cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2022-08-16 22:23:02 +02:00
parent 1320f6fcb3
commit f3375348c9
12 changed files with 243 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
bundles/icinga2/files/conf.d/api-users.conf Normal file
View file

@ -0,0 +1,14 @@
/**
* The ApiUser objects are used for authentication against the API.
*/
% for name, conf in sorted(users.items()):
object ApiUser "${name}" {
password = "${conf['password']}"
permissions = [
% for permission in conf['permissions']:
"${permission}",
% endfor
]
}
% endfor

4
bundles/icinga2/files/constants.conf
View file

@ -1,6 +1,6 @@
const PluginDir = "/usr/lib/nagios/plugins"
const ManubulonPluginDir = "/usr/lib/nagios/plugins"
const PluginContribDir = "/usr/lib/nagios/plugins"
const NodeName = "${domain}"
const ZoneName = NodeName
const NodeName = "${hostname}"
const ZoneName = "${hostname}"
const TicketSalt = ""

1
bundles/icinga2/files/features/api.conf Normal file
View file

@ -0,0 +1 @@
object ApiListener "api" {}

1
bundles/icinga2/files/features/checker.conf Normal file
View file

@ -0,0 +1 @@
object CheckerComponent "checker" { }

1
bundles/icinga2/files/features/notification.conf Normal file
View file

@ -0,0 +1 @@
object NotificationComponent "notification" { }

3
bundles/icinga2/files/features/syslog.conf Normal file
View file

@ -0,0 +1,3 @@
object SyslogLogger "syslog" {
severity = "warning"
}

10
bundles/icinga2/files/icinga2.conf
View file

@ -1,4 +1,10 @@
include "constants.conf"
include_recursive "features.d"
include "zones.conf"
include <itl>
include <plugins>
include <plugins-contrib>
include "features.d/*.conf"
include_recursive "conf.d"
include_recursive "hosts.d"
include "hosts.d/*.conf"

14
bundles/icinga2/files/zones.conf Normal file
View file

@ -0,0 +1,14 @@
object Endpoint NodeName {
host = NodeName
}
object Zone ZoneName {
endpoints = [ NodeName, "server.home.ckn.li" ]
}
# WHY?????
object Endpoint "server.home.ckn.li" {
host = NodeName
}

141
bundles/icinga2/items.py
View file

@ -2,12 +2,12 @@
directories = {
'/etc/icinga2': {
# 'purge': True,
'purge': True,
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'needs': [
'pkg_apt:icinga2',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d': {
@ -15,46 +15,127 @@ directories = {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/hosts.d': {
'purge': True,
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d': {
'purge': True,
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/scripts': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
# '/etc/icinga2/features.d': {
# 'purge': True,
# 'owner': 'nagios',
# 'group': 'nagios',
# 'mode': '0750',
# },
}
files = {
# '/etc/icinga2/icinga2.conf': {
# 'owner': 'nagios',
# },
# '/etc/icinga2/constants.conf': {
# 'owner': 'nagios',
# 'context': {
# 'hostname': node.metadata.get('icinga2/hostname')
# },
# },
'/etc/icinga2/icinga2.conf': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/constants.conf': {
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'context': {
'hostname': node.metadata.get('icinga2/hostname')
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/zones.conf': {
'content_type': 'mako',
'context': {
'hostname': node.metadata.get('icinga2/hostname')
},
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/api-users.conf': {
'source': 'conf.d/api-users.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'context': {
'users': node.metadata.get('icinga2/api_users'),
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
# '/etc/icinga2/conf.d/templates.conf': {
# 'source': 'conf.d/templates.conf',
# 'owner': 'nagios',
# },
# '/etc/icinga2/features/ido-pgsql.conf': {
# 'source': 'features/ido-pgsql.conf',
# 'content_type': 'mako',
# 'owner': 'nagios',
# 'context': {
# 'db_password': node.metadata.get('postgresql/roles/icinga2/password')
# },
# 'needs': [
# 'pkg_apt:icinga2-ido-pgsql',
# ],
# },
'/etc/icinga2/features.d/ido-pgsql.conf': {
'source': 'features/ido-pgsql.conf',
'content_type': 'mako',
'owner': 'nagios',
'context': {
'db_password': node.metadata.get('postgresql/roles/icinga2/password')
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/syslog.conf': {
'source': 'features/syslog.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/notification.conf': {
'source': 'features/notification.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/checker.conf': {
'source': 'features/checker.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/api.conf': {
'source': 'features/api.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
}
for other_node in repo.nodes:
@ -70,7 +151,7 @@ for other_node in repo.nodes:
}
svc_systemd = {
'icinga2': {
'icinga2.service': {
'needs': [
'pkg_apt:icinga2-ido-pgsql',
'svc_systemd:postgresql',

8
bundles/icinga2/metadata.py
View file

@ -12,6 +12,14 @@ defaults = {
'deb https://packages.icinga.com/debian icinga-{release} main',
},
},
'icinga2': {
'api_users': {
'root': {
'password': repo.vault.password_for(f'icinga2 api user root on {node.name}'),
'permissions': {'*'},
}
},
},
'postgresql': {
'databases': {
'icinga2': {

37
bundles/icingaweb2/items.py
View file

@ -4,14 +4,21 @@ directories = {
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
'needs': [
'pkg_apt:icinga2',
'pkg_apt:icingaweb2',
],
},
'/etc/icingaweb2/enabledModules': {
# 'purge': True,
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
},
'/etc/icingaweb2/modules': {
# 'purge': True,
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
},
}
files = {
'/etc/icingaweb2/setup.token': {
'content': node.metadata.get('icingaweb2/setup_token'),
@ -21,6 +28,14 @@ files = {
},
}
symlinks = {
'/etc/icingaweb2/enabledModules/monitoring': {
'target': '/usr/share/icingaweb2/modules/monitoring',
'owner': 'www-data',
'group': 'icingaweb2',
},
}
for name in [
'authentication.ini',
'config.ini',
@ -34,3 +49,15 @@ for name in [
'group': 'icingaweb2',
'mode': '0660',
}
for name in [
'config.ini',
'backends.ini',
'commandtransports.ini',
]:
files[f'/etc/icingaweb2/modules/monitoring/{name}'] = {
'content': repo.libs.ini.dumps(node.metadata.get(f'icingaweb2/monitoring/{name}')),
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '0660',
}

50
bundles/icingaweb2/metadata.py
View file

@ -11,6 +11,7 @@ defaults = {
'php-gd': {},
'php-imagick': {},
'php-pgsql': {},
'icingaweb2-module-monitoring': {},
},
'sources': {
'deb https://packages.icinga.com/debian icinga-{release} main',
@ -28,7 +29,7 @@ defaults = {
'global': {
'show_stacktraces': '1',
'show_application_state_messages': '1',
#'module_path': '/usr/share/icingaweb2/modules',
'module_path': '/usr/share/icingaweb2/modules',
'config_backend': 'db',
'config_resource': 'icingaweb2_db',
},
@ -57,6 +58,16 @@ defaults = {
'charset': '',
'use_ssl': '0',
},
'icinga_ido': {
'type': 'db',
'db': 'pgsql',
'host': 'localhost',
'port': '5432',
'dbname': 'icinga2',
'username': 'icinga2',
'charset': '',
'use_ssl': '0',
},
},
'roles.ini': {
'Administrators': {
@ -65,6 +76,27 @@ defaults = {
'groups': 'Administrators',
},
},
'monitoring': {
'config.ini': {
'security': {
'protected_customvars': '*pw*,*pass*,community',
},
},
'backends.ini': {
'icinga2': {
'type': 'ido',
'resource': 'icinga_ido',
},
},
'commandtransports.ini': {
'icinga2': {
'transport': 'api',
'host': 'lcoalhost',
'port': '5665',
'username': 'root',
},
},
},
},
'postgresql': {
'databases': {
@ -86,11 +118,25 @@ defaults = {
@metadata_reactor.provides(
'icingaweb2/hostname',
'icingaweb2/resources.ini/icinga_ido/icinga2/password',
'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
)
def hostname(metadata):
def stuff(metadata):
return {
'icingaweb2': {
'hostname': metadata.get('icinga2/hostname'),
'resources.ini': {
'icinga_ido': {
'password': str(metadata.get('postgresql/roles/icinga2/password')),
},
},
'monitoring': {
'commandtransports.ini': {
'icinga2': {
'password': str(metadata.get('icinga2/api_users/root/password')),
},
},
},
},
}