Franziska Kunsmann
9651d740ae
All checks were successful
bundlewrap/pipeline/head This commit looks good
318 lines
7.8 KiB
Python
318 lines
7.8 KiB
Python
assert node.has_bundle('postgresql')
|
|
assert node.has_bundle('sshmon')
|
|
|
|
from os.path import join
|
|
|
|
ENABLED_FEATURES = {
|
|
'api',
|
|
'checker',
|
|
'command',
|
|
'ido-pgsql',
|
|
'mainlog',
|
|
'notification',
|
|
}
|
|
|
|
SLA_INFO = {
|
|
'24x7': '24x7',
|
|
'never': 'never',
|
|
}
|
|
|
|
directories = {
|
|
'/etc/icingaweb2': {
|
|
'group': 'icingaweb2',
|
|
'mode': '0775',
|
|
'needs': {
|
|
'pkg_apt:icingaweb2',
|
|
},
|
|
},
|
|
'/etc/icinga2/features-enabled': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0555',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2-ido-pgsql',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0555',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/services': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0555',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
files = {
|
|
### Checks
|
|
'/usr/local/share/icinga/plugins/check_rbl': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_by_sshmon': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_sipgate_account_balance': {
|
|
'mode': '0755',
|
|
'content_type': 'mako',
|
|
},
|
|
'/etc/sshmon.priv': {
|
|
'content': repo.vault.decrypt_file(join('sshmon', 'sshmon.key.vault')),
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0400',
|
|
'needs': {
|
|
'pkg_apt:icinga2-ido-pgsql',
|
|
},
|
|
},
|
|
|
|
# Icinga2
|
|
'/etc/icinga2/icinga2.conf': {
|
|
'source': 'icinga2/icinga2.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/scripts/icinga_notification_wrapper': {
|
|
'source': 'scripts/icinga_notification_wrapper',
|
|
'content_type': 'mako',
|
|
'mode': '0755',
|
|
},
|
|
'/etc/icinga2/features-available/ido-pgsql.conf': {
|
|
'source': 'icinga2/ido-pgsql.conf',
|
|
'content_type': 'mako',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/api-users.conf': {
|
|
'source': 'icinga2/api-users.conf',
|
|
'content_type': 'mako',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/app.conf': {
|
|
'source': 'icinga2/app.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/check_commands.conf': {
|
|
'source': 'icinga2/check_commands.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/notification_commands.conf': {
|
|
'source': 'icinga2/notification_commands.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/notifications.conf': {
|
|
'source': 'icinga2/notifications.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/templates.conf': {
|
|
'source': 'icinga2/templates.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/timeperiods.conf': {
|
|
'source': 'icinga2/timeperiods.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/users.conf': {
|
|
'source': 'icinga2/users.conf',
|
|
'content_type': 'mako',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
|
|
# IcingaWeb2
|
|
'/etc/icingaweb2/authentication.ini': {
|
|
'source': 'icingaweb2/authentication.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/config.ini': {
|
|
'source': 'icingaweb2/config.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/groups.ini': {
|
|
'source': 'icingaweb2/groups.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/resources.ini': {
|
|
'source': 'icingaweb2/resources.ini',
|
|
'content_type': 'mako',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
}
|
|
|
|
actions = {
|
|
'icinga2_api_setup': {
|
|
'command': 'icinga2 api setup',
|
|
'unless': 'test -e /var/lib/icinga2/certs/{}.crt'.format(node.metadata['hostname']),
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
for feature in ENABLED_FEATURES:
|
|
symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = {
|
|
'target': f'/etc/icinga2/features-available/{feature}.conf',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
|
|
svc_systemd = {
|
|
'icinga2': {
|
|
'needs': {
|
|
'action:icinga2_api_setup',
|
|
'file:',
|
|
'pkg_apt:',
|
|
'symlink:',
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
|
|
|
|
# The actual hosts and services management starts here
|
|
monitored_nodes = repo.nodes
|
|
|
|
for n in monitored_nodes[:]:
|
|
if n.metadata.get('icinga_options', {}).get('exclude_from_monitoring', False):
|
|
monitored_nodes.remove(n)
|
|
|
|
bundle_metadata = {}
|
|
for monitored_node in monitored_nodes:
|
|
node_metadata = monitored_node.metadata.copy()
|
|
|
|
for bundle, config in sorted(node_metadata.get('icinga2_api', {}).items()):
|
|
if bundle not in bundle_metadata:
|
|
bundle_metadata[bundle] = {
|
|
'services': {}
|
|
}
|
|
|
|
bundle_metadata[bundle]['services'].update({
|
|
monitored_node: config['services']
|
|
})
|
|
|
|
for serv, conf in bundle_metadata[bundle]['services'][monitored_node].items():
|
|
if 'check_command' not in conf:
|
|
# This default is also set in sshmon bundle
|
|
conf['check_command'] = 'sshmon'
|
|
|
|
for bundle, metadata in bundle_metadata.items():
|
|
files[f'/etc/icinga2/conf.d/services/{bundle}.conf'] = {
|
|
'source': 'icinga2/services_template.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'bundle_name': bundle,
|
|
'bundle_metadata': metadata['services'],
|
|
},
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0440',
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
|
|
files['/etc/icinga2/conf.d/hosts.conf'] = {
|
|
'source': 'icinga2/hosts.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'monitored_nodes': monitored_nodes,
|
|
'sla_info': SLA_INFO,
|
|
},
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0440',
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
files['/etc/icinga2/conf.d/groups.conf'] = {
|
|
'source': 'icinga2/groups.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'bundles': bundle_metadata.keys(),
|
|
},
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|