# Managing Nagios With Puppet, host file permissions

Puppet 2.7.26

Adding new hosts createas a mode 600 cfg file, instead of mode 644. Seems to be a old tracked bug:

I have a bugfix in my server.pp file:

class nagios::server {
package { [ "nagios" ]:
ensure => latest;
}
service { "nagios":
ensure => running,
enabled => true,
}
}

# Hack for bug #3299 where nagios stuff is root:600
file { ["/etc/nagios/hosts.d/", "/etc/nagios/services.d/"]:
ensure => directory,
mode => 644,
recurse => true,
}


But I miss the last line ref: link text

    # Collect and instantiate all the puppet stuff
Nagios_host <<||>>
Nagios_service <<||>>


Don't know what it exactly does, and if it's the reason that the hack doesn't work, setting new hosts cfg files to mode 644.

Need to ask if it makes any difference if the hack is set before or after you define your nagios_host

edit retag close merge delete

Sort by » oldest newest most voted

I managed to have the hack working, by placing it at the very end of the configuration file. There is still one issue. The files are applied with 600, and this makes nagios not be able to start. So I need to run puppet_apply one more time, for the hack to change the files from 600 to 644.

I'm not sure, if I can edit the hack and change ensure => to present,?

more

I set my class up so that the client declares a virtual definition:

@@nagios::host { $::fqdn: file_owner =>$file_owner,
file_group => $file_group, file_mode =>$file_mode,
base_dir   => $base_dir, }  The server then instantiates it:  Nagios::Host <<||>> { notify => Class[nagios::service], }  And the host class itself does two things - create the nagios host file and declare permissions on it: define nagios::host ($file_owner,
$file_group,$file_mode,
$base_dir, ) {$target_file = "${base_dir}/hosts.d/${name}.cfg"
nagios_host { $name: ensure => present, hostgroups =>$hostgroups,
target => $target_file, } file {$target_file:
ensure  => present,
tag     => "nagios_host",
owner   => $file_owner, group =>$file_group,
mode    => \$file_mode,
}
}


Hope that helps.

more

Two things..

• First, It seems like the file ownership/group/permissions should really be defined by the Nagios server rather than its "targets" ... Would this not be a good place for something like "File {}" to be defined in the scope that Nagios is importing all those exported resources, then NOT define it in the resources themselves?

• Second, Why not just have a single hosts.cfg file with all hosts in it, and generate the contents of that file with concat() or an ERB? Edit-ability concerns of having all the hosts in one file are moot if you are not editing the file directly.

Just two completely of the cuff observations :)

more