diff --git a/nagios/templates/bin/_apache.sh.tpl b/nagios/templates/bin/_apache.sh.tpl index e80ead098e..b55925f5dc 100644 --- a/nagios/templates/bin/_apache.sh.tpl +++ b/nagios/templates/bin/_apache.sh.tpl @@ -29,6 +29,12 @@ function start () { # Apache gets grumpy about PID files pre-existing rm -f /etc/httpd/logs/httpd.pid + if [ -f /usr/local/apache2/conf/.htpasswd ]; then + htpasswd -b /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS + else + htpasswd -cb /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS + fi + #Launch Apache on Foreground exec httpd -DFOREGROUND } diff --git a/nagios/templates/configmap-etc.yaml b/nagios/templates/configmap-etc.yaml index 788e1c9fe0..abc16a3cc8 100644 --- a/nagios/templates/configmap-etc.yaml +++ b/nagios/templates/configmap-etc.yaml @@ -26,8 +26,10 @@ data: {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} nagios-host.conf: | {{- tuple .Values.conf.apache.host "etc/_nagios-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} + cgi.cfg: |+ +{{ include "nagios.to_nagios_conf" .Values.conf.nagios.cgi | indent 4 }} nagios.cfg: |+ -{{ include "nagios.to_nagios_conf" .Values.conf.nagios.config | indent 4 }} +{{ include "nagios.to_nagios_conf" .Values.conf.nagios.nagios | indent 4 }} nagios_objects.cfg: |+ {{- tuple "contact" .Values.conf.nagios.contacts | include "nagios.object_definition" | indent 4 }} {{- tuple "contactgroup" .Values.conf.nagios.contactgroups | include "nagios.object_definition" | indent 4 }} diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 73ba0941a3..433a3b6b98 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -92,6 +92,16 @@ spec: value: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: LDAP_URL value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }} + - name: NAGIOSADMIN_USER + valueFrom: + secretKeyRef: + name: {{ $nagiosUserSecret }} + key: NAGIOSADMIN_USER + - name: NAGIOSADMIN_PASS + valueFrom: + secretKeyRef: + name: {{ $nagiosUserSecret }} + key: NAGIOSADMIN_PASS - name: BIND_DN valueFrom: secretKeyRef: @@ -134,11 +144,25 @@ spec: value: {{ $envAll.Values.conf.nagios.notification.http.primary_target }} - name: REST_NOTIF_SECONDARY_TARGET_URL value: {{ $envAll.Values.conf.nagios.notification.http.secondary_target }} + - name: NAGIOSADMIN_USER + valueFrom: + secretKeyRef: + name: {{ $nagiosUserSecret }} + key: NAGIOSADMIN_USER + - name: NAGIOSADMIN_PASS + valueFrom: + secretKeyRef: + name: {{ $nagiosUserSecret }} + key: NAGIOSADMIN_PASS volumeMounts: - name: nagios-etc mountPath: /opt/nagios/etc/nagios.cfg subPath: nagios.cfg readOnly: true + - name: nagios-etc + mountPath: /opt/nagios/etc/cgi.cfg + subPath: cgi.cfg + readOnly: true - name: nagios-etc mountPath: /opt/nagios/etc/nagios_objects.cfg subPath: nagios_objects.cfg diff --git a/nagios/templates/etc/_nagios-host.conf.tpl b/nagios/templates/etc/_nagios-host.conf.tpl index e573724553..b2c85fb74e 100644 --- a/nagios/templates/etc/_nagios-host.conf.tpl +++ b/nagios/templates/etc/_nagios-host.conf.tpl @@ -19,7 +19,8 @@ limitations under the License. AuthName "Nagios" AuthType Basic - AuthBasicProvider ldap + AuthBasicProvider ldap file + AuthUserFile /usr/local/apache2/conf/.htpasswd AuthLDAPBindDN ${BIND_DN} AuthLDAPBindPassword ${BIND_PASSWORD} AuthLDAPURL ${LDAP_URL} diff --git a/nagios/templates/etc/_nagios.cfg.tpl b/nagios/templates/etc/_nagios.cfg.tpl deleted file mode 100644 index c51fb6d4c5..0000000000 --- a/nagios/templates/etc/_nagios.cfg.tpl +++ /dev/null @@ -1,3 +0,0 @@ -# Nagios Configuration File - -{{ .Values.conf.nagios.cfg }} diff --git a/nagios/templates/secret-nagios.yaml b/nagios/templates/secret-nagios.yaml index bbfeb77960..56155f5db6 100644 --- a/nagios/templates/secret-nagios.yaml +++ b/nagios/templates/secret-nagios.yaml @@ -24,6 +24,8 @@ metadata: name: {{ $secretName }} type: Opaque data: + NAGIOSADMIN_USER: {{ .Values.endpoints.nagios.auth.admin.username | b64enc }} + NAGIOSADMIN_PASS: {{ .Values.endpoints.nagios.auth.admin.password | b64enc }} BIND_DN: {{ .Values.endpoints.ldap.auth.admin.bind | b64enc }} BIND_PASSWORD: {{ .Values.endpoints.ldap.auth.admin.password | b64enc }} {{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml index c5fea267c4..212d007fa4 100644 --- a/nagios/values.yaml +++ b/nagios/values.yaml @@ -89,6 +89,10 @@ endpoints: nagios: name: nagios namespace: null + auth: + admin: + username: nagiosadmin + password: password hosts: default: nagios-metrics public: nagios @@ -750,7 +754,7 @@ conf: service_description: NTP_sync check_command: check_ntp_sync hostgroup_name: base-os - config: + nagios: log_file: /opt/nagios/var/nagios.log cfg_file: - /opt/nagios/etc/nagios_objects.cfg @@ -856,6 +860,31 @@ conf: max_debug_file_size: 1000000 allow_empty_hostgroup_assignment: 1 illegal_macro_output_chars: "`~$&|'<>\"" + cgi: + main_config_file: /opt/nagios/etc/nagios.cfg + physical_html_path: /opt/nagios/share + url_html_path: /nagios + show_context_help: 0 + use_pending_states: 1 + use_authentication: 0 + use_ssl_authentication: 0 + authorized_for_system_information: "*" + authorized_for_configuration_information: "*" + authorized_for_system_commands: nagiosadmin + authorized_for_all_services: "*" + authorized_for_all_hosts: "*" + authorized_for_all_service_commands: "*" + authorized_for_all_host_commands: "*" + default_statuswrl_layout: 4 + ping_syntax: /bin/ping -n -U -c 5 $HOSTADDRESS$ + refresh_rate: 90 + result_limit: 100 + escape_html_tags: 1 + action_url_target: _blank + notes_url_target: _blank + lock_author_names: 1 + navbar_search_for_addresses: 1 + navbar_search_for_aliases: 1 notification: snmp: primary_target: 127.0.0.1:15162