Puppet Class: profile::icinga::external_monitoring

Defined in:
modules/profile/manifests/icinga/external_monitoring.pp

Summary

profile to install a vhost for external monitoring

Overview

Parameters:

  • vhost (Stdlib::Host) (defaults to: lookup('profile::icinga::external_monitoring::vhost'))

    the vhost to listen on

  • htpasswd_salt (String) (defaults to: lookup('profile::icinga::external_monitoring::htpasswd_salt'))

    the salt to use in the httpd auth file

  • auth_users (Hash[String, String]) (defaults to: lookup('profile::icinga::external_monitoring::auth_users'))

    the salt to use in the httpd auth file

  • monitoring_hosts (Array[Stdlib::Host]) (defaults to: lookup('profile::icinga::external_monitoring::monitoring_hosts'))


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'modules/profile/manifests/icinga/external_monitoring.pp', line 5

class profile::icinga::external_monitoring (
    String               $htpasswd_salt    = lookup('profile::icinga::external_monitoring::htpasswd_salt'),
    Array[Stdlib::Host]  $monitoring_hosts = lookup('profile::icinga::external_monitoring::monitoring_hosts'),

    Hash[String, String] $auth_users       = lookup('profile::icinga::external_monitoring::auth_users'),
    Stdlib::Host         $vhost            = lookup('profile::icinga::external_monitoring::vhost'),

) {
    $auth_user_file = '/etc/icinga/apache2_ext_auth_user_file'
    $ssl_settings = ssl_ciphersuite('apache', 'strong', true)

    $allow_from = $monitoring_hosts.map |Stdlib::Host $host| {
        [$host.ipresolve(4), $host.ipresolve(6)].filter |$val| { $val =~ NotUndef }
    }.flatten
    $apache_auth_content = $auth_users.map |String $user, String $password| {
        $password_hash = $password.htpasswd($htpasswd_salt)
        "${user}:${password_hash}"
    }
    file {$auth_user_file:
        ensure  => file,
        owner   => 'www-data',
        group   => 'www-data',
        mode    => '0440',
        content => $apache_auth_content.join("\n")
    }
    httpd::site {$vhost:
        priority => 99,
        content  => template('profile/icinga/external_monitoring.conf.erb'),
    }
    monitoring::service {"https-${vhost}-unauthorized":
        description   => "${vhost} requires authentication",
        check_command => "check_https_unauthorized!${vhost}!/cgi-bin/icinga/extinfo.cgi?type=0!403",
        notes_url     => 'https://wikitech.wikimedia.org/wiki/Monitoring/https_unauthorized',
    }
    monitoring::service {"https-${vhost}-expiry":
        description   => "${vhost} SSL Expiry",
        check_command => "check_https_expiry!${vhost}!443",
        notes_url     => 'https://wikitech.wikimedia.org/wiki/Monitoring/https_unauthorized',
    }
}