assert node.has_bundle('postgresql') assert node.has_bundle('sshmon') from os.path import join ENABLED_FEATURES = { 'api', 'checker', 'command', 'ido-pgsql', 'mainlog', 'notification', } SLA_INFO = { '24x7': '24x7', 'never': 'never', } directories = { '/etc/icingaweb2': { 'group': 'icingaweb2', 'mode': '0775', 'needs': { 'pkg_apt:icingaweb2', }, }, '/etc/icinga2/features-enabled': { 'owner': 'nagios', 'group': 'nagios', 'mode': '0555', 'purge': True, 'needs': { 'pkg_apt:icinga2-ido-pgsql', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d': { 'owner': 'nagios', 'group': 'nagios', 'mode': '0555', 'purge': True, 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/services': { 'owner': 'nagios', 'group': 'nagios', 'mode': '0555', 'purge': True, 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, } files = { ### Checks '/usr/local/share/icinga/plugins/check_rbl': { 'mode': '0755', }, '/usr/local/share/icinga/plugins/check_by_sshmon': { 'mode': '0755', }, '/etc/sshmon.priv': { 'content': repo.vault.decrypt_file(join('sshmon', 'sshmon.key.vault')), 'owner': 'nagios', 'group': 'nagios', 'mode': '0400', 'needs': { 'pkg_apt:icinga2-ido-pgsql', }, }, # Icinga2 '/etc/icinga2/icinga2.conf': { 'source': 'icinga2/icinga2.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/features-available/ido-pgsql.conf': { 'source': 'icinga2/ido-pgsql.conf', 'content_type': 'mako', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/api-users.conf': { 'source': 'icinga2/api-users.conf', 'content_type': 'mako', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/app.conf': { 'source': 'icinga2/app.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/check_commands.conf': { 'source': 'icinga2/check_commands.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/templates.conf': { 'source': 'icinga2/templates.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/timeperiods.conf': { 'source': 'icinga2/timeperiods.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, '/etc/icinga2/conf.d/users.conf': { 'source': 'icinga2/users.conf', 'content_type': 'mako', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, # IcingaWeb2 '/etc/icingaweb2/authentication.ini': { 'source': 'icingaweb2/authentication.ini', 'mode': '0660', 'group': 'icingaweb2', }, '/etc/icingaweb2/config.ini': { 'source': 'icingaweb2/config.ini', 'mode': '0660', 'group': 'icingaweb2', }, '/etc/icingaweb2/groups.ini': { 'source': 'icingaweb2/groups.ini', 'mode': '0660', 'group': 'icingaweb2', }, '/etc/icingaweb2/resources.ini': { 'source': 'icingaweb2/resources.ini', 'content_type': 'mako', 'mode': '0660', 'group': 'icingaweb2', }, } actions = { 'icinga2_api_setup': { 'command': 'icinga2 api setup', 'unless': 'test -e /var/lib/icinga2/certs/{}.crt'.format(node.metadata['hostname']), 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, }, } for feature in ENABLED_FEATURES: symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = { 'target': f'/etc/icinga2/features-available/{feature}.conf', 'needs': { 'pkg_apt:icinga2', }, 'triggers': { 'svc_systemd:icinga2:restart', }, } svc_systemd = { 'icinga2': { 'needs': { 'action:icinga2_api_setup', 'file:', 'pkg_apt:', 'symlink:', }, }, } # The actual hosts and services management starts here monitored_nodes = repo.nodes for n in monitored_nodes[:]: if n.metadata.get('icinga_options', {}).get('exclude_from_monitoring', False): monitored_nodes.remove(n) bundle_metadata = {} for monitored_node in monitored_nodes: node_metadata = monitored_node.metadata.copy() for bundle, config in sorted(node_metadata.get('icinga2_api', {}).items()): if bundle not in bundle_metadata: bundle_metadata[bundle] = { 'services': {} } bundle_metadata[bundle]['services'].update({ monitored_node: config['services'] }) for serv, conf in bundle_metadata[bundle]['services'][monitored_node].items(): if 'check_command' not in conf: # This default is also set in sshmon bundle conf['check_command'] = 'sshmon' for bundle, metadata in bundle_metadata.items(): files[f'/etc/icinga2/conf.d/services/{bundle}.conf'] = { 'source': 'icinga2/services_template.conf', 'content_type': 'mako', 'context': { 'bundle_metadata': metadata['services'], }, 'owner': 'nagios', 'group': 'nagios', 'mode': '0440', 'triggers': { 'svc_systemd:icinga2:restart', }, } files['/etc/icinga2/conf.d/hosts.conf'] = { 'source': 'icinga2/hosts.conf', 'content_type': 'mako', 'context': { 'monitored_nodes': monitored_nodes, 'sla_info': SLA_INFO, }, 'owner': 'nagios', 'group': 'nagios', 'mode': '0440', 'triggers': { 'svc_systemd:icinga2:restart', }, }