.cfg.erb new file mode 100644 index 0000000..fb6b0cd --- /dev/null +++ b/nagios/templates/cgi.cfg.erb @@ -0,0 +1,387 @@ +################################################################# +# +# CGI.CFG - Sample CGI Configuration File for Nagios 3.4.1 +# +# Last Modified: 06-17-2009 +# +################################################################# + + +# MAIN CONFIGURATION FILE +# This tells the CGIs where to find your main configuration file. +# The CGIs will read the main and host config files for any other +# data they might need. + +main_config_file=<%= etcdir %>/nagios.cfg + + + +# PHYSICAL HTML PATH +# This is the path where the HTML files for Nagios reside. This +# value is used to locate the logo images needed by the statusmap +# and statuswrl CGIs. + +physical_html_path=<%= htdocs %> + + + +# URL HTML PATH +# This is the path portion of the URL that corresponds to the +# physical location of the Nagios HTML files (as defined above). +# This value is used by the CGIs to locate the online documentation +# and graphics. If you access the Nagios pages with an URL like +# http://www.myhost.com/nagios, this value should be '/nagios' +# (without the quotes). + +url_html_path=/nagios + + + +# CONTEXT-SENSITIVE HELP +# This option determines whether or not a context-sensitive +# help icon will be displayed for most of the CGIs. +# Values: 0 = disables context-sensitive help +# 1 = enables context-sensitive help + +show_context_help=0 + + + +# PENDING STATES OPTION +# This option determines what states should be displayed in the web +# interface for hosts/services that have not yet been checked. +# Values: 0 = leave hosts/services that have not been check yet in their original state +# 1 = mark hosts/services that have not been checked yet as PENDING + +use_pending_states=1 + +# NAGIOS PROCESS CHECK COMMAND +# This is the full path and filename of the program used to check +# the status of the Nagios process. It is used only by the CGIs +# and is completely optional. However, if you don't use it, you'll +# see warning messages in the CGIs about the Nagios process +# not running and you won't be able to execute any commands from +# the web interface. The program should follow the same rules +# as plugins; the return codes are the same as for the plugins, +# it should have timeout protection, it should output something +# to STDIO, etc. +# +# Note: The command line for the check_nagios plugin below may +# have to be tweaked a bit, as different versions of the plugin +# use different command line arguments/syntaxes. + +<% if osfamily == 'Debian' -%> +nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3' +<% else -%> +<% if architecture == 'x86_64' %> +nagios_check_command=/usr/lib64/nagios/plugins/check_nagios /var/log/nagios/status.dat 5 '/usr/sbin/nagios' +<% else -%> +nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/log/nagios/status.dat 5 '/usr/sbin/nagios' +<% end -%> +<% end -%> + + +# AUTHENTICATION USAGE +# This option controls whether or not the CGIs will use any +# authentication when displaying host and service information, as +# well as committing commands to Nagios for processing. +# +# Read the HTML documentation to learn how the authorization works! +# +# NOTE: It is a really *bad* idea to disable authorization, unless +# you plan on removing the command CGI (cmd.cgi)! Failure to do +# so will leave you wide open to kiddies messing with Nagios and +# possibly hitting you with a denial of service attack by filling up +# your drive by continuously writing to your command file! +# +# Setting this value to 0 will cause the CGIs to *not* use +# authentication (bad idea), while any other value will make them +# use the authentication functions (the default). + +use_authentication=1 + + + + +# x509 CERT AUTHENTICATION +# When enabled, this option allows you to use x509 cert (SSL) +# authentication in the CGIs. This is an advanced option and should +# not be enabled unless you know what you're doing. + +use_ssl_authentication=0 + + + + +# DEFAULT USER +# Setting this variable will define a default user name that can +# access pages without authentication. This allows people within a +# secure domain (i.e., behind a firewall) to see the current status +# without authenticating. You may want to use this to avoid basic +# authentication if you are not using a secure server since basic +# authentication transmits passwords in the clear. +# +# Important: Do not define a default username unless you are +# running a secure web server and are sure that everyone who has +# access to the CGIs has been authenticated in some manner! If you +# define this variable, anyone who has not authenticated to the web +# server will inherit all rights you assign to this user! + +#default_user_name=guest + + + +# SYSTEM/PROCESS INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# have access to viewing the Nagios process information as +# provided by the Extended Information CGI (extinfo.cgi). By +# default, *no one* has access to this unless you choose to +# not use authorization. You may use an asterisk (*) to +# authorize any user who has authenticated to the web server. + +authorized_for_system_information=* + + + +# CONFIGURATION INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# can view ALL configuration information (hosts, commands, etc). +# By default, users can only view configuration information +# for the hosts and services they are contacts for. You may use +# an asterisk (*) to authorize any user who has authenticated +# to the web server. + +authorized_for_configuration_information=* + + + +# SYSTEM/PROCESS COMMAND ACCESS +# This option is a comma-delimited list of all usernames that +# can issue shutdown and restart commands to Nagios via the +# command CGI (cmd.cgi). Users in this list can also change +# the program mode to active or standby. By default, *no one* +# has access to this unless you choose to not use authorization. +# You may use an asterisk (*) to authorize any user who has +# authenticated to the web server. + +authorized_for_system_commands= + + + +# GLOBAL HOST/SERVICE VIEW ACCESS +# These two options are comma-delimited lists of all usernames that +# can view information for all hosts and services that are being +# monitored. By default, users can only view information +# for hosts or services that they are contacts for (unless you +# you choose to not use authorization). You may use an asterisk (*) +# to authorize any user who has authenticated to the web server. + + +authorized_for_all_services=* +authorized_for_all_hosts=* + + + +# GLOBAL HOST/SERVICE COMMAND ACCESS +# These two options are comma-delimited lists of all usernames that +# can issue host or service related commands via the command +# CGI (cmd.cgi) for all hosts and services that are being monitored. +# By default, users can only issue commands for hosts or services +# that they are contacts for (unless you you choose to not use +# authorization). You may use an asterisk (*) to authorize any +# user who has authenticated to the web server. + +authorized_for_all_service_commands= +authorized_for_all_host_commands= + + + +# READ-ONLY USERS +# A comma-delimited list of usernames that have read-only rights in +# the CGIs. This will block any service or host commands normally shown +# on the extinfo CGI pages. It will also block comments from being shown +# to read-only users. + +#authorized_for_read_only=user1,user2 + + + + +# STATUSMAP BACKGROUND IMAGE +# This option allows you to specify an image to be used as a +# background in the statusmap CGI. It is assumed that the image +# resides in the HTML images path (i.e. /usr/local/nagios/share/images). +# This path is automatically determined by appending "/images" +# to the path specified by the 'physical_html_path' directive. +# Note: The image file may be in GIF, PNG, JPEG, or GD2 format. +# However, I recommend that you convert your image to GD2 format +# (uncompressed), as this will cause less CPU load when the CGI +# generates the image. + +#statusmap_background_image=smbackground.gd2 + + + + +# STATUSMAP TRANSPARENCY INDEX COLOR +# These options set the r,g,b values of the background color used the statusmap CGI, +# so normal browsers that can't show real png transparency set the desired color as +# a background color instead (to make it look pretty). +# Defaults to white: (R,G,B) = (255,255,255). + +#color_transparency_index_r=255 +#color_transparency_index_g=255 +#color_transparency_index_b=255 + + + + +# DEFAULT STATUSMAP LAYOUT METHOD +# This option allows you to specify the default layout method +# the statusmap CGI should use for drawing hosts. If you do +# not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 1 = Depth layers +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular +# 5 = Circular (Marked Up) + +default_statusmap_layout=5 + + + +# DEFAULT STATUSWRL LAYOUT METHOD +# This option allows you to specify the default layout method +# the statuswrl (VRML) CGI should use for drawing hosts. If you +# do not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular + +default_statuswrl_layout=4 + + + +# STATUSWRL INCLUDE +# This option allows you to include your own objects in the +# generated VRML world. It is assumed that the file +# resides in the HTML path (i.e. /usr/local/nagios/share). + +#statuswrl_include=myworld.wrl + + + +# PING SYNTAX +# This option determines what syntax should be used when +# attempting to ping a host from the WAP interface (using +# the statuswml CGI. You must include the full path to +# the ping binary, along with all required options. The +# $HOSTADDRESS$ macro is substituted with the address of +# the host before the command is executed. +# Please note that the syntax for the ping binary is +# notorious for being different on virtually ever *NIX +# OS and distribution, so you may have to tweak this to +# work on your system. + +ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ + + + +# REFRESH RATE +# This option allows you to specify the refresh rate in seconds +# of various CGIs (status, statusmap, extinfo, and outages). + +refresh_rate=90 + +# DEFAULT PAGE LIMIT +# This option allows you to specify the default number of results +# displayed on the status.cgi. This number can be adjusted from +# within the UI after the initial page load. Setting this to 0 +# will show all results. + +result_limit=100 + + +# ESCAPE HTML TAGS +# This option determines whether HTML tags in host and service +# status output is escaped in the web interface. If enabled, +# your plugin output will not be able to contain clickable links. + +escape_html_tags=1 + + + + +# SOUND OPTIONS +# These options allow you to specify an optional audio file +# that should be played in your browser window when there are +# problems on the network. The audio files are used only in +# the status CGI. Only the sound for the most critical problem +# will be played. Order of importance (higher to lower) is as +# follows: unreachable hosts, down hosts, critical services, +# warning services, and unknown services. If there are no +# visible problems, the sound file optionally specified by +# 'normal_sound' variable will be played. +# +# +# = +# +# Note: All audio files must be placed in the /media subdirectory +# under the HTML path (i.e. /usr/local/nagios/share/media/). + +#host_unreachable_sound=hostdown.wav +#host_down_sound=hostdown.wav +#service_critical_sound=critical.wav +#service_warning_sound=warning.wav +#service_unknown_sound=warning.wav +#normal_sound=noproblem.wav + + + +# URL TARGET FRAMES +# These options determine the target frames in which notes and +# action URLs will open. + +action_url_target=_blank +notes_url_target=_blank + + + + +# LOCK AUTHOR NAMES OPTION +# This option determines whether users can change the author name +# when submitting comments, scheduling downtime. If disabled, the +# author names will be locked into their contact name, as defined in Nagios. +# Values: 0 = allow editing author names +# 1 = lock author names (disallow editing) + +lock_author_names=1 + + + + +# SPLUNK INTEGRATION OPTIONS +# These options allow you to enable integration with Splunk +# in the web interface. If enabled, you'll be presented with +# "Splunk It" links in various places in the CGIs (log file, +# alert history, host/service detail, etc). Useful if you're +# trying to research why a particular problem occurred. +# For more information on Splunk, visit http://www.splunk.com/ + +# This option determines whether the Splunk integration is enabled +# Values: 0 = disable Splunk integration +# 1 = enable Splunk integration + +#enable_splunk_integration=1 + + +# This option should be the URL used to access your instance of Splunk + +#splunk_url=http://127.0.0.1:8000/ + + + diff --git a/nagios/templates/nagios-httpd.conf.erb b/nagios/templates/nagios-httpd.conf.erb new file mode 100644 index 0000000..2ba4172 --- /dev/null +++ b/nagios/templates/nagios-httpd.conf.erb @@ -0,0 +1,12 @@ +ScriptAlias <%= scriptalias %> <%= cgibin %>/ +Alias /nagios <%= htdocs %> + +"> + Options ExecCGI + AllowOverride AuthConfig + + +"> + Options FollowSymLinks + AllowOverride AuthConfig + diff --git a/postfix/files/aliases b/postfix/files/aliases new file mode 100644 index 0000000..42a6b60 --- /dev/null +++ b/postfix/files/aliases @@ -0,0 +1,19 @@ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /bin/mail. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# + +# Basic system aliases -- these MUST be present. +mailer-daemon: postmaster +postmaster: root + +# General redirections for important pseudo accounts +daemon: root + +# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES +abuse: root +security: root diff --git a/postfix/files/empty b/postfix/files/empty new file mode 100644 index 0000000..e69de29 diff --git a/postfix/manifests/init.pp b/postfix/manifests/init.pp new file mode 100644 index 0000000..8643ebf --- /dev/null +++ b/postfix/manifests/init.pp @@ -0,0 +1,105 @@ +# Install Postfix packages. +# +class postfix { + + include ssl + + if !$postfix_key { + $postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem" + } + if !$postfix_cert { + $postfix_cert = "${puppet_ssldir}/certs/${homename}.pem" + } + + if !$mail_domain { + if $domain { + $mail_domain = $domain + } else { + fail("Failed to set \$mail_domain, missing \$domain") + } + } + + if !$postfix_hostname { + if $fqdn { + $postfix_hostname = $fqdn + } else { + fail("Failed to set \$postfix_hostname, missing \$fqdn") + } + } + + if !$postfix_interfaces { + $postfix_interfaces = "localhost" + } + + package { "postfix": + ensure => installed, + } + + service { "postfix": + ensure => running, + enable => true, + require => Package["postfix"], + } + + file { "${ssl::certs}/postfix.crt": + ensure => present, + source => $postfix_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Service["postfix"], + } + file { "${ssl::private}/postfix.key": + ensure => present, + source => $postfix_key, + mode => "0600", + owner => "root", + group => "root", + notify => Service["postfix"], + } + + file { "/etc/postfix/main.cf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => template("postfix/main.cf.erb"), + notify => Service["postfix"], + require => Package["postfix"], + } + + file { "/etc/aliases": + ensure => present, + source => [ + "puppet:///files/mail/aliases.${homename}", + "puppet:///files/mail/aliases", + "puppet:///modules/postfix/aliases", + ], + mode => "0644", + owner => "root", + group => "root", + notify => Exec["newaliases"], + } + exec { "newaliases": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + + file { "/etc/postfix/virtual": + ensure => present, + source => [ + "puppet:///files/mail/virtual.${homename}", + "puppet:///files/mail/virtual", + "puppet:///modules/postfix/empty", + ], + mode => "0644", + owner => "root", + group => "root", + notify => Exec["postmap /etc/postfix/virtual"], + } + exec { "postmap /etc/postfix/virtual": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + +} diff --git a/postfix/templates/main.cf.erb b/postfix/templates/main.cf.erb new file mode 100644 index 0000000..8310ae6 --- /dev/null +++ b/postfix/templates/main.cf.erb @@ -0,0 +1,727 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +<% if ['Debian','Ubuntu'].index(operatingsystem) -%> +daemon_directory = /usr/lib/postfix +<% else -%> +daemon_directory = /usr/libexec/postfix +<% end -%> + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld +myhostname = <%= postfix_hostname %> + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld +mydomain = <%= mail_domain %> + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost +inet_interfaces = <%= postfix_interfaces %> + +# Enable IPv4, and IPv6 if supported +inet_protocols = all + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain. On a mail domain +# gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] +<% if postfix_interfaces == "localhost" and has_variable?("mail_server") -%> +relayhost = [<%= mail_server %>] +<% end -%> + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. +# +virtual_alias_maps = hash:/etc/postfix/virtual + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ +<% if has_variable?("postfix_home_mailbox") -%> +home_mailbox <%= postfix_home_mailbox %> +<% end -%> + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp + +# If using the cyrus-imapd IMAP server deliver local mail to the IMAP +# server using LMTP (Local Mail Transport Protocol), this is prefered +# over the older cyrus deliver program by setting the +# mailbox_transport as below: +# +# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp +# +# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via +# these settings. +# +# local_destination_recipient_limit = 300 +# local_destination_concurrency_limit = 5 +# +# Of course you should adjust these settings as appropriate for the +# capacity of the hardware you are using. The recipient limit setting +# can be used to take advantage of the single instance message store +# capability of Cyrus. The concurrency limit can be used to control +# how many simultaneous LMTP sessions will be permitted to the Cyrus +# message store. +# +# To use the old cyrus deliver program you have to set: +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. +# +smtpd_helo_required = yes +smtpd_client_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unknown_client, +<% if has_variable?("postfix_rbl") -%> + <% postfix_rbl.each do |rbl| -%> + reject_rbl_client <%= rbl %>, + <% end -%> +<% end -%> + permit +smtpd_recipient_restrictions = + permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination, + check_relay_domains + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail.postfix + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases.postfix + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/bin/mailq.postfix + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = postdrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = no + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +#sample_directory = /usr/share/doc/postfix-2.6.6/samples + +# readme_directory: The location of the Postfix README files. +# +#readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES +<% if postfix_interfaces != "localhost" -%> + +# SASL +# +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_path = smtpd +smtpd_sasl_security_options = noanonymous + +# TLS +# +smtpd_use_tls=yes +smtpd_tls_cert_file=<%= scope.lookupvar('ssl::certs') %>/postfix.crt +smtpd_tls_key_file=<%= scope.lookupvar('ssl::private') %>/postfix.key +smtpd_tls_received_header = yes +smtpd_tls_security_level = may +smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache +smtp_tls_security_level = may +smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache +<% end -%> diff --git a/psacct/manifests/init.pp b/psacct/manifests/init.pp index e13dded..bd85529 100644 --- a/psacct/manifests/init.pp +++ b/psacct/manifests/init.pp @@ -3,15 +3,15 @@ # class psacct { - case $kernel { - linux: { + case $::kernel { + "linux": { include psacct::linux } - openbsd: { + "openbsd": { include psacct::openbsd } default: { - fail("psacct module not supported in ${kernel}") + fail("psacct module not supported in ${::kernel}") } } @@ -24,8 +24,8 @@ class psacct::linux { package { "psacct": name => $::operatingsystem ? { - ubuntu => "acct", - default => "psacct", + "ubuntu" => "acct", + default => "psacct", }, ensure => installed, } @@ -67,7 +67,7 @@ class psacct::openbsd { exec { "accton": command => "accton /var/account/acct", path => "/bin:/usr/bin:/sbin:/usr/sbin", - user => root, + user => "root", refreshonly => true, } diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index c5059ed..b362722 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -194,9 +194,11 @@ class puppet::server { class puppet::server::common inherits puppet::client { if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ { - $seltype = "var_lib_t" + $seltype_readonly = "var_lib_t" + $seltype_writable = "var_lib_t" } else { - $seltype = "puppet_var_lib_t" + $seltype_readonly = "puppetmaster_t" + $seltype_writable = "puppet_var_lib_t" } case $::operatingsystem { @@ -294,17 +296,25 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype, + seltype => $seltype_readonly, require => Package["puppetmaster"], } selinux::manage_fcontext { "${puppet_datadir}(/.*)?": - type => $seltype, + type => $seltype_readonly, before => File[$puppet_datadir], } + selinux::manage_fcontext { [ + "${puppet_datadir}/bucket(/.*)?", + "${puppet_datadir}/reports(/.*)?", + "${puppet_datadir}/rrd(/.*)?", + ]: + type => $seltype_writable, + before => File["/srv/puppet/reports"], + } file { "/srv/puppet": ensure => link, target => $puppet_datadir, - seltype => $seltype, + seltype => $seltype_readonly, require => File[$puppet_datadir], } } else { @@ -316,14 +326,22 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype, + seltype => $seltype_readonly, require => Package["puppetmaster"], } } selinux::manage_fcontext { "/srv/puppet(/.*)?": - type => $seltype, + type => $seltype_readonly, before => File["/srv/puppet"], } + selinux::manage_fcontext { [ + "/srv/puppet/bucket(/.*)?", + "/srv/puppet/reports(/.*)?", + "/srv/puppet/rrd(/.*)?", + ]: + type => $seltype_writable, + before => File["/srv/puppet/reports"], + } if $puppet_storeconfigs != "none" { file { "/srv/puppet/storeconfigs": @@ -331,7 +349,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => $seltype, + seltype => $seltype_readonly, require => File["/srv/puppet"], } } @@ -342,7 +360,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => $seltype, + seltype => $seltype_writable, require => File["/srv/puppet"], } file { [ "/srv/puppet/files", @@ -354,7 +372,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype, + seltype => $seltype_readonly, require => File["/srv/puppet"], } file { "/srv/puppet/files/common": @@ -365,7 +383,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype, + seltype => $seltype_readonly, require => File["/srv/puppet/files"], } file { "/srv/puppet/files/private": @@ -373,7 +391,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => "root", group => $group, - seltype => $seltype, + seltype => $seltype_readonly, require => File["/srv/puppet/files"], } diff --git a/puppet/templates/puppet-httpd.conf.erb b/puppet/templates/puppet-httpd.conf.erb index f75c9a0..ec03354 100644 --- a/puppet/templates/puppet-httpd.conf.erb +++ b/puppet/templates/puppet-httpd.conf.erb @@ -50,12 +50,7 @@ Listen 8140 # Proxy settings - - ForceType application/x-raw - RewriteEngine On - RewriteRule ^/production/file_content/files/(.+)$ /srv/puppet/files/common/$1 [L] - RewriteRule ^/production/file_content/modules/([^/]+)/files/(.+)$ /etc/puppet/modules/$1/files/$2 [L] RewriteRule ^/(.*)$ balancer://puppetmaster%{REQUEST_URI} [P,QSA,L] @@ -67,4 +62,3 @@ Listen 8140 SetEnv proxy-nokeepalive 1 - diff --git a/sasl/manifests/init.pp b/sasl/manifests/init.pp index b8d60b6..a1a236e 100644 --- a/sasl/manifests/init.pp +++ b/sasl/manifests/init.pp @@ -20,14 +20,35 @@ class sasl::client { # === Global variables # # $saslauthd_mech: -# Authentication mechanism to use. Defaults to system default. +# Authentication mechanism to use. Defaults to system +# default. Supported mechanisms include pam, ldap and kerberos5. # +# For ldap authentication, see ldap::client for required global variables. +# class sasl::saslauthd { require sasl::client case $saslauthd_mech { "","pam": { } + "ldap": { + include ldap::client + + augeas { "set-saslauthd-mech": + context => "/files/etc/sysconfig/saslauthd", + changes => "set MECH ldap", + notify => Service["saslauthd"], + } + + file { "/etc/saslauthd.conf": + ensure => present, + mode => 0644, + owner => "root", + group => "root", + content => template("sasl/saslauthd.conf.ldap.erb"), + notify => Service["saslauthd"], + } + } "kerberos5": { augeas { "set-saslauthd-mech": context => "/files/etc/sysconfig/saslauthd", diff --git a/sasl/templates/saslauthd.conf.ldap.erb b/sasl/templates/saslauthd.conf.ldap.erb new file mode 100644 index 0000000..75a16b8 --- /dev/null +++ b/sasl/templates/saslauthd.conf.ldap.erb @@ -0,0 +1,2 @@ +ldap_servers: <% ldap_server.each do |uri| %><%= uri %> <% end %> +ldap_search_base: <%= ldap_basedn %> diff --git a/syslog/files/logarchiver.sh b/syslog/files/logarchiver.sh index 34aa9c8..84e3558 100755 --- a/syslog/files/logarchiver.sh +++ b/syslog/files/logarchiver.sh @@ -1,18 +1,21 @@ #!/bin/sh -ARCHIVEFILES="all.log" + LOGDIR="/srv/log" -DATE=`date +%Y-%m-%d` -YEAR=`date +%Y` -ARCHIVEDIR="/srv/log/archive/" #archivedlogs will be in this - #directory + $YEAR +ARCHIVE="${LOGDIR}/archive" + +DATE="`date +%Y-%m-%d`" +YEAR="`date +%Y`" + umask 027 -myerror(){ +myerror() +{ echo "Error: $*" 1>&2 exit 1 } -archive_log(){ +archive_log() +{ FILE="${1}" DEST="${2}" @@ -21,44 +24,54 @@ archive_log(){ else echo "Archiving file ${FILE} to ${DEST}" mv "${FILE}" "${DEST}" - touch ${FILE} + touch "${FILE}" LOGS="${LOGS} ${DEST}" fi } -restart_syslog(){ +restart_syslog() +{ for i in syslog.pid rsyslogd.pid syslogd.pid ; do - if [ -f "/var/run/$i" ]; then - PIDFILE="/var/run/$i" - break - fi + if [ -f "/var/run/$i" ]; then + PIDFILE="/var/run/$i" + break + fi done if [ "blah${PIDFILE}" = "blah" ]; then - myerror "Cannot find syslog pid file" 1>&2 + myerror "Cannot find syslog pid file" fi kill -HUP `cat ${PIDFILE}` } -archive(){ - [ -d ${LOGDIR} ] || myerror "No such direcroty: ${LOGDIR}" - [ -d "${ARCHIVEDIR}" ] || myerror "No such archive directory: ${ARCHIVEDIR}" - [ -d "${ARCHIVEDIR}/${YEAR}" ] || mkdir ${ARCHIVEDIR}/${YEAR} - ARCHIVEDIR="${ARCHIVEDIR}/${YEAR}" - - for logfile in ${ARCHIVEFILES} ; do - [ -f "${LOGDIR}/${logfile}" ] || myerror "File not found: ${logfile}" - archive_log "${LOGDIR}/${logfile}" "${ARCHIVEDIR}/${logfile}.${DATE}" - done - restart_syslog - for zipfile in ${ARCHIVEFILES} ; do - gzip -f "${ARCHIVEDIR}/${zipfile}.${DATE}" || myerror "Error while gzipping ${ARCHIVEDIR}/${zipfile}" - done -} -case "x$1" in - "x-v"|"x--verbose") - archive - ;; - *) - archive >> /dev/null - ;; -esac +[ $# -gt 0 ] || myerror "Usage: `basename $0` [file|dir] ..." + +[ -d ${LOGDIR} ] || myerror "Not a directory: ${LOGDIR}" + +while [ "$*" ]; do + if [ -f "${LOGDIR}/${1}" ]; then + dstdir=${ARCHIVE}/${YEAR} + dstfile=${dstdir}/`basename ${1}`.${DATE} + [ -d "${dstdir}" ] || mkdir -p ${dstdir} + archive_log ${LOGDIR}/${1} ${dstfile} + elif [ -d "${LOGDIR}/${1}" ]; then + for f in ${LOGDIR}/${1}/*.log; do + if [ -f "${f}" ]; then + dstdir=${ARCHIVE}/${1}/${YEAR} + dstfile=${dstdir}/`basename ${f}`.${DATE} + [ -d "${dstdir}" ] || mkdir -p ${dstdir} + archive_log ${f} ${dstfile} + else + echo "Skipping ${f}: not a file" 1>&2 + fi + done + else + echo "Skipping ${1}: not a file or directory" 1>&2 + fi + shift +done + +restart_syslog + +for log in ${LOGS}; do + gzip -f ${log} || myerror "Error while gzipping ${log}" +done diff --git a/syslog/manifests/init.pp b/syslog/manifests/init.pp index 51f7309..635c989 100644 --- a/syslog/manifests/init.pp +++ b/syslog/manifests/init.pp @@ -212,8 +212,15 @@ class syslog::client::rsyslog { # $syslog_datadir: # Directory where to store logs. Defaults to /srv/log. # +# $syslog_rotate: +# Array of log files to rotate. Defaults to 'all.log'. +# class syslog::common::standalone inherits syslog::common { + if !$syslog_rotate { + $syslog_rotate = [ "all.log" ] + } + if $syslog_datadir { file { $syslog_datadir: ensure => directory, @@ -277,8 +284,9 @@ class syslog::common::standalone inherits syslog::common { default => "root", }, } + $syslog_rotate_files = inline_template('<%= syslog_rotate.join(" ") -%>') cron { "logarchiver.sh": - command => "/usr/local/sbin/logarchiver.sh", + command => "/usr/local/sbin/logarchiver.sh ${syslog_rotate_files} >/dev/null", user => "root", hour => 0, minute => 0, @@ -370,3 +378,31 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog { } } + + +# Install syslog server with custom configuration. +# +class syslog::custom inherits syslog::common::standalone { + + case $syslog_type { + "syslogd": { fail("Server for \$syslog_type '$syslog_type' not yet supported.") } + "rsyslog": { include syslog::custom::rsyslog } + default: { fail("Unknown \$syslog_type '$syslog_type'") } + } + +} + + +# Install syslog server using rsyslog with custom configuration. +# +class syslog::custom::rsyslog inherits syslog::client::rsyslog { + + File["/etc/rsyslog.conf"] { + content => undef, + source => [ "puppet:///files/syslog/rsyslog.conf.${homename}", + "puppet:///files/syslog/rsyslog.conf", ], + require => [ File["/srv/log"], + File["/var/log/all.log"], ], + } + +} diff --git a/tftp/manifests/init.pp b/tftp/manifests/init.pp index 0fc4430..ef5ad52 100644 --- a/tftp/manifests/init.pp +++ b/tftp/manifests/init.pp @@ -82,7 +82,7 @@ class tftp::server { } case $::operatingsystem { - debian,ubuntu: { + "debian","ubuntu": { service { "tftpd-hpa": ensure => running, hasstatus => true, @@ -91,14 +91,35 @@ class tftp::server { Package["tftp-server"], ], } } + "openbsd": { + if versioncmp($::operatingsystemrelease, '5.2') < 0 { + include inetd::server + inetd::service { "tftp": + ensure => present, + require => File["/tftpboot"], + } + } else { + service { "tftpd": + ensure => running, + hasstatus => true, + enable => true, + start => "/usr/sbin/tftpd /tftpboot", + require => File["/tftpboot"], + } + } + } default: { include inetd::server inetd::service { "tftp": ensure => present, +<<<<<<< HEAD require => $::operatingsystem ? { "openbsd" => undef, default => Package["tftp-server"], }, +======= + require => Package["tftp-server"], +>>>>>>> 7c4f9e6b94793caf3c9369cc0519eefddc54f7d0 } } } diff --git a/wiki/manifests/init.pp b/wiki/manifests/init.pp index 3d0cd7e..e021e56 100644 --- a/wiki/manifests/init.pp +++ b/wiki/manifests/init.pp @@ -451,7 +451,7 @@ define wiki::collab::package($source, $config="/srv/wikis/collab/wikis/collab/co user => "collab", path => "/bin:/usr/bin:/sbin:/usr/sbin", environment => "PYTHONPATH=${config}", - command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py i /usr/local/src/${name}'", + command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py -u collab i /usr/local/src/${name}'", refreshonly => true, require => Exec["collab-account-create -f -r collab"] } diff --git a/yum/files/keys/dell-omsa.key b/yum/files/keys/dell-omsa.key new file mode 100644 index 0000000..725bc6a --- /dev/null +++ b/yum/files/keys/dell-omsa.key @@ -0,0 +1,27 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +mQGiBDrbVQQRBACfyqmXDmXKLS/1TUpxb7KMVKqzk3XqiHidQWmRzquo26FReyvR +2PnGKHVtiBtZcgb+e2rPR/MNyfAGh5Xkjfzq+gPxVAJUbwbM81yo54b8oYGlqogv +wq0Y6a3H5t9nHENifLbX2HEVH/+eFKcp4gVJqRiUctf8xreUOU/HXuVXvwCgg2HG +Bm2PAjhRXxchtuyPK7SggaUD/3HsxqqCw97JAnZtMXzL/9gNDuzAB/8SZTtiw+eU +NbIAieyPydoLyoZKvbaMIHchkSQgZJ8QX6cvaME3xYpSeiUwT3WVztbDy/naEyq5 +VoMMc1thtPt+Z0Bx7lwefZ1HsXmKtUen9X/wrNOjKhOJrInn4RaBw8eE1w8Uh/oj +SxhbA/0b2xxmmOh1GJxdEKRDMabXu9cJNgTuR8pDG2aGH32bNniLC69Lr34daaJn +kl0lL5JH2ivqvUB83jTGir0pqf/rWOBgVJ8sfvzhpf4w0QXSuwQsk+UdvlcsalI8 +m5nah+9bRnFsibYX7Y04odE5rzRg6Vv2wqQo9eELnPXdt3JiVLRJRGVsbCBDb21w +dXRlciBDb3Jwb3JhdGlvbiAoTGludXggU3lzdGVtcyBHcm91cCkgPGxpbnV4LXNl +Y3VyaXR5QGRlbGwuY29tPohXBBMRAgAXBQI621UEBQsHCgMEAxUDAgMWAgECF4AA +CgkQyneVHSO2ap2nqACeJKS/llA45VuDrtzUnxPPiWknKtcAniG6aD7ELAM2+SzD +lG7n1cHZSqyXiEYEEBECAAYFAjujySgACgkQIavu95Lw/AluzACgluS3dEQh4iw3 +t80nI+oZ2ssphEQAnjMXCjnRlkohpMgdJuvHSBuVUPjJuQENBDrbVQUQBAC2h3kC +wV0pPn44jL7kdeujexYm9hy0ImggCzMHHqplpq1vh0vK2DtZLjM3ZUs68ypCZfDt +ejvxm+m/e708ZmGxveIk0FbvC9dfuUvn5dmj9gQcXOWxqfjkOgZ2CXXY1fX9Fe4a +QLI8QuQ5sTn6GreeFQCcJXCGWiNi1Hpyi8k1ZwADBQP+KVolSCJG2KR0qScJN+2O +MRS6IowNIwLY93GlDekrqxBxVOv0FxRHH8lV0xZWMTWfsIBEZU+Iov6ns3ky4m6J +ImKZ+xaFHehgCPBy3u2pbrSbHGhMzqa40sU3mI9SA0sOJQ18oX6blNDIwnyveKXw +ZrXZC6mO7PkRnoa+J/4cvSmIRgQYEQIABgUCOttVBQAKCRDKd5UdI7ZqnYmZAJ97 +LhXpWlSlrm5XCNSfO8BwJGVNGgCfR0hFclor3HLNl28ZVENT1SvbjNQ= +=sYOa +-----END PGP PUBLIC KEY BLOCK----- diff --git a/yum/manifests/init.pp b/yum/manifests/init.pp index c38772e..995bc96 100644 --- a/yum/manifests/init.pp +++ b/yum/manifests/init.pp @@ -129,7 +129,7 @@ class yum::exclude { augeas { "yum-exclude": context => "/files/etc/yum.conf/main", - changes => "set exclude ${yum_exclude_real}", + changes => "set exclude '${yum_exclude_real}'", } } @@ -257,6 +257,44 @@ class yum::repo::centos-cr { } +class yum::repo::dell { + + case $::operatingsystem { + "centos", "redhat": { } + default: { + fail("Dell OMSA repository not supported in ${operatingsystem}") + } + } + + # Required for detecting the correct system hardware via + # yum. Dell's repo then provide their own yum-dellsysid after + # installing the repos. + package { "yum-dellsysid": + ensure => installed, + require => Class["yum::repo::epel"], + } + + case $operatingsystemrelease { + /^6\.[0-9]+/: { + yum::repo { "dell-omsa-indep": + descr => "Dell OMSA repository - Hardware independent", + mirrorlist => "http://linux.dell.com/repo/hardware/latest/mirrors.cgi?osname=el\$releasever&ve&basearch=\$basearch&native=1&dellsysidpluginver=\$dellsysidpluginver", + gpgkey => "puppet:///modules/yum/keys/dell-omsa.key", + require => Package["yum-dellsysid"], + } + yum::repo { "dell-omsa-specific": + descr => "Dell OMSA repository - Hardware specific", + mirrorlist => "http://linux.dell.com/repo/hardware/latest/mirrors.cgi?osname=el\$releasever&basearch=\$basearch&native=1&sys_ven_id=\$sys_ven_id&sys_dev_id=\$sys_dev_id&dellsysidpluginver=\$dellsysidpluginver", + gpgkey => "puppet:///modules/yum/keys/dell-omsa.key", + require => Package["yum-dellsysid"], + } + } + default: { + fail("Dell OMSA repository not supported in ${operatingsystem} ${operatingsystemrelease}") + } + } +} + class yum::repo::elrepo {