Compile iPXE

wget https://raw.githubusercontent.com/panticz/preseed/master/ipxe/scripts/build_ipxe.sh -O - | bash -

#!/bin/bash

# install requirements
sudo apt-get install -y build-essential liblzma-dev

# get source
git clone git://git.ipxe.org/ipxe.git /tmp/ipxe
 
# create boot script
cat <<EOF> /tmp/ipxe/src/boot.ipxe
#!ipxe
 
dhcp && chain http://\${next-server}/\${mac} || chain http://preseed.panticz.de/\${mac}
EOF
 
# OPTIONAL: enable HTTPS support
sed -i -e '/DOWNLOAD_PROTO_HTTPS/ s/#undef/#define/' /tmp/ipxe/src/config/general.h
 
# OPTIONAL: change product name
sed -i 's|PRODUCT_NAME ""|PRODUCT_NAME "preseed.panticz.de"|g' /tmp/ipxe/src/config/general.h
 
cd /tmp/ipxe/src
 
# build CD image (/tmp/ipxe/src/bin/ipxe.iso)
make bin/ipxe.iso EMBED=boot.ipxe
 
# build USB image (/tmp/ipxe/src/bin/ipxe.usb)
make bin/ipxe.usb EMBED=boot.ipxe
 
# build PXE image (/tmp/ipxe/src/bin/ipxe.pxe)
make bin/ipxe.pxe EMBED=boot.ipxe
 
# build GRUB image (/tmp/ipxe/src/bin/ipxe.lkrn)
make bin/ipxe.lkrn EMBED=boot.ipxe
 
# build undionly image (/tmp/ipxe/src/bin/undionly.kpxe)
make bin/undionly.kpxe EMBED=boot.ipxe

# ToDo: https boot
http://ipxe.org/cfg/crosscert
http://ipxe.org/cfg/trust

Links
http://ipxe.org
http://ipxe.org/download
http://www.coreboot.org/IPXE

Resize filesystem on LVM

extend
lvresize -L +128G /dev/vg01/mx-home
#lvresize -l +100%FREE /dev/vg1/trusty-disk
e2fsck -f /dev/vg01/mx-home
resize2fs -p /dev/vg01/mx-home
e2fsck -f /dev/vg01/mx-home

reduce
e2fsck -f /dev/vg01/video-media
# start screen, resize2fs can take a long
resize2fs /dev/vg01/video-media 1T
lvreduce -L 1T /dev/vg01/video-media

Puppet: PHP5 module

create module structure
mkdir -p /etc/puppet/modules/php5/manifests
mkdir -p /etc/puppet/modules/php5/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/php5/init.pp -O /etc/puppet/modules/php5/manifests/init.pp

class php5 {
    case $::osfamily {
        default: {
            $pkg = 'php5'
        }
    }

    # install PHP and restarts apache to load the module
    #package { ['php54', 'php54-apc', 'php54-mod-php']:
    package { "$pkg":
        ensure  => installed,
        notify  => Service['apache2'],
        #require => [ Package['php5-mysql'], Package['apache'] ],
        require => Package["apache"],
    }

    exec { "/bin/date -I > /tmp/debug": }
#cat /etc/apache2/mods-enabled/php5.conf
#<FilesMatch ".+\.ph(p[345]?|t|tml)|.htm([l]*)$">
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include php5
...
}

Example: index.html

Links

Puppet: Apache module

create module structure
mkdir -p /etc/puppet/modules/apache/manifests
mkdir -p /etc/puppet/modules/apache/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/apache/init.pp -O /etc/puppet/modules/apache/manifests/init.pp

class apache {
    case $::osfamily {
        'redhat': {
            $apache_name = 'httpd'
        }
        'debian': {
            $apache_name = 'apache2'
        }
        default: {
            $apache_name = 'apache2'
        }
    }

    # install apache
    package { "$apache_name":
        ensure => installed,
        #name => 'apache2-mpm-prefork', # httpd if CentOS
        alias  => "apache",
    }

    # enable apache service
    service { 'apache2':
        ensure => running,
        enable => true,
        require => Package['apache']
    }

    file { "/var/www/index.html":
        mode => 644,
        owner => www-data,
        group => www-data,
        source  => "puppet:///modules/apache/index.html",
        require => Package["apache"],
    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include apache
...
}

Example: index.html
echo "Hello puppet" > /etc/puppet/modules/apache/files/index.html

Links
http://www.panticz.de/install_webserver
http://github.com/example42/puppet-apache

Puppet: Xen module

create module structure
mkdir -p /etc/puppet/modules/xen/manifests
mkdir -p /etc/puppet/modules/xen/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/xen/init.pp -O /etc/puppet/modules/xen/manifests/init.pp

class xen {
#    case $operatingsystem {
#        debian: {
            $packagelist = [ "xen-linux-system", "xen-tools", "debootstrap" ]
#        }
#        ubuntu: {
#            $packagelist = [ "xen-linux-system", "xen-tools", "debootstrap" ]
#        }
#    }

    package { $packagelist:
        ensure => installed,
    }

#    service { 'apache2':
#        ensure => running,
#        enable => true,
#        require => Package['nullmailer']
#    }

    exec { ['/bin/mv /etc/grub.d/10_linux /etc/grub.d/25_linux', '/bin/echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub']:
#        cwd => "/var/tmp",
#        creates => "/var/tmp/myfile",
#        path => ["/bin", "/usr/bin", "/usr/sbin"],

#        require => Package["xen-linux-system"],
        require => Package[$packagelist],
    }

#    file { "/etc/mailname":
#        mode => 644,
#        owner => root,
#        group => root,
#        source => "puppet:///modules/nullmailer/mailname",
#        require => Package["nullmailer"],
#    }

#    file { "/etc/nullmailer/remotes":
#        mode => 600,
#        owner => mail,
#        group => mail,
#        source => "puppet:///modules/nullmailer/remotes",
#        require => Package["nullmailer"],
#    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
include xen
...
}

Links
http://www.panticz.de/install-xen

Puppet: Nullmailer module

create module structure
mkdir -p /etc/puppet/modules/nullmailer/manifests
mkdir -p /etc/puppet/modules/nullmailer/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/nullmailer/init.pp -O /etc/puppet/modules/nullmailer/manifests/init.pp

class nullmailer {
    package { "nullmailer":
        ensure => installed,
    }

    service { 'nullmailer':
        ensure => running,
        enable => true,
        require => Package['nullmailer']
    }

    file { "/etc/mailname":
        mode => 644,
        owner => root,
        group => root,
        source => "puppet:///modules/nullmailer/mailname",
        require => Package["nullmailer"],
    }

    file { "/etc/nullmailer/remotes":
        mode => 600,
        owner => mail,
        group => mail,
        source => "puppet:///modules/nullmailer/remotes",
        require => Package["nullmailer"],
    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
...
}

Example: /etc/mailname
example.com

Example: /etc/nullmailer/remotes
smtp.example.com smtp --auth-login --user=YOUR_SMTP_ID --pass=YOUR_SMTP_PASS

Links
http://www.panticz.de/install-nullmailer

Icinga objects: commands.cfg

wget -q https://raw.githubusercontent.com/panticz/icinga/master/objects/commands.cfg -O /etc/icinga/objects/commands.cfg

define command {
  command_name ssh_check_disk
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -p $ARG1$"
}

define command {
  command_name ssh_check_mem
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mem -w $ARG1$ -c $ARG2$ -f -C"
}

define command {
  command_name ssh_check_load
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_load -w $ARG1$,$ARG2$,$ARG3$ -c $ARG4$,$ARG5$,$ARG6$"
}

define command {
  command_name ssh_check_procs
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_procs_zombie
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s Z"
}

define command {
  command_name ssh_check_users
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$"
}

define command {
  command_name snmp_check_printer
  command_line /usr/lib/nagios/plugins/check_printer $HOSTADDRESS$ public $ARG1$ $ARG2$
}

define command {
  command_name ssh_check_swap
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_apt
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_apt"
}

define command {
  command_name check_ping_8.8.8.8
  command_line /usr/lib/nagios/plugins/check_ping -H 8.8.8.8 -w 100.0,20% -c 500.0,60%
}

define command {
  command_name ssh_check_log
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_log -F $ARG1$ -O /dev/null -q '$ARG2$'"
}

define command {
  command_name ssh_check_raid
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_raid"
}

define command {
  command_name ssh_check_hddtemp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_hddtemp /dev/$ARG1$ $ARG2$ $ARG3$"
}

define command {
  command_name ssh_check_ide_smart
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_ide_smart -d /dev/$ARG1$ -n"
}

define command {
  command_name ssh_check_cert_expire
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_cert_expire $ARG1$"
}

define command {
  command_name ssh_check_temp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_temp $ARG1$ $ARG2$"
}

define command {
  command_name check_http_uri_regex
  command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -u '$ARG1$' -r '$ARG2$'
}

define command {
  command_name check_http_uri_time
  command_line /usr/lib/nagios/plugins/check_http -t 20 -H $HOSTADDRESS$ -u '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snmp
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_printer_total_page_count
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.43.10.2.1.4.1.1 -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snom_registration_status
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.3.$ARG1$ -s 1
}

define command {
  command_name check_snom_firmware_version
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.4 -r '$ARG1$'
}

define command {
  command_name check_snmp_printer
  command_line /usr/lib/nagios/plugins/check_snmp_printer -H $HOSTADDRESS$ -x "$ARG1$" -w $ARG2$ -c $ARG3$
}

define command {
  command_name check_smb_share
  command_line /usr/lib/nagios/plugins/check_smb_share -H $HOSTADDRESS$ -s "$ARG1$"
}

define command {
  command_name ssh_check_oracle_tns
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_oracle --tns $ARG1$ "
}

define command {
  command_name ssh_check_mailq
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mailq -w $ARG1$ -c $ARG2$ "
}

define command {
  command_name check_http_number
  command_line /usr/lib/nagios/plugins/check_http_number "$ARG1$" "$ARG2$" "$ARG3$"
}

define command {
  command_name ssh_check_sensors
  command_line /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_sensors -d /dev/$ARG1$ -n"
}

define command {
    command_name check_url
    command_line /usr/lib/nagios/plugins/check_http -H '$ARG1$' -p '$ARG2$' -u '$ARG3$' -s '$ARG4$' -f follow
}

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp

class icinga_ssh_client {
    package { "nagios-plugins-basic":
        ensure => installed,
    }

    # http://raw.github.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
    file { "/usr/lib/nagios/plugins/check_mem":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_mem",
    }

    # apt-get install -y nagios-plugins-contrib --no-install-recommends
    file { "/usr/lib/nagios/plugins/check_raid":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_raid",
    }

    # TODO: relative path to id_rsa.pub
    # extract data from public key file (e.g. /var/lib/nagios/.ssh/id_rsa.pub)
    $ssh = split(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub"), ' ')
    $ssh_type = values_at($ssh, 0)
    $ssh_key = values_at($ssh, 1)
    $ssh_id = values_at($ssh, 2)
    ssh_authorized_key { $ssh_id:
        ensure => present,
        user => root,
        type => $ssh_type,
        key => $ssh_key,
    }

    # alternatively, read key from file and remove line break
    # ssh_authorized_key { 'nagios@icinga':
    #    ensure => present,
    #    user => root,
    #    type => ssh-rsa,
    #    key => chomp(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub")),
    # }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

Puppet modules

Puppet module repository
http://forge.puppetlabs.com/

# search for module
puppet module search ntp

# install module
puppet module install ntp

Links
http://docs.puppetlabs.com/references/latest/type.html

Syndicate content