← Back to branch summary

~arosales/charms/precise/nrpe-external-master/better-icon 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

#!/bin/bash
set -eux

# Suboridnate charm hooks can run in parallel with other charm hooks
# on the same unit Bug #1068624. So a hook may fail to get a apt-get lock.
COUNTER=0
APT_LOCKED=1
while true; do
    lsof /var/lib/dpkg/lock > /dev/null 2>&1 || APT_LOCKED=0
    if [[ $APT_LOCKED -eq 0 ]]; then
        RET=0
        # It's possible that if multiple subordinate charms attempt to install
        # a package at exactly the same time neither will see the dpkg lock but
        # then when attempting to actually install they'll conflict. If so, just
        # ignore and try again in another minute, by which time hopefully it
        # will have finished.
        apt-get install -q -y nagios-nrpe-server \
            nagios-plugins-basic \
            nagios-plugins-standard \
            rsync \
            python-cheetah || RET=$? && [[ $RET -ne 100 ]] \
                && [[ $RET -ne 0 ]] && exit $RET
        [[ $RET -eq 100 ]] || break
    fi
    if [[ $COUNTER -gt 5 ]]; then
        echo "Failed to obtain apt lock"
        exit 1
    fi
    sleep 60
    COUNTER=$[$COUNTER+1]
done

mkdir -p /etc/nagios/nrpe.d/
mkdir -p /usr/local/lib/nagios/plugins
mkdir -p /var/lib/nagios/export/

cp files/nagios_plugin.py /usr/lib/nagios/plugins/nagios_plugin.py
ln -fs /usr/lib/nagios/plugins/nagios_plugin.py /usr/local/lib/nagios/plugins/nagios_plugin.py

cp files/default_rsync /etc/default/rsync
if [[ -d /etc/rsyncd.d ]]; then
    export RSYNC_MODULE_ONLY=1
else
    export RSYNC_MODULE_ONLY=0
fi
export NAGIOS_MASTER=$(config-get nagios_master)
cheetah fill --env --oext compiled templates/rsyncd.conf.tmpl
if [[ -d /etc/rsyncd.d ]]; then
    cp templates/rsyncd.conf.compiled /etc/rsyncd.d/010-nrpe-external-master
    concat_rsync_fragments || true
else
    cp templates/rsyncd.conf.compiled /etc/rsyncd.conf
fi
service rsync restart

# WARNING: hloeung: I have left these commented out vs. removing intentionally
# as we don't want to expose rsync and NRPE to the world. open-port adds
# the following rules which is not what we want:
# $ nova secgroup-list-rules juju-prodstack-u1-r1-10
# +-------------+-----------+---------+-----------+--------------+
# | IP Protocol | From Port | To Port |  IP Range | Source Group |
# +-------------+-----------+---------+-----------+--------------+
# | tcp         | 80        | 80      | 0.0.0.0/0 |              |
# | tcp         | 443       | 443     | 0.0.0.0/0 |              |
# | tcp         | 873       | 873     | 0.0.0.0/0 |              |
# | tcp         | 5666      | 5666    | 0.0.0.0/0 |              |
# +-------------+-----------+---------+-----------+--------------+
# Our deployment scripts will handle adding the appropriate rules to only allow
# the monitoring host (currently wekufe) to connect via rsync and NRPE.
#open-port 873/tcp
#open-port 5666/tcp