From f3375348c9e6823534c291a5e70393f6f2509ef1 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Tue, 16 Aug 2022 22:23:02 +0200 Subject: [PATCH] wip --- bundles/icinga2/files/conf.d/api-users.conf | 14 ++ bundles/icinga2/files/constants.conf | 4 +- bundles/icinga2/files/features/api.conf | 1 + bundles/icinga2/files/features/checker.conf | 1 + .../icinga2/files/features/notification.conf | 1 + bundles/icinga2/files/features/syslog.conf | 3 + bundles/icinga2/files/icinga2.conf | 10 +- bundles/icinga2/files/zones.conf | 14 ++ bundles/icinga2/items.py | 141 ++++++++++++++---- bundles/icinga2/metadata.py | 8 + bundles/icingaweb2/items.py | 37 ++++- bundles/icingaweb2/metadata.py | 50 ++++++- 12 files changed, 243 insertions(+), 41 deletions(-) create mode 100644 bundles/icinga2/files/conf.d/api-users.conf create mode 100644 bundles/icinga2/files/features/api.conf create mode 100644 bundles/icinga2/files/features/checker.conf create mode 100644 bundles/icinga2/files/features/notification.conf create mode 100644 bundles/icinga2/files/features/syslog.conf create mode 100644 bundles/icinga2/files/zones.conf diff --git a/bundles/icinga2/files/conf.d/api-users.conf b/bundles/icinga2/files/conf.d/api-users.conf new file mode 100644 index 0000000..537c199 --- /dev/null +++ b/bundles/icinga2/files/conf.d/api-users.conf @@ -0,0 +1,14 @@ +/** + * The ApiUser objects are used for authentication against the API. + */ +% for name, conf in sorted(users.items()): +object ApiUser "${name}" { + password = "${conf['password']}" + permissions = [ +% for permission in conf['permissions']: + "${permission}", +% endfor + ] +} + +% endfor diff --git a/bundles/icinga2/files/constants.conf b/bundles/icinga2/files/constants.conf index d2d0206..11159a4 100644 --- a/bundles/icinga2/files/constants.conf +++ b/bundles/icinga2/files/constants.conf @@ -1,6 +1,6 @@ const PluginDir = "/usr/lib/nagios/plugins" const ManubulonPluginDir = "/usr/lib/nagios/plugins" const PluginContribDir = "/usr/lib/nagios/plugins" -const NodeName = "${domain}" -const ZoneName = NodeName +const NodeName = "${hostname}" +const ZoneName = "${hostname}" const TicketSalt = "" diff --git a/bundles/icinga2/files/features/api.conf b/bundles/icinga2/files/features/api.conf new file mode 100644 index 0000000..869188e --- /dev/null +++ b/bundles/icinga2/files/features/api.conf @@ -0,0 +1 @@ +object ApiListener "api" {} diff --git a/bundles/icinga2/files/features/checker.conf b/bundles/icinga2/files/features/checker.conf new file mode 100644 index 0000000..437ff0c --- /dev/null +++ b/bundles/icinga2/files/features/checker.conf @@ -0,0 +1 @@ +object CheckerComponent "checker" { } diff --git a/bundles/icinga2/files/features/notification.conf b/bundles/icinga2/files/features/notification.conf new file mode 100644 index 0000000..0a8fb18 --- /dev/null +++ b/bundles/icinga2/files/features/notification.conf @@ -0,0 +1 @@ +object NotificationComponent "notification" { } diff --git a/bundles/icinga2/files/features/syslog.conf b/bundles/icinga2/files/features/syslog.conf new file mode 100644 index 0000000..161fd36 --- /dev/null +++ b/bundles/icinga2/files/features/syslog.conf @@ -0,0 +1,3 @@ +object SyslogLogger "syslog" { + severity = "warning" +} diff --git a/bundles/icinga2/files/icinga2.conf b/bundles/icinga2/files/icinga2.conf index cb7f7ee..94f2734 100644 --- a/bundles/icinga2/files/icinga2.conf +++ b/bundles/icinga2/files/icinga2.conf @@ -1,4 +1,10 @@ include "constants.conf" -include_recursive "features.d" +include "zones.conf" + +include +include +include + +include "features.d/*.conf" include_recursive "conf.d" -include_recursive "hosts.d" +include "hosts.d/*.conf" diff --git a/bundles/icinga2/files/zones.conf b/bundles/icinga2/files/zones.conf new file mode 100644 index 0000000..f3abbb0 --- /dev/null +++ b/bundles/icinga2/files/zones.conf @@ -0,0 +1,14 @@ +object Endpoint NodeName { + host = NodeName +} + +object Zone ZoneName { + endpoints = [ NodeName, "server.home.ckn.li" ] +} + + + +# WHY????? +object Endpoint "server.home.ckn.li" { + host = NodeName +} diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index 26caca4..d6a6f22 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -2,12 +2,12 @@ directories = { '/etc/icinga2': { -# 'purge': True, + 'purge': True, 'owner': 'nagios', 'group': 'nagios', 'mode': '0750', - 'needs': [ - 'pkg_apt:icinga2', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', ], }, '/etc/icinga2/conf.d': { @@ -15,46 +15,127 @@ directories = { 'owner': 'nagios', 'group': 'nagios', 'mode': '0750', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], }, '/etc/icinga2/hosts.d': { 'purge': True, 'owner': 'nagios', 'group': 'nagios', 'mode': '0750', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/features.d': { + 'purge': True, + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0750', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/scripts': { + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0750', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], }, - # '/etc/icinga2/features.d': { - # 'purge': True, - # 'owner': 'nagios', - # 'group': 'nagios', - # 'mode': '0750', - # }, } files = { - # '/etc/icinga2/icinga2.conf': { - # 'owner': 'nagios', - # }, - # '/etc/icinga2/constants.conf': { - # 'owner': 'nagios', - # 'context': { - # 'hostname': node.metadata.get('icinga2/hostname') - # }, - # }, + '/etc/icinga2/icinga2.conf': { + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0640', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/constants.conf': { + 'content_type': 'mako', + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0640', + 'context': { + 'hostname': node.metadata.get('icinga2/hostname') + }, + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/zones.conf': { + 'content_type': 'mako', + 'context': { + 'hostname': node.metadata.get('icinga2/hostname') + }, + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0640', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/conf.d/api-users.conf': { + 'source': 'conf.d/api-users.conf', + 'content_type': 'mako', + 'owner': 'nagios', + 'group': 'nagios', + 'mode': '0640', + 'context': { + 'users': node.metadata.get('icinga2/api_users'), + }, + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, # '/etc/icinga2/conf.d/templates.conf': { # 'source': 'conf.d/templates.conf', # 'owner': 'nagios', # }, - # '/etc/icinga2/features/ido-pgsql.conf': { - # 'source': 'features/ido-pgsql.conf', - # 'content_type': 'mako', - # 'owner': 'nagios', - # 'context': { - # 'db_password': node.metadata.get('postgresql/roles/icinga2/password') - # }, - # 'needs': [ - # 'pkg_apt:icinga2-ido-pgsql', - # ], - # }, + '/etc/icinga2/features.d/ido-pgsql.conf': { + 'source': 'features/ido-pgsql.conf', + 'content_type': 'mako', + 'owner': 'nagios', + 'context': { + 'db_password': node.metadata.get('postgresql/roles/icinga2/password') + }, + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/features.d/syslog.conf': { + 'source': 'features/syslog.conf', + 'owner': 'nagios', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/features.d/notification.conf': { + 'source': 'features/notification.conf', + 'owner': 'nagios', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/features.d/checker.conf': { + 'source': 'features/checker.conf', + 'owner': 'nagios', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, + '/etc/icinga2/features.d/api.conf': { + 'source': 'features/api.conf', + 'owner': 'nagios', + 'triggers': [ + 'svc_systemd:icinga2.service:restart', + ], + }, } for other_node in repo.nodes: @@ -70,7 +151,7 @@ for other_node in repo.nodes: } svc_systemd = { - 'icinga2': { + 'icinga2.service': { 'needs': [ 'pkg_apt:icinga2-ido-pgsql', 'svc_systemd:postgresql', diff --git a/bundles/icinga2/metadata.py b/bundles/icinga2/metadata.py index 908c453..e73ae8d 100644 --- a/bundles/icinga2/metadata.py +++ b/bundles/icinga2/metadata.py @@ -12,6 +12,14 @@ defaults = { 'deb https://packages.icinga.com/debian icinga-{release} main', }, }, + 'icinga2': { + 'api_users': { + 'root': { + 'password': repo.vault.password_for(f'icinga2 api user root on {node.name}'), + 'permissions': {'*'}, + } + }, + }, 'postgresql': { 'databases': { 'icinga2': { diff --git a/bundles/icingaweb2/items.py b/bundles/icingaweb2/items.py index 29ce65a..44a188c 100644 --- a/bundles/icingaweb2/items.py +++ b/bundles/icingaweb2/items.py @@ -4,14 +4,21 @@ directories = { 'owner': 'www-data', 'group': 'icingaweb2', 'mode': '2770', - 'needs': [ - 'pkg_apt:icinga2', - 'pkg_apt:icingaweb2', - ], + }, + '/etc/icingaweb2/enabledModules': { +# 'purge': True, + 'owner': 'www-data', + 'group': 'icingaweb2', + 'mode': '2770', + }, + '/etc/icingaweb2/modules': { +# 'purge': True, + 'owner': 'www-data', + 'group': 'icingaweb2', + 'mode': '2770', }, } - files = { '/etc/icingaweb2/setup.token': { 'content': node.metadata.get('icingaweb2/setup_token'), @@ -21,6 +28,14 @@ files = { }, } +symlinks = { + '/etc/icingaweb2/enabledModules/monitoring': { + 'target': '/usr/share/icingaweb2/modules/monitoring', + 'owner': 'www-data', + 'group': 'icingaweb2', + }, +} + for name in [ 'authentication.ini', 'config.ini', @@ -34,3 +49,15 @@ for name in [ 'group': 'icingaweb2', 'mode': '0660', } + +for name in [ + 'config.ini', + 'backends.ini', + 'commandtransports.ini', +]: + files[f'/etc/icingaweb2/modules/monitoring/{name}'] = { + 'content': repo.libs.ini.dumps(node.metadata.get(f'icingaweb2/monitoring/{name}')), + 'owner': 'www-data', + 'group': 'icingaweb2', + 'mode': '0660', + } diff --git a/bundles/icingaweb2/metadata.py b/bundles/icingaweb2/metadata.py index 627350e..05658c4 100644 --- a/bundles/icingaweb2/metadata.py +++ b/bundles/icingaweb2/metadata.py @@ -11,6 +11,7 @@ defaults = { 'php-gd': {}, 'php-imagick': {}, 'php-pgsql': {}, + 'icingaweb2-module-monitoring': {}, }, 'sources': { 'deb https://packages.icinga.com/debian icinga-{release} main', @@ -28,7 +29,7 @@ defaults = { 'global': { 'show_stacktraces': '1', 'show_application_state_messages': '1', - #'module_path': '/usr/share/icingaweb2/modules', + 'module_path': '/usr/share/icingaweb2/modules', 'config_backend': 'db', 'config_resource': 'icingaweb2_db', }, @@ -57,6 +58,16 @@ defaults = { 'charset': '', 'use_ssl': '0', }, + 'icinga_ido': { + 'type': 'db', + 'db': 'pgsql', + 'host': 'localhost', + 'port': '5432', + 'dbname': 'icinga2', + 'username': 'icinga2', + 'charset': '', + 'use_ssl': '0', + }, }, 'roles.ini': { 'Administrators': { @@ -65,6 +76,27 @@ defaults = { 'groups': 'Administrators', }, }, + 'monitoring': { + 'config.ini': { + 'security': { + 'protected_customvars': '*pw*,*pass*,community', + }, + }, + 'backends.ini': { + 'icinga2': { + 'type': 'ido', + 'resource': 'icinga_ido', + }, + }, + 'commandtransports.ini': { + 'icinga2': { + 'transport': 'api', + 'host': 'lcoalhost', + 'port': '5665', + 'username': 'root', + }, + }, + }, }, 'postgresql': { 'databases': { @@ -86,11 +118,25 @@ defaults = { @metadata_reactor.provides( 'icingaweb2/hostname', + 'icingaweb2/resources.ini/icinga_ido/icinga2/password', + 'icingaweb2/monitoring/commandtransports.ini/icinga2/password', ) -def hostname(metadata): +def stuff(metadata): return { 'icingaweb2': { 'hostname': metadata.get('icinga2/hostname'), + 'resources.ini': { + 'icinga_ido': { + 'password': str(metadata.get('postgresql/roles/icinga2/password')), + }, + }, + 'monitoring': { + 'commandtransports.ini': { + 'icinga2': { + 'password': str(metadata.get('icinga2/api_users/root/password')), + }, + }, + }, }, }