Franziska Kunsmann
fbb8840dff
All checks were successful
bundlewrap/pipeline/head This commit looks good
117 lines
3.2 KiB
Python
117 lines
3.2 KiB
Python
from json import loads
|
|
from os.path import join
|
|
|
|
defaults = {
|
|
'apt': {
|
|
'repos': {
|
|
'icinga2': {
|
|
'items': {
|
|
'deb http://packages.icinga.com/{os} icinga-{os_release} main',
|
|
'deb-src http://packages.icinga.com/{os} icinga-{os_release} main',
|
|
},
|
|
},
|
|
},
|
|
'packages': {
|
|
'icinga2': {},
|
|
'icinga2-ido-pgsql': {},
|
|
'icingaweb2': {},
|
|
'icingaweb2-module-monitoring': {},
|
|
|
|
# neeeded for statusmonitor
|
|
'python3-flask': {},
|
|
}
|
|
},
|
|
'icinga2': {
|
|
'api_users': {
|
|
'root': {
|
|
'password': repo.vault.password_for(f'{node.name} icinga2 api root'),
|
|
'permissions': {
|
|
'*',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'icinga2_api': {
|
|
'icinga2': {
|
|
'services': {
|
|
'SIPGATE ACCOUNT BALANCE': {
|
|
'check_command': 'check_sipgate_account_balance',
|
|
'check_interval': '30m',
|
|
'vars.notification.mail': True,
|
|
},
|
|
'ICINGA STATUSMONITOR': {
|
|
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit icinga_statusmonitor',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'icingaweb2': {
|
|
'setup-token': repo.vault.password_for(f'{node.name} icingaweb2 setup-token'),
|
|
},
|
|
'postgresql': {
|
|
'roles': {
|
|
'icinga2': {
|
|
'password': repo.vault.password_for(f'{node.name} postgresql icinga2'),
|
|
},
|
|
},
|
|
'databases': {
|
|
'icingaweb2': {
|
|
'owner': 'icinga2',
|
|
},
|
|
'icinga2': {
|
|
'owner': 'icinga2',
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
@metadata_reactor.provides(
|
|
'icinga2/icinga_users',
|
|
)
|
|
def add_users_from_json(metadata):
|
|
with open(join(repo.path, 'users.json'), 'r') as f:
|
|
json = loads(f.read())
|
|
|
|
users = {}
|
|
for uname, config in json.items():
|
|
users[uname] = {
|
|
'email': '',
|
|
'phone': '',
|
|
'is_admin': config.get('is_admin', False),
|
|
}
|
|
|
|
if 'email' in config:
|
|
users[uname]['email'] = repo.vault.decrypt(config['email'])
|
|
if 'phone' in config:
|
|
users[uname]['phone'] = repo.vault.decrypt(config['phone'])
|
|
|
|
return {
|
|
'icinga2': {
|
|
'icinga_users': users,
|
|
},
|
|
}
|
|
|
|
|
|
@metadata_reactor.provides(
|
|
'iptables/bundle_rules/icinga2',
|
|
)
|
|
def iptables(metadata):
|
|
identifiers = metadata.get('icinga2/restrict-to', set())
|
|
rules = set()
|
|
|
|
if identifiers:
|
|
for identifier in sorted(identifiers):
|
|
resolved = repo.libs.tools.resolve_identifier(repo, identifier)
|
|
|
|
for address in resolved['ipv4']:
|
|
rules.add(f'iptables -A INPUT -p tcp -s {address} --dport 5665 -j ACCEPT')
|
|
else:
|
|
rules.add('iptables -A INPUT -p tcp --dport 5665 -j ACCEPT')
|
|
|
|
return {
|
|
'iptables': {
|
|
'bundle_rules': {
|
|
'icinga2': list(sorted(rules)),
|
|
},
|
|
},
|
|
}
|