From 7604fef734bdf632631b15b23b833eba9f14d0ba Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 13 Mar 2022 15:15:47 +0100
Subject: [PATCH] bundles/icinga2: use ip addresses for monitoring instead of
 hostnames

---
 .../icinga2/files/icinga2/check_commands.conf |  8 +++----
 .../icinga2/files/icinga2/hosts_template.conf |  7 +++++-
 bundles/icinga2/items.py                      | 22 +++++++++++++++++++
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/bundles/icinga2/files/icinga2/check_commands.conf b/bundles/icinga2/files/icinga2/check_commands.conf
index e298e30..5aa9f99 100644
--- a/bundles/icinga2/files/icinga2/check_commands.conf
+++ b/bundles/icinga2/files/icinga2/check_commands.conf
@@ -9,7 +9,7 @@ object CheckCommand "sshmon" {
             value = "$sshmon_command$"
         }
         "-h" = {
-            value = "$address$"
+            value = "$check_address$"
         }
         "-t" = {
             set_if = bool("$sshmon_timeout$")
@@ -81,7 +81,7 @@ object CheckCommand "check_imap" {
             value = "$imap_port$"
         }
         "-H" = {
-            value = "$address$"
+            value = "$check_address$"
         }
     }
 }
@@ -108,7 +108,7 @@ object CheckCommand "check_smtp" {
 
     arguments = {
         "-H" = {
-            value = "$address$"
+            value = "$check_address$"
         }
     }
 }
@@ -124,6 +124,6 @@ object CheckCommand "check_usv" {
     import "plugin-check-command"
     import "ipv4-or-ipv6"
 
-    command = [ "/usr/local/share/icinga/plugins/check_usv_snmp", "$address$", "$snmp_community$" ]
+    command = [ "/usr/local/share/icinga/plugins/check_usv_snmp", "$check_address$", "$snmp_community$" ]
     vars.snmp_community = "public"
 }
diff --git a/bundles/icinga2/files/icinga2/hosts_template.conf b/bundles/icinga2/files/icinga2/hosts_template.conf
index 3d3cae2..1c4f957 100644
--- a/bundles/icinga2/files/icinga2/hosts_template.conf
+++ b/bundles/icinga2/files/icinga2/hosts_template.conf
@@ -1,7 +1,12 @@
 object Host "${rnode.name}" {
     import "generic-host"
 
-    address = "${rnode.metadata.get('icinga_options/hostname', rnode.hostname)}"
+% if address4:
+    address = "${address4}"
+% endif
+% if address6:
+    address6 = "${address6}"
+% endif
 
     # used for determining service groups
     vars.bw_groups = [ "${'", "'.join(sorted({group.name for group in rnode.groups}))}" ]
diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py
index 9c2a911..f39eebe 100644
--- a/bundles/icinga2/items.py
+++ b/bundles/icinga2/items.py
@@ -340,11 +340,33 @@ for rnode in repo.nodes:
     if rnode.metadata.get('icinga_options/exclude_from_monitoring', False):
         continue
 
+    host_ips = repo.libs.tools.resolve_identifier(repo, rnode.name)
+    icinga_ips = {}
+
+    # XXX for the love of god, PLEASE remove this once DNS is no longer
+    # hosted at GCE
+    if rnode.in_group('gce'):
+        icinga_ips['ipv4'] = rnode.metadata.get('external_ipv4')
+    else:
+        for ip_type in ('ipv4', 'ipv6'):
+            for ip in sorted(host_ips[ip_type]):
+                if ip.is_private and not ip.is_link_local:
+                    icinga_ips[ip_type] = str(ip)
+                    break
+            else:
+                if host_ips[ip_type]:
+                    icinga_ips[ip_type] = sorted(host_ips[ip_type])[0]
+
+    if not icinga_ips:
+        raise ValueError(f'{rnode.name} requests monitoring, but has neither IPv4 nor IPv6 addresses!')
+
     files[f'/etc/icinga2/conf.d/hosts/{rnode.name}.conf'] = {
         'source': 'icinga2/hosts_template.conf',
         'content_type': 'mako',
         'context': {
             'rnode': rnode,
+            'address4': icinga_ips.get('ipv4', None),
+            'address6': icinga_ips.get('ipv6', None),
         },
         'owner': 'nagios',
         'group': 'nagios',