linux

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

Puppet: PHP5 module

create module structure
mkdir -p /etc/puppet/modules/php5/manifests
mkdir -p /etc/puppet/modules/php5/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/php5/init.pp -O /etc/puppet/modules/php5/manifests/init.pp

class php5 {
    case $::osfamily {
        default: {
            $pkg = 'php5'
        }
    }

    # install PHP and restarts apache to load the module
    #package { ['php54', 'php54-apc', 'php54-mod-php']:
    package { "$pkg":
        ensure  => installed,
        notify  => Service['apache2'],
        #require => [ Package['php5-mysql'], Package['apache'] ],
        require => Package["apache"],
    }

    exec { "/bin/date -I > /tmp/debug": }
#cat /etc/apache2/mods-enabled/php5.conf
#<FilesMatch ".+\.ph(p[345]?|t|tml)|.htm([l]*)$">
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include php5
...
}

Example: index.html

Links

Puppet: Apache module

create module structure
mkdir -p /etc/puppet/modules/apache/manifests
mkdir -p /etc/puppet/modules/apache/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/apache/init.pp -O /etc/puppet/modules/apache/manifests/init.pp

class apache {
    case $::osfamily {
        'redhat': {
            $apache_name = 'httpd'
        }
        'debian': {
            $apache_name = 'apache2'
        }
        default: {
            $apache_name = 'apache2'
        }
    }

    # install apache
    package { "$apache_name":
        ensure => installed,
        #name => 'apache2-mpm-prefork', # httpd if CentOS
        alias  => "apache",
    }

    # enable apache service
    service { 'apache2':
        ensure => running,
        enable => true,
        require => Package['apache']
    }

    file { "/var/www/index.html":
        mode => 644,
        owner => www-data,
        group => www-data,
        source  => "puppet:///modules/apache/index.html",
        require => Package["apache"],
    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include apache
...
}

Example: index.html
echo "Hello puppet" > /etc/puppet/modules/apache/files/index.html

Links
http://www.panticz.de/install_webserver
http://github.com/example42/puppet-apache

Puppet: Xen module

create module structure
mkdir -p /etc/puppet/modules/xen/manifests
mkdir -p /etc/puppet/modules/xen/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/xen/init.pp -O /etc/puppet/modules/xen/manifests/init.pp

class xen {
#    case $operatingsystem {
#        debian: {
            $packagelist = [ "xen-linux-system", "xen-tools", "debootstrap" ]
#        }
#        ubuntu: {
#            $packagelist = [ "xen-linux-system", "xen-tools", "debootstrap" ]
#        }
#    }

    package { $packagelist:
        ensure => installed,
    }

#    service { 'apache2':
#        ensure => running,
#        enable => true,
#        require => Package['nullmailer']
#    }

    exec { ['/bin/mv /etc/grub.d/10_linux /etc/grub.d/25_linux', '/bin/echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub']:
#        cwd => "/var/tmp",
#        creates => "/var/tmp/myfile",
#        path => ["/bin", "/usr/bin", "/usr/sbin"],

#        require => Package["xen-linux-system"],
        require => Package[$packagelist],
    }

#    file { "/etc/mailname":
#        mode => 644,
#        owner => root,
#        group => root,
#        source => "puppet:///modules/nullmailer/mailname",
#        require => Package["nullmailer"],
#    }

#    file { "/etc/nullmailer/remotes":
#        mode => 600,
#        owner => mail,
#        group => mail,
#        source => "puppet:///modules/nullmailer/remotes",
#        require => Package["nullmailer"],
#    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
include xen
...
}

Links
http://www.panticz.de/install-xen

Puppet: Nullmailer module

create module structure
mkdir -p /etc/puppet/modules/nullmailer/manifests
mkdir -p /etc/puppet/modules/nullmailer/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/nullmailer/init.pp -O /etc/puppet/modules/nullmailer/manifests/init.pp

class nullmailer {
    package { "nullmailer":
        ensure => installed,
    }

    service { 'nullmailer':
        ensure => running,
        enable => true,
        require => Package['nullmailer']
    }

    file { "/etc/mailname":
        mode => 644,
        owner => root,
        group => root,
        source => "puppet:///modules/nullmailer/mailname",
        require => Package["nullmailer"],
    }

    file { "/etc/nullmailer/remotes":
        mode => 600,
        owner => mail,
        group => mail,
        source => "puppet:///modules/nullmailer/remotes",
        require => Package["nullmailer"],
    }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
...
}

Example: /etc/mailname
example.com

Example: /etc/nullmailer/remotes
smtp.example.com smtp --auth-login --user=YOUR_SMTP_ID --pass=YOUR_SMTP_PASS

Links
http://www.panticz.de/install-nullmailer

Icinga objects: commands.cfg

wget -q https://raw.githubusercontent.com/panticz/icinga/master/objects/commands.cfg -O /etc/icinga/objects/commands.cfg

define command {
  command_name ssh_check_disk
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_disk -w $ARG2$ -c $ARG3$ -p $ARG1$"
}

define command {
  command_name ssh_check_mem
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mem -w $ARG1$ -c $ARG2$ -f -C"
}

define command {
  command_name ssh_check_load
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_load -w $ARG1$,$ARG2$,$ARG3$ -c $ARG4$,$ARG5$,$ARG6$"
}

define command {
  command_name ssh_check_procs
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_procs_zombie
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s Z"
}

define command {
  command_name ssh_check_users
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$"
}

define command {
  command_name snmp_check_printer
  command_line /usr/lib/nagios/plugins/check_printer $HOSTADDRESS$ public $ARG1$ $ARG2$
}

define command {
  command_name ssh_check_swap
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$"
}

define command {
  command_name ssh_check_apt
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_apt"
}

define command {
  command_name check_ping_8.8.8.8
  command_line /usr/lib/nagios/plugins/check_ping -H 8.8.8.8 -w 100.0,20% -c 500.0,60%
}

define command {
  command_name ssh_check_log
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_log -F $ARG1$ -O /dev/null -q '$ARG2$'"
}

define command {
  command_name ssh_check_raid
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_raid"
}

define command {
  command_name ssh_check_hddtemp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_hddtemp /dev/$ARG1$ $ARG2$ $ARG3$"
}

define command {
  command_name ssh_check_ide_smart
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_ide_smart -d /dev/$ARG1$ -n"
}

define command {
  command_name ssh_check_cert_expire
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_cert_expire $ARG1$"
}

define command {
  command_name ssh_check_temp
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_temp $ARG1$ $ARG2$"
}

define command {
  command_name check_http_uri_regex
  command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -u '$ARG1$' -r '$ARG2$'
}

define command {
  command_name check_http_uri_time
  command_line /usr/lib/nagios/plugins/check_http -t 20 -H $HOSTADDRESS$ -u '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snmp
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o '$ARG1$' -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_printer_total_page_count
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.43.10.2.1.4.1.1 -w '$ARG2$' -c '$ARG3$'
}

define command {
  command_name check_snom_registration_status
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.3.$ARG1$ -s 1
}

define command {
  command_name check_snom_firmware_version
  command_line /usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.7526.2.4 -r '$ARG1$'
}

define command {
  command_name check_snmp_printer
  command_line /usr/lib/nagios/plugins/check_snmp_printer -H $HOSTADDRESS$ -x "$ARG1$" -w $ARG2$ -c $ARG3$
}

define command {
  command_name check_smb_share
  command_line /usr/lib/nagios/plugins/check_smb_share -H $HOSTADDRESS$ -s "$ARG1$"
}

define command {
  command_name ssh_check_oracle_tns
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_oracle --tns $ARG1$ "
}

define command {
  command_name ssh_check_mailq
  command_line /usr/lib/nagios/plugins/check_by_ssh -t 20 -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_mailq -w $ARG1$ -c $ARG2$ "
}

define command {
  command_name check_http_number
  command_line /usr/lib/nagios/plugins/check_http_number "$ARG1$" "$ARG2$" "$ARG3$"
}

define command {
  command_name ssh_check_sensors
  command_line /usr/lib/nagios/plugins/check_by_ssh -H $HOSTADDRESS$ -l root -i /var/lib/nagios/.ssh/id_rsa -C "/usr/lib/nagios/plugins/check_sensors -d /dev/$ARG1$ -n"
}

define command {
    command_name check_url
    command_line /usr/lib/nagios/plugins/check_http -H '$ARG1$' -p '$ARG2$' -u '$ARG3$' -s '$ARG4$' -f follow
}

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp

class icinga_ssh_client {
    package { "nagios-plugins-basic":
        ensure => installed,
    }

    # http://raw.github.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
    file { "/usr/lib/nagios/plugins/check_mem":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_mem",
    }

    # apt-get install -y nagios-plugins-contrib --no-install-recommends
    file { "/usr/lib/nagios/plugins/check_raid":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_raid",
    }

    # TODO: relative path to id_rsa.pub
    # extract data from public key file (e.g. /var/lib/nagios/.ssh/id_rsa.pub)
    $ssh = split(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub"), ' ')
    $ssh_type = values_at($ssh, 0)
    $ssh_key = values_at($ssh, 1)
    $ssh_id = values_at($ssh, 2)
    ssh_authorized_key { $ssh_id:
        ensure => present,
        user => root,
        type => $ssh_type,
        key => $ssh_key,
    }

    # alternatively, read key from file and remove line break
    # ssh_authorized_key { 'nagios@icinga':
    #    ensure => present,
    #    user => root,
    #    type => ssh-rsa,
    #    key => chomp(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub")),
    # }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

Debian: Install Puppet on client

Install Puppet client (agent)
wget https://raw.githubusercontent.com/panticz/installit/master/install.puppet-client.sh -O - | bash -

#!/bin/bash

# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# install
apt-get install -qq -y puppet
 
# configure to autostart puppet on boot
if [ $(puppet --version | cut -d "." -f1) -ge 3 ]; then
  # puppet 3.x
  /etc/init.d/puppet stop
  puppet agent --enable
else
  # puppet 2.x
  [ -f /etc/default/puppet ] && sed -i 's|START=no|START=yes|g' /etc/default/puppet
fi

enabling pluginsync
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf
sed -i '/\[main\]/a\runinterval=10\' /etc/puppet/puppet.conf

test connection to pupet server
puppet agent --test
OR
puppet agent --test --server puppet.lab --waitforcert 60 --verbose
#--no-daemonize

change update interwal in seconds (default 30min.)
vi /etc/puppet/puppet.conf
[main]
runinterval=300

puppet version
puppet --version

Links
http://docs.puppetlabs.com/learning/agent_master_basic.html

Puppet

Installation
1. Install and configure Puppet on server (/etc/puppet/fileserver.conf)
http://www.panticz.de/install-puppet-server-puppetmaster
2. On client: Install Puppet client
http://www.panticz.de/install-puppet-client
3. On client: apply for certificate (puppet agent --test)
4. On server: confirm certificate (puppet cert sign dev2.lab)
5. On server: configure modules (/etc/puppet/modules/MODULE_NAME/manifests/init.pp)
6. On server: prepare files (/etc/puppet/modules/MODULE_NAME/files)
7. Configure clients (/etc/puppet/manifests/site.pp)

SSH server enable / disable password authentication

Enable
sed -i 's|[#]*PasswordAuthentication no|PasswordAuthentication yes|g' /etc/ssh/sshd_config
sed -i 's|UsePAM no|UsePAM yes|g' /etc/ssh/sshd_config
service ssh restart

Disable (don´t forget to install pre-shared-key first: http://www.panticz.de/ssh_pre-shared-key_authentication)
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/disable_ssh_password_authentication.sh -O - | bash -

#!/bin/bash

sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
service ssh restart

# LXC
# disable login without password
lxc-attach -n ${CONTAINER} -- sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- service ssh restart

# generate SSH key for root
lxc-attach -n ${CONTAINER} -- ssh-keygen -q -f /root/.ssh/id_rsa -N ''

Install Cinnamon

# add PPA
sudo add-apt-repository -y ppa:gwendal-lebihan-dev/cinnamon-stable
sudo apt-get update

# install cinnamon
sudo apt-get install -y cinnamon

# OPTIONAL: install nemo
sudo apt-get install -y nemo

# Links
http://wiki.ubuntuusers.de/Cinnamon
http://wiki.ubuntuusers.de/Paketquellen_freischalten/PPA#PPA-hinzufuegen

Syndicate content