411 lines
10 KiB
Python
411 lines
10 KiB
Python
repo.libs.tools.require_bundle(node, 'postgresql')
|
|
repo.libs.tools.require_bundle(node, 'sshmon')
|
|
|
|
from os.path import join
|
|
|
|
ENABLED_FEATURES = {
|
|
'api',
|
|
'checker',
|
|
'command',
|
|
'ido-pgsql',
|
|
'mainlog',
|
|
'notification',
|
|
}
|
|
|
|
DAYS_TO_STRING = [
|
|
'sunday',
|
|
'monday',
|
|
'tuesday',
|
|
'wednesday',
|
|
'thursday',
|
|
'friday',
|
|
'saturday',
|
|
'sunday',
|
|
]
|
|
|
|
directories = {
|
|
'/etc/icingaweb2': {
|
|
'group': 'icingaweb2',
|
|
'mode': '2770',
|
|
'needs': {
|
|
'pkg_apt:icingaweb2',
|
|
},
|
|
},
|
|
'/etc/icinga2/features-enabled': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0750',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2-ido-pgsql',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0750',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/hosts': {
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0750',
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
files = {
|
|
### Checks
|
|
'/usr/local/share/icinga/plugins/check_by_sshmon': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_sipgate_account_balance': {
|
|
'mode': '0755',
|
|
'content_type': 'mako',
|
|
'cascade_skip': False, # contains faults
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_freifunk_node': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_imap_for_mail_from': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_spam_blocklist': {
|
|
'mode': '0755',
|
|
},
|
|
'/usr/local/share/icinga/plugins/check_usv_snmp': {
|
|
'mode': '0755',
|
|
},
|
|
'/etc/sshmon.priv': {
|
|
'content': repo.vault.decrypt_file(join('sshmon', 'sshmon.key.vault')),
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'mode': '0400',
|
|
'needs': {
|
|
'pkg_apt:icinga2-ido-pgsql',
|
|
},
|
|
},
|
|
|
|
# Icinga2
|
|
'/etc/icinga2/icinga2.conf': {
|
|
'source': 'icinga2/icinga2.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/scripts/icinga_notification_wrapper': {
|
|
'source': 'scripts/icinga_notification_wrapper',
|
|
'content_type': 'mako',
|
|
'mode': '0755',
|
|
'cascade_skip': False, # contains faults
|
|
},
|
|
'/etc/icinga2/features-available/ido-pgsql.conf': {
|
|
'source': 'icinga2/ido-pgsql.conf',
|
|
'content_type': 'mako',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/api-users.conf': {
|
|
'source': 'icinga2/api-users.conf',
|
|
'content_type': 'mako',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/app.conf': {
|
|
'source': 'icinga2/app.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/check_commands.conf': {
|
|
'source': 'icinga2/check_commands.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/hosts.conf': {
|
|
'source': 'icinga2/hosts.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/notification_commands.conf': {
|
|
'source': 'icinga2/notification_commands.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/notifications.conf': {
|
|
'source': 'icinga2/notifications.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/templates.conf': {
|
|
'source': 'icinga2/templates.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/timeperiods.conf': {
|
|
'source': 'icinga2/timeperiods.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
'/etc/icinga2/conf.d/users.conf': {
|
|
'source': 'icinga2/users.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'content_type': 'mako',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
|
|
# IcingaWeb2
|
|
'/etc/icingaweb2/authentication.ini': {
|
|
'source': 'icingaweb2/authentication.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/config.ini': {
|
|
'source': 'icingaweb2/config.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/groups.ini': {
|
|
'source': 'icingaweb2/groups.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/resources.ini': {
|
|
'source': 'icingaweb2/resources.ini',
|
|
'content_type': 'mako',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
'/etc/icingaweb2/roles.ini': {
|
|
'source': 'icingaweb2/roles.ini',
|
|
'mode': '0660',
|
|
'group': 'icingaweb2',
|
|
},
|
|
|
|
# Statusmonitor
|
|
'/etc/icinga2/icinga_statusmonitor.py': {
|
|
'triggers': {
|
|
'svc_systemd:icinga_statusmonitor:restart',
|
|
},
|
|
},
|
|
'/etc/systemd/system/icinga_statusmonitor.service': {
|
|
'triggers': {
|
|
'action:systemd-reload',
|
|
'svc_systemd:icinga_statusmonitor:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
pkg_pip = {
|
|
'easysnmp': {}, # for check_usv_snmp
|
|
}
|
|
|
|
actions = {
|
|
'icinga2_api_setup': {
|
|
'command': 'icinga2 api setup',
|
|
'unless': 'test -e /var/lib/icinga2/certs/{}.crt'.format(node.metadata['hostname']),
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
for feature in ENABLED_FEATURES:
|
|
symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = {
|
|
'target': f'/etc/icinga2/features-available/{feature}.conf',
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
|
|
icinga_run_deps = {
|
|
'pkg_apt:icinga2',
|
|
'pkg_apt:icinga2-ido-pgsql',
|
|
}
|
|
for name in actions:
|
|
icinga_run_deps.add(f'action:{name}')
|
|
for name in directories:
|
|
icinga_run_deps.add(f'directory:{name}')
|
|
for name in files:
|
|
icinga_run_deps.add(f'file:{name}')
|
|
for name in symlinks:
|
|
icinga_run_deps.add(f'symlink:{name}')
|
|
|
|
svc_systemd = {
|
|
'icinga2': {
|
|
'needs': icinga_run_deps,
|
|
},
|
|
'icinga_statusmonitor': {
|
|
'needs': {
|
|
'file:/etc/icinga2/icinga_statusmonitor.py',
|
|
'file:/etc/systemd/system/icinga_statusmonitor.service',
|
|
'pkg_apt:python3-flask',
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
|
|
|
|
# The actual hosts and services management starts here
|
|
bundles = set()
|
|
for rnode in repo.nodes:
|
|
if rnode.metadata.get('icinga_options/exclude_from_monitoring', False):
|
|
continue
|
|
|
|
host_ips = repo.libs.tools.resolve_identifier(repo, rnode.name)
|
|
icinga_ips = {}
|
|
|
|
# XXX for the love of god, PLEASE remove this once DNS is no longer
|
|
# hosted at GCE
|
|
if rnode.in_group('gce'):
|
|
icinga_ips['ipv4'] = rnode.metadata.get('external_ipv4')
|
|
else:
|
|
for ip_type in ('ipv4', 'ipv6'):
|
|
for ip in sorted(host_ips[ip_type]):
|
|
if ip.is_private and not ip.is_link_local:
|
|
icinga_ips[ip_type] = str(ip)
|
|
break
|
|
else:
|
|
if host_ips[ip_type]:
|
|
icinga_ips[ip_type] = sorted(host_ips[ip_type])[0]
|
|
|
|
if not icinga_ips:
|
|
raise ValueError(f'{rnode.name} requests monitoring, but has neither IPv4 nor IPv6 addresses!')
|
|
|
|
files[f'/etc/icinga2/conf.d/hosts/{rnode.name}.conf'] = {
|
|
'source': 'icinga2/hosts_template.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'rnode': rnode,
|
|
'address4': icinga_ips.get('ipv4', None),
|
|
'address6': icinga_ips.get('ipv6', None),
|
|
},
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'cascade_skip': False, # may contain faults
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
|
|
bundles |= set(rnode.metadata.get('icinga2_api', {}).keys())
|
|
|
|
files['/etc/icinga2/conf.d/groups.conf'] = {
|
|
'source': 'icinga2/groups.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'bundles': bundles,
|
|
},
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|
|
|
|
files['/etc/icinga2/conf.d/downtimes.conf'] = {
|
|
'source': 'icinga2/downtimes.conf',
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'days': DAYS_TO_STRING,
|
|
},
|
|
'owner': 'nagios',
|
|
'group': 'nagios',
|
|
'needs': {
|
|
'pkg_apt:icinga2',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:icinga2:restart',
|
|
},
|
|
}
|