wip

2022-08-31 11:36:23 +02:00 · 2022-08-16 23:22:47 +02:00 · 2022-08-16 22:39:42 +02:00 · 2022-08-16 22:27:46 +02:00 · 2022-08-16 22:23:02 +02:00
20 changed files with 657 additions and 53 deletions
--- a/bundles/icinga2/files/conf.d/api-users.conf
+++ b/bundles/icinga2/files/conf.d/api-users.conf
@ -0,0 +1,10 @@
+% for name, conf in sorted(users.items()):
+object ApiUser "${name}" {
+  password = "${conf['password']}"
+  permissions = [
+% for permission in conf['permissions']:
+    "${permission}",
+% endfor
+  ]
+}
+% endfor
--- a/bundles/icinga2/files/conf.d/app.conf
+++ b/bundles/icinga2/files/conf.d/app.conf
@ -0,0 +1 @@
+object IcingaApplication "app" { }
--- a/bundles/icinga2/files/conf.d/commands.conf
+++ b/bundles/icinga2/files/conf.d/commands.conf
@ -0,0 +1,186 @@
+/* Command objects */
+
+/* Notification Commands
+ *
+ * Please check the documentation for all required and
+ * optional parameters.
+ */
+
+object NotificationCommand "mail-host-notification" {
+  command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
+
+  arguments += {
+    "-4" = "$notification_address$"
+    "-6" = "$notification_address6$"
+    "-b" = "$notification_author$"
+    "-c" = "$notification_comment$"
+    "-d" = {
+      required = true
+      value = "$notification_date$"
+    }
+    "-f" = {
+      value = "$notification_from$"
+      description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
+    }
+    "-i" = "$notification_icingaweb2url$"
+    "-l" = {
+      required = true
+      value = "$notification_hostname$"
+    }
+    "-n" = {
+      required = true
+      value = "$notification_hostdisplayname$"
+    }
+    "-o" = {
+      required = true
+      value = "$notification_hostoutput$"
+    }
+    "-r" = {
+      required = true
+      value = "$notification_useremail$"
+    }
+    "-s" = {
+      required = true
+      value = "$notification_hoststate$"
+    }
+    "-t" = {
+      required = true
+      value = "$notification_type$"
+    }
+    "-v" = "$notification_logtosyslog$"
+  }
+
+  vars += {
+    notification_address = "$address$"
+    notification_address6 = "$address6$"
+    notification_author = "$notification.author$"
+    notification_comment = "$notification.comment$"
+    notification_type = "$notification.type$"
+    notification_date = "$icinga.long_date_time$"
+    notification_hostname = "$host.name$"
+    notification_hostdisplayname = "$host.display_name$"
+    notification_hostoutput = "$host.output$"
+    notification_hoststate = "$host.state$"
+    notification_useremail = "$user.email$"
+  }
+}
+
+object NotificationCommand "mail-service-notification" {
+  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
+
+  arguments += {
+    "-4" = "$notification_address$"
+    "-6" = "$notification_address6$"
+    "-b" = "$notification_author$"
+    "-c" = "$notification_comment$"
+    "-d" = {
+      required = true
+      value = "$notification_date$"
+    }
+    "-e" = {
+      required = true
+      value = "$notification_servicename$"
+    }
+    "-f" = {
+      value = "$notification_from$"
+      description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
+    }
+    "-i" = "$notification_icingaweb2url$"
+    "-l" = {
+      required = true
+      value = "$notification_hostname$"
+    }
+    "-n" = {
+      required = true
+      value = "$notification_hostdisplayname$"
+    }
+    "-o" = {
+      required = true
+      value = "$notification_serviceoutput$"
+    }
+    "-r" = {
+      required = true
+      value = "$notification_useremail$"
+    }
+    "-s" = {
+      required = true
+      value = "$notification_servicestate$"
+    }
+    "-t" = {
+      required = true
+      value = "$notification_type$"
+    }
+    "-u" = {
+      required = true
+      value = "$notification_servicedisplayname$"
+    }
+    "-v" = "$notification_logtosyslog$"
+  }
+
+  vars += {
+    notification_address = "$address$"
+    notification_address6 = "$address6$"
+    notification_author = "$notification.author$"
+    notification_comment = "$notification.comment$"
+    notification_type = "$notification.type$"
+    notification_date = "$icinga.long_date_time$"
+    notification_hostname = "$host.name$"
+    notification_hostdisplayname = "$host.display_name$"
+    notification_servicename = "$service.name$"
+    notification_serviceoutput = "$service.output$"
+    notification_servicestate = "$service.state$"
+    notification_useremail = "$user.email$"
+    notification_servicedisplayname = "$service.display_name$"
+  }
+}
+
+/*
+ * If you prefer to use the notification scripts with environment
+ * variables instead of command line parameters, you can use
+ * the following commands. They have been updated from < 2.7
+ * to support the new notification scripts and should help
+ * with an upgrade.
+ * Remove the comment blocks and comment the notification commands above.
+ */
+
+/*
+
+object NotificationCommand "mail-host-notification" {
+  command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
+
+  env = {
+    NOTIFICATIONTYPE = "$notification.type$"
+    HOSTDISPLAYNAME = "$host.display_name$"
+    HOSTNAME = "$host.name$"
+    HOSTADDRESS = "$address$"
+    HOSTSTATE = "$host.state$"
+    LONGDATETIME = "$icinga.long_date_time$"
+    HOSTOUTPUT = "$host.output$"
+    NOTIFICATIONAUTHORNAME = "$notification.author$"
+    NOTIFICATIONCOMMENT = "$notification.comment$"
+    HOSTDISPLAYNAME = "$host.display_name$"
+    USEREMAIL = "$user.email$"
+  }
+}
+
+object NotificationCommand "mail-service-notification" {
+  command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
+
+  env = {
+    NOTIFICATIONTYPE = "$notification.type$"
+    SERVICENAME = "$service.name$"
+    HOSTNAME = "$host.name$"
+    HOSTDISPLAYNAME = "$host.display_name$"
+    HOSTADDRESS = "$address$"
+    SERVICESTATE = "$service.state$"
+    LONGDATETIME = "$icinga.long_date_time$"
+    SERVICEOUTPUT = "$service.output$"
+    NOTIFICATIONAUTHORNAME = "$notification.author$"
+    NOTIFICATIONCOMMENT = "$notification.comment$"
+    HOSTDISPLAYNAME = "$host.display_name$"
+    SERVICEDISPLAYNAME = "$service.display_name$"
+    USEREMAIL = "$user.email$"
+  }
+}
+
+*/
--- a/bundles/icinga2/files/conf.d/groups.conf
+++ b/bundles/icinga2/files/conf.d/groups.conf
@ -0,0 +1,37 @@
+/**
+ * Host group examples.
+ */
+
+object HostGroup "linux-servers" {
+  display_name = "Linux Servers"
+
+  assign where host.vars.os == "Linux"
+}
+
+object HostGroup "windows-servers" {
+  display_name = "Windows Servers"
+
+  assign where host.vars.os == "Windows"
+}
+
+/**
+ * Service group examples.
+ */
+
+object ServiceGroup "ping" {
+  display_name = "Ping Checks"
+
+  assign where match("ping*", service.name)
+}
+
+object ServiceGroup "http" {
+  display_name = "HTTP Checks"
+
+  assign where match("http*", service.check_command)
+}
+
+object ServiceGroup "disk" {
+  display_name = "Disk Checks"
+
+  assign where match("disk*", service.check_command)
+}
--- a/bundles/icinga2/files/conf.d/notifications.conf
+++ b/bundles/icinga2/files/conf.d/notifications.conf
@ -0,0 +1,33 @@
+/**
+ * The example notification apply rules.
+ *
+ * Only applied if host/service objects have
+ * the custom variable `notification` defined
+ * and containing `mail` as key.
+ *
+ * Check `hosts.conf` for an example.
+ */
+
+apply Notification "mail-icingaadmin" to Host {
+  import "mail-host-notification"
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
+
+  //interval = 2h
+
+  //vars.notification_logtosyslog = true
+
+  assign where host.vars.notification.mail
+}
+
+apply Notification "mail-icingaadmin" to Service {
+  import "mail-service-notification"
+  user_groups = host.vars.notification.mail.groups
+  users = host.vars.notification.mail.users
+
+  //interval = 2h
+
+  //vars.notification_logtosyslog = true
+
+  assign where host.vars.notification.mail
+}
--- a/bundles/icinga2/files/conf.d/templates.conf
+++ b/bundles/icinga2/files/conf.d/templates.conf
@ -11,3 +11,5 @@ template Service "generic-service" {
  check_interval = 1m
  retry_interval = 30s
 }
+
+template User "generic-user" {}
--- a/bundles/icinga2/files/conf.d/timeperiods.conf
+++ b/bundles/icinga2/files/conf.d/timeperiods.conf
@ -0,0 +1,34 @@
+/**
+ * Sample timeperiods for Icinga 2.
+ * Check the documentation for details.
+ */
+
+object TimePeriod "24x7" {
+  display_name = "Icinga 2 24x7 TimePeriod"
+  ranges = {
+    "monday" 	= "00:00-24:00"
+    "tuesday" 	= "00:00-24:00"
+    "wednesday" = "00:00-24:00"
+    "thursday" 	= "00:00-24:00"
+    "friday" 	= "00:00-24:00"
+    "saturday" 	= "00:00-24:00"
+    "sunday" 	= "00:00-24:00"
+  }
+}
+
+object TimePeriod "9to5" {
+  display_name = "Icinga 2 9to5 TimePeriod"
+  ranges = {
+    "monday" 	= "09:00-17:00"
+    "tuesday" 	= "09:00-17:00"
+    "wednesday" = "09:00-17:00"
+    "thursday" 	= "09:00-17:00"
+    "friday" 	= "09:00-17:00"
+  }
+}
+
+object TimePeriod "never" {
+  display_name = "Icinga 2 never TimePeriod"
+  ranges = {
+  }
+}
--- a/bundles/icinga2/files/constants.conf
+++ b/bundles/icinga2/files/constants.conf
@ -1,6 +1,6 @@
 const PluginDir = "/usr/lib/nagios/plugins"
 const ManubulonPluginDir = "/usr/lib/nagios/plugins"
 const PluginContribDir = "/usr/lib/nagios/plugins"
-const NodeName = "${domain}"
+const NodeName = "${hostname}"
 const ZoneName = NodeName
 const TicketSalt = ""
--- a/bundles/icinga2/files/features/api.conf
+++ b/bundles/icinga2/files/features/api.conf
@ -0,0 +1 @@
+object ApiListener "api" {}
--- a/bundles/icinga2/files/features/checker.conf
+++ b/bundles/icinga2/files/features/checker.conf
@ -0,0 +1 @@
+object CheckerComponent "checker" { }
--- a/bundles/icinga2/files/features/notification.conf
+++ b/bundles/icinga2/files/features/notification.conf
@ -0,0 +1 @@
+object NotificationComponent "notification" { }
--- a/bundles/icinga2/files/features/syslog.conf
+++ b/bundles/icinga2/files/features/syslog.conf
@ -0,0 +1,3 @@
+object SyslogLogger "syslog" {
+    severity = "warning"
+}
--- a/bundles/icinga2/files/hosts.d/host.conf
+++ b/bundles/icinga2/files/hosts.d/host.conf
@ -1,4 +1,6 @@
 <%!
+    from bundlewrap.utils import Fault
+
    def render_value(key, value):
        if isinstance(value, Fault):
            return render_value(key, value.value)
--- a/bundles/icinga2/files/icinga2.conf
+++ b/bundles/icinga2/files/icinga2.conf
@ -1,4 +1,10 @@
 include "constants.conf"
-include_recursive "features.d"
+include "zones.conf"
+
+include <itl>
+include <plugins>
+include <plugins-contrib>
+
+include "features.d/*.conf"
 include_recursive "conf.d"
-include_recursive "hosts.d"
+include "hosts.d/*.conf"
--- a/bundles/icinga2/files/zones.conf
+++ b/bundles/icinga2/files/zones.conf
@ -0,0 +1,7 @@
+object Endpoint NodeName {
+  host = NodeName
+}
+
+object Zone ZoneName {
+  endpoints = [ NodeName ]
+}
--- a/bundles/icinga2/items.py
+++ b/bundles/icinga2/items.py
@ -1,76 +1,251 @@
-# Git-Hash for Icinga1: b63bb0ef52bf213715e567c81e3ed097024e61af
+from ipaddress import ip_interface

 directories = {
    '/etc/icinga2': {
-#        'purge': True,
+       'purge': True,
        'owner': 'nagios',
        'group': 'nagios',
        'mode': '0750',
-        'needs': [
-            'pkg_apt:icinga2',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
        ],
    },
    '/etc/icinga2/conf.d': {
-#        'purge': True,
+        'purge': True,
        'owner': 'nagios',
        'group': 'nagios',
        'mode': '0750',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
    },
    '/etc/icinga2/hosts.d': {
        'purge': True,
        'owner': 'nagios',
        'group': 'nagios',
        'mode': '0750',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d': {
+        'purge': True,
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0750',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/scripts': {
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0750',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/var/lib/icinga2': {
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0750',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/var/lib/icinga2/certs': {
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0700',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
    },
-    # '/etc/icinga2/features.d': {
-    #     'purge': True,
-    #     'owner': 'nagios',
-    #     'group': 'nagios',
-    #     'mode': '0750',
-    # },
 }

 files = {
-    # '/etc/icinga2/icinga2.conf': {
-    #     'owner': 'nagios',
-    # },
-    # '/etc/icinga2/constants.conf': {
-    #     'owner': 'nagios',
-    #     'context': {
-    #         'hostname': node.metadata.get('icinga2/hostname')
-    #     },
-    # },
-    # '/etc/icinga2/conf.d/templates.conf': {
-    #     'source': 'conf.d/templates.conf',
-    #     'owner': 'nagios',
-    # },
-    # '/etc/icinga2/features/ido-pgsql.conf': {
-    #     'source': 'features/ido-pgsql.conf',
-    #     'content_type': 'mako',
-    #     'owner': 'nagios',
-    #     'context': {
-    #         'db_password': node.metadata.get('postgresql/roles/icinga2/password')
-    #     },
-    #     'needs': [
-    #         'pkg_apt:icinga2-ido-pgsql',
-    #     ],
-    # },
+    '/etc/icinga2/icinga2.conf': {
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/constants.conf': {
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'context': {
+            'hostname': node.metadata.get('icinga2/hostname')
+        },
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/zones.conf': {
+        'content_type': 'mako',
+        'context': {
+            'hostname': node.metadata.get('icinga2/hostname')
+        },
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/api-users.conf': {
+        'source': 'conf.d/api-users.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'context': {
+            'users': node.metadata.get('icinga2/api_users'),
+        },
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/app.conf': {
+        'source': 'conf.d/app.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/commands.conf': {
+        'source': 'conf.d/commands.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/groups.conf': {
+        'source': 'conf.d/groups.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/notifications.conf': {
+        'source': 'conf.d/notifications.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/templates.conf': {
+        'source': 'conf.d/templates.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/conf.d/timeperiods.conf': {
+        'source': 'conf.d/timeperiods.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'mode': '0640',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d/ido-pgsql.conf': {
+        'source': 'features/ido-pgsql.conf',
+        'content_type': 'mako',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'context': {
+            'db_password': node.metadata.get('postgresql/roles/icinga2/password')
+        },
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d/syslog.conf': {
+        'source': 'features/syslog.conf',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d/notification.conf': {
+        'source': 'features/notification.conf',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d/checker.conf': {
+        'source': 'features/checker.conf',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/etc/icinga2/features.d/api.conf': {
+        'source': 'features/api.conf',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
+    '/var/lib/icinga2/certs/ca.crt': {
+        'content_type': 'download',
+        'source': f'https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem',
+        'owner': 'nagios',
+        'group': 'nagios',
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
+    },
 }

 for other_node in repo.nodes:
+    if other_node.dummy:
+        continue
+
    files[f'/etc/icinga2/hosts.d/{other_node.name}.conf'] = {
        'content_type': 'mako',
        'source': 'hosts.d/host.conf',
        'owner': 'nagios',
        'context': {
            'host_name': other_node.name,
-            'host_settings': {},
+            'host_settings': {
+                'address': str(ip_interface(other_node.metadata.get('network/internal/ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip),
+            },
            'services': other_node.metadata.get('monitoring', {}),
        },
+        'triggers': [
+            'svc_systemd:icinga2.service:restart',
+        ],
    }

 svc_systemd = {
-    'icinga2': {
+    'icinga2.service': {
        'needs': [
            'pkg_apt:icinga2-ido-pgsql',
            'svc_systemd:postgresql',
--- a/bundles/icinga2/metadata.py
+++ b/bundles/icinga2/metadata.py
@ -12,6 +12,14 @@ defaults = {
            'deb https://packages.icinga.com/debian icinga-{release} main',
        },
    },
+    'icinga2': {
+        'api_users': {
+            'root': {
+                'password': repo.vault.password_for(f'icinga2 api user root on {node.name}'),
+                'permissions': {'*'},
+            }
+        },
+    },
    'postgresql': {
        'databases': {
            'icinga2': {
@ -37,3 +45,23 @@ defaults = {
        },
    },
 }
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts',
+)
+def letsencrypt(metadata):
+    return {
+        'letsencrypt': {
+            'domains': {
+                metadata.get('icingaweb2/hostname'): {
+                    'reload': {'icinga2'},
+                    'owner': 'nagios',
+                    'group': 'nagios',
+                    'location': '/var/lib/icinga2/certs',
+                    'privkey_name': metadata.get('hostname') + '.key',
+                    'cert_name': metadata.get('hostname') + '.crt',
+                },
+            },
+        },
+    }
--- a/bundles/icingaweb2/items.py
+++ b/bundles/icingaweb2/items.py
@ -4,14 +4,21 @@ directories = {
        'owner': 'www-data',
        'group': 'icingaweb2',
        'mode': '2770',
-        'needs': [
-            'pkg_apt:icinga2',
-            'pkg_apt:icingaweb2',
-        ],
+    },
+    '/etc/icingaweb2/enabledModules': {
+#        'purge': True,
+        'owner': 'www-data',
+        'group': 'icingaweb2',
+        'mode': '2770',
+    },
+    '/etc/icingaweb2/modules': {
+#        'purge': True,
+        'owner': 'www-data',
+        'group': 'icingaweb2',
+        'mode': '2770',
    },
 }

-
 files = {
    '/etc/icingaweb2/setup.token': {
        'content': node.metadata.get('icingaweb2/setup_token'),
@ -21,6 +28,14 @@ files = {
    },
 }

+symlinks = {
+    '/etc/icingaweb2/enabledModules/monitoring': {
+        'target': '/usr/share/icingaweb2/modules/monitoring',
+        'owner': 'www-data',
+        'group': 'icingaweb2',
+    },
+}
+
 for name in [
    'authentication.ini',
    'config.ini',
@ -34,3 +49,15 @@ for name in [
        'group': 'icingaweb2',
        'mode': '0660',
    }
+
+for name in [
+    'config.ini',
+    'backends.ini',
+    'commandtransports.ini',
+]:
+    files[f'/etc/icingaweb2/modules/monitoring/{name}'] = {
+        'content': repo.libs.ini.dumps(node.metadata.get(f'icingaweb2/monitoring/{name}')),
+        'owner': 'www-data',
+        'group': 'icingaweb2',
+        'mode': '0660',
+    }
--- a/bundles/icingaweb2/metadata.py
+++ b/bundles/icingaweb2/metadata.py
@ -11,6 +11,7 @@ defaults = {
            'php-gd': {},
            'php-imagick': {},
            'php-pgsql': {},
+            'icingaweb2-module-monitoring': {},
        },
        'sources': {
            'deb https://packages.icinga.com/debian icinga-{release} main',
@ -28,7 +29,7 @@ defaults = {
            'global': {
                'show_stacktraces': '1',
                'show_application_state_messages': '1',
-                #'module_path': '/usr/share/icingaweb2/modules',
+                'module_path': '/usr/share/icingaweb2/modules',
                'config_backend': 'db',
                'config_resource': 'icingaweb2_db',
            },
@ -57,6 +58,16 @@ defaults = {
                'charset': '',
                'use_ssl': '0',
            },
+            'icinga_ido': {
+                'type': 'db',
+                'db': 'pgsql',
+                'host': 'localhost',
+                'port': '5432',
+                'dbname': 'icinga2',
+                'username': 'icinga2',
+                'charset': '',
+                'use_ssl': '0',
+            },
        },
        'roles.ini': {
            'Administrators': {
@ -65,6 +76,27 @@ defaults = {
                'groups': 'Administrators',
            },
        },
+        'monitoring': {
+            'config.ini': {
+                'security': {
+                    'protected_customvars': '*pw*,*pass*,community',
+                },
+            },
+            'backends.ini': {
+                'icinga2': {
+                    'type': 'ido',
+                    'resource': 'icinga_ido',
+                },
+            },
+            'commandtransports.ini': {
+                'icinga2': {
+                    'transport': 'api',
+                    'host': 'localhost',
+                    'port': '5665',
+                    'username': 'root',
+                },
+            },
+        },
    },
    'postgresql': {
        'databases': {
@ -86,11 +118,25 @@ defaults = {

@metadata_reactor.provides(
    'icingaweb2/hostname',
+    'icingaweb2/resources.ini/icinga_ido/icinga2/password',
+    'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
 )
-def hostname(metadata):
+def stuff(metadata):
    return {
        'icingaweb2': {
            'hostname': metadata.get('icinga2/hostname'),
+            'resources.ini': {
+                'icinga_ido': {
+                    'password': str(metadata.get('postgresql/roles/icinga2/password')),
+                },
+            },
+            'monitoring': {
+                'commandtransports.ini': {
+                    'icinga2': {
+                        'password': str(metadata.get('icinga2/api_users/root/password')),
+                    },
+                },
+            },
        },
    }

--- a/bundles/letsencrypt/files/hook.sh
+++ b/bundles/letsencrypt/files/hook.sh
@ -32,13 +32,17 @@ deploy_cert() {
 <%   if not conf: continue %>\
    ${domain})
      % if conf.get('location', None):
-      cat "$KEYFILE" > "${conf['location']}/privkey.pem"
-      cat "$CERTFILE" > "${conf['location']}/cert.pem"
-      cat "$FULLCHAINFILE" > "${conf['location']}/fullchain.pem"
-      cat "$CHAINFILE" > "${conf['location']}/chain.pem"
+      cat "$KEYFILE" > "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}"
+      cat "$CERTFILE" > "${conf['location']}/${conf.get('cert_name', 'cert.pem')}"
+      cat "$FULLCHAINFILE" > "${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}"
+      cat "$CHAINFILE" > "${conf['location']}/${conf.get('chain_name', 'chain.pem')}"
      % endif
      % if conf.get('owner', None):
-      chown ${conf['owner']} "${conf['location']}/privkey.pem" "${conf['location']}/cert.pem" "${conf['location']}/fullchain.pem" "${conf['location']}/chain.pem"
+      chown ${conf['owner']}:${conf.get('group', '')} \
+        "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}" \
+        "${conf['location']}/${conf.get('cert_name', 'cert.pem')}" \
+        "${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}" \
+        "${conf['location']}/${conf.get('chain_name', 'chain.pem')}"
      % endif
      % for service in sorted(conf.get('reload', [])):
      systemctl reload-or-restart ${service}
Author	SHA1	Message	Date
mwiegand	a60503df09	wip	2022-08-31 11:36:23 +02:00
mwiegand	a9c0e91ea8	wip	2022-08-16 23:22:47 +02:00
mwiegand	dbcf21d807	wip	2022-08-16 22:39:42 +02:00
mwiegand	4c5db6abcf	wip	2022-08-16 22:27:46 +02:00
mwiegand	d524734aa9	wip	2022-08-16 22:23:02 +02:00
				`@ -0,0 +1 @@`
				`object NotificationComponent "notification" { }`