This guide outlines how to use Puppet to automatically add basic checks for provisioned nodes to an Icinga instance running on the same server. This tutorial assumes the use of Ubuntu 12.04LTS but this should work on any Linux distro.
I’ve tried to include as much information as I can. So there will be a basic primer on getting Puppet working and adding a new node to the Puppetmaster. If you have your own way of doing this, feel free to skip those parts of the guide. You can also use the basic setup guide on the Puppetlabs Wiki to get things up and running.
This guide will show you how to setup Linux user accounts restricted to using SFTP only. These accounts will be unable to run arbitrary shell commands on the server or access/create files outside their own home directories. The steps in this guide were tested on Ubuntu Server 10.04 with version 5.3p1 of the OpenSSH daemon, obtained from the Ubuntu software repositories.
Although this guide is aimed at Ubuntu users, it should also be applicable to other flavors of Linux as well. The most important factor to consider is the version of OpenSSH you have installed on your system. Version 5.0 or above is recommended as these versions support the OpenSSH ChrootDirectory configuration option that we’ll be using here.
Right, that’s enough of the rambling, let’s get to it…