Confdroid Puppet Modules - NRPE

Secure Remote Monitoring Made Simple: confdroid_nrpe Completes Your Puppet-Powered Nagios Setup Confdroid Puppet Modules - NRPE 如果您已经在使用 confdroid_nagios 进行自动化和资源导出监控，那么缺失的部分一直是客户端。现在，这一缺失的部分已经出现了。 confdroid_nrpe 是一个简洁的仅客户端 Puppet 模块，它会在您想要监控的每一台主机上安装和配置 NRPE（Nagios Remote Plugin Executor）。它能与 Nagios 服务器协同工作，使检查在您的整个基础设施上安全且自动地运行。 源代码：https://sourcecode.confdroid.com/confdroid/confdroid_nrpe 详细概述：https://deepwiki.com/grizzlycoda/puppet_collection/4.7-confdroid_nrpe 仅有一个中央 Nagios 服务器无法在没有帮助的情况下窥探每一台机器。NRPE 让服务器能够要求远程 Linux 主机运行本地检查插件（磁盘空间、CPU 负载、进程、自定义脚本等）并立即返回结果。这使监控变得轻量、安全且快速——这正是传统 VM 和裸金属环境所必需的。 该模块是为 Rocky Linux 9 和类似的基于 RedHat 的 EL 系统（支持 Puppet 8）构建的，并遵循 confdroid 套件其余部分的简洁理念： - 安装 NRPE 守护进程并创建专用的 nrpe 系统用户 - 设置正确的目录结构和权限以及 SELinux 上下文 - 管理 nrpe.conf（包括来自您的 Nagios 服务器的 allowed_hosts） - 为动态检查命令处理 nrpe.cfg - 当检查需要 elevated privileges 时授予 Nagios 用户 sudo 权限 - 动态定义自定义 NRPE 命令（无需手动配置文件） - 可选择打开防火墙端口（TCP 5666）并应用 SELinux 例外 - 确保 NRPE 服务正在运行并启用 - 可选择启用 SSL / TLS 加密 其他 confdroid 模块（Apache、PostgreSQL 等）已经通过 PuppetDB 导出其 Nagios 检查。当您在客户端上应用 confdroid_nrpe 时： - 客户端会注册自身（或被服务器收集） - 检查命令会自动写入 nrpe.cfg Nagios 服务器开始积极地通过 NRPE 查询主机 - 无需手动主机定义。无需 SSH 密钥。无需猜测。 以下是幕后确切发生的事情： Nagios 服务器只需连接到每个客户端的 5666 端口，告诉 NRPE 运行哪个命令，并在几秒钟内收到结果。 ## 快速开始 将模块添加到您的 Puppetfile 中： ``` mod 'confdroid_nrpe', git: 'https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git' ``` 然后声明它： 在 site.pp 或 nodes.pp 中： ```yaml node 'example.example.net' { include confdroid_nrpe } ``` 通过 Foreman： 为了通过 Foreman 应用参数，除非 estate 中的默认值完全可接受，否则 confdroid_nrpe::params- 必须添加到相关主机或主机组中。 就这样。您的客户端现在已准备好进行全自动监控。 在服务器端使用 confdroid_nagios，在每台客户端上使用 confdroid_nrpe，您将获得一个完整的、无触摸的、完全由 Puppet 和 PuppetDB 驱动的 Nagios 设置。不再有手动配置文件，不再有遗漏的主机，每个端点都拥有坚如磐石的 Security。 如果您觉得这篇帖子有帮助，请支持我。

Secure Remote Monitoring Made Simple: confdroid_nrpe Completes Your Puppet-Powered Nagios Setup If you’re already using confdroid_nagios for automated, exported-resource monitoring, the missing piece was always the client side. That piece is now here. confdroid_nrpe is the clean, client-only Puppet module that installs and configures NRPE (Nagios Remote Plugin Executor) on every host you want to monitor. It works hand-in-hand with the Nagios server so checks run securely and automatically across your entire infrastructure. source code: https://sourcecode.confdroid.com/confdroid/confdroid_nrpe Detailed overview: https://deepwiki.com/grizzlycoda/puppet_collection/4.7-confdroid_nrpe A central Nagios server can’t peek inside every machine without help. NRPE lets the server ask remote Linux hosts to run local check plugins (disk space, CPU load, processes, custom scripts, etc.) and return the result instantly. This keeps monitoring lightweight, secure, and fast — exactly what traditional VM and bare-metal environments need. The module is built for Rocky Linux 9 and similar RedHat-based EL systems (Puppet 8 ready) and follows the same clean philosophy as the rest of the confdroid collection: Installs the NRPE daemon and creates the dedicated nrpe system user Sets up proper directory structure with correct permissions and SELinux contexts Manages nrpe.conf (including allowed_hosts from your Nagios server) Handles nrpe.cfg for dynamic check commands Grants sudo rights to the Nagios user when checks need elevated privileges Dynamically defines custom NRPE commands (no manual config files) Optionally opens the firewall port (TCP 5666) and applies SELinux exceptions Ensures the NRPE service is running and enabled Optionally enables SSL / TLS encryption Other confdroid modules (Apache, PostgreSQL, etc.) already export their Nagios checks via PuppetDB. When you apply confdroid_nrpe on a client: The client registers itself (or gets collected by the server) Check commands are written automatically into nrpe.cfg The Nagios server starts actively querying the host over NRPE No manual host definitions. No SSH keys. No guesswork. Here’s exactly what happens behind the scenes: The Nagios server simply connects to port 5666 on each client, tells NRPE which command to run, and receives the result in seconds. ## Quick Start Add the module to your Puppetfile: mod 'confdroid_nrpe', git: 'https://sourcecode.confdroid.com/confdroid/confdroid_nrpe.git' Then declare it: via site.pp or nodes.pp node 'example.example.net' { include confdroid_nrpe } through Foreman: In order to apply parameters through Foreman, confdroid_nrpe::params- must be added to the host or host group in question, unless the defaults are fully acceptable across the estate. That’s it. Your clients are now ready for fully automated monitoring. With confdroid_nagios on the server side and confdroid_nrpe on every client, you get a complete, zero-touch Nagios setup driven entirely by Puppet and PuppetDB. No more manual config files, no more forgotten hosts, and rock-solid security on every endpoint. Did you find this post helpful? You can support me. Confdroid Puppet Modules - Pilot Confdroid Puppet Modules - Puppet ConfDroid Puppet Modules - confdroid_resources ConfDroid Puppet Modules - Postgresql ConfDroid Puppet Modules - Gitea ConfDroid Puppet Modules - Apache ConfDroid Puppet Modules - Nagios