cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2022-03-06 23:30:32 +01:00
parent 885588910a
commit fb818b2c74
9 changed files with 215 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
bundles/icinga2/files/conf.d/templates.conf Normal file
View file

@ -0,0 +1,13 @@
template Host "generic-host" {
max_check_attempts = 3
check_interval = 1m
retry_interval = 30s
check_command = "hostalive"
}
template Service "generic-service" {
max_check_attempts = 5
check_interval = 1m
retry_interval = 30s
}

6
bundles/icinga2/files/constants.conf Normal file
View file

@ -0,0 +1,6 @@
const PluginDir = "/usr/lib/nagios/plugins"
const ManubulonPluginDir = "/usr/lib/nagios/plugins"
const PluginContribDir = "/usr/lib/nagios/plugins"
const NodeName = "${domain}"
const ZoneName = NodeName
const TicketSalt = ""

0
bundles/icinga2/files/ido-pgsql.conf → bundles/icinga2/files/features/ido-pgsql.conf
View file

36
bundles/icinga2/files/hosts.d/host.conf Normal file
View file

@ -0,0 +1,36 @@
<%!
def render_value(key, value):
if isinstance(value, Fault):
return render_value(key, value.value)
elif isinstance(value, type(None)):
return '""'
elif isinstance(value, bool):
return 'true' if value else 'false'
elif isinstance(value, int):
return str(value)
elif isinstance(value, str):
if key.endswith('_interval'):
return value
else:
return f'"{value}"'
elif isinstance(value, (list, set)):
return '[' + ', '.join(render_value(e) for e in sorted(value)) + ']'
else:
raise Exception(f"cant process type '{type(value)}' of value '{value}'")
%>
object Host "${host_name}" {
import "generic-host"
% for key, value in sorted(host_settings.items()):
${key} = ${render_value(key, value)}
% endfor
}
% for service_name, service_config in sorted(services.items(), key=lambda e: [e[1]['vars.bundle'], e[0]]):
object Service "${service_name}" {
import "generic-service"
% for key, value in sorted(service_config.items()):
${key} = ${render_value(key, value)}
% endfor
}
% endfor

4
bundles/icinga2/files/icinga2.conf Normal file
View file

@ -0,0 +1,4 @@
include "constants.conf"
include_recursive "features.d"
include_recursive "conf.d"
include_recursive "hosts.d"

90
bundles/icinga2/items.py
View file

@ -1,26 +1,65 @@
# Git-Hash for Icinga1: b63bb0ef52bf213715e567c81e3ed097024e61af # Git-Hash for Icinga1: b63bb0ef52bf213715e567c81e3ed097024e61af
from json import load directories = {
from os.path import join '/etc/icinga2': {
'purge': True,
ICINGA_PLUGINS = { 'owner': 'nagios',
},
'/etc/icinga2/conf.d': {
'purge': True,
'owner': 'nagios',
},
'/etc/icinga2/hosts.d': {
'purge': True,
'owner': 'nagios',
},
'/etc/icinga2/features.d': {
'purge': True,
'owner': 'nagios',
},
} }
ENABLED_FEATURES = [ files = {
'ido-pgsql', '/etc/icinga2/icinga2.conf': {
'notification',
]
for feature in ENABLED_FEATURES:
symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = {
'target': f'/etc/icinga2/features-available/{feature}.conf',
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', },
'/etc/icinga2/constants.conf': {
'owner': 'nagios',
'context': {
'hostname': node.metadata.get('icinga2/hostname')
},
},
'/etc/icinga2/conf.d/templates.conf': {
'source': 'conf.d/templates.conf',
'owner': 'nagios',
},
'/etc/icinga2/features/ido-pgsql.conf': {
'source': 'features/ido-pgsql.conf',
'content_type': 'mako',
'owner': 'nagios',
'context': {
'db_password': node.metadata.get('postgresql/roles/icinga2/password')
},
'needs': [ 'needs': [
'pkg_apt:icinga2-ido-pgsql', 'pkg_apt:icinga2-ido-pgsql',
], ],
'triggers': [ },
'svc_systemd:icinga2:restart', '/etc/icingaweb2/setup.token': {
], 'content': node.metadata.get('icingaweb2/setup_token'),
'owner': 'nagios',
},
}
for other_node in repo.nodes:
files[f'/etc/icinga2/hosts.d/{other_node.name}.conf'] = {
'content_type': 'mako',
'source': 'hosts.d/host.conf',
'owner': 'nagios',
'context': {
'host_name': other_node.name,
'host_settings': {},
'services': other_node.metadata.get('monitoring', {}),
},
} }
svc_systemd = { svc_systemd = {
@ -31,24 +70,3 @@ svc_systemd = {
], ],
}, },
} }
directories = {
'/etc/icinga2/features-enabled': {
'purge': True,
},
}
files = {
'/etc/icinga2/features-available/ido-pgsql.conf': {
'source': 'ido-pgsql.conf',
'content_type': 'mako',
'context': {
'db_password': node.metadata.get('postgresql/roles/icinga2/password')
},
'owner': 'nagios',
'group': 'nagios',
'needs': [
'pkg_apt:icinga2-ido-pgsql',
],
},
}

30
bundles/icinga2/metadata.py
View file

@ -1,3 +1,5 @@
from hashlib import sha3_256
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
@ -42,3 +44,31 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'icingaweb2/setup_token',
)
def setup_token(metadata):
return {
'icingaweb2': {
'setup_token': sha3_256(metadata.get('id').encode()).hexdigest()[:16],
},
}
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata):
return {
'nginx': {
'vhosts': {
metadata.get('icinga2/hostname'): {
'content': 'icingaweb2/vhost.conf',
'context': {
},
},
},
},
}

70
data/icingaweb2/vhost.conf Normal file
View file

@ -0,0 +1,70 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${server_name};
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
root /usr/share/icingaweb2/public;
index index.php index.html index.htm;
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location / {
root /usr/share/icinga/htdocs;
index index.html;
auth_basic "Restricted";
auth_basic_user_file /etc/icinga/htpasswd.users;
}
location /icinga/stylesheets {
alias /etc/icinga/stylesheets;
}
location /stylesheets {
alias /etc/icinga/stylesheets;
}
location /icinga/images {
alias /usr/share/icinga/htdocs/images;
}
location ~ \.cgi$ {
# define root directory for CGIs
root /usr/lib/cgi-bin/icinga;
rewrite ^/icinga/cgi-bin/(.*)\.cgi /$1.cgi break;
rewrite ^/cgi-bin/icinga/(.*)\.cgi /$1.cgi break;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
auth_basic "Restricted";
auth_basic_user_file /etc/icinga/htpasswd.users;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
}
location ~ ^/icinga-api/(.+\.php)$ {
root /usr/share/icinga/htdocs;
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
auth_basic "Restricted";
auth_basic_user_file /etc/icinga/htpasswd.users;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
}
}

4
nodes/home.server.py
View file

@ -70,8 +70,8 @@
'hostname': 'grafana.sublimity.de', 'hostname': 'grafana.sublimity.de',
'influxdb_node': 'home.server', 'influxdb_node': 'home.server',
}, },
'grub': { 'icinga2': {
'kernel_params': {'nomodeset'}, # nvidia GT1030 freeze fix 'hostname': 'icinga2.sublimity.de',
}, },
'influxdb': { 'influxdb': {
'hostname': 'influxdb.sublimity.de', 'hostname': 'influxdb.sublimity.de',