icinga

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

Install icinga srver

<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/install.icinga.sh";
echo "wget $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Admin login
http://YOUR_IP/icinga/
user: icingaadmin
pass: icingaadmin

Icinga Apache configuration
/etc/apache2/conf-available/icinga.conf

Icinga repository
http://packages.icinga.org/

Enable automatic updates
# http://www.panticz.de/debian-ubuntu-automatic-upgrades
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -

configure contact
sed -i 's|root@localhost|YOUR@EMAIL-ADDRESS.com|g' /etc/icinga/objects/contacts_icinga.cfg

change password
htpasswd -c /etc/icinga/htpasswd.users icingaadmin

plugins
http://www.panticz.de/Icinga-plugins

LDAP
a2enmod authnz_ldap

echo "pass1234" > /etc/apache2/ldap_password.inc
chmod 600 /etc/apache2/ldap_password.inc

sed -i 's|=icingaadmin|=*|g' /etc/icinga/cgi.cfg

/etc/icinga/apache2.conf
- AuthUserFile /etc/icinga/htpasswd.users
+ AuthBasicProvider ldap
+ AuthLDAPBindDN "ldap@example.com"
+ AuthLDAPBindPassword "exec:/bin/cat /etc/apache2/ldap_password.inc"
+ AuthLDAPURL "ldap://ldap.example.com:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
+ AuthLDAPRemoteUserIsDN off
+ Require ldap-group CN=IPG.DevOps,OU=_IntranetPermissionGroups,DC=example,DC=com

service apache2 restart

# config
https://wiki.icinga.org/display/Dev/Icinga+Core+Debug+Config

# cgi
http://docs.icinga.org/latest/de/cgiparams.html#cgiparams-ahas
http://icinga.example.com/cgi-bin/icinga/status.cgi?servicestatustypes=20&noheader=1

Links
http://www.debmon.org/ - Debian Monitoring Project
http://packages.debian.org/wheezy/icinga
http://packages.icinga.org/debian/ - Icinga repository
https://www.icinga.org/icinga2/ - Icinga 2 preview
http://www.sysadminslife.com/monitoring-2/icinga-1-9-installation-unter-debian-squeeze-wheezy-aktuellste-version/