Add NSCA-ng support for the Vagrant VM.

Fixes #5128

Signed-off-by: Gunnar Beutner <gunnar@beutner.name>

.vagrant-puppet/manifests/default.pp

@@ -2,6 +2,7 @@ include apache
 include icinga-classicui
 include icinga-web
 include nagios-plugins
+include nsca-ng
 
 # icinga 2 docs at /icinga2-doc
 file { '/etc/httpd/conf.d/icinga2-doc.conf':

.vagrant-puppet/modules/nsca-ng/manifests/init.pp

@@ -0,0 +1,85 @@
+# Class: nsca-ng
+#
+#   This class installs nsca-ng components
+#
+class nsca-ng {
+  include nsca-ng-server
+  include nsca-ng-client
+}
+
+# Class: nsca-ng-server
+#
+#   This class installs nsca-ng server
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class nsca-ng-server {
+  package { 'nsca-ng-server':
+    ensure => installed,
+  }
+
+  exec { 'iptables-allow-nsca-ng':
+    path => '/bin:/usr/bin:/sbin:/usr/sbin',
+    unless => 'grep -Fxqe "-A INPUT -m state --state NEW -m tcp -p tcp --dport 5668 -j ACCEPT" /etc/sysconfig/iptables',
+    command => 'lokkit -p 5668:tcp'
+  }
+
+  service { 'nsca-ng':
+    enable => true,
+    ensure => running,
+    hasrestart => true,
+    alias => 'nsca-ng',
+    require => [ Package['nsca-ng-server'], Exec['iptables-allow-nsca-ng'] ]
+  }
+
+  file { '/etc/nsca-ng.cfg':
+    content => template('nsca-ng/nsca-ng.cfg'),
+    require => Package['nsca-ng-server'],
+    notify => Service['nsca-ng']
+  }
+}
+
+# Class: nsca-ng-client
+#
+#   This class installs nsca-ng client
+#
+#   A example passive check result is stored in ~vagrant/passive_result.
+#
+#   This can be called manually with:
+#   send_nsca -c /etc/send_nsca.cfg < /home/vagrant/passive_result
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class nsca-ng-client {
+  package { 'nsca-ng-client':
+    ensure => installed,
+  }
+
+  file { '/etc/icinga2/conf.d/passive.conf':
+    content => template('nsca-ng/passive.conf'),
+    require => Package['nsca-ng-client'],
+    notify => Service['icinga2']
+  }
+
+  file { '/etc/send_nsca.cfg':
+    content => template('nsca-ng/send_nsca.cfg'),
+    require => Package['nsca-ng-client'],
+  }
+
+  file { '/home/vagrant/passive_result':
+    content => template('nsca-ng/passive_result'),
+    require => Package['nsca-ng-client'],
+  }
+}

.vagrant-puppet/modules/nsca-ng/templates/nsca-ng.cfg

@@ -0,0 +1,127 @@
+#
+# Sample configuration for nsca-ng(8).  See the nsca-ng.cfg(5) man page.
+#
+# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY
+# AUTHORIZED USERS CAN ACCESS IT!
+#
+
+#
+# Most probably, you'll have to specify the path to the Nagios command file.
+#
+command_file = "/var/run/icinga2/cmd/icinga2.cmd"
+
+#
+# These configuration settings are optional.
+#
+#       listen = "monitoring.example.com:5668"  # Default: "*".
+#       pid_file = "/var/run/nsca-ng.pid"       # Default: create no PID file.
+#       temp_directory = "/dev/shm"             # Default: "/tmp".
+#       tls_ciphers = "PSK-AES256-CBC-SHA"      # Default: see nsca-ng.cfg(5).
+#       chroot = "/usr/local/nagios/var"        # Default: don't chroot(2).
+#       user = "nagios"                         # Default: don't switch user.
+#       log_level = 2                           # Default: 3.
+#       max_command_size = 65536                # Default: 16384.
+#       max_queue_size = 128                    # Default: 1024.
+#       timeout = 15.0                          # Default: 60.0.
+#
+
+user = "nsca"
+
+#
+# Clients provide a client ID (think: user name) and a password.  The same
+# ID/password combination may be used by multiple clients.  In order to
+# authorize clients to submit check results and/or other external commands, at
+# least one "authorize" section must be specified.  The client ID (which follows
+
+# the "authorize" keyword) may be "*".  In this case, the block will be used as
+# fallback if no section is defined for a given client ID.  No other wildcard
+# characters are available, and "*" has no special meaning unless the client ID
+# is exactly "*".
+#
+# Authorizations are specified using the "commands", "hosts, and/or "services"
+# variables within an "authorize" section.  These variables are (lists of)
+# extended POSIX regular expressions (see the regex(7) man page), but with an
+# implicit leading "^" and trailing "$".  The "commands" patterns are matched
+# against the full command string transmitted by the client, except for the
+# leading bracketed timestamp.  The "hosts" and "services" variables are
+# syntactic sugar, e.g.:
+#
+#       services = {
+#               "http@web-server",
+#               "disk"
+#       }
+#
+# is equivalent to
+#
+#       commands = {
+#               "PROCESS_SERVICE_CHECK_RESULT;web-server;http;.+;.+",
+#               "PROCESS_SERVICE_CHECK_RESULT;[^;]+;disk;.+;.+"
+#       }
+#
+# Some examples:
+#
+# Authenticated "root" clients may submit arbitrary check results and any other
+# monitoring commands.
+#
+#       authorize "root" {
+#               password = "cM5vBM9CtCWTH1SwnxFEOfp8VAmQq2vd"
+#               commands = ".*"
+#       }
+#
+# Authenticated "checker" clients may submit arbitrary check results, but no
+# other commands.
+#
+#       authorize "checker" {
+#               password = "s2LDCy4CiK6yrlcHhTXT6agFh067XYE3"
+#               hosts = ".*"
+#               services = ".*"
+#       }
+#
+# Authenticated "mail-checker" clients may submit check results for arbitrary
+# services on hosts whose names begin with "pop", "imap", or "smtp".
+#
+#       authorize "mail-checker" {
+#               password = "1HOiwYonRoLByCaX6lfY5KDhP484THzV"
+#               services = {
+#                       ".+@pop.*",
+#                       ".+@imap.*",
+#                       ".+@smtp.*"
+#               }
+#       }
+#
+# Authenticated "system-checker" clients may submit check results for the
+# "disk", "swap", and "load" services on arbitrary hosts.
+#
+#       authorize "system-checker" {
+#               password = "rDCnSMFaM9wb5Yzjd6JwRcvHEwmC9ZlQ"
+#               services = {
+#                       "disk",
+#                       "swap",
+#                       "load"
+#               }
+#       }
+#
+
+#
+# The "*" section applies when no other section matches the client's identity.
+# In order to authorize clients to actually submit check results (or other
+# commands), at least one "commands" and/or "services" expression must be
+# specified.
+#
+authorize "*" {
+        password = "password"
+        #
+        # The original NSCA server permits all authenticated clients to submit
+        # arbitrary check results.  To get this behaviour, enable the following
+        # lines:
+        #
+               hosts = ".*"
+               services = ".*"
+}
+
+#
+# Other files can be included.  If a directory is specified, all "*.cfg" and
+# "*.conf" files within this directory and all subdirectories are included.
+#
+#       include(nsca-ng.d/included.cfg)
+#

.vagrant-puppet/modules/nsca-ng/templates/passive.conf

@@ -0,0 +1,18 @@
+/**
+ * A host definition. You can create your own configuration files
+ * in the conf.d directory (e.g. one per host). By default all *.conf
+ * files in this directory are included.
+ */
+object Host "nsca-ng" inherits "generic-host" {
+  display_name = "nsca-ng test",
+
+  services["PassiveService1"] = {
+    templates = [ "generic-service" ],
+    check_command = "passive",
+  },
+
+  services["PassiveService2"] = {
+    templates = [ "generic-service" ],
+    check_command = "passive",
+  },
+}

.vagrant-puppet/modules/nsca-ng/templates/passive_result

@@ -0,0 +1,3 @@
+nsca-ng	PassiveService1	0	This is a test passive result check returning OK
+nsca-ng	PassiveService2	1	This is a test passive result check returning BAD
+

.vagrant-puppet/modules/nsca-ng/templates/send_nsca.cfg

@@ -0,0 +1,16 @@
+#
+# Sample configuration for send_nsca(8).  See the send_nsca.cfg(5) man page.
+#
+# PLEASE SET THE PERMISSIONS OF THIS FILE APPROPRIATELY TO MAKE SURE THAT ONLY
+# AUTHORIZED USERS CAN ACCESS IT!
+#
+
+password="password"
+identity="nsca-ng"
+#       identity = "web-checker"                        # Default: `hostname`.
+#       password = "8a5UMsMzZhu6sSPkSmSaqC3HjMGCLwdt"   # Default: "change-me".
+#       server = "monitoring.example.com"               # Default: "localhost".
+#       tls_ciphers = "PSK-AES256-CBC-SHA"              # See send_nsca.cfg(5).
+#       delay = 2                                       # Default: 0.
+#       port = 5668                                     # Default: 5668.
+#       timeout = 10                                    # Default: 15.

Vagrantfile

@@ -30,6 +30,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     # so you can take notice and act accordingly.
     auto_correct: true
 
+  # forward port for nsca-ng. See note above regarding auto_correct
+  config.vm.network :forwarded_port, guest: 5668, host: 5668, auto_correct: true
+
   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
   # config.vm.network :private_network, ip: "192.168.33.10"

doc/5-icinga-template-library.md

@@ -58,6 +58,18 @@ plugindir       | **Required.** The directory containing this plugin.
 state           | **Optional.** The state. Can be one of 0 (ok), 1 (warning), 2 (critical) and 3 (unknown). Defaults to 0.
 text            | **Optional.** Plugin output. Defaults to "Check was successful.".
 
+### passive
+
+Specialised check command object for passive checks executing the `check_dummy` plugin with appropriate default values.
+
+Macros:
+
+Name            | Description
+----------------|--------------
+plugindir       | **Required.** The directory containing this plugin.
+state           | **Optional.** The state. Can be one of 0 (ok), 1 (warning), 2 (critical) and 3 (unknown). Defaults to 3.
+text            | **Optional.** Plugin output. Defaults to "No Passive Check Result Received.".
+
 ### tcp
 
 Check command object for the `check_tcp` plugin.

itl/command-common.conf

@@ -76,6 +76,13 @@ object CheckCommand "dummy" inherits "plugin-check-command" {
 	}
 }
 
+object CheckCommand "passive" inherits "dummy" {
+	macros = {
+		state = 3,
+		text = "No Passive Check Result Received."
+	}
+}
+
 object CheckCommand "tcp" inherits "plugin-check-command" {
 	command = [
 		"$plugindir$/check_tcp",