diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..14bc68c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/nbproject/private/ \ No newline at end of file diff --git a/auth.conf b/auth.conf new file mode 100644 index 0000000..431e4b2 --- /dev/null +++ b/auth.conf @@ -0,0 +1,94 @@ +# This is an example auth.conf file, it mimics the puppetmasterd defaults +# +# The ACL are checked in order of appearance in this file. +# +# Supported syntax: +# This file supports two different syntax depending on how +# you want to express the ACL. +# +# Path syntax (the one used below): +# --------------------------------- +# path /path/to/resource +# [environment envlist] +# [method methodlist] +# [auth[enthicated] {yes|no|on|off|any}] +# allow [host|ip|*] +# deny [host|ip] +# +# The path is matched as a prefix. That is /file match at +# the same time /file_metadat and /file_content. +# +# Regex syntax: +# ------------- +# This one is differenciated from the path one by a '~' +# +# path ~ regex +# [environment envlist] +# [method methodlist] +# [auth[enthicated] {yes|no|on|off|any}] +# allow [host|ip|*] +# deny [host|ip] +# +# The regex syntax is the same as ruby ones. +# +# Ex: +# path ~ .pp$ +# will match every resource ending in .pp (manifests files for instance) +# +# path ~ ^/path/to/resource +# is essentially equivalent to path /path/to/resource +# +# environment:: restrict an ACL to a specific set of environments +# method:: restrict an ACL to a specific set of methods +# auth:: restrict an ACL to an authenticated or unauthenticated request +# the default when unspecified is to restrict the ACL to authenticated requests +# (ie exactly as if auth yes was present). +# + +### Authenticated ACL - those applies only when the client +### has a valid certificate and is thus authenticated + +# allow nodes to retrieve their own catalog (ie their configuration) +path ~ ^/catalog/([^/]+)$ +method find +allow $1 + +# allow all nodes to access the certificates services +path /certificate_revocation_list/ca +method find +allow * + +# allow all nodes to store their reports +path /report +method save +allow * + +# inconditionnally allow access to all files services +# which means in practice that fileserver.conf will +# still be used +path /file +allow * + +### Unauthenticated ACL, for clients for which the current master doesn't +### have a valid certificate + +# allow access to the master CA +path /certificate/ca +auth no +method find +allow * + +path /certificate/ +auth no +method find +allow * + +path /certificate_request +auth no +method find, save +allow * + +# this one is not stricly necessary, but it has the merit +# to show the default policy which is deny everything else +path / +auth any diff --git a/autosign.conf b/autosign.conf new file mode 100644 index 0000000..7b8f04a --- /dev/null +++ b/autosign.conf @@ -0,0 +1 @@ +*.kohanaframework.org \ No newline at end of file diff --git a/etckeeper-commit-post b/etckeeper-commit-post new file mode 100755 index 0000000..489b2bd --- /dev/null +++ b/etckeeper-commit-post @@ -0,0 +1,10 @@ +#!/bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +which etckeeper > /dev/null 2>&1 || exit 0 + +etckeeper commit "committing changes in /etc after puppet catalog run" + +# Failure of etckeeper should not be fatal. +exit 0 diff --git a/etckeeper-commit-pre b/etckeeper-commit-pre new file mode 100755 index 0000000..a66fb62 --- /dev/null +++ b/etckeeper-commit-pre @@ -0,0 +1,10 @@ +#!/bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +which etckeeper > /dev/null 2>&1 || exit 0 + +etckeeper commit "saving uncommitted changes in /etc prior to puppet catalog run" + +# Failure of etckeeper should not be fatal. +exit 0 diff --git a/files/etc/profile b/files/etc/profile new file mode 100644 index 0000000..e252416 --- /dev/null +++ b/files/etc/profile @@ -0,0 +1,30 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi + +if [ "$PS1" ]; then + if [ "$BASH" ]; then + PS1='\u@\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +#umask 022 +umask 007 +export PATH=/var/lib/gems/1.8/bin:$PATH \ No newline at end of file diff --git a/fileserver.conf b/fileserver.conf new file mode 100644 index 0000000..4ce046d --- /dev/null +++ b/fileserver.conf @@ -0,0 +1,16 @@ +# This file consists of arbitrarily named sections/modules +# defining where files are served from and to whom + +# Define a section 'files' +# Adapt the allow/deny settings to your needs. Order +# for allow/deny does not matter, allow always takes precedence +# over deny +[files] + path /etc/puppet/files + allow *.kohanaframework.org + allow 127.0.0.0/8 + +[plugins] +# allow *.example.com +# deny *.evil.example.com +# allow 192.168.0.0/24 diff --git a/manifests/custom.pp b/manifests/custom.pp new file mode 100644 index 0000000..8e2cff5 --- /dev/null +++ b/manifests/custom.pp @@ -0,0 +1,35 @@ +# "Extensions" to built in types +class custom { + define user($ensure = 'present', $groups = []) { + user { + $name: + ensure => $ensure, + home => "/home/$name", + shell => "/bin/bash", + groups => $groups; + } + + group { + $name: + ensure => $ensure, + require => User[$name] + } + + $home_ensure = $ensure ? { + 'present' => directory, + default => $ensure + } + + file { + "/home/${name}": + ensure => $home_ensure, + owner => $name, + group => $name, + mode => 770, + require => [ + User[$name], + Group[$name] + ]; + } + } +} \ No newline at end of file diff --git a/manifests/nagios.pp b/manifests/nagios.pp new file mode 100644 index 0000000..9c64769 --- /dev/null +++ b/manifests/nagios.pp @@ -0,0 +1,40 @@ +nagios_timeperiod { + "24x7": + ensure => present, + alias => "24 Hours A Day, 7 Days A Week", + sunday => "00:00-24:00", + monday => "00:00-24:00", + tuesday => "00:00-24:00", + wednesday => "00:00-24:00", + thursday => "00:00-24:00", + friday => "00:00-24:00", + saturday => "00:00-24:00", + target => "/etc/nagios3/conf.puppet.d/timeperiod.cfg", + require => File["/etc/nagios3/conf.puppet.d/timeperiod.cfg"], + notify => Service["nagios3"]; +} + +nagios_contactgroup { + "admins": + ensure => present, + alias => "Nagios Administrators", + members => "kiall", + target => "/etc/nagios3/conf.puppet.d/contactgroup.cfg", + require => File["/etc/nagios3/conf.puppet.d/contactgroup.cfg"], + notify => Service["nagios3"]; +} + +nagios_contact { + "kiall": + ensure => present, + email => "kiall.macinnes@kohanaframework.org", + service_notification_period => "24x7", + host_notification_period => "24x7", + service_notification_options => "w,u,c,r", + host_notification_options => "d,r", + service_notification_commands => "notify-service-by-email", + host_notification_commands => "notify-host-by-email", + target => "/etc/nagios3/conf.puppet.d/contact.cfg", + require => File["/etc/nagios3/conf.puppet.d/contact.cfg"], + notify => Service["nagios3"]; +} \ No newline at end of file diff --git a/manifests/nodes.pp b/manifests/nodes.pp new file mode 100644 index 0000000..3cfa01e --- /dev/null +++ b/manifests/nodes.pp @@ -0,0 +1,31 @@ +# Define Nodes +node "puppet.kohanaframework.org" { + include role::puppet + include role::web + include role::mysql + #include role::ci + include role::monitor + + include website::www + include website::forum + include website::dev + #include website::ci +} + +node "vm01.kohanaframework.org" { + include role::web + include role::mysql + + include website::www + include website::forum +} + +node "vm02.kohanaframework.org" { + include role::ci +} + +node "vm03.kohanaframework.org" { + include role::web + + include website::dev +} diff --git a/manifests/role.pp b/manifests/role.pp new file mode 100644 index 0000000..088165d --- /dev/null +++ b/manifests/role.pp @@ -0,0 +1,138 @@ +import 'role/*.pp' + +class role +{ + # Common packages + package { + [ + "puppet", + "htop", + "curl", + "wget", + "nano", + "openssh-server", + "mtr", + "telnet", + "ntp", + "python-software-properties", + "bash-completion", + "rsync" + ]: + ensure => latest; + } + + # Setup default umask .. + file { + "/etc/profile": + source => "puppet:///files/etc/profile"; + } + + + # Setup user accounts + custom::user { + "kiall": + ensure => present, + groups => [ + "developers", + "admin", + "www-www.kohanaframework.org", + "www-dev.kohanaframework.org", + "www-forum.kohanaframework.org" + ]; + "zombor": + ensure => present, + groups => [ + "developers", + "admin", + "www-www.kohanaframework.org", + "www-dev.kohanaframework.org", + "www-forum.kohanaframework.org" + ]; + "samsoir": + ensure => present, + groups => [ + "developers", + "admin", + "www-www.kohanaframework.org", + "www-dev.kohanaframework.org", + "www-forum.kohanaframework.org" + ]; + "isaiah": + ensure => present, + groups => [ + "developers", + "admin", + "www-www.kohanaframework.org", + "www-dev.kohanaframework.org", + "www-forum.kohanaframework.org" + ]; + "brmatt": + ensure => present, + groups => [ + "developers", + "admin", + "www-www.kohanaframework.org", + "www-dev.kohanaframework.org", + "www-forum.kohanaframework.org" + ]; + } + + # Setup SSH Keys + ssh_authorized_key { + "kiall@wk01-lmst.managedit.ie": + ensure => present, + user => "kiall", + type => "ssh-rsa", + key => "AAAAB3NzaC1yc2EAAAABIwAAAQEAl5eTgQ1IMCr9pFPiR1ZdpnNaORqmfCgqhSsUOv5E6w6anzc/K4Xj9wy5gxvrrG7hVqI7iNQ+Yddfcc4QXfMkUO9CPWUBC2bXs21Sy5nPnGyveJIro+LbBkf+FPyN/WL95O8ymJ/7V0Suo+XSTO25wu4LLe2t33QNtZpPYthD0amHGuVhbL97ie7dwA9iZQfGsGIgrd10+uGYNKlb+NwEF9i+w6t4tGjyjuE4cxo2E+/KmiwNShOXQ7eq4a0qf7kmz6ZIZEBo8Gut0OcmzL8bb4PxVbQsL1IqwkbNa4oN+w7+TLVbdmGxqYO0tgVz2FadgXEnX3jlzPWYyDTk2bbI/w==", + options => [], + require => User["kiall"]; + "kiall@kiall-laptop": + ensure => present, + user => "kiall", + type => "ssh-rsa", + key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQCswAbmT3k9NojL9xQKWrW4yiveJLFqNBFmRvrXLjLb2CvwAMnMdNMQmuJe2olTopiWlEkryZl2o8hiDbGdYrMNU278tVKoU+XTkKxHd9+00cFT2rZCaL0umkWxkSUIGwEcl8dVDxQKuRK3FQ7+0t58wLmMqPU6qcZSA1ruOJ3XvBFZWQZk/keT4vCzZBY39QetX+ge5YhXSpYdwZ78T4x8QcEkuccuNxj7fOVXlaH6w9E8hP13VgjIWz3zrWM8ZmgiVE9ro1RokyFYPW4eb3jd6WRvDOjm7lEsD7mdKZB6ZXZ6IHtgAui0WtIcQqZCEYhz7yaaQ8mnHTd9N07yq8nf", + options => [], + require => User["kiall"]; + "matthew@sigswitch.com": + ensure => present, + user => "brmatt", + type => "ssh-rsa", + key => "AAAAB3NzaC1yc2EAAAABIwAAAQEAvR3hLb7gdXHGLWEu3Rt9hBpfidN7MXO/HOnX8BBoaz9RfrEr68SlKlKLpZ8MInUrOeCTq2E5NQpgcN7hPRh/aFM2oHpYPBx6z0EroaMROWJtujDEi5U1lWFKhywROMA5VTgkcizA11mjTABonccLiirzjPh0DgCU4bUMoKJpGfzNU/OJweyqDvEgyLib2NDL1ntrShzx5gkgc/24QliBhiu15ZBYXnrU1VrMF7SY13tB7TdEOC+/qpHU7Zz8TNLjzLoFKo/LSZWA6ZWagZj0YmLXj6R2CX1jvvaJiorQ1Z/neJ8EU1Qy+9qLKfYCa+QiJP9/RUaMhG0dFtRFkiT6YQ==", + options => [], + require => User["brmatt"]; + } + + # Export a nagios host + @@nagios_host { + $fqdn: + ensure => present, + alias => $hostname, + address => $ipaddress, + use => "generic-host"; + } + + # Export default nagios services + @@nagios_service { + "check_ping_${fqdn}": + check_command => "check_ping!100.0,20%!500.0,60%", + use => "generic-service", + host_name => "$fqdn", + notification_period => "24x7", + service_description => "check_ping"; + "check_ssh_${fqdn}": + check_command => "check_ssh", + use => "generic-service", + host_name => "$fqdn", + notification_period => "24x7", + service_description => "check_ssh"; + } + + # Run apt update each night (This is used so munin can tell how many out of date packages there are) + cron { + "apt-update": + command => "/usr/bin/apt-get update", + user => root, + hour => 3, + minute => 25; + } +} diff --git a/manifests/role/ci.pp b/manifests/role/ci.pp new file mode 100644 index 0000000..cb6d357 --- /dev/null +++ b/manifests/role/ci.pp @@ -0,0 +1,4 @@ +class role::ci inherits role +{ + include jenkins +} \ No newline at end of file diff --git a/manifests/role/monitor.pp b/manifests/role/monitor.pp new file mode 100644 index 0000000..1864075 --- /dev/null +++ b/manifests/role/monitor.pp @@ -0,0 +1,3 @@ +class role::monitor inherits role { + include nagios::server +} diff --git a/manifests/role/mysql.pp b/manifests/role/mysql.pp new file mode 100644 index 0000000..10d3761 --- /dev/null +++ b/manifests/role/mysql.pp @@ -0,0 +1,4 @@ +class role::mysql inherits role +{ + include mysql::server +} diff --git a/manifests/role/puppet.pp b/manifests/role/puppet.pp new file mode 100644 index 0000000..fad07fc --- /dev/null +++ b/manifests/role/puppet.pp @@ -0,0 +1,30 @@ +class role::puppet inherits role +{ + package { + [ + puppetmaster, + rails, # Storedconfig support + libsqlite3-ruby, # Storedconfig support + ]: + ensure => installed; + } + + # Setup the puppet database + $mysql_hostname = extlookup("puppet_mysql_hostname", "127.0.0.1") + $mysql_port = extlookup("puppet_mysql_port", "3306") + $mysql_database = extlookup("puppet_mysql_database", "puppet.kohanaframework.org") + $mysql_username = extlookup("puppet_mysql_username", "puppet.kohanaframework.org") + $mysql_password = extlookup("puppet_mysql_password", false) + + $mysql_admin_password = extlookup("mysql_root_password", false, "fqdn_${mysql_hostname}") + + database { + $mysql_database: + ensure => present, + provider => mysql, + admin_username => "root", + admin_password => $mysql_admin_password, + hostname => $mysql_hostname, + port => $mysql_port; + } +} diff --git a/manifests/role/web.pp b/manifests/role/web.pp new file mode 100644 index 0000000..aeb16f3 --- /dev/null +++ b/manifests/role/web.pp @@ -0,0 +1,4 @@ +class role::web inherits role +{ + +} diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 0000000..22e6756 --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,26 @@ +# necessary defaults +Exec { path => "/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin" } + +# Define the bucket and specify it as the default target +filebucket { main: server => "puppet.kohanaframework.org" } +File { backup => main } + +# Setup extlookup +$extlookup_datadir = "/etc/puppet-extlookup" +$extlookup_precedence = ["fqdn_%{fqdn}", "domain_%{domain}", "common"] + +# Import Modules +import 'common' +import 'nginx' +import 'php' +import 'ruby' +import 'database' +import 'mysql' +import 'nagios' + +# Import files.. +import "custom.pp" +import "role.pp" +import "website.pp" +import "nagios.pp" +import "nodes.pp" \ No newline at end of file diff --git a/manifests/website.pp b/manifests/website.pp new file mode 100644 index 0000000..d187540 --- /dev/null +++ b/manifests/website.pp @@ -0,0 +1,6 @@ +import 'website/*.pp' + +class website +{ + +} diff --git a/manifests/website/ci.pp b/manifests/website/ci.pp new file mode 100644 index 0000000..054862a --- /dev/null +++ b/manifests/website/ci.pp @@ -0,0 +1,11 @@ +class website::ci inherits website +{ + # Setup a Rails based site + nginx::template::proxy { + "ci.kohanaframework.org": + ensure => present, + upstreams => [ + '127.0.0.1:8080' + ]; + } +} diff --git a/manifests/website/dev.pp b/manifests/website/dev.pp new file mode 100644 index 0000000..8d57f11 --- /dev/null +++ b/manifests/website/dev.pp @@ -0,0 +1,30 @@ +class website::dev inherits website +{ + $mysql_hostname = extlookup("dev_mysql_hostname", "127.0.0.1") + $mysql_port = extlookup("dev_mysql_port", "3306") + $mysql_database = extlookup("dev_mysql_database", "dev.kohanaframework.org") + $mysql_username = extlookup("dev_mysql_username", "dev.kohanaframework.org") + $mysql_password = extlookup("dev_mysql_password", false) + + $mysql_admin_password = extlookup("mysql_root_password", false, "fqdn_${mysql_hostname}") + + # Setup a Rails based site + nginx::template::rails { + "dev.kohanaframework.org": + ensure => present, + thin_port => 3001, + servers => 3, + rails_env => "production"; + } + + # Setup the redmine database + database { + $mysql_database: + ensure => present, + provider => mysql, + admin_username => "root", + admin_password => $mysql_admin_password, + hostname => $mysql_hostname, + port => $mysql_port; + } +} diff --git a/manifests/website/forum.pp b/manifests/website/forum.pp new file mode 100644 index 0000000..3d55b72 --- /dev/null +++ b/manifests/website/forum.pp @@ -0,0 +1,49 @@ +class website::forum inherits website +{ + $mysql_hostname = extlookup("forum_mysql_hostname", "127.0.0.1") + $mysql_port = extlookup("forum_mysql_port", "3306") + $mysql_database = extlookup("forum_mysql_database", "forum.kohanaframework.org") + $mysql_username = extlookup("forum_mysql_username", "forum.kohanaframework.org") + $mysql_password = extlookup("forum_mysql_password", false) + + $mysql_admin_password = extlookup("mysql_root_password", false, "fqdn_${mysql_hostname}") + + # Setup a Vanilla based site + nginx::template::vanilla { + "forum.kohanaframework.org": + ensure => present, + fpm_port => 9002; + } + + # Setup the vanilla database + database { + $mysql_database: + ensure => present, + provider => mysql, + admin_username => "root", + admin_password => $mysql_admin_password, + hostname => $mysql_hostname, + port => $mysql_port; + } + +# database_user { +# $mysql_username: +# ensure => present, +# provider => mysql, +# admin_username => "root", +# admin_password => $mysql_admin_password, +# hostname => $mysql_hostname, +# port => $mysql_port; +# } + +# database_grant { +# $mysql_username: +# ensure => present, +# provider => mysql, +# admin_username => "root", +# admin_password => $mysql_admin_password, +# hostname => $mysql_hostname, +# port => $mysql_port, +# databases => [$mysql_database]; +# } +} diff --git a/manifests/website/www.pp b/manifests/website/www.pp new file mode 100644 index 0000000..bc4904b --- /dev/null +++ b/manifests/website/www.pp @@ -0,0 +1,17 @@ +class website::www inherits website +{ + # Setup a Kohana based site + nginx::template::kohana { + "www.kohanaframework.org": + ensure => present, + fpm_port => 9001; + } + + # Setup a http://kohanaframework.org -> http://www.kohanaframework.org redirect site + nginx::template::redirect { + "kohanaframework.org": + ensure => present, + redirect_url => "http://www.kohanaframework.org"; + } + +} diff --git a/modules/common/manifests/init.pp b/modules/common/manifests/init.pp new file mode 100644 index 0000000..cbad584 --- /dev/null +++ b/modules/common/manifests/init.pp @@ -0,0 +1,31 @@ +class dpkg { + define preseed_package ($ensure, $preseed_content = false, $preseed_source = false) { + + if !$preseed_content { + $real_preseed_source = $preseed_source ? { + false => "puppet:////dpkg/$name/$name.preseed", + default => $preseed_source, + } + + file { + "/tmp/$name.preseed": + source => $real_preseed_source, + mode => 600, + backup => false; + } + } else { + file { + "/tmp/$name.preseed": + content => $preseed_content, + mode => 600, + backup => false; + } + } + + package { + "$name": + ensure => $ensure, + responsefile => "/tmp/$name.preseed"; + } + } +} \ No newline at end of file diff --git a/modules/database/lib/puppet/type/database.rb b/modules/database/lib/puppet/type/database.rb new file mode 100644 index 0000000..25545cc --- /dev/null +++ b/modules/database/lib/puppet/type/database.rb @@ -0,0 +1,25 @@ +Puppet::Type.newtype(:database) do + @doc = "Manage databases" + + ensurable + + newparam(:hostname) do + desc "The database server hostname" + end + + newparam(:port) do + desc "The database server port" + end + + newparam(:admin_username) do + desc "The database server admin username" + end + + newparam(:admin_password) do + desc "The database server admin password" + end + + newparam(:name) do + desc "The database name" + end +end \ No newline at end of file diff --git a/modules/database/manifests/init.pp b/modules/database/manifests/init.pp new file mode 100644 index 0000000..e69de29 diff --git a/modules/jenkins/manifests/init.pp b/modules/jenkins/manifests/init.pp new file mode 100644 index 0000000..d793c72 --- /dev/null +++ b/modules/jenkins/manifests/init.pp @@ -0,0 +1,32 @@ +class jenkins { + $key_url = "http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key" + $key_id = "D50582E6" + $repo_url = "deb http://pkg.jenkins-ci.org/debian binary/" + $apt_sources = "/etc/apt/sources.list.d/jenkins.list" + + exec { + "install-jenkins-key": + command => "wget -q -O - ${key_url} | apt-key add -", + onlyif => "test `apt-key list | grep ${key_id} | wc -l` -eq 0"; + "install-jenkins-repo": + command => "echo '${repo_url}' >> ${apt_sources}", + unless => "test -f ${apt_sources}" + require => Exec["install-jenkins-key"]; + "update-jenkins-repo": + command => "apt-get update", + unless => "dpkg -S jenkins", + require => Exec["install-jenkins-repo"]; + } + + package { + "jenkins": + ensure => latest, + require => Exec["update-jenkins-repo"]; + } + + service { + "jenkins": + ensure => running, + require => Package["jenkins"]; + } +} \ No newline at end of file diff --git a/modules/mysql/lib/puppet/provider/database/mysql.rb b/modules/mysql/lib/puppet/provider/database/mysql.rb new file mode 100644 index 0000000..6e9662f --- /dev/null +++ b/modules/mysql/lib/puppet/provider/database/mysql.rb @@ -0,0 +1,47 @@ +Puppet::Type.type(:database).provide(:mysql) do + desc "Manages a mysql database." + + def create + db = get_connection() + + db.query("CREATE DATABASE IF NOT EXISTS `#{@resource[:name]}`") + + return true + rescue + return false + ensure + db.close + end + + def destroy + db = get_connection() + + db.query("DROP DATABASE IF EXISTS `#{@resource[:name]}`") + + return true + rescue + return false + ensure + db.close + end + + def exists? + db = get_connection() + + results = db.query("SHOW DATABASES") + + results.each do |row| + return true if (row.to_s == @resource[:name]) + end + + return false + ensure + db.close + end + + private + def get_connection() + require 'mysql' + Mysql.new(@resource[:hostname], @resource[:admin_username], @resource[:admin_password], "mysql", @resource[:port].to_i) + end +end \ No newline at end of file diff --git a/modules/mysql/manifests/client.pp b/modules/mysql/manifests/client.pp new file mode 100644 index 0000000..df20a81 --- /dev/null +++ b/modules/mysql/manifests/client.pp @@ -0,0 +1,9 @@ +class mysql::client inherits mysql { + package { + [ + "mysql-client", + "libmysql-ruby" + ]: + ensure => installed; + } +} \ No newline at end of file diff --git a/modules/mysql/manifests/init.pp b/modules/mysql/manifests/init.pp new file mode 100644 index 0000000..2610ebc --- /dev/null +++ b/modules/mysql/manifests/init.pp @@ -0,0 +1,6 @@ +import "server.pp" +import "client.pp" + +class mysql { + +} \ No newline at end of file diff --git a/modules/mysql/manifests/server.pp b/modules/mysql/manifests/server.pp new file mode 100644 index 0000000..f3eddd8 --- /dev/null +++ b/modules/mysql/manifests/server.pp @@ -0,0 +1,32 @@ +class mysql::server inherits mysql::client { + $root_password = extlookup("mysql_root_password", false) + + if !$root_password { + err("A mysql root password is required!") + } + + dpkg::preseed_package { + "mysql-server": + ensure => installed, + preseed_content => template("mysql/preseed.erb"); + } + + service { + "mysql": + ensure => running; + } + + # TODO: + # GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'XXX' WITH GRANT OPTION; + # FLUSH PRIVILEGES; + + # Export default nagios services + @@nagios_service { + "check_mysql": + check_command => "check_mysql_cmdlinecred!root!${root_password}", + use => "generic-service", + host_name => "$fqdn", + notification_period => "24x7", + service_description => "check_mysql"; + } +} \ No newline at end of file diff --git a/modules/mysql/templates/preseed.erb b/modules/mysql/templates/preseed.erb new file mode 100644 index 0000000..d6be54b --- /dev/null +++ b/modules/mysql/templates/preseed.erb @@ -0,0 +1,3 @@ +mysql-server-5.1 mysql-server/root_password_again password <%=root_password %> +mysql-server-5.1 mysql-server/root_password password <%=root_password %> +mysql-server-5.1 mysql-server-5.1/start_on_boot boolean true diff --git a/modules/nagios/files/etc/nagios3/cgi.cfg b/modules/nagios/files/etc/nagios3/cgi.cfg new file mode 100644 index 0000000..3336538 --- /dev/null +++ b/modules/nagios/files/etc/nagios3/cgi.cfg @@ -0,0 +1,367 @@ +################################################################# +# +# CGI.CFG - Sample CGI Configuration File for Nagios +# +################################################################# + + +# MAIN CONFIGURATION FILE +# This tells the CGIs where to find your main configuration file. +# The CGIs will read the main and host config files for any other +# data they might need. + +main_config_file=/etc/nagios3/nagios.cfg + + + +# PHYSICAL HTML PATH +# This is the path where the HTML files for Nagios reside. This +# value is used to locate the logo images needed by the statusmap +# and statuswrl CGIs. + +physical_html_path=/usr/share/nagios3/htdocs + + + +# URL HTML PATH +# This is the path portion of the URL that corresponds to the +# physical location of the Nagios HTML files (as defined above). +# This value is used by the CGIs to locate the online documentation +# and graphics. If you access the Nagios pages with an URL like +# http://www.myhost.com/nagios, this value should be '/nagios' +# (without the quotes). + +url_html_path=/ + + + +# CONTEXT-SENSITIVE HELP +# This option determines whether or not a context-sensitive +# help icon will be displayed for most of the CGIs. +# Values: 0 = disables context-sensitive help +# 1 = enables context-sensitive help + +show_context_help=1 + + + +# PENDING STATES OPTION +# This option determines what states should be displayed in the web +# interface for hosts/services that have not yet been checked. +# Values: 0 = leave hosts/services that have not been check yet in their original state +# 1 = mark hosts/services that have not been checked yet as PENDING + +use_pending_states=1 + +# NAGIOS PROCESS CHECK COMMAND +# This is the full path and filename of the program used to check +# the status of the Nagios process. It is used only by the CGIs +# and is completely optional. However, if you don't use it, you'll +# see warning messages in the CGIs about the Nagios process +# not running and you won't be able to execute any commands from +# the web interface. The program should follow the same rules +# as plugins; the return codes are the same as for the plugins, +# it should have timeout protection, it should output something +# to STDIO, etc. +# +# Note: The command line for the check_nagios plugin below may +# have to be tweaked a bit, as different versions of the plugin +# use different command line arguments/syntaxes. + +nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3' + + +# AUTHENTICATION USAGE +# This option controls whether or not the CGIs will use any +# authentication when displaying host and service information, as +# well as committing commands to Nagios for processing. +# +# Read the HTML documentation to learn how the authorization works! +# +# NOTE: It is a really *bad* idea to disable authorization, unless +# you plan on removing the command CGI (cmd.cgi)! Failure to do +# so will leave you wide open to kiddies messing with Nagios and +# possibly hitting you with a denial of service attack by filling up +# your drive by continuously writing to your command file! +# +# Setting this value to 0 will cause the CGIs to *not* use +# authentication (bad idea), while any other value will make them +# use the authentication functions (the default). + +use_authentication=1 + + + + +# x509 CERT AUTHENTICATION +# When enabled, this option allows you to use x509 cert (SSL) +# authentication in the CGIs. This is an advanced option and should +# not be enabled unless you know what you're doing. + +use_ssl_authentication=0 + + + + +# DEFAULT USER +# Setting this variable will define a default user name that can +# access pages without authentication. This allows people within a +# secure domain (i.e., behind a firewall) to see the current status +# without authenticating. You may want to use this to avoid basic +# authentication if you are not using a secure server since basic +# authentication transmits passwords in the clear. +# +# Important: Do not define a default username unless you are +# running a secure web server and are sure that everyone who has +# access to the CGIs has been authenticated in some manner! If you +# define this variable, anyone who has not authenticated to the web +# server will inherit all rights you assign to this user! + +default_user_name=guest + + + +# SYSTEM/PROCESS INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# have access to viewing the Nagios process information as +# provided by the Extended Information CGI (extinfo.cgi). By +# default, *no one* has access to this unless you choose to +# not use authorization. You may use an asterisk (*) to +# authorize any user who has authenticated to the web server. + +authorized_for_system_information=nagiosadmin + + + +# CONFIGURATION INFORMATION ACCESS +# This option is a comma-delimited list of all usernames that +# can view ALL configuration information (hosts, commands, etc). +# By default, users can only view configuration information +# for the hosts and services they are contacts for. You may use +# an asterisk (*) to authorize any user who has authenticated +# to the web server. + +authorized_for_configuration_information=nagiosadmin + + + +# SYSTEM/PROCESS COMMAND ACCESS +# This option is a comma-delimited list of all usernames that +# can issue shutdown and restart commands to Nagios via the +# command CGI (cmd.cgi). Users in this list can also change +# the program mode to active or standby. By default, *no one* +# has access to this unless you choose to not use authorization. +# You may use an asterisk (*) to authorize any user who has +# authenticated to the web server. + +authorized_for_system_commands=nagiosadmin + + + +# GLOBAL HOST/SERVICE VIEW ACCESS +# These two options are comma-delimited lists of all usernames that +# can view information for all hosts and services that are being +# monitored. By default, users can only view information +# for hosts or services that they are contacts for (unless you +# you choose to not use authorization). You may use an asterisk (*) +# to authorize any user who has authenticated to the web server. + + +authorized_for_all_services=nagiosadmin +authorized_for_all_hosts=nagiosadmin + + + +# GLOBAL HOST/SERVICE COMMAND ACCESS +# These two options are comma-delimited lists of all usernames that +# can issue host or service related commands via the command +# CGI (cmd.cgi) for all hosts and services that are being monitored. +# By default, users can only issue commands for hosts or services +# that they are contacts for (unless you you choose to not use +# authorization). You may use an asterisk (*) to authorize any +# user who has authenticated to the web server. + +authorized_for_all_service_commands=nagiosadmin +authorized_for_all_host_commands=nagiosadmin + + + +# READ-ONLY USERS +# A comma-delimited list of usernames that have read-only rights in +# the CGIs. This will block any service or host commands normally shown +# on the extinfo CGI pages. It will also block comments from being shown +# to read-only users. + +#authorized_for_read_only=user1,user2 + + + + +# STATUSMAP BACKGROUND IMAGE +# This option allows you to specify an image to be used as a +# background in the statusmap CGI. It is assumed that the image +# resides in the HTML images path (i.e. /usr/local/nagios/share/images). +# This path is automatically determined by appending "/images" +# to the path specified by the 'physical_html_path' directive. +# Note: The image file may be in GIF, PNG, JPEG, or GD2 format. +# However, I recommend that you convert your image to GD2 format +# (uncompressed), as this will cause less CPU load when the CGI +# generates the image. + +#statusmap_background_image=smbackground.gd2 + + + + +# STATUSMAP TRANSPARENCY INDEX COLOR +# These options set the r,g,b values of the background color used the statusmap CGI, +# so normal browsers that can't show real png transparency set the desired color as +# a background color instead (to make it look pretty). +# Defaults to white: (R,G,B) = (255,255,255). + +#color_transparency_index_r=255 +#color_transparency_index_g=255 +#color_transparency_index_b=255 + + + + +# DEFAULT STATUSMAP LAYOUT METHOD +# This option allows you to specify the default layout method +# the statusmap CGI should use for drawing hosts. If you do +# not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 1 = Depth layers +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular +# 5 = Circular (Marked Up) + +default_statusmap_layout=5 + + + +# DEFAULT STATUSWRL LAYOUT METHOD +# This option allows you to specify the default layout method +# the statuswrl (VRML) CGI should use for drawing hosts. If you +# do not use this option, the default is to use user-defined +# coordinates. Valid options are as follows: +# 0 = User-defined coordinates +# 2 = Collapsed tree +# 3 = Balanced tree +# 4 = Circular + +default_statuswrl_layout=4 + + + +# STATUSWRL INCLUDE +# This option allows you to include your own objects in the +# generated VRML world. It is assumed that the file +# resides in the HTML path (i.e. /usr/local/nagios/share). + +#statuswrl_include=myworld.wrl + + + +# PING SYNTAX +# This option determines what syntax should be used when +# attempting to ping a host from the WAP interface (using +# the statuswml CGI. You must include the full path to +# the ping binary, along with all required options. The +# $HOSTADDRESS$ macro is substituted with the address of +# the host before the command is executed. +# Please note that the syntax for the ping binary is +# notorious for being different on virtually ever *NIX +# OS and distribution, so you may have to tweak this to +# work on your system. + +ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ + + + +# REFRESH RATE +# This option allows you to specify the refresh rate in seconds +# of various CGIs (status, statusmap, extinfo, and outages). + +refresh_rate=90 + + + +# ESCAPE HTML TAGS +# This option determines whether HTML tags in host and service +# status output is escaped in the web interface. If enabled, +# your plugin output will not be able to contain clickable links. + +escape_html_tags=1 + + + + +# SOUND OPTIONS +# These options allow you to specify an optional audio file +# that should be played in your browser window when there are +# problems on the network. The audio files are used only in +# the status CGI. Only the sound for the most critical problem +# will be played. Order of importance (higher to lower) is as +# follows: unreachable hosts, down hosts, critical services, +# warning services, and unknown services. If there are no +# visible problems, the sound file optionally specified by +# 'normal_sound' variable will be played. +# +# +# = +# +# Note: All audio files must be placed in the /media subdirectory +# under the HTML path (i.e. /usr/local/nagios/share/media/). + +#host_unreachable_sound=hostdown.wav +#host_down_sound=hostdown.wav +#service_critical_sound=critical.wav +#service_warning_sound=warning.wav +#service_unknown_sound=warning.wav +#normal_sound=noproblem.wav + + + +# URL TARGET FRAMES +# These options determine the target frames in which notes and +# action URLs will open. + +action_url_target=_blank +notes_url_target=_blank + + + + +# LOCK AUTHOR NAMES OPTION +# This option determines whether users can change the author name +# when submitting comments, scheduling downtime. If disabled, the +# author names will be locked into their contact name, as defined in Nagios. +# Values: 0 = allow editing author names +# 1 = lock author names (disallow editing) + +lock_author_names=1 + + + + +# SPLUNK INTEGRATION OPTIONS +# These options allow you to enable integration with Splunk +# in the web interface. If enabled, you'll be presented with +# "Splunk It" links in various places in the CGIs (log file, +# alert history, host/service detail, etc). Useful if you're +# trying to research why a particular problem occurred. +# For more information on Splunk, visit http://www.splunk.com/ + +# This option determines whether the Splunk integration is enabled +# Values: 0 = disable Splunk integration +# 1 = enable Splunk integration + +#enable_splunk_integration=1 + + +# This option should be the URL used to access your instance of Splunk + +#splunk_url=http://127.0.0.1:8000/ \ No newline at end of file diff --git a/modules/nagios/files/etc/nagios3/commands.cfg b/modules/nagios/files/etc/nagios3/commands.cfg new file mode 100644 index 0000000..aa4584b --- /dev/null +++ b/modules/nagios/files/etc/nagios3/commands.cfg @@ -0,0 +1,50 @@ +############################################################################### +# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS +############################################################################### + + +################################################################################ +# NOTIFICATION COMMANDS +################################################################################ + + +# 'notify-host-by-email' command definition +define command{ + command_name notify-host-by-email + command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ + } + +# 'notify-service-by-email' command definition +define command{ + command_name notify-service-by-email + command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ + } + + + + + +################################################################################ +# HOST CHECK COMMANDS +################################################################################ + +# On Debian, check-host-alive is being defined from within the +# nagios-plugins-basic package + +################################################################################ +# PERFORMANCE DATA COMMANDS +################################################################################ + + +# 'process-host-perfdata' command definition +define command{ + command_name process-host-perfdata + command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios3/host-perfdata.out + } + + +# 'process-service-perfdata' command definition +define command{ + command_name process-service-perfdata + command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios3/service-perfdata.out + } \ No newline at end of file diff --git a/modules/nagios/files/etc/nagios3/nagios.cfg b/modules/nagios/files/etc/nagios3/nagios.cfg new file mode 100644 index 0000000..8aba5b8 --- /dev/null +++ b/modules/nagios/files/etc/nagios3/nagios.cfg @@ -0,0 +1,1325 @@ +############################################################################## +# +# NAGIOS.CFG - Main Config File for Nagios +# +############################################################################## + + +# LOG FILE +# This is the main log file where service and host events are logged +# for historical purposes. This should be the first option specified +# in the config file!!! + +log_file=/var/log/nagios3/nagios.log + +# Commands definitions +cfg_file=/etc/nagios3/commands.cfg + +# Debian also defaults to using the check commands defined by the debian +# nagios-plugins package +cfg_dir=/etc/nagios-plugins/config + +# Debian uses by default a configuration directory where nagios3-common, +# other packages and the local admin can dump or link configuration +# files into. +#cfg_dir=/etc/nagios3/conf.d +cfg_dir=/etc/nagios3/conf.puppet.d + +# OBJECT CONFIGURATION FILE(S) +# These are the object configuration files in which you define hosts, +# host groups, contacts, contact groups, services, etc. +# You can split your object definitions across several config files +# if you wish (as shown below), or keep them all in a single config file. + +# You can specify individual object config files as shown below: +#cfg_file=/etc/nagios3/objects/commands.cfg +#cfg_file=/etc/nagios3/objects/contacts.cfg +#cfg_file=/etc/nagios3/objects/timeperiods.cfg +cfg_file=/etc/nagios3/templates.cfg + +# Definitions for monitoring a Windows machine +#cfg_file=/etc/nagios3/objects/windows.cfg + +# Definitions for monitoring a router/switch +#cfg_file=/etc/nagios3/objects/switch.cfg + +# Definitions for monitoring a network printer +#cfg_file=/etc/nagios3/objects/printer.cfg + + +# You can also tell Nagios to process all config files (with a .cfg +# extension) in a particular directory by using the cfg_dir +# directive as shown below: + +#cfg_dir=/etc/nagios3/servers +#cfg_dir=/etc/nagios3/printers +#cfg_dir=/etc/nagios3/switches +#cfg_dir=/etc/nagios3/routers + + + + +# OBJECT CACHE FILE +# This option determines where object definitions are cached when +# Nagios starts/restarts. The CGIs read object definitions from +# this cache file (rather than looking at the object config files +# directly) in order to prevent inconsistencies that can occur +# when the config files are modified after Nagios starts. + +object_cache_file=/var/cache/nagios3/objects.cache + + + +# PRE-CACHED OBJECT FILE +# This options determines the location of the precached object file. +# If you run Nagios with the -p command line option, it will preprocess +# your object configuration file(s) and write the cached config to this +# file. You can then start Nagios with the -u option to have it read +# object definitions from this precached file, rather than the standard +# object configuration files (see the cfg_file and cfg_dir options above). +# Using a precached object file can speed up the time needed to (re)start +# the Nagios process if you've got a large and/or complex configuration. +# Read the documentation section on optimizing Nagios to find our more +# about how this feature works. + +precached_object_file=/var/lib/nagios3/objects.precache + + + +# RESOURCE FILE +# This is an optional resource file that contains $USERx$ macro +# definitions. Multiple resource files can be specified by using +# multiple resource_file definitions. The CGIs will not attempt to +# read the contents of resource files, so information that is +# considered to be sensitive (usernames, passwords, etc) can be +# defined as macros in this file and restrictive permissions (600) +# can be placed on this file. + +resource_file=/etc/nagios3/resource.cfg + + + +# STATUS FILE +# This is where the current status of all monitored services and +# hosts is stored. Its contents are read and processed by the CGIs. +# The contents of the status file are deleted every time Nagios +# restarts. + +status_file=/var/cache/nagios3/status.dat + + + +# STATUS FILE UPDATE INTERVAL +# This option determines the frequency (in seconds) that +# Nagios will periodically dump program, host, and +# service status data. + +status_update_interval=10 + + + +# NAGIOS USER +# This determines the effective user that Nagios should run as. +# You can either supply a username or a UID. + +nagios_user=nagios + + + +# NAGIOS GROUP +# This determines the effective group that Nagios should run as. +# You can either supply a group name or a GID. + +nagios_group=nagios + + + +# EXTERNAL COMMAND OPTION +# This option allows you to specify whether or not Nagios should check +# for external commands (in the command file defined below). By default +# Nagios will *not* check for external commands, just to be on the +# cautious side. If you want to be able to use the CGI command interface +# you will have to enable this. +# Values: 0 = disable commands, 1 = enable commands + +check_external_commands=1 + + + +# EXTERNAL COMMAND CHECK INTERVAL +# This is the interval at which Nagios should check for external commands. +# This value works of the interval_length you specify later. If you leave +# that at its default value of 60 (seconds), a value of 1 here will cause +# Nagios to check for external commands every minute. If you specify a +# number followed by an "s" (i.e. 15s), this will be interpreted to mean +# actual seconds rather than a multiple of the interval_length variable. +# Note: In addition to reading the external command file at regularly +# scheduled intervals, Nagios will also check for external commands after +# event handlers are executed. +# NOTE: Setting this value to -1 causes Nagios to check the external +# command file as often as possible. + +#command_check_interval=15s +command_check_interval=5s + + + +# EXTERNAL COMMAND FILE +# This is the file that Nagios checks for external command requests. +# It is also where the command CGI will write commands that are submitted +# by users, so it must be writeable by the user that the web server +# is running as (usually 'nobody'). Permissions should be set at the +# directory level instead of on the file, as the file is deleted every +# time its contents are processed. +# Debian Users: In case you didn't read README.Debian yet, _NOW_ is the +# time to do it. + +command_file=/var/lib/nagios3/rw/nagios.cmd + + + +# EXTERNAL COMMAND BUFFER SLOTS +# This settings is used to tweak the number of items or "slots" that +# the Nagios daemon should allocate to the buffer that holds incoming +# external commands before they are processed. As external commands +# are processed by the daemon, they are removed from the buffer. + +external_command_buffer_slots=4096 + + + +# LOCK FILE +# This is the lockfile that Nagios will use to store its PID number +# in when it is running in daemon mode. + +lock_file=/var/run/nagios3/nagios3.pid + + + +# TEMP FILE +# This is a temporary file that is used as scratch space when Nagios +# updates the status log, cleans the comment file, etc. This file +# is created, used, and deleted throughout the time that Nagios is +# running. + +temp_file=/var/cache/nagios3/nagios.tmp + + + +# TEMP PATH +# This is path where Nagios can create temp files for service and +# host check results, etc. + +temp_path=/tmp + + + +# EVENT BROKER OPTIONS +# Controls what (if any) data gets sent to the event broker. +# Values: 0 = Broker nothing +# -1 = Broker everything +# = See documentation + +event_broker_options=-1 + + + +# EVENT BROKER MODULE(S) +# This directive is used to specify an event broker module that should +# by loaded by Nagios at startup. Use multiple directives if you want +# to load more than one module. Arguments that should be passed to +# the module at startup are seperated from the module path by a space. +# +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING !!! WARNING +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# +# Do NOT overwrite modules while they are being used by Nagios or Nagios +# will crash in a fiery display of SEGFAULT glory. This is a bug/limitation +# either in dlopen(), the kernel, and/or the filesystem. And maybe Nagios... +# +# The correct/safe way of updating a module is by using one of these methods: +# 1. Shutdown Nagios, replace the module file, restart Nagios +# 2. Delete the original module file, move the new module file into place, restart Nagios +# +# Example: +# +# broker_module= [moduleargs] + +#broker_module=/somewhere/module1.o +#broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 + + + +# LOG ROTATION METHOD +# This is the log rotation method that Nagios should use to rotate +# the main log file. Values are as follows.. +# n = None - don't rotate the log +# h = Hourly rotation (top of the hour) +# d = Daily rotation (midnight every day) +# w = Weekly rotation (midnight on Saturday evening) +# m = Monthly rotation (midnight last day of month) + +log_rotation_method=d + + + +# LOG ARCHIVE PATH +# This is the directory where archived (rotated) log files should be +# placed (assuming you've chosen to do log rotation). + +log_archive_path=/var/log/nagios3/archives + + + +# LOGGING OPTIONS +# If you want messages logged to the syslog facility, as well as the +# Nagios log file set this option to 1. If not, set it to 0. + +use_syslog=1 + + + +# NOTIFICATION LOGGING OPTION +# If you don't want notifications to be logged, set this value to 0. +# If notifications should be logged, set the value to 1. + +log_notifications=1 + + + +# SERVICE RETRY LOGGING OPTION +# If you don't want service check retries to be logged, set this value +# to 0. If retries should be logged, set the value to 1. + +log_service_retries=1 + + + +# HOST RETRY LOGGING OPTION +# If you don't want host check retries to be logged, set this value to +# 0. If retries should be logged, set the value to 1. + +log_host_retries=1 + + + +# EVENT HANDLER LOGGING OPTION +# If you don't want host and service event handlers to be logged, set +# this value to 0. If event handlers should be logged, set the value +# to 1. + +log_event_handlers=1 + + + +# INITIAL STATES LOGGING OPTION +# If you want Nagios to log all initial host and service states to +# the main log file (the first time the service or host is checked) +# you can enable this option by setting this value to 1. If you +# are not using an external application that does long term state +# statistics reporting, you do not need to enable this option. In +# this case, set the value to 0. + +log_initial_states=0 + + + +# EXTERNAL COMMANDS LOGGING OPTION +# If you don't want Nagios to log external commands, set this value +# to 0. If external commands should be logged, set this value to 1. +# Note: This option does not include logging of passive service +# checks - see the option below for controlling whether or not +# passive checks are logged. + +log_external_commands=1 + + + +# PASSIVE CHECKS LOGGING OPTION +# If you don't want Nagios to log passive host and service checks, set +# this value to 0. If passive checks should be logged, set +# this value to 1. + +log_passive_checks=1 + + + +# GLOBAL HOST AND SERVICE EVENT HANDLERS +# These options allow you to specify a host and service event handler +# command that is to be run for every host or service state change. +# The global event handler is executed immediately prior to the event +# handler that you have optionally specified in each host or +# service definition. The command argument is the short name of a +# command definition that you define in your host configuration file. +# Read the HTML docs for more information. + +#global_host_event_handler=somecommand +#global_service_event_handler=somecommand + + + +# SERVICE INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" service checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all service checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! This is not a +# good thing for production, but is useful when testing the +# parallelization functionality. +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +service_inter_check_delay_method=s + + + +# MAXIMUM SERVICE CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all services should +# be completed. Default is 30 minutes. + +max_service_check_spread=30 + + + +# SERVICE CHECK INTERLEAVE FACTOR +# This variable determines how service checks are interleaved. +# Interleaving the service checks allows for a more even +# distribution of service checks and reduced load on remote +# hosts. Setting this value to 1 is equivalent to how versions +# of Nagios previous to 0.0.5 did service checks. Set this +# value to s (smart) for automatic calculation of the interleave +# factor unless you have a specific reason to change it. +# s = Use "smart" interleave factor calculation +# x = Use an interleave factor of x, where x is a +# number greater than or equal to 1. + +service_interleave_factor=s + + + +# HOST INTER-CHECK DELAY METHOD +# This is the method that Nagios should use when initially +# "spreading out" host checks when it starts monitoring. The +# default is to use smart delay calculation, which will try to +# space all host checks out evenly to minimize CPU load. +# Using the dumb setting will cause all checks to be scheduled +# at the same time (with no delay between them)! +# n = None - don't use any delay between checks +# d = Use a "dumb" delay of 1 second between checks +# s = Use "smart" inter-check delay calculation +# x.xx = Use an inter-check delay of x.xx seconds + +host_inter_check_delay_method=s + + + +# MAXIMUM HOST CHECK SPREAD +# This variable determines the timeframe (in minutes) from the +# program start time that an initial check of all hosts should +# be completed. Default is 30 minutes. + +max_host_check_spread=30 + + + +# MAXIMUM CONCURRENT SERVICE CHECKS +# This option allows you to specify the maximum number of +# service checks that can be run in parallel at any given time. +# Specifying a value of 1 for this variable essentially prevents +# any service checks from being parallelized. A value of 0 +# will not restrict the number of concurrent checks that are +# being executed. + +max_concurrent_checks=0 + + + +# HOST AND SERVICE CHECK REAPER FREQUENCY +# This is the frequency (in seconds!) that Nagios will process +# the results of host and service checks. + +check_result_reaper_frequency=10 + + + + +# MAX CHECK RESULT REAPER TIME +# This is the max amount of time (in seconds) that a single +# check result reaper event will be allowed to run before +# returning control back to Nagios so it can perform other +# duties. + +max_check_result_reaper_time=30 + + + + +# CHECK RESULT PATH +# This is directory where Nagios stores the results of host and +# service checks that have not yet been processed. +# +# Note: Make sure that only one instance of Nagios has access +# to this directory! + +check_result_path=/var/lib/nagios3/spool/checkresults + + + + +# MAX CHECK RESULT FILE AGE +# This option determines the maximum age (in seconds) which check +# result files are considered to be valid. Files older than this +# threshold will be mercilessly deleted without further processing. + +max_check_result_file_age=3600 + + + + +# CACHED HOST CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous host check is considered current. +# Cached host states (from host checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to the host check logic. +# Too high of a value for this option may result in inaccurate host +# states being used by Nagios, while a lower value may result in a +# performance hit for host checks. Use a value of 0 to disable host +# check caching. + +cached_host_check_horizon=15 + + + +# CACHED SERVICE CHECK HORIZON +# This option determines the maximum amount of time (in seconds) +# that the state of a previous service check is considered current. +# Cached service states (from service checks that were performed more +# recently that the timeframe specified by this value) can immensely +# improve performance in regards to predictive dependency checks. +# Use a value of 0 to disable service check caching. + +cached_service_check_horizon=15 + + + +# ENABLE PREDICTIVE HOST DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of hosts when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# host dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_host_dependency_checks=1 + + + +# ENABLE PREDICTIVE SERVICE DEPENDENCY CHECKS +# This option determines whether or not Nagios will attempt to execute +# checks of service when it predicts that future dependency logic test +# may be needed. These predictive checks can help ensure that your +# service dependency logic works well. +# Values: +# 0 = Disable predictive checks +# 1 = Enable predictive checks (default) + +enable_predictive_service_dependency_checks=1 + + + +# SOFT STATE DEPENDENCIES +# This option determines whether or not Nagios will use soft state +# information when checking host and service dependencies. Normally +# Nagios will only use the latest hard host or service state when +# checking dependencies. If you want it to use the latest state (regardless +# of whether its a soft or hard state type), enable this option. +# Values: +# 0 = Don't use soft state dependencies (default) +# 1 = Use soft state dependencies + +soft_state_dependencies=0 + + + +# TIME CHANGE ADJUSTMENT THRESHOLDS +# These options determine when Nagios will react to detected changes +# in system time (either forward or backwards). + +#time_change_threshold=900 + + + +# AUTO-RESCHEDULING OPTION +# This option determines whether or not Nagios will attempt to +# automatically reschedule active host and service checks to +# "smooth" them out over time. This can help balance the load on +# the monitoring server. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_reschedule_checks=0 + + + +# AUTO-RESCHEDULING INTERVAL +# This option determines how often (in seconds) Nagios will +# attempt to automatically reschedule checks. This option only +# has an effect if the auto_reschedule_checks option is enabled. +# Default is 30 seconds. +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_interval=30 + + + +# AUTO-RESCHEDULING WINDOW +# This option determines the "window" of time (in seconds) that +# Nagios will look at when automatically rescheduling checks. +# Only host and service checks that occur in the next X seconds +# (determined by this variable) will be rescheduled. This option +# only has an effect if the auto_reschedule_checks option is +# enabled. Default is 180 seconds (3 minutes). +# WARNING: THIS IS AN EXPERIMENTAL FEATURE - IT CAN DEGRADE +# PERFORMANCE, RATHER THAN INCREASE IT, IF USED IMPROPERLY + +auto_rescheduling_window=180 + + + +# SLEEP TIME +# This is the number of seconds to sleep between checking for system +# events and service checks that need to be run. + +sleep_time=0.25 + + + +# TIMEOUT VALUES +# These options control how much time Nagios will allow various +# types of commands to execute before killing them off. Options +# are available for controlling maximum time allotted for +# service checks, host checks, event handlers, notifications, the +# ocsp command, and performance data commands. All values are in +# seconds. + +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +perfdata_timeout=5 + + + +# RETAIN STATE INFORMATION +# This setting determines whether or not Nagios will save state +# information for services and hosts before it shuts down. Upon +# startup Nagios will reload all saved service and host state +# information before starting to monitor. This is useful for +# maintaining long-term data on state statistics, etc, but will +# slow Nagios down a bit when it (re)starts. Since its only +# a one-time penalty, I think its well worth the additional +# startup delay. + +retain_state_information=1 + + + +# STATE RETENTION FILE +# This is the file that Nagios should use to store host and +# service state information before it shuts down. The state +# information in this file is also read immediately prior to +# starting to monitor the network when Nagios is restarted. +# This file is used only if the retain_state_information +# variable is set to 1. + +state_retention_file=/var/lib/nagios3/retention.dat + + + +# RETENTION DATA UPDATE INTERVAL +# This setting determines how often (in minutes) that Nagios +# will automatically save retention data during normal operation. +# If you set this value to 0, Nagios will not save retention +# data at regular interval, but it will still save retention +# data before shutting down or restarting. If you have disabled +# state retention, this option has no effect. + +retention_update_interval=60 + + + +# USE RETAINED PROGRAM STATE +# This setting determines whether or not Nagios will set +# program status variables based on the values saved in the +# retention file. If you want to use retained program status +# information, set this value to 1. If not, set this value +# to 0. + +use_retained_program_state=1 + + + +# USE RETAINED SCHEDULING INFO +# This setting determines whether or not Nagios will retain +# the scheduling info (next check time) for hosts and services +# based on the values saved in the retention file. If you +# If you want to use retained scheduling info, set this +# value to 1. If not, set this value to 0. + +use_retained_scheduling_info=1 + + + +# RETAINED ATTRIBUTE MASKS (ADVANCED FEATURE) +# The following variables are used to specify specific host and +# service attributes that should *not* be retained by Nagios during +# program restarts. +# +# The values of the masks are bitwise ANDs of values specified +# by the "MODATTR_" definitions found in include/common.h. +# For example, if you do not want the current enabled/disabled state +# of flap detection and event handlers for hosts to be retained, you +# would use a value of 24 for the host attribute mask... +# MODATTR_EVENT_HANDLER_ENABLED (8) + MODATTR_FLAP_DETECTION_ENABLED (16) = 24 + +# This mask determines what host attributes are not retained +retained_host_attribute_mask=0 + +# This mask determines what service attributes are not retained +retained_service_attribute_mask=0 + +# These two masks determine what process attributes are not retained. +# There are two masks, because some process attributes have host and service +# options. For example, you can disable active host checks, but leave active +# service checks enabled. +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 + +# These two masks determine what contact attributes are not retained. +# There are two masks, because some contact attributes have host and +# service options. For example, you can disable host notifications for +# a contact, but leave service notifications enabled for them. +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 + + + +# INTERVAL LENGTH +# This is the seconds per unit interval as used in the +# host/contact/service configuration files. Setting this to 60 means +# that each interval is one minute long (60 seconds). Other settings +# have not been tested much, so your mileage is likely to vary... + +interval_length=60 + + + +# CHECK FOR UPDATES +# This option determines whether Nagios will automatically check to +# see if new updates (releases) are available. It is recommend that you +# enable this option to ensure that you stay on top of the latest critical +# patches to Nagios. Nagios is critical to you - make sure you keep it in +# good shape. Nagios will check once a day for new updates. Data collected +# by Nagios Enterprises from the update check is processed in accordance +# with our privacy policy - see http://api.nagios.org for details. + +check_for_updates=1 + + + +# BARE UPDATE CHECK +# This option deterines what data Nagios will send to api.nagios.org when +# it checks for updates. By default, Nagios will send information on the +# current version of Nagios you have installed, as well as an indicator as +# to whether this was a new installation or not. Nagios Enterprises uses +# this data to determine the number of users running specific version of +# Nagios. Enable this option if you do not want this information to be sent. + +bare_update_check=0 + + + +# AGGRESSIVE HOST CHECKING OPTION +# If you don't want to turn on aggressive host checking features, set +# this value to 0 (the default). Otherwise set this value to 1 to +# enable the aggressive check option. Read the docs for more info +# on what aggressive host check is or check out the source code in +# base/checks.c + +use_aggressive_host_checking=0 + + + +# SERVICE CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# service checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of service checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_service_checks=1 + + + +# PASSIVE SERVICE CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# service checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_service_checks=1 + + + +# HOST CHECK EXECUTION OPTION +# This determines whether or not Nagios will actively execute +# host checks when it initially starts. If this option is +# disabled, checks are not actively made, but Nagios can still +# receive and process passive check results that come in. Unless +# you're implementing redundant hosts or have a special need for +# disabling the execution of host checks, leave this enabled! +# Values: 1 = enable checks, 0 = disable checks + +execute_host_checks=1 + + + +# PASSIVE HOST CHECK ACCEPTANCE OPTION +# This determines whether or not Nagios will accept passive +# host checks results when it initially (re)starts. +# Values: 1 = accept passive checks, 0 = reject passive checks + +accept_passive_host_checks=1 + + + +# NOTIFICATIONS OPTION +# This determines whether or not Nagios will sent out any host or +# service notifications when it is initially (re)started. +# Values: 1 = enable notifications, 0 = disable notifications + +enable_notifications=1 + + + +# EVENT HANDLER USE OPTION +# This determines whether or not Nagios will run any host or +# service event handlers when it is initially (re)started. Unless +# you're implementing redundant hosts, leave this option enabled. +# Values: 1 = enable event handlers, 0 = disable event handlers + +enable_event_handlers=1 + + + +# PROCESS PERFORMANCE DATA OPTION +# This determines whether or not Nagios will process performance +# data returned from service and host checks. If this option is +# enabled, host performance data will be processed using the +# host_perfdata_command (defined below) and service performance +# data will be processed using the service_perfdata_command (also +# defined below). Read the HTML docs for more information on +# performance data. +# Values: 1 = process performance data, 0 = do not process performance data + +process_performance_data=0 + + + +# HOST AND SERVICE PERFORMANCE DATA PROCESSING COMMANDS +# These commands are run after every host and service check is +# performed. These commands are executed only if the +# enable_performance_data option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on performance data. + +#host_perfdata_command=process-host-perfdata +#service_perfdata_command=process-service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILES +# These files are used to store host and service performance data. +# Performance data is only written to these files if the +# enable_performance_data option (above) is set to 1. + +#host_perfdata_file=/tmp/host-perfdata +#service_perfdata_file=/tmp/service-perfdata + + + +# HOST AND SERVICE PERFORMANCE DATA FILE TEMPLATES +# These options determine what data is written (and how) to the +# performance data files. The templates may contain macros, special +# characters (\t for tab, \r for carriage return, \n for newline) +# and plain text. A newline is automatically added after each write +# to the performance data file. Some examples of what you can do are +# shown below. + +#host_perfdata_file_template=[HOSTPERFDATA]\t$TIMET$\t$HOSTNAME$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$ +#service_perfdata_file_template=[SERVICEPERFDATA]\t$TIMET$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$ + + + +# HOST AND SERVICE PERFORMANCE DATA FILE MODES +# This option determines whether or not the host and service +# performance data files are opened in write ("w") or append ("a") +# mode. If you want to use named pipes, you should use the special +# pipe ("p") mode which avoid blocking at startup, otherwise you will +# likely want the defult append ("a") mode. + +#host_perfdata_file_mode=a +#service_perfdata_file_mode=a + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING INTERVAL +# These options determine how often (in seconds) the host and service +# performance data files are processed using the commands defined +# below. A value of 0 indicates the files should not be periodically +# processed. + +#host_perfdata_file_processing_interval=0 +#service_perfdata_file_processing_interval=0 + + + +# HOST AND SERVICE PERFORMANCE DATA FILE PROCESSING COMMANDS +# These commands are used to periodically process the host and +# service performance data files. The interval at which the +# processing occurs is determined by the options above. + +#host_perfdata_file_processing_command=process-host-perfdata-file +#service_perfdata_file_processing_command=process-service-perfdata-file + + + +# OBSESS OVER SERVICE CHECKS OPTION +# This determines whether or not Nagios will obsess over service +# checks and run the ocsp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over services, 0 = do not obsess (default) + +obsess_over_services=0 + + + +# OBSESSIVE COMPULSIVE SERVICE PROCESSOR COMMAND +# This is the command that is run for every service check that is +# processed by Nagios. This command is executed only if the +# obsess_over_services option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ocsp_command=somecommand + + + +# OBSESS OVER HOST CHECKS OPTION +# This determines whether or not Nagios will obsess over host +# checks and run the ochp_command defined below. Unless you're +# planning on implementing distributed monitoring, do not enable +# this option. Read the HTML docs for more information on +# implementing distributed monitoring. +# Values: 1 = obsess over hosts, 0 = do not obsess (default) + +obsess_over_hosts=0 + + + +# OBSESSIVE COMPULSIVE HOST PROCESSOR COMMAND +# This is the command that is run for every host check that is +# processed by Nagios. This command is executed only if the +# obsess_over_hosts option (above) is set to 1. The command +# argument is the short name of a command definition that you +# define in your host configuration file. Read the HTML docs for +# more information on implementing distributed monitoring. + +#ochp_command=somecommand + + + +# TRANSLATE PASSIVE HOST CHECKS OPTION +# This determines whether or not Nagios will translate +# DOWN/UNREACHABLE passive host check results into their proper +# state for this instance of Nagios. This option is useful +# if you have distributed or failover monitoring setup. In +# these cases your other Nagios servers probably have a different +# "view" of the network, with regards to the parent/child relationship +# of hosts. If a distributed monitoring server thinks a host +# is DOWN, it may actually be UNREACHABLE from the point of +# this Nagios instance. Enabling this option will tell Nagios +# to translate any DOWN or UNREACHABLE host states it receives +# passively into the correct state from the view of this server. +# Values: 1 = perform translation, 0 = do not translate (default) + +translate_passive_host_checks=0 + + + +# PASSIVE HOST CHECKS ARE SOFT OPTION +# This determines whether or not Nagios will treat passive host +# checks as being HARD or SOFT. By default, a passive host check +# result will put a host into a HARD state type. This can be changed +# by enabling this option. +# Values: 0 = passive checks are HARD, 1 = passive checks are SOFT + +passive_host_checks_are_soft=0 + + + +# ORPHANED HOST/SERVICE CHECK OPTIONS +# These options determine whether or not Nagios will periodically +# check for orphaned host service checks. Since service checks are +# not rescheduled until the results of their previous execution +# instance are processed, there exists a possibility that some +# checks may never get rescheduled. A similar situation exists for +# host checks, although the exact scheduling details differ a bit +# from service checks. Orphaned checks seem to be a rare +# problem and should not happen under normal circumstances. +# If you have problems with service checks never getting +# rescheduled, make sure you have orphaned service checks enabled. +# Values: 1 = enable checks, 0 = disable checks + +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 + + + +# SERVICE FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of service results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_service_freshness=1 + + + +# SERVICE FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of service check results. If you have +# disabled service freshness checking, this option has no effect. + +service_freshness_check_interval=60 + + + +# HOST FRESHNESS CHECK OPTION +# This option determines whether or not Nagios will periodically +# check the "freshness" of host results. Enabling this option +# is useful for ensuring passive checks are received in a timely +# manner. +# Values: 1 = enabled freshness checking, 0 = disable freshness checking + +check_host_freshness=0 + + + +# HOST FRESHNESS CHECK INTERVAL +# This setting determines how often (in seconds) Nagios will +# check the "freshness" of host check results. If you have +# disabled host freshness checking, this option has no effect. + +host_freshness_check_interval=60 + + + + +# ADDITIONAL FRESHNESS THRESHOLD LATENCY +# This setting determines the number of seconds that Nagios +# will add to any host and service freshness thresholds that +# it calculates (those not explicitly specified by the user). + +additional_freshness_latency=15 + + + + +# FLAP DETECTION OPTION +# This option determines whether or not Nagios will try +# and detect hosts and services that are "flapping". +# Flapping occurs when a host or service changes between +# states too frequently. When Nagios detects that a +# host or service is flapping, it will temporarily suppress +# notifications for that host/service until it stops +# flapping. Flap detection is very experimental, so read +# the HTML documentation before enabling this feature! +# Values: 1 = enable flap detection +# 0 = disable flap detection (default) + +enable_flap_detection=1 + + + +# FLAP DETECTION THRESHOLDS FOR HOSTS AND SERVICES +# Read the HTML documentation on flap detection for +# an explanation of what this option does. This option +# has no effect if flap detection is disabled. + +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 + + + +# DATE FORMAT OPTION +# This option determines how short dates are displayed. Valid options +# include: +# us (MM-DD-YYYY HH:MM:SS) +# euro (DD-MM-YYYY HH:MM:SS) +# iso8601 (YYYY-MM-DD HH:MM:SS) +# strict-iso8601 (YYYY-MM-DDTHH:MM:SS) +# + +date_format=iso8601 + + + + +# TIMEZONE OFFSET +# This option is used to override the default timezone that this +# instance of Nagios runs in. If not specified, Nagios will use +# the system configured timezone. +# +# NOTE: In order to display the correct timezone in the CGIs, you +# will also need to alter the Apache directives for the CGI path +# to include your timezone. Example: +# +# +# SetEnv TZ "Australia/Brisbane" +# ... +# + +#use_timezone=US/Mountain +#use_timezone=Australia/Brisbane + + + + +# P1.PL FILE LOCATION +# This value determines where the p1.pl perl script (used by the +# embedded Perl interpreter) is located. If you didn't compile +# Nagios with embedded Perl support, this option has no effect. + +p1_file=/usr/lib/nagios3/p1.pl + + + +# EMBEDDED PERL INTERPRETER OPTION +# This option determines whether or not the embedded Perl interpreter +# will be enabled during runtime. This option has no effect if Nagios +# has not been compiled with support for embedded Perl. +# Values: 0 = disable interpreter, 1 = enable interpreter + +enable_embedded_perl=1 + + + +# EMBEDDED PERL USAGE OPTION +# This option determines whether or not Nagios will process Perl plugins +# and scripts with the embedded Perl interpreter if the plugins/scripts +# do not explicitly indicate whether or not it is okay to do so. Read +# the HTML documentation on the embedded Perl interpreter for more +# information on how this option works. + +use_embedded_perl_implicitly=1 + + + +# ILLEGAL OBJECT NAME CHARACTERS +# This option allows you to specify illegal characters that cannot +# be used in host names, service descriptions, or names of other +# object types. + +illegal_object_name_chars=`~!$%^&*|'"<>?,()= + + + +# ILLEGAL MACRO OUTPUT CHARACTERS +# This option allows you to specify illegal characters that are +# stripped from macros before being used in notifications, event +# handlers, etc. This DOES NOT affect macros used in service or +# host check commands. +# The following macros are stripped of the characters you specify: +# $HOSTOUTPUT$ +# $HOSTPERFDATA$ +# $HOSTACKAUTHOR$ +# $HOSTACKCOMMENT$ +# $SERVICEOUTPUT$ +# $SERVICEPERFDATA$ +# $SERVICEACKAUTHOR$ +# $SERVICEACKCOMMENT$ + +illegal_macro_output_chars=`~$&|'"<> + + + +# REGULAR EXPRESSION MATCHING +# This option controls whether or not regular expression matching +# takes place in the object config files. Regular expression +# matching is used to match host, hostgroup, service, and service +# group names/descriptions in some fields of various object types. +# Values: 1 = enable regexp matching, 0 = disable regexp matching + +use_regexp_matching=0 + + + +# "TRUE" REGULAR EXPRESSION MATCHING +# This option controls whether or not "true" regular expression +# matching takes place in the object config files. This option +# only has an effect if regular expression matching is enabled +# (see above). If this option is DISABLED, regular expression +# matching only occurs if a string contains wildcard characters +# (* and ?). If the option is ENABLED, regexp matching occurs +# all the time (which can be annoying). +# Values: 1 = enable true matching, 0 = disable true matching + +use_true_regexp_matching=0 + + + +# ADMINISTRATOR EMAIL/PAGER ADDRESSES +# The email and pager address of a global administrator (likely you). +# Nagios never uses these values itself, but you can access them by +# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification +# commands. + +admin_email=root@localhost +admin_pager=pageroot@localhost + + + +# DAEMON CORE DUMP OPTION +# This option determines whether or not Nagios is allowed to create +# a core dump when it runs as a daemon. Note that it is generally +# considered bad form to allow this, but it may be useful for +# debugging purposes. Enabling this option doesn't guarantee that +# a core file will be produced, but that's just life... +# Values: 1 - Allow core dumps +# 0 - Do not allow core dumps (default) + +daemon_dumps_core=0 + + + +# LARGE INSTALLATION TWEAKS OPTION +# This option determines whether or not Nagios will take some shortcuts +# which can save on memory and CPU usage in large Nagios installations. +# Read the documentation for more information on the benefits/tradeoffs +# of enabling this option. +# Values: 1 - Enabled tweaks +# 0 - Disable tweaks (default) + +use_large_installation_tweaks=0 + + + +# ENABLE ENVIRONMENT MACROS +# This option determines whether or not Nagios will make all standard +# macros available as environment variables when host/service checks +# and system commands (event handlers, notifications, etc.) are +# executed. Enabling this option can cause performance issues in +# large installations, as it will consume a bit more memory and (more +# importantly) consume more CPU. +# Values: 1 - Enable environment variable macros (default) +# 0 - Disable environment variable macros + +enable_environment_macros=1 + + + +# CHILD PROCESS MEMORY OPTION +# This option determines whether or not Nagios will free memory in +# child processes (processed used to execute system commands and host/ +# service checks). If you specify a value here, it will override +# program defaults. +# Value: 1 - Free memory in child processes +# 0 - Do not free memory in child processes + +#free_child_process_memory=1 + + + +# CHILD PROCESS FORKING BEHAVIOR +# This option determines how Nagios will fork child processes +# (used to execute system commands and host/service checks). Normally +# child processes are fork()ed twice, which provides a very high level +# of isolation from problems. Fork()ing once is probably enough and will +# save a great deal on CPU usage (in large installs), so you might +# want to consider using this. If you specify a value here, it will +# program defaults. +# Value: 1 - Child processes fork() twice +# 0 - Child processes fork() just once + +#child_processes_fork_twice=1 + + + +# DEBUG LEVEL +# This option determines how much (if any) debugging information will +# be written to the debug file. OR values together to log multiple +# types of information. +# Values: +# -1 = Everything +# 0 = Nothing +# 1 = Functions +# 2 = Configuration +# 4 = Process information +# 8 = Scheduled events +# 16 = Host/service checks +# 32 = Notifications +# 64 = Event broker +# 128 = External commands +# 256 = Commands +# 512 = Scheduled downtime +# 1024 = Comments +# 2048 = Macros + +debug_level=0 + + + +# DEBUG VERBOSITY +# This option determines how verbose the debug log out will be. +# Values: 0 = Brief output +# 1 = More detailed +# 2 = Very detailed + +debug_verbosity=1 + + + +# DEBUG FILE +# This option determines where Nagios should write debugging information. + +debug_file=/var/log/nagios3/nagios.debug + + + +# MAX DEBUG FILE SIZE +# This option determines the maximum size (in bytes) of the debug file. If +# the file grows larger than this size, it will be renamed with a .old +# extension. If a file already exists with a .old extension it will +# automatically be deleted. This helps ensure your disk space usage doesn't +# get out of control when debugging Nagios. + +max_debug_file_size=1000000 + diff --git a/modules/nagios/files/etc/nagios3/resource.cfg b/modules/nagios/files/etc/nagios3/resource.cfg new file mode 100644 index 0000000..3ed732b --- /dev/null +++ b/modules/nagios/files/etc/nagios3/resource.cfg @@ -0,0 +1,31 @@ +########################################################################### +# +# RESOURCE.CFG - Resource File for Nagios +# +# You can define $USERx$ macros in this file, which can in turn be used +# in command definitions in your host config file(s). $USERx$ macros are +# useful for storing sensitive information such as usernames, passwords, +# etc. They are also handy for specifying the path to plugins and +# event handlers - if you decide to move the plugins or event handlers to +# a different directory in the future, you can just update one or two +# $USERx$ macros, instead of modifying a lot of command definitions. +# +# The CGIs will not attempt to read the contents of resource files, so +# you can set restrictive permissions (600 or 660) on them. +# +# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$) +# +# Resource files may also be used to store configuration directives for +# external data sources like MySQL... +# +########################################################################### + +# Sets $USER1$ to be the path to the plugins +$USER1$=/usr/lib/nagios/plugins + +# Sets $USER2$ to be the path to event handlers +#$USER2$=/usr/lib/nagios/plugins/eventhandlers + +# Store some usernames and passwords (hidden from the CGIs) +#$USER3$=someuser +#$USER4$=somepassword diff --git a/modules/nagios/files/etc/nagios3/templates.cfg b/modules/nagios/files/etc/nagios3/templates.cfg new file mode 100644 index 0000000..93e1ab9 --- /dev/null +++ b/modules/nagios/files/etc/nagios3/templates.cfg @@ -0,0 +1,46 @@ +# Generic host definition template - This is NOT a real host, just a template! + +define host{ + name generic-host ; The name of this host template + notifications_enabled 1 ; Host notifications are enabled + event_handler_enabled 1 ; Host event handler is enabled + flap_detection_enabled 1 ; Flap detection is enabled + failure_prediction_enabled 1 ; Failure prediction is enabled + process_perf_data 1 ; Process performance data + retain_status_information 1 ; Retain status information across program restarts + retain_nonstatus_information 1 ; Retain non-status information across program restarts + check_command check-host-alive + max_check_attempts 10 + notification_interval 0 + notification_period 24x7 + notification_options d,u,r + contact_groups admins + register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! + } + +# generic service template definition +define service{ + name generic-service ; The 'name' of this service template + active_checks_enabled 1 ; Active service checks are enabled + passive_checks_enabled 1 ; Passive service checks are enabled/accepted + parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems) + obsess_over_service 1 ; We should obsess over this service (if necessary) + check_freshness 0 ; Default is to NOT check service 'freshness' + notifications_enabled 1 ; Service notifications are enabled + event_handler_enabled 1 ; Service event handler is enabled + flap_detection_enabled 1 ; Flap detection is enabled + failure_prediction_enabled 1 ; Failure prediction is enabled + process_perf_data 1 ; Process performance data + retain_status_information 1 ; Retain status information across program restarts + retain_nonstatus_information 1 ; Retain non-status information across program restarts + notification_interval 0 ; Only send notifications on status change by default. + is_volatile 0 + check_period 24x7 + normal_check_interval 5 + retry_check_interval 1 + max_check_attempts 4 + notification_period 24x7 + notification_options w,u,c,r + contact_groups admins + register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! + } \ No newline at end of file diff --git a/modules/nagios/manifests/init.pp b/modules/nagios/manifests/init.pp new file mode 100644 index 0000000..c60f921 --- /dev/null +++ b/modules/nagios/manifests/init.pp @@ -0,0 +1,6 @@ +import "server.pp" +import "nginx/template/nagios.pp" + +class nagios { + +} \ No newline at end of file diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp new file mode 100644 index 0000000..5ac361d --- /dev/null +++ b/modules/nagios/manifests/server.pp @@ -0,0 +1,155 @@ +class nagios::server { + include nagios::server::purge + + package { + [ + nagios3, + nagios-plugins, + nagios-plugins-extra, + fcgiwrap + ]: + ensure => installed; + } + + service { + "nagios3": + ensure => running, + enable => true, + require => Package[nagios3]; + } + + user { + "nagios": + ensure => present, + groups => ["www-data"], + require => Package[nagios3]; + } + + # Collect resources and populate /etc + Nagios_host <<||>> { + target => "/etc/nagios3/conf.puppet.d/host.cfg", + require => File["/etc/nagios3/conf.puppet.d/host.cfg"], + notify => Service["nagios3"] + } + + Nagios_service <<||>> { + target => "/etc/nagios3/conf.puppet.d/service.cfg", + require => File["/etc/nagios3/conf.puppet.d/service.cfg"], + notify => Service["nagios3"] + } + + # Setup a nagios site + nginx::template::nagios { + "nagios.kohanaframework.org": + ensure => present; + } + + nagios_timeperiod { + "default-prevents-errors": + ensure => present, + alias => "Default timeperiod to allow nagios to boot", + sunday => "00:00-24:00", + monday => "00:00-24:00", + tuesday => "00:00-24:00", + wednesday => "00:00-24:00", + thursday => "00:00-24:00", + friday => "00:00-24:00", + saturday => "00:00-24:00", + target => "/etc/nagios3/conf.puppet.d/timeperiod.cfg", + require => File["/etc/nagios3/conf.puppet.d/timeperiod.cfg"], + notify => Service["nagios3"]; + } + + # Copy some static config files over.. + file { + "/var/lib/nagios3": + ensure => directory, + mode => 755, + owner => nagios, + group => nagios, + require => Package[nagios3]; + "/var/lib/nagios3/rw": + ensure => directory, + mode => 775, + owner => nagios, + group => www-data, + require => Package[nagios3]; + "/var/lib/nagios3/rw/nagios.cmd": + ensure => present, + mode => 770, + owner => nagios, + group => www-data, + require => Package[nagios3]; + "/etc/nagios3/cgi.cfg": + ensure => present, + source => "puppet:///nagios/etc/nagios3/cgi.cfg", + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/commands.cfg": + ensure => present, + source => "puppet:///nagios/etc/nagios3/commands.cfg", + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/nagios.cfg": + ensure => present, + source => "puppet:///nagios/etc/nagios3/nagios.cfg", + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/resource.cfg": + ensure => present, + source => "puppet:///nagios/etc/nagios3/resource.cfg", + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/templates.cfg": + ensure => present, + source => "puppet:///nagios/etc/nagios3/templates.cfg", + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d": + ensure => directory, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d/host.cfg": + ensure => present, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d/service.cfg": + ensure => present, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d/timeperiod.cfg": + ensure => present, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d/contactgroup.cfg": + ensure => present, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + "/etc/nagios3/conf.puppet.d/contact.cfg": + ensure => present, + mode => 644, + owner => root, + group => root, + require => Package[nagios3]; + } +} \ No newline at end of file diff --git a/modules/nagios/manifests/server/purge.pp b/modules/nagios/manifests/server/purge.pp new file mode 100644 index 0000000..3b3c796 --- /dev/null +++ b/modules/nagios/manifests/server/purge.pp @@ -0,0 +1,14 @@ +class nagios::server::purge { + # From .. http://www.mnxsolutions.com/linux/automatically-purge-old-configuration-from-nagios-deployed-by-puppet.html + # But it doesnt seem to work -_- + + resources { "nagios_service": + purge => true + } + resources { "nagios_host": + purge => true + } + resources { "nagios_hostgroup": + purge => true + } +} \ No newline at end of file diff --git a/modules/nginx/manifests/init.pp b/modules/nginx/manifests/init.pp new file mode 100644 index 0000000..1b06b14 --- /dev/null +++ b/modules/nginx/manifests/init.pp @@ -0,0 +1,41 @@ +import "site.pp" +import "ssl.pp" + +class nginx { + + package { + "nginx": + name => "nginx-full", + ensure => installed + } + + service { + "nginx": + ensure => running, + enable => true, + require => File["/etc/nginx/nginx.conf"], + } + + file { + "/etc/nginx/nginx.conf": + ensure => present, + owner => root, + group => root, + mode => 644, + content => template("nginx/nginx.conf.erb"), + require => Package["nginx"]; + "/etc/nginx/sites-puppet": + ensure => directory, + mode => 644, + owner => root, + group => root; + } + + exec { + "reload-nginx": + command => "/etc/init.d/nginx reload", + refreshonly => true; + } +} + + diff --git a/modules/nginx/manifests/site.pp b/modules/nginx/manifests/site.pp new file mode 100644 index 0000000..7437c16 --- /dev/null +++ b/modules/nginx/manifests/site.pp @@ -0,0 +1,22 @@ +define nginx::site($content, $ensure = 'present', $order = '100') { + file { + "/etc/nginx/sites-puppet/${order}-${name}.conf": + ensure => $ensure, + content => $content, + mode => 644, + owner => root, + group => root, + notify => Exec["reload-nginx"], + before => Service["nginx"]; + } + + # Export default nagios services + @@nagios_service { + "check_http_${name}": + check_command => "check_http2!${name}!1!5", + use => "generic-service", + host_name => "$fqdn", + notification_period => "24x7", + service_description => "check_http_${name}"; + } +} diff --git a/modules/nginx/manifests/ssl.pp b/modules/nginx/manifests/ssl.pp new file mode 100644 index 0000000..0c11cc0 --- /dev/null +++ b/modules/nginx/manifests/ssl.pp @@ -0,0 +1,16 @@ +define nginx::ssl() { + if !defined(File["/etc/nginx/ssl"]) { + file { + "/etc/nginx/ssl": + ensure => directory; + } + } + + if !defined(File["/etc/nginx/ssl/${name}.pem"]) { + exec { + "nginx-ssl-generate-${name}": + command => "openssl req -new -inform PEM -x509 -nodes -days 999 -subj '/C=NA/ST=AutoSign/O=AutoSign/localityName=AutoSign/commonName=${name}/organizationalUnitName=AutoSign/emailAddress=AutoSign/' -newkey rsa:2048 -out /etc/nginx/ssl/${name}.pem -keyout /etc/nginx/ssl/${name}.key", + unless => "test -f /etc/nginx/ssl/${name}.pem"; + } + } +} \ No newline at end of file diff --git a/modules/nginx/manifests/template.pp b/modules/nginx/manifests/template.pp new file mode 100644 index 0000000..d9cc5c1 --- /dev/null +++ b/modules/nginx/manifests/template.pp @@ -0,0 +1 @@ +import "template/*.pp" \ No newline at end of file diff --git a/modules/nginx/manifests/template/kohana.pp b/modules/nginx/manifests/template/kohana.pp new file mode 100644 index 0000000..688a01d --- /dev/null +++ b/modules/nginx/manifests/template/kohana.pp @@ -0,0 +1,53 @@ +define nginx::template::kohana($fpm_port, $ensure = 'present', $listen = 80, $order = '100', $kohana_env = 'production') { + include nginx + include php::fpm + + # Create the site user.. + nginx::user { + "www-${name}": + ensure => present, + groups => "www-data"; + } + + # Create document root + file { + "/home/www-${name}/current": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/logs": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + } + + # Setup the PHP FPM pool + php::fpm::pool { + $name: + ensure => present, + listen => "127.0.0.1:${fpm_port}", + user => "www-${name}", + group => "www-${name}", + require => [ + User["www-${name}"], + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"], + ]; + } + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/kohana.conf.erb"), + order => $order, + require => [ + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"] + ]; + } +} diff --git a/modules/nginx/manifests/template/nagios.pp b/modules/nginx/manifests/template/nagios.pp new file mode 100644 index 0000000..f187138 --- /dev/null +++ b/modules/nginx/manifests/template/nagios.pp @@ -0,0 +1,11 @@ +define nginx::template::nagios($ensure = 'present', $listen = 80, $order = '100') { + include nginx + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/nagios.conf.erb"), + order => $order; + } +} diff --git a/modules/nginx/manifests/template/proxy.pp b/modules/nginx/manifests/template/proxy.pp new file mode 100644 index 0000000..a1b7da0 --- /dev/null +++ b/modules/nginx/manifests/template/proxy.pp @@ -0,0 +1,38 @@ +define nginx::template::proxy($upstreams, $ensure = 'present', $servers = 1, $listen = 80, $order = '100', $rails_env = 'production') { + include nginx + + # Create the site user.. + nginx::user { + "www-${name}": + ensure => present, + groups => "www-data"; + } + + # Create logs folder + file { + "/home/www-${name}/current": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/logs": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + } + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/proxy.conf.erb"), + order => $order, + require => [ + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"] + ]; + } +} diff --git a/modules/nginx/manifests/template/rails.pp b/modules/nginx/manifests/template/rails.pp new file mode 100644 index 0000000..0ee70f6 --- /dev/null +++ b/modules/nginx/manifests/template/rails.pp @@ -0,0 +1,72 @@ +define nginx::template::rails($thin_port, $ensure = 'present', $servers = 1, $listen = 80, $order = '100', $rails_env = 'production') { + include nginx + include ruby::thin + + # Create the site user.. + nginx::user { + "www-${name}": + ensure => present, + groups => "www-data"; + } + + # Create document root and logs folders + file { + "/home/www-${name}/current": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/logs": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/tmp": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/tmp/pids": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => [ + User["www-${name}"], + File["/home/www-${name}/tmp"], + ]; + } + + # Setup the thin server + ruby::thin::server { + $name: + ensure => present, + port => $thin_port, + servers => $servers, + chdir => "/home/www-${name}/current", + user => "www-${name}", + group => "www-${name}", + require => [ + User["www-${name}"], + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"], + File["/home/www-${name}/tmp"], + File["/home/www-${name}/tmp/pids"], + ]; + } + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/rails.conf.erb"), + order => $order, + require => [ + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"] + ]; + } +} diff --git a/modules/nginx/manifests/template/redirect.pp b/modules/nginx/manifests/template/redirect.pp new file mode 100644 index 0000000..db2df3c --- /dev/null +++ b/modules/nginx/manifests/template/redirect.pp @@ -0,0 +1,38 @@ +define nginx::template::redirect($redirect_url, $redirect_type = 'permanent', $ensure = 'present', $servers = 1, $listen = 80, $order = '100', $rails_env = 'production') { + include nginx + + # Create the site user.. + nginx::user { + "www-${name}": + ensure => present, + groups => "www-data"; + } + + # Create docroot+logs folder + file { + "/home/www-${name}/current": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/logs": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + } + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/redirect.conf.erb"), + order => $order, + require => [ + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"] + ]; + } +} diff --git a/modules/nginx/manifests/template/vanilla.pp b/modules/nginx/manifests/template/vanilla.pp new file mode 100644 index 0000000..5526f6e --- /dev/null +++ b/modules/nginx/manifests/template/vanilla.pp @@ -0,0 +1,53 @@ +define nginx::template::vanilla($fpm_port, $ensure = 'present', $listen = 80, $order = '100') { + include nginx + include php::fpm + + # Create the site user.. + nginx::user { + "www-${name}": + ensure => present, + groups => "www-data"; + } + + # Create document root + file { + "/home/www-${name}/current": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + "/home/www-${name}/logs": + ensure => directory, + mode => 2770, + owner => "www-${name}", + group => "www-${name}", + require => User["www-${name}"]; + } + + # Setup the PHP FPM pool + php::fpm::pool { + $name: + ensure => present, + listen => "127.0.0.1:${fpm_port}", + user => "www-${name}", + group => "www-${name}", + require => [ + User["www-${name}"], + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"], + ]; + } + + # Setup the nGinx virtual host + nginx::site { + $name: + ensure => $ensure, + content => template("nginx/template/vanilla.conf.erb"), + order => $order, + require => [ + File["/home/www-${name}/current"], + File["/home/www-${name}/logs"] + ]; + } +} diff --git a/modules/nginx/manifests/user.pp b/modules/nginx/manifests/user.pp new file mode 100644 index 0000000..20643e8 --- /dev/null +++ b/modules/nginx/manifests/user.pp @@ -0,0 +1,39 @@ +define nginx::user($ensure = 'present', $groups = []) { + user { + $name: + ensure => $ensure, + home => "/home/$name", + shell => "/bin/bash", + groups => $groups, + notify => Exec["www-data-group-${name}"]; + } + + group { + $name: + ensure => $ensure, + require => User[$name]; + } + + exec { + "www-data-group-${name}": + command => "usermod -a -G ${name} www-data", + onlyif => "test `groups www-data | grep ${name} | wc -l` -eq 0"; + } + + $home_ensure = $ensure ? { + 'present' => directory, + default => $ensure + } + + file { + "/home/${name}": + ensure => $home_ensure, + owner => $name, + group => $name, + mode => 2770, + require => [ + User[$name], + Group[$name] + ]; + } +} \ No newline at end of file diff --git a/modules/nginx/templates/nginx.conf.erb b/modules/nginx/templates/nginx.conf.erb new file mode 100644 index 0000000..20ed974 --- /dev/null +++ b/modules/nginx/templates/nginx.conf.erb @@ -0,0 +1,57 @@ +user www-data; +worker_processes 4; +pid /var/run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + include /etc/nginx/sites-puppet/*; +} \ No newline at end of file diff --git a/modules/nginx/templates/template/kohana.conf.erb b/modules/nginx/templates/template/kohana.conf.erb new file mode 100644 index 0000000..ddb33ff --- /dev/null +++ b/modules/nginx/templates/template/kohana.conf.erb @@ -0,0 +1,38 @@ +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + root /home/www-<%=name %>/current; + + index index.php; + + error_log /home/www-<%=name %>/logs/nginx.error.log; + access_log /home/www-<%=name %>/logs/nginx.access.log; + + location / { + try_files $uri $uri/ @kohana; + } + + # Prevent access to hidden files + location ~ /\. { + deny all; + } + + # Prevent access to kohana files + location ~ /(application|modules|system) { + deny all; + } + + location @kohana { + rewrite ^ /index.php/$uri last; + } + + location ~* \.php { + fastcgi_pass 127.0.0.1:<%=fpm_port %>; + fastcgi_index index.php; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param KOHANA_ENV <%=kohana_env %>; + } +} \ No newline at end of file diff --git a/modules/nginx/templates/template/nagios.conf.erb b/modules/nginx/templates/template/nagios.conf.erb new file mode 100644 index 0000000..a62b4f2 --- /dev/null +++ b/modules/nginx/templates/template/nagios.conf.erb @@ -0,0 +1,49 @@ +# What a mess. Someone please suggest a cleaner way! +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + + root /usr/share/nagios3/htdocs; + + index index.php; + + location /stylesheets { + root /etc/nagios3; + + try_files $uri $uri/index.html =404; + } + + location / { + rewrite ^/nagios3/images/(.*) /images/$1 break; + + try_files $uri $uri/ =404; + } + + # Prevent access to hidden files + location ~ /\. { + deny all; + } + + location ~* \.php { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/nagios3/htdocs$fastcgi_script_name; + } + + location ~ \.cgi$ { + root /usr/lib/cgi-bin/nagios3; + + rewrite ^/nagios3/cgi-bin/(.*)\.cgi /$1.cgi break; + rewrite ^/cgi-bin/nagios3/(.*)\.cgi /$1.cgi break; + + include /etc/nginx/fastcgi_params; + + fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nagios3$fastcgi_script_name; + fastcgi_param AUTH_USER "nagiosadmin"; + fastcgi_param REMOTE_USER "nagiosadmin"; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} \ No newline at end of file diff --git a/modules/nginx/templates/template/proxy.conf.erb b/modules/nginx/templates/template/proxy.conf.erb new file mode 100644 index 0000000..8115eba --- /dev/null +++ b/modules/nginx/templates/template/proxy.conf.erb @@ -0,0 +1,35 @@ +upstream upstream-<%=name %> { + <% @upstreams.each do |upstream| %> + server <%=upstream %>; + <% end -%> +} + +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + root /home/www-<%=name %>/current/; + + index index.php; + + error_log /home/www-<%=name %>/logs/nginx.error.log; + access_log /home/www-<%=name %>/logs/nginx.access.log; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_redirect off; + try_files $uri $uri/ @proxy; + } + + # Prevent access to hidden files + location ~ /\. { + deny all; + } + + location @proxy { + proxy_pass http://upstream-<%=name %>; + } + +} \ No newline at end of file diff --git a/modules/nginx/templates/template/rails.conf.erb b/modules/nginx/templates/template/rails.conf.erb new file mode 100644 index 0000000..36185e8 --- /dev/null +++ b/modules/nginx/templates/template/rails.conf.erb @@ -0,0 +1,33 @@ +upstream upstream-<%=name %> { + server 127.0.0.1:3000; +} + +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + root /home/www-<%=name %>/current/public/; + + index index.php; + + error_log /home/www-<%=name %>/logs/nginx.error.log; + access_log /home/www-<%=name %>/logs/nginx.access.log; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_redirect off; + try_files /system/maintenance.html $uri $uri/ @rails; + } + + # Prevent access to hidden files + location ~ /\. { + deny all; + } + + location @rails { + proxy_pass http://upstream-<%=name %>; + } + +} \ No newline at end of file diff --git a/modules/nginx/templates/template/redirect.conf.erb b/modules/nginx/templates/template/redirect.conf.erb new file mode 100644 index 0000000..8a4c081 --- /dev/null +++ b/modules/nginx/templates/template/redirect.conf.erb @@ -0,0 +1,13 @@ +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + root /home/www-<%=name %>/current/; + + index index.php; + + error_log /home/www-<%=name %>/logs/nginx.error.log; + access_log /home/www-<%=name %>/logs/nginx.access.log; + + rewrite ^(.*) <%=redirect_url %>$1 <%=redirect_type %>; +} \ No newline at end of file diff --git a/modules/nginx/templates/template/vanilla.conf.erb b/modules/nginx/templates/template/vanilla.conf.erb new file mode 100644 index 0000000..12152fd --- /dev/null +++ b/modules/nginx/templates/template/vanilla.conf.erb @@ -0,0 +1,32 @@ +server { + listen [::]:<%=listen %>; + + server_name <%=name %>; + root /home/www-<%=name %>/current; + + index index.php; + + error_log /home/www-<%=name %>/logs/nginx.error.log; + access_log /home/www-<%=name %>/logs/nginx.access.log; + + location / { + try_files $uri $uri/ @vanilla; + } + + # Prevent access to hidden files + location ~ /\. { + deny all; + } + + location @vanilla { + rewrite ^ /index.php/$uri last; + } + + location ~* \.php { + fastcgi_pass 127.0.0.1:<%=fpm_port %>; + fastcgi_index index.php; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} \ No newline at end of file diff --git a/modules/php/manifests/fpm.pp b/modules/php/manifests/fpm.pp new file mode 100644 index 0000000..ed88a55 --- /dev/null +++ b/modules/php/manifests/fpm.pp @@ -0,0 +1,65 @@ +class php::fpm inherits php { + + package { + "php5-fpm": + ensure => installed + } + + service { + "php5-fpm": + ensure => running, + hasstatus => false, + status => 'true', + enable => true, + require => File["/etc/php5/fpm/main.conf"], + } + + file { + "/etc/php5/fpm/main.conf": + ensure => present, + owner => root, + group => root, + mode => 644, + content => template("php/main.conf.erb"), + require => Package["php5-fpm"]; + "/etc/php5/fpm/pool.d": + ensure => directory, + owner => root, + group => root, + mode => 644, + require => Package["php5-fpm"]; + } + + exec { + "reload-php5-fpm": + command => "/etc/init.d/php5-fpm reload", + refreshonly => true; + } + + # Remove the default www pool .. Kinda nasty :/ + file { + "/etc/php5/fpm/pool.d/www.conf": + ensure => absent, + notify => Exec["reload-php5-fpm"]; + } + + # Defines a new FPM pool + define pool($ensure = 'present', $user = 'www-data', $group = 'www-data', + $order='100', $listen = '127.0.0.1:9000', $listen_backlog = '-1', + $listen_owner = 'www-data', $listen_group = 'www-data', + $listen_mode = '0666', $listen_allowed_clients = false, + $pm = 'dynamic', $pm_max_children = 50, $pm_start_servers = false, + $pm_min_spare_servers = 5, $pm_max_spare_servers = 35, $pm_max_requests = 0) { + + file { + "/etc/php5/fpm/pool.d/${order}-${name}.conf": + ensure => $ensure, + content => template("php/pool.conf.erb"), + mode => 644, + owner => root, + group => root, + notify => Exec["reload-php5-fpm"], + before => Service["php5-fpm"]; + } + } +} \ No newline at end of file diff --git a/modules/php/manifests/init.pp b/modules/php/manifests/init.pp new file mode 100644 index 0000000..14ecdf8 --- /dev/null +++ b/modules/php/manifests/init.pp @@ -0,0 +1,10 @@ +class php { + + package { + "php5": + ensure => installed + } + +} + + diff --git a/modules/php/templates/main.conf.erb b/modules/php/templates/main.conf.erb new file mode 100644 index 0000000..8cfea34 --- /dev/null +++ b/modules/php/templates/main.conf.erb @@ -0,0 +1,72 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamicaly changed by using the +; '-p' argument from the command line. + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p arguement) +; - /usr otherwise +;include=/etc/php5/fpm/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = /var/run/php5-fpm.pid + +; Error log file +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = /var/log/php5-fpm.log + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; To configure the pools it is recommended to have one .conf file per +; pool in the following directory: +include=/etc/php5/fpm/pool.d/*.conf \ No newline at end of file diff --git a/modules/php/templates/pool.conf.erb b/modules/php/templates/pool.conf.erb new file mode 100644 index 0000000..991deec --- /dev/null +++ b/modules/php/templates/pool.conf.erb @@ -0,0 +1,171 @@ +[<%=name %>] +;prefix = /path/to/pools/$pool +listen = <%=listen %> +listen.backlog = <%=listen_backlog %> + +<% if listen_allowed_clients %> +listen.allowed_clients = <%=listen_allowed_clients %> +<% end -%> + +listen.owner = <%=listen_owner %> +listen.group = <%=listen_group %> +listen.mode = <%=listen_mode %> + +user = <%=user %> +group = <%=group %> + +pm = <%=pm %> + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = <%=pm_max_children %> + +<% if pm == "dynamic" %> +<% if pm_start_servers %> +pm.start_servers = <%=pm_start_servers %> +<% end -%> +pm.min_spare_servers = <%=pm_min_spare_servers %> +pm.max_spare_servers = <%=pm_max_spare_servers %> +<% end -%> +pm.max_requests = <%=pm_max_requests %> + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. By default, the status page shows the following +; information: +; accepted conn - the number of request accepted by the pool; +; pool - the name of the pool; +; process manager - static or dynamic; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes. +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic') +; The values of 'idle processes', 'active processes' and 'total processes' are +; updated each second. The value of 'accepted conn' is updated in real time. +; Example output: +; accepted conn: 12073 +; pool: www +; process manager: static +; idle processes: 35 +; active processes: 65 +; total processes: 100 +; max children reached: 1 +; By default the status page output is formatted as text/plain. Passing either +; 'html' or 'json' as a query string will return the corresponding output +; syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = / + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M \ No newline at end of file diff --git a/modules/ruby/manifests/init.pp b/modules/ruby/manifests/init.pp new file mode 100644 index 0000000..556a8fc --- /dev/null +++ b/modules/ruby/manifests/init.pp @@ -0,0 +1,14 @@ +class ruby { + + package { + [ + "ruby", + "ruby1.8", + "ruby1.9.1", + "rubygems", + "rubygems1.8", + ]: + ensure => installed + } + +} \ No newline at end of file diff --git a/modules/ruby/manifests/thin.pp b/modules/ruby/manifests/thin.pp new file mode 100644 index 0000000..12b9164 --- /dev/null +++ b/modules/ruby/manifests/thin.pp @@ -0,0 +1,49 @@ +class ruby::thin inherits ruby { + + package { + "thin": + ensure => installed, + provider => "gem"; + } + + file { + "/etc/thin": + ensure => directory, + mode => 644, + owner => root, + group => root; + } + + service { + "thin": + provider => base, + start => "/var/lib/gems/1.8/bin/thin --all /etc/thin restart", + restart => "/var/lib/gems/1.8/bin/thin --all /etc/thin restart", + stop => "/var/lib/gems/1.8/bin/thin --all /etc/thin stop"; + } + + # Defines a new thin server pool + define server($chdir, $ensure = 'present', $user = 'www-data', $group = 'www-data', + $port = 3000, $address = '127.0.0.1', $servers = 1) { + + file { + "/etc/thin/${name}.yml": + ensure => $ensure, + content => template("ruby/thin.yml.erb"), + mode => 644, + owner => root, + group => root, + notify => Service["thin-${name}"]; + } + + service { + "thin-${name}": + ensure => running, + provider => base, + start => "/var/lib/gems/1.8/bin/thin -C /etc/thin/${name}.yml restart", + restart => "/var/lib/gems/1.8/bin/thin -C /etc/thin/${name}.yml restart", + stop => "/var/lib/gems/1.8/bin/thin -C /etc/thin/${name}.yml stop", + status => "cd ${chdir}/../tmp/pids && thin_status(){ for filename in *.pid; do kill -0 `cat \$filename` || return 1; done; }; thin_status"; + } + } +} \ No newline at end of file diff --git a/modules/ruby/templates/thin.yml.erb b/modules/ruby/templates/thin.yml.erb new file mode 100644 index 0000000..36d519f --- /dev/null +++ b/modules/ruby/templates/thin.yml.erb @@ -0,0 +1,13 @@ +pid: ../tmp/pids/thin.pid +log: ../logs/thin.log +timeout: 30 +max_conns: 1024 +max_persistent_conns: 512 +daemonize: true +user: <%=user %> +group: <%=group %> +chdir: <%=chdir %> +port: <%=port %> +environment: <%=environment %> +servers: <%=servers %> +address: <%=address %> \ No newline at end of file diff --git a/nbproject/project.properties b/nbproject/project.properties new file mode 100644 index 0000000..56d1c24 --- /dev/null +++ b/nbproject/project.properties @@ -0,0 +1,7 @@ +javac.classpath= +main.file= +platform.active=Ruby +source.encoding=UTF-8 +src.files.dir=files +src.manifests.dir=manifests +src.modules.dir=modules diff --git a/nbproject/project.xml b/nbproject/project.xml new file mode 100644 index 0000000..4f6697b --- /dev/null +++ b/nbproject/project.xml @@ -0,0 +1,15 @@ + + + org.netbeans.modules.ruby.rubyproject + + + kohana-puppet + + + + + + + + + diff --git a/puppet.conf b/puppet.conf new file mode 100644 index 0000000..c086c0a --- /dev/null +++ b/puppet.conf @@ -0,0 +1,21 @@ +[main] +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl +rundir=/var/run/puppet +factpath=$vardir/lib/facter +templatedir=$confdir/templates +prerun_command=/etc/puppet/etckeeper-commit-pre +postrun_command=/etc/puppet/etckeeper-commit-post + +[master] +# These are needed when the puppetmaster is run by passenger +# and can safely be removed if webrick is used. +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY + +storeconfigs = true +dbadapter = sqlite3 + +[agent] +server = puppet.kohanaframework.org