bundlewrap/bundles/icinga2/items.py
Franziska Kunsmann d35770c122
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
bundles/icinga2: rework config generation - use one file per host instead of one per bundle
2022-02-18 12:25:34 +01:00

385 lines
9.3 KiB
Python

repo.libs.tools.require_bundle(node, 'postgresql')
repo.libs.tools.require_bundle(node, 'sshmon')
from os.path import join
ENABLED_FEATURES = {
'api',
'checker',
'ido-pgsql',
'mainlog',
'notification',
}
SLA_INFO = {
'24x7': '24x7',
'never': 'never',
}
DAYS_TO_STRING = [
'sunday',
'monday',
'tuesday',
'wednesday',
'thursday',
'friday',
'saturday',
'sunday',
]
directories = {
'/etc/icingaweb2': {
'group': 'icingaweb2',
'mode': '0775',
'needs': {
'pkg_apt:icingaweb2',
},
},
'/etc/icinga2/features-enabled': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'purge': True,
'needs': {
'pkg_apt:icinga2-ido-pgsql',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'purge': True,
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/hosts': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'purge': True,
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
}
files = {
### Checks
'/usr/local/share/icinga/plugins/check_by_sshmon': {
'mode': '0755',
},
'/usr/local/share/icinga/plugins/check_sipgate_account_balance': {
'mode': '0755',
'content_type': 'mako',
'cascade_skip': False, # contains faults
},
'/usr/local/share/icinga/plugins/check_freifunk_node': {
'mode': '0755',
},
'/usr/local/share/icinga/plugins/check_imap_for_mail_from': {
'mode': '0755',
},
'/usr/local/share/icinga/plugins/check_spam_blocklist': {
'mode': '0755',
},
'/usr/local/share/icinga/plugins/check_usv_snmp': {
'mode': '0755',
},
'/etc/sshmon.priv': {
'content': repo.vault.decrypt_file(join('sshmon', 'sshmon.key.vault')),
'owner': 'nagios',
'group': 'nagios',
'mode': '0400',
'needs': {
'pkg_apt:icinga2-ido-pgsql',
},
},
# Icinga2
'/etc/icinga2/icinga2.conf': {
'source': 'icinga2/icinga2.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/scripts/icinga_notification_wrapper': {
'source': 'scripts/icinga_notification_wrapper',
'content_type': 'mako',
'mode': '0755',
'cascade_skip': False, # contains faults
},
'/etc/icinga2/features-available/ido-pgsql.conf': {
'source': 'icinga2/ido-pgsql.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/api-users.conf': {
'source': 'icinga2/api-users.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/app.conf': {
'source': 'icinga2/app.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/check_commands.conf': {
'source': 'icinga2/check_commands.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/hosts.conf': {
'source': 'icinga2/hosts.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/notification_commands.conf': {
'source': 'icinga2/notification_commands.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/notifications.conf': {
'source': 'icinga2/notifications.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/templates.conf': {
'source': 'icinga2/templates.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/timeperiods.conf': {
'source': 'icinga2/timeperiods.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
'/etc/icinga2/conf.d/users.conf': {
'source': 'icinga2/users.conf',
'owner': 'nagios',
'group': 'nagios',
'content_type': 'mako',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
# IcingaWeb2
'/etc/icingaweb2/authentication.ini': {
'source': 'icingaweb2/authentication.ini',
'mode': '0660',
'group': 'icingaweb2',
},
'/etc/icingaweb2/config.ini': {
'source': 'icingaweb2/config.ini',
'mode': '0660',
'group': 'icingaweb2',
},
'/etc/icingaweb2/groups.ini': {
'source': 'icingaweb2/groups.ini',
'mode': '0660',
'group': 'icingaweb2',
},
'/etc/icingaweb2/resources.ini': {
'source': 'icingaweb2/resources.ini',
'content_type': 'mako',
'mode': '0660',
'group': 'icingaweb2',
},
# Statusmonitor
'/etc/icinga2/icinga_statusmonitor.py': {
'triggers': {
'svc_systemd:icinga_statusmonitor:restart',
},
},
'/etc/systemd/system/icinga_statusmonitor.service': {
'triggers': {
'action:systemd-reload',
'svc_systemd:icinga_statusmonitor:restart',
},
},
}
actions = {
'icinga2_api_setup': {
'command': 'icinga2 api setup',
'unless': 'test -e /var/lib/icinga2/certs/{}.crt'.format(node.metadata['hostname']),
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
},
}
for feature in ENABLED_FEATURES:
symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = {
'target': f'/etc/icinga2/features-available/{feature}.conf',
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
}
icinga_run_deps = {
'pkg_apt:icinga2',
'pkg_apt:icinga2-ido-pgsql',
}
for name in actions:
icinga_run_deps.add(f'action:{name}')
for name in directories:
icinga_run_deps.add(f'directory:{name}')
for name in files:
icinga_run_deps.add(f'file:{name}')
for name in symlinks:
icinga_run_deps.add(f'symlink:{name}')
svc_systemd = {
'icinga2': {
'needs': icinga_run_deps,
},
'icinga_statusmonitor': {
'needs': {
'file:/etc/icinga2/icinga_statusmonitor.py',
'file:/etc/systemd/system/icinga_statusmonitor.service',
'pkg_apt:python3-flask',
},
},
}
# The actual hosts and services management starts here
bundles = set()
for rnode in repo.nodes:
if rnode.metadata.get('icinga_options/exclude_from_monitoring', False):
continue
files[f'/etc/icinga2/conf.d/hosts/{rnode.name}.conf'] = {
'source': 'icinga2/hosts_template.conf',
'content_type': 'mako',
'context': {
'rnode': rnode,
'sla_info': SLA_INFO,
},
'owner': 'nagios',
'group': 'nagios',
'cascade_skip': False, # may contain faults
'triggers': {
'svc_systemd:icinga2:restart',
},
}
bundles |= set(rnode.metadata.get('icinga2_api', {}).keys())
files['/etc/icinga2/conf.d/groups.conf'] = {
'source': 'icinga2/groups.conf',
'content_type': 'mako',
'context': {
'bundles': bundles,
},
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
}
files['/etc/icinga2/conf.d/downtimes.conf'] = {
'source': 'icinga2/downtimes.conf',
'content_type': 'mako',
'context': {
'days': DAYS_TO_STRING,
},
'owner': 'nagios',
'group': 'nagios',
'needs': {
'pkg_apt:icinga2',
},
'triggers': {
'svc_systemd:icinga2:restart',
},
}