from json import loads from os.path import join from bundlewrap.metadata import atomic defaults = { 'apt': { 'repos': { 'icinga2': { 'items': { 'deb http://packages.icinga.com/{os} icinga-{os_release} main', 'deb-src http://packages.icinga.com/{os} icinga-{os_release} main', }, }, }, 'packages': { 'icinga2': {}, 'icinga2-ido-pgsql': {}, 'icingaweb2': {}, 'icingaweb2-module-monitoring': {}, # neeeded for statusmonitor 'python3-flask': {}, } }, 'icinga2': { 'api_users': { 'root': { 'password': repo.vault.password_for(f'{node.name} icinga2 api root'), 'permissions': { '*', }, }, }, }, 'icinga2_api': { 'icinga2': { 'services': { 'SIPGATE ACCOUNT BALANCE': { 'check_command': 'check_sipgate_account_balance', 'check_interval': '30m', 'vars.notification.mail': True, }, 'ICINGA STATUSMONITOR': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit icinga_statusmonitor', }, 'IDO-PGSQL': { 'check_command': 'ido', 'vars.ido_type': 'IdoPgsqlConnection', 'vars.ido_name': 'ido-pgsql', 'vars.ido_pending_queries_warning': 25, 'vars.ido_pending_queries_critical': 50, }, }, }, }, 'icingaweb2': { 'setup-token': repo.vault.password_for(f'{node.name} icingaweb2 setup-token'), }, 'postgresql': { 'roles': { 'icinga2': { 'password': repo.vault.password_for(f'{node.name} postgresql icinga2'), }, }, 'databases': { 'icingaweb2': { 'owner': 'icinga2', }, 'icinga2': { 'owner': 'icinga2', }, }, }, } if node.has_bundle('telegraf'): defaults['icinga2']['api_users']['telegraf'] = { 'password': repo.vault.password_for(f'{node.name} icinga2 api telegraf'), 'permissions': { 'objects/Services', }, } defaults['telegraf'] = { 'input_plugins': { 'builtin': { 'icinga2': [{ 'server': 'https://127.0.0.1:5665', 'object_type': 'services', 'username': 'telegraf', 'password': repo.vault.password_for(f'{node.name} icinga2 api telegraf'), 'insecure_skip_verify': True, }], }, }, } @metadata_reactor.provides( 'icinga2/icinga_users', ) def add_users_from_json(metadata): with open(join(repo.path, 'users.json'), 'r') as f: json = loads(f.read()) users = {} for uname, config in json.items(): users[uname] = { 'email': '', 'phone': '', 'is_admin': config.get('is_admin', False), } if 'email' in config: users[uname]['email'] = repo.vault.decrypt(config['email']) if 'phone' in config: users[uname]['phone'] = repo.vault.decrypt(config['phone']) return { 'icinga2': { 'icinga_users': users, }, } @metadata_reactor.provides( 'iptables/port_rules/5665', ) def iptables(metadata): return { 'iptables': { 'port_rules': { '5665': atomic(metadata.get('icinga2/restrict-to', set())), }, }, }