cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2022-08-16 22:23:02 +02:00
parent 1320f6fcb3
commit f3375348c9
12 changed files with 243 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
bundles/icinga2/files/conf.d/api-users.conf Normal file
View file

@ -0,0 +1,14 @@
/**
* The ApiUser objects are used for authentication against the API.
*/
% for name, conf in sorted(users.items()):
object ApiUser "${name}" {
password = "${conf['password']}"
permissions = [
% for permission in conf['permissions']:
"${permission}",
% endfor
]
}
% endfor

4
bundles/icinga2/files/constants.conf
View file

@ -1,6 +1,6 @@
const PluginDir = "/usr/lib/nagios/plugins" const PluginDir = "/usr/lib/nagios/plugins"
const ManubulonPluginDir = "/usr/lib/nagios/plugins" const ManubulonPluginDir = "/usr/lib/nagios/plugins"
const PluginContribDir = "/usr/lib/nagios/plugins" const PluginContribDir = "/usr/lib/nagios/plugins"
const NodeName = "${domain}" const NodeName = "${hostname}"
const ZoneName = NodeName const ZoneName = "${hostname}"
const TicketSalt = "" const TicketSalt = ""

1
bundles/icinga2/files/features/api.conf Normal file
View file

@ -0,0 +1 @@
object ApiListener "api" {}

1
bundles/icinga2/files/features/checker.conf Normal file
View file

@ -0,0 +1 @@
object CheckerComponent "checker" { }

1
bundles/icinga2/files/features/notification.conf Normal file
View file

@ -0,0 +1 @@
object NotificationComponent "notification" { }

3
bundles/icinga2/files/features/syslog.conf Normal file
View file

@ -0,0 +1,3 @@
object SyslogLogger "syslog" {
severity = "warning"
}

10
bundles/icinga2/files/icinga2.conf
View file

@ -1,4 +1,10 @@
include "constants.conf" include "constants.conf"
include_recursive "features.d" include "zones.conf"
include <itl>
include <plugins>
include <plugins-contrib>
include "features.d/*.conf"
include_recursive "conf.d" include_recursive "conf.d"
include_recursive "hosts.d" include "hosts.d/*.conf"

14
bundles/icinga2/files/zones.conf Normal file
View file

@ -0,0 +1,14 @@
object Endpoint NodeName {
host = NodeName
}
object Zone ZoneName {
endpoints = [ NodeName, "server.home.ckn.li" ]
}
# WHY?????
object Endpoint "server.home.ckn.li" {
host = NodeName
}

141
bundles/icinga2/items.py
View file

@ -2,12 +2,12 @@
directories = { directories = {
'/etc/icinga2': { '/etc/icinga2': {
# 'purge': True, 'purge': True,
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'needs': [ 'triggers': [
'pkg_apt:icinga2', 'svc_systemd:icinga2.service:restart',
], ],
}, },
'/etc/icinga2/conf.d': { '/etc/icinga2/conf.d': {
@ -15,46 +15,127 @@ directories = {
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
}, },
'/etc/icinga2/hosts.d': { '/etc/icinga2/hosts.d': {
'purge': True, 'purge': True,
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d': {
'purge': True,
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/scripts': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
}, },
# '/etc/icinga2/features.d': {
# 'purge': True,
# 'owner': 'nagios',
# 'group': 'nagios',
# 'mode': '0750',
# },
} }
files = { files = {
# '/etc/icinga2/icinga2.conf': { '/etc/icinga2/icinga2.conf': {
# 'owner': 'nagios', 'owner': 'nagios',
# }, 'group': 'nagios',
# '/etc/icinga2/constants.conf': { 'mode': '0640',
# 'owner': 'nagios', 'triggers': [
# 'context': { 'svc_systemd:icinga2.service:restart',
# 'hostname': node.metadata.get('icinga2/hostname') ],
# }, },
# }, '/etc/icinga2/constants.conf': {
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'context': {
'hostname': node.metadata.get('icinga2/hostname')
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/zones.conf': {
'content_type': 'mako',
'context': {
'hostname': node.metadata.get('icinga2/hostname')
},
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/api-users.conf': {
'source': 'conf.d/api-users.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'context': {
'users': node.metadata.get('icinga2/api_users'),
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
# '/etc/icinga2/conf.d/templates.conf': { # '/etc/icinga2/conf.d/templates.conf': {
# 'source': 'conf.d/templates.conf', # 'source': 'conf.d/templates.conf',
# 'owner': 'nagios', # 'owner': 'nagios',
# }, # },
# '/etc/icinga2/features/ido-pgsql.conf': { '/etc/icinga2/features.d/ido-pgsql.conf': {
# 'source': 'features/ido-pgsql.conf', 'source': 'features/ido-pgsql.conf',
# 'content_type': 'mako', 'content_type': 'mako',
# 'owner': 'nagios', 'owner': 'nagios',
# 'context': { 'context': {
# 'db_password': node.metadata.get('postgresql/roles/icinga2/password') 'db_password': node.metadata.get('postgresql/roles/icinga2/password')
# }, },
# 'needs': [ 'triggers': [
# 'pkg_apt:icinga2-ido-pgsql', 'svc_systemd:icinga2.service:restart',
# ], ],
# }, },
'/etc/icinga2/features.d/syslog.conf': {
'source': 'features/syslog.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/notification.conf': {
'source': 'features/notification.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/checker.conf': {
'source': 'features/checker.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/api.conf': {
'source': 'features/api.conf',
'owner': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
} }
for other_node in repo.nodes: for other_node in repo.nodes:
@ -70,7 +151,7 @@ for other_node in repo.nodes:
} }
svc_systemd = { svc_systemd = {
'icinga2': { 'icinga2.service': {
'needs': [ 'needs': [
'pkg_apt:icinga2-ido-pgsql', 'pkg_apt:icinga2-ido-pgsql',
'svc_systemd:postgresql', 'svc_systemd:postgresql',

8
bundles/icinga2/metadata.py
View file

@ -12,6 +12,14 @@ defaults = {
'deb https://packages.icinga.com/debian icinga-{release} main', 'deb https://packages.icinga.com/debian icinga-{release} main',
}, },
}, },
'icinga2': {
'api_users': {
'root': {
'password': repo.vault.password_for(f'icinga2 api user root on {node.name}'),
'permissions': {'*'},
}
},
},
'postgresql': { 'postgresql': {
'databases': { 'databases': {
'icinga2': { 'icinga2': {

37
bundles/icingaweb2/items.py
View file

@ -4,14 +4,21 @@ directories = {
'owner': 'www-data', 'owner': 'www-data',
'group': 'icingaweb2', 'group': 'icingaweb2',
'mode': '2770', 'mode': '2770',
'needs': [ },
'pkg_apt:icinga2', '/etc/icingaweb2/enabledModules': {
'pkg_apt:icingaweb2', # 'purge': True,
], 'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
},
'/etc/icingaweb2/modules': {
# 'purge': True,
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
}, },
} }
files = { files = {
'/etc/icingaweb2/setup.token': { '/etc/icingaweb2/setup.token': {
'content': node.metadata.get('icingaweb2/setup_token'), 'content': node.metadata.get('icingaweb2/setup_token'),
@ -21,6 +28,14 @@ files = {
}, },
} }
symlinks = {
'/etc/icingaweb2/enabledModules/monitoring': {
'target': '/usr/share/icingaweb2/modules/monitoring',
'owner': 'www-data',
'group': 'icingaweb2',
},
}
for name in [ for name in [
'authentication.ini', 'authentication.ini',
'config.ini', 'config.ini',
@ -34,3 +49,15 @@ for name in [
'group': 'icingaweb2', 'group': 'icingaweb2',
'mode': '0660', 'mode': '0660',
} }
for name in [
'config.ini',
'backends.ini',
'commandtransports.ini',
]:
files[f'/etc/icingaweb2/modules/monitoring/{name}'] = {
'content': repo.libs.ini.dumps(node.metadata.get(f'icingaweb2/monitoring/{name}')),
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '0660',
}

50
bundles/icingaweb2/metadata.py
View file

@ -11,6 +11,7 @@ defaults = {
'php-gd': {}, 'php-gd': {},
'php-imagick': {}, 'php-imagick': {},
'php-pgsql': {}, 'php-pgsql': {},
'icingaweb2-module-monitoring': {},
}, },
'sources': { 'sources': {
'deb https://packages.icinga.com/debian icinga-{release} main', 'deb https://packages.icinga.com/debian icinga-{release} main',
@ -28,7 +29,7 @@ defaults = {
'global': { 'global': {
'show_stacktraces': '1', 'show_stacktraces': '1',
'show_application_state_messages': '1', 'show_application_state_messages': '1',
#'module_path': '/usr/share/icingaweb2/modules', 'module_path': '/usr/share/icingaweb2/modules',
'config_backend': 'db', 'config_backend': 'db',
'config_resource': 'icingaweb2_db', 'config_resource': 'icingaweb2_db',
}, },
@ -57,6 +58,16 @@ defaults = {
'charset': '', 'charset': '',
'use_ssl': '0', 'use_ssl': '0',
}, },
'icinga_ido': {
'type': 'db',
'db': 'pgsql',
'host': 'localhost',
'port': '5432',
'dbname': 'icinga2',
'username': 'icinga2',
'charset': '',
'use_ssl': '0',
},
}, },
'roles.ini': { 'roles.ini': {
'Administrators': { 'Administrators': {
@ -65,6 +76,27 @@ defaults = {
'groups': 'Administrators', 'groups': 'Administrators',
}, },
}, },
'monitoring': {
'config.ini': {
'security': {
'protected_customvars': '*pw*,*pass*,community',
},
},
'backends.ini': {
'icinga2': {
'type': 'ido',
'resource': 'icinga_ido',
},
},
'commandtransports.ini': {
'icinga2': {
'transport': 'api',
'host': 'lcoalhost',
'port': '5665',
'username': 'root',
},
},
},
}, },
'postgresql': { 'postgresql': {
'databases': { 'databases': {
@ -86,11 +118,25 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'icingaweb2/hostname', 'icingaweb2/hostname',
'icingaweb2/resources.ini/icinga_ido/icinga2/password',
'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
) )
def hostname(metadata): def stuff(metadata):
return { return {
'icingaweb2': { 'icingaweb2': {
'hostname': metadata.get('icinga2/hostname'), 'hostname': metadata.get('icinga2/hostname'),
'resources.ini': {
'icinga_ido': {
'password': str(metadata.get('postgresql/roles/icinga2/password')),
},
},
'monitoring': {
'commandtransports.ini': {
'icinga2': {
'password': str(metadata.get('icinga2/api_users/root/password')),
},
},
},
}, },
} }