cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

Compare commits

base: cronekorkn:a60503df09af7053482953c6385f87bb4e633589
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver
..
compare: cronekorkn:3dbcf919b10731cb98e928053dbdd7c04c686ea8
Branches Tags
cronekorkn:master
cronekorkn:n8n
cronekorkn:router
cronekorkn:freescout
cronekorkn:homeassistant-supervised
cronekorkn:conflecttest
cronekorkn:wp
cronekorkn:rufbereitschafts-alarm
cronekorkn:dnssec_2
cronekorkn:dnssec
cronekorkn:apt_sources_as_dict
cronekorkn:wordpress
cronekorkn:iperf3
cronekorkn:picsort-pythoon
cronekorkn:network_metadata_rework
cronekorkn:blog_dirty
cronekorkn:blog
cronekorkn:icinga2_notifications
cronekorkn:icinga_neumachen
cronekorkn:nextcloud_conf_in_metadata
cronekorkn:mastodon
cronekorkn:rtmp
cronekorkn:deterministic_rsa
cronekorkn:deterministic_rsa_test
cronekorkn:left4dead2
cronekorkn:temp130752653
cronekorkn:zfs_encrypt
cronekorkn:icingaweb
cronekorkn:ldap
cronekorkn:icinga2_remote_2
cronekorkn:icinga2_local
cronekorkn:icinga
cronekorkn:icinga2_remote
cronekorkn:modprobe
cronekorkn:autoconfig
cronekorkn:basic_auth
cronekorkn:crystal-buildserver
cronekorkn:build_Server
cronekorkn:cya_hetzner
cronekorkn:dns_challenge3
cronekorkn:dns_challenge2
cronekorkn:dns_challenge
cronekorkn:gpiod
cronekorkn:multi-redis
cronekorkn:l4d2
cronekorkn:wireguard_clients
cronekorkn:alles_sets
cronekorkn:hdict
cronekorkn:all_units
cronekorkn:unitbug_isolation
cronekorkn:whatsbroken
cronekorkn:minimal_mailserver

No commits in common. "a60503df09af7053482953c6385f87bb4e633589" and "3dbcf919b10731cb98e928053dbdd7c04c686ea8" have entirely different histories.
a60503df09 ... 3dbcf919b1

20 changed files with 53 additions and 657 deletions
Show stats Expand all files Collapse all files

10
bundles/icinga2/files/conf.d/api-users.conf
View file

@ -1,10 +0,0 @@
% for name, conf in sorted(users.items()):
object ApiUser "${name}" {
password = "${conf['password']}"
permissions = [
% for permission in conf['permissions']:
"${permission}",
% endfor
]
}
% endfor

1
bundles/icinga2/files/conf.d/app.conf
View file

@ -1 +0,0 @@
object IcingaApplication "app" { }

186
bundles/icinga2/files/conf.d/commands.conf
View file

@ -1,186 +0,0 @@
/* Command objects */
/* Notification Commands
*
* Please check the documentation for all required and
* optional parameters.
*/
object NotificationCommand "mail-host-notification" {
command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-f" = {
value = "$notification_from$"
description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_hostoutput$"
}
"-r" = {
required = true
value = "$notification_useremail$"
}
"-s" = {
required = true
value = "$notification_hoststate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-v" = "$notification_logtosyslog$"
}
vars += {
notification_address = "$address$"
notification_address6 = "$address6$"
notification_author = "$notification.author$"
notification_comment = "$notification.comment$"
notification_type = "$notification.type$"
notification_date = "$icinga.long_date_time$"
notification_hostname = "$host.name$"
notification_hostdisplayname = "$host.display_name$"
notification_hostoutput = "$host.output$"
notification_hoststate = "$host.state$"
notification_useremail = "$user.email$"
}
}
object NotificationCommand "mail-service-notification" {
command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-e" = {
required = true
value = "$notification_servicename$"
}
"-f" = {
value = "$notification_from$"
description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_serviceoutput$"
}
"-r" = {
required = true
value = "$notification_useremail$"
}
"-s" = {
required = true
value = "$notification_servicestate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-u" = {
required = true
value = "$notification_servicedisplayname$"
}
"-v" = "$notification_logtosyslog$"
}
vars += {
notification_address = "$address$"
notification_address6 = "$address6$"
notification_author = "$notification.author$"
notification_comment = "$notification.comment$"
notification_type = "$notification.type$"
notification_date = "$icinga.long_date_time$"
notification_hostname = "$host.name$"
notification_hostdisplayname = "$host.display_name$"
notification_servicename = "$service.name$"
notification_serviceoutput = "$service.output$"
notification_servicestate = "$service.state$"
notification_useremail = "$user.email$"
notification_servicedisplayname = "$service.display_name$"
}
}
/*
* If you prefer to use the notification scripts with environment
* variables instead of command line parameters, you can use
* the following commands. They have been updated from < 2.7
* to support the new notification scripts and should help
* with an upgrade.
* Remove the comment blocks and comment the notification commands above.
*/
/*
object NotificationCommand "mail-host-notification" {
command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
env = {
NOTIFICATIONTYPE = "$notification.type$"
HOSTDISPLAYNAME = "$host.display_name$"
HOSTNAME = "$host.name$"
HOSTADDRESS = "$address$"
HOSTSTATE = "$host.state$"
LONGDATETIME = "$icinga.long_date_time$"
HOSTOUTPUT = "$host.output$"
NOTIFICATIONAUTHORNAME = "$notification.author$"
NOTIFICATIONCOMMENT = "$notification.comment$"
HOSTDISPLAYNAME = "$host.display_name$"
USEREMAIL = "$user.email$"
}
}
object NotificationCommand "mail-service-notification" {
command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
env = {
NOTIFICATIONTYPE = "$notification.type$"
SERVICENAME = "$service.name$"
HOSTNAME = "$host.name$"
HOSTDISPLAYNAME = "$host.display_name$"
HOSTADDRESS = "$address$"
SERVICESTATE = "$service.state$"
LONGDATETIME = "$icinga.long_date_time$"
SERVICEOUTPUT = "$service.output$"
NOTIFICATIONAUTHORNAME = "$notification.author$"
NOTIFICATIONCOMMENT = "$notification.comment$"
HOSTDISPLAYNAME = "$host.display_name$"
SERVICEDISPLAYNAME = "$service.display_name$"
USEREMAIL = "$user.email$"
}
}
*/

37
bundles/icinga2/files/conf.d/groups.conf
View file

@ -1,37 +0,0 @@
/**
* Host group examples.
*/
object HostGroup "linux-servers" {
display_name = "Linux Servers"
assign where host.vars.os == "Linux"
}
object HostGroup "windows-servers" {
display_name = "Windows Servers"
assign where host.vars.os == "Windows"
}
/**
* Service group examples.
*/
object ServiceGroup "ping" {
display_name = "Ping Checks"
assign where match("ping*", service.name)
}
object ServiceGroup "http" {
display_name = "HTTP Checks"
assign where match("http*", service.check_command)
}
object ServiceGroup "disk" {
display_name = "Disk Checks"
assign where match("disk*", service.check_command)
}

33
bundles/icinga2/files/conf.d/notifications.conf
View file

@ -1,33 +0,0 @@
/**
* The example notification apply rules.
*
* Only applied if host/service objects have
* the custom variable `notification` defined
* and containing `mail` as key.
*
* Check `hosts.conf` for an example.
*/
apply Notification "mail-icingaadmin" to Host {
import "mail-host-notification"
user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail
}
apply Notification "mail-icingaadmin" to Service {
import "mail-service-notification"
user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail
}

2
bundles/icinga2/files/conf.d/templates.conf
View file

@ -11,5 +11,3 @@ template Service "generic-service" {
check_interval = 1m check_interval = 1m
retry_interval = 30s retry_interval = 30s
} }
template User "generic-user" {}

34
bundles/icinga2/files/conf.d/timeperiods.conf
View file

@ -1,34 +0,0 @@
/**
* Sample timeperiods for Icinga 2.
* Check the documentation for details.
*/
object TimePeriod "24x7" {
display_name = "Icinga 2 24x7 TimePeriod"
ranges = {
"monday" = "00:00-24:00"
"tuesday" = "00:00-24:00"
"wednesday" = "00:00-24:00"
"thursday" = "00:00-24:00"
"friday" = "00:00-24:00"
"saturday" = "00:00-24:00"
"sunday" = "00:00-24:00"
}
}
object TimePeriod "9to5" {
display_name = "Icinga 2 9to5 TimePeriod"
ranges = {
"monday" = "09:00-17:00"
"tuesday" = "09:00-17:00"
"wednesday" = "09:00-17:00"
"thursday" = "09:00-17:00"
"friday" = "09:00-17:00"
}
}
object TimePeriod "never" {
display_name = "Icinga 2 never TimePeriod"
ranges = {
}
}

2
bundles/icinga2/files/constants.conf
View file

@ -1,6 +1,6 @@
const PluginDir = "/usr/lib/nagios/plugins" const PluginDir = "/usr/lib/nagios/plugins"
const ManubulonPluginDir = "/usr/lib/nagios/plugins" const ManubulonPluginDir = "/usr/lib/nagios/plugins"
const PluginContribDir = "/usr/lib/nagios/plugins" const PluginContribDir = "/usr/lib/nagios/plugins"
const NodeName = "${hostname}" const NodeName = "${domain}"
const ZoneName = NodeName const ZoneName = NodeName
const TicketSalt = "" const TicketSalt = ""

1
bundles/icinga2/files/features/api.conf
View file

@ -1 +0,0 @@
object ApiListener "api" {}

1
bundles/icinga2/files/features/checker.conf
View file

@ -1 +0,0 @@
object CheckerComponent "checker" { }

1
bundles/icinga2/files/features/notification.conf
View file

@ -1 +0,0 @@
object NotificationComponent "notification" { }

3
bundles/icinga2/files/features/syslog.conf
View file

@ -1,3 +0,0 @@
object SyslogLogger "syslog" {
severity = "warning"
}

2
bundles/icinga2/files/hosts.d/host.conf
View file

@ -1,6 +1,4 @@
<%! <%!
from bundlewrap.utils import Fault
def render_value(key, value): def render_value(key, value):
if isinstance(value, Fault): if isinstance(value, Fault):
return render_value(key, value.value) return render_value(key, value.value)

10
bundles/icinga2/files/icinga2.conf
View file

@ -1,10 +1,4 @@
include "constants.conf" include "constants.conf"
include "zones.conf" include_recursive "features.d"
include <itl>
include <plugins>
include <plugins-contrib>
include "features.d/*.conf"
include_recursive "conf.d" include_recursive "conf.d"
include "hosts.d/*.conf" include_recursive "hosts.d"

7
bundles/icinga2/files/zones.conf
View file

@ -1,7 +0,0 @@
object Endpoint NodeName {
host = NodeName
}
object Zone ZoneName {
endpoints = [ NodeName ]
}

249
bundles/icinga2/items.py
View file

@ -1,251 +1,76 @@
from ipaddress import ip_interface # Git-Hash for Icinga1: b63bb0ef52bf213715e567c81e3ed097024e61af
directories = { directories = {
'/etc/icinga2': { '/etc/icinga2': {
'purge': True, # 'purge': True,
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'triggers': [ 'needs': [
'svc_systemd:icinga2.service:restart', 'pkg_apt:icinga2',
], ],
}, },
'/etc/icinga2/conf.d': { '/etc/icinga2/conf.d': {
'purge': True, # 'purge': True,
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
}, },
'/etc/icinga2/hosts.d': { '/etc/icinga2/hosts.d': {
'purge': True, 'purge': True,
'owner': 'nagios', 'owner': 'nagios',
'group': 'nagios', 'group': 'nagios',
'mode': '0750', 'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d': {
'purge': True,
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/scripts': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/var/lib/icinga2': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0750',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/var/lib/icinga2/certs': {
'owner': 'nagios',
'group': 'nagios',
'mode': '0700',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
}, },
# '/etc/icinga2/features.d': {
# 'purge': True,
# 'owner': 'nagios',
# 'group': 'nagios',
# 'mode': '0750',
# },
} }
files = { files = {
'/etc/icinga2/icinga2.conf': { # '/etc/icinga2/icinga2.conf': {
'owner': 'nagios', # 'owner': 'nagios',
'group': 'nagios', # },
'mode': '0640', # '/etc/icinga2/constants.conf': {
'triggers': [ # 'owner': 'nagios',
'svc_systemd:icinga2.service:restart', # 'context': {
], # 'hostname': node.metadata.get('icinga2/hostname')
}, # },
'/etc/icinga2/constants.conf': { # },
'content_type': 'mako', # '/etc/icinga2/conf.d/templates.conf': {
'owner': 'nagios', # 'source': 'conf.d/templates.conf',
'group': 'nagios', # 'owner': 'nagios',
'mode': '0640', # },
'context': { # '/etc/icinga2/features/ido-pgsql.conf': {
'hostname': node.metadata.get('icinga2/hostname') # 'source': 'features/ido-pgsql.conf',
}, # 'content_type': 'mako',
'triggers': [ # 'owner': 'nagios',
'svc_systemd:icinga2.service:restart', # 'context': {
], # 'db_password': node.metadata.get('postgresql/roles/icinga2/password')
}, # },
'/etc/icinga2/zones.conf': { # 'needs': [
'content_type': 'mako', # 'pkg_apt:icinga2-ido-pgsql',
'context': { # ],
'hostname': node.metadata.get('icinga2/hostname') # },
},
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/api-users.conf': {
'source': 'conf.d/api-users.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'context': {
'users': node.metadata.get('icinga2/api_users'),
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/app.conf': {
'source': 'conf.d/app.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/commands.conf': {
'source': 'conf.d/commands.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/groups.conf': {
'source': 'conf.d/groups.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/notifications.conf': {
'source': 'conf.d/notifications.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/templates.conf': {
'source': 'conf.d/templates.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/conf.d/timeperiods.conf': {
'source': 'conf.d/timeperiods.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'mode': '0640',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/ido-pgsql.conf': {
'source': 'features/ido-pgsql.conf',
'content_type': 'mako',
'owner': 'nagios',
'group': 'nagios',
'context': {
'db_password': node.metadata.get('postgresql/roles/icinga2/password')
},
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/syslog.conf': {
'source': 'features/syslog.conf',
'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/notification.conf': {
'source': 'features/notification.conf',
'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/checker.conf': {
'source': 'features/checker.conf',
'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/etc/icinga2/features.d/api.conf': {
'source': 'features/api.conf',
'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
'/var/lib/icinga2/certs/ca.crt': {
'content_type': 'download',
'source': f'https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem',
'owner': 'nagios',
'group': 'nagios',
'triggers': [
'svc_systemd:icinga2.service:restart',
],
},
} }
for other_node in repo.nodes: for other_node in repo.nodes:
if other_node.dummy:
continue
files[f'/etc/icinga2/hosts.d/{other_node.name}.conf'] = { files[f'/etc/icinga2/hosts.d/{other_node.name}.conf'] = {
'content_type': 'mako', 'content_type': 'mako',
'source': 'hosts.d/host.conf', 'source': 'hosts.d/host.conf',
'owner': 'nagios', 'owner': 'nagios',
'context': { 'context': {
'host_name': other_node.name, 'host_name': other_node.name,
'host_settings': { 'host_settings': {},
'address': str(ip_interface(other_node.metadata.get('network/internal/ipv4', None) or other_node.metadata.get('wireguard/my_ip')).ip),
},
'services': other_node.metadata.get('monitoring', {}), 'services': other_node.metadata.get('monitoring', {}),
}, },
'triggers': [
'svc_systemd:icinga2.service:restart',
],
} }
svc_systemd = { svc_systemd = {
'icinga2.service': { 'icinga2': {
'needs': [ 'needs': [
'pkg_apt:icinga2-ido-pgsql', 'pkg_apt:icinga2-ido-pgsql',
'svc_systemd:postgresql', 'svc_systemd:postgresql',

28
bundles/icinga2/metadata.py
View file

@ -12,14 +12,6 @@ defaults = {
'deb https://packages.icinga.com/debian icinga-{release} main', 'deb https://packages.icinga.com/debian icinga-{release} main',
}, },
}, },
'icinga2': {
'api_users': {
'root': {
'password': repo.vault.password_for(f'icinga2 api user root on {node.name}'),
'permissions': {'*'},
}
},
},
'postgresql': { 'postgresql': {
'databases': { 'databases': {
'icinga2': { 'icinga2': {
@ -45,23 +37,3 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'nginx/vhosts',
)
def letsencrypt(metadata):
return {
'letsencrypt': {
'domains': {
metadata.get('icingaweb2/hostname'): {
'reload': {'icinga2'},
'owner': 'nagios',
'group': 'nagios',
'location': '/var/lib/icinga2/certs',
'privkey_name': metadata.get('hostname') + '.key',
'cert_name': metadata.get('hostname') + '.crt',
},
},
},
}

37
bundles/icingaweb2/items.py
View file

@ -4,21 +4,14 @@ directories = {
'owner': 'www-data', 'owner': 'www-data',
'group': 'icingaweb2', 'group': 'icingaweb2',
'mode': '2770', 'mode': '2770',
}, 'needs': [
'/etc/icingaweb2/enabledModules': { 'pkg_apt:icinga2',
# 'purge': True, 'pkg_apt:icingaweb2',
'owner': 'www-data', ],
'group': 'icingaweb2',
'mode': '2770',
},
'/etc/icingaweb2/modules': {
# 'purge': True,
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '2770',
}, },
} }
files = { files = {
'/etc/icingaweb2/setup.token': { '/etc/icingaweb2/setup.token': {
'content': node.metadata.get('icingaweb2/setup_token'), 'content': node.metadata.get('icingaweb2/setup_token'),
@ -28,14 +21,6 @@ files = {
}, },
} }
symlinks = {
'/etc/icingaweb2/enabledModules/monitoring': {
'target': '/usr/share/icingaweb2/modules/monitoring',
'owner': 'www-data',
'group': 'icingaweb2',
},
}
for name in [ for name in [
'authentication.ini', 'authentication.ini',
'config.ini', 'config.ini',
@ -49,15 +34,3 @@ for name in [
'group': 'icingaweb2', 'group': 'icingaweb2',
'mode': '0660', 'mode': '0660',
} }
for name in [
'config.ini',
'backends.ini',
'commandtransports.ini',
]:
files[f'/etc/icingaweb2/modules/monitoring/{name}'] = {
'content': repo.libs.ini.dumps(node.metadata.get(f'icingaweb2/monitoring/{name}')),
'owner': 'www-data',
'group': 'icingaweb2',
'mode': '0660',
}

50
bundles/icingaweb2/metadata.py
View file

@ -11,7 +11,6 @@ defaults = {
'php-gd': {}, 'php-gd': {},
'php-imagick': {}, 'php-imagick': {},
'php-pgsql': {}, 'php-pgsql': {},
'icingaweb2-module-monitoring': {},
}, },
'sources': { 'sources': {
'deb https://packages.icinga.com/debian icinga-{release} main', 'deb https://packages.icinga.com/debian icinga-{release} main',
@ -29,7 +28,7 @@ defaults = {
'global': { 'global': {
'show_stacktraces': '1', 'show_stacktraces': '1',
'show_application_state_messages': '1', 'show_application_state_messages': '1',
'module_path': '/usr/share/icingaweb2/modules', #'module_path': '/usr/share/icingaweb2/modules',
'config_backend': 'db', 'config_backend': 'db',
'config_resource': 'icingaweb2_db', 'config_resource': 'icingaweb2_db',
}, },
@ -58,16 +57,6 @@ defaults = {
'charset': '', 'charset': '',
'use_ssl': '0', 'use_ssl': '0',
}, },
'icinga_ido': {
'type': 'db',
'db': 'pgsql',
'host': 'localhost',
'port': '5432',
'dbname': 'icinga2',
'username': 'icinga2',
'charset': '',
'use_ssl': '0',
},
}, },
'roles.ini': { 'roles.ini': {
'Administrators': { 'Administrators': {
@ -76,27 +65,6 @@ defaults = {
'groups': 'Administrators', 'groups': 'Administrators',
}, },
}, },
'monitoring': {
'config.ini': {
'security': {
'protected_customvars': '*pw*,*pass*,community',
},
},
'backends.ini': {
'icinga2': {
'type': 'ido',
'resource': 'icinga_ido',
},
},
'commandtransports.ini': {
'icinga2': {
'transport': 'api',
'host': 'localhost',
'port': '5665',
'username': 'root',
},
},
},
}, },
'postgresql': { 'postgresql': {
'databases': { 'databases': {
@ -118,25 +86,11 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'icingaweb2/hostname', 'icingaweb2/hostname',
'icingaweb2/resources.ini/icinga_ido/icinga2/password',
'icingaweb2/monitoring/commandtransports.ini/icinga2/password',
) )
def stuff(metadata): def hostname(metadata):
return { return {
'icingaweb2': { 'icingaweb2': {
'hostname': metadata.get('icinga2/hostname'), 'hostname': metadata.get('icinga2/hostname'),
'resources.ini': {
'icinga_ido': {
'password': str(metadata.get('postgresql/roles/icinga2/password')),
},
},
'monitoring': {
'commandtransports.ini': {
'icinga2': {
'password': str(metadata.get('icinga2/api_users/root/password')),
},
},
},
}, },
} }

16
bundles/letsencrypt/files/hook.sh
View file

@ -26,23 +26,19 @@ deploy_cert() {
CERTFILE="$3" CERTFILE="$3"
FULLCHAINFILE="$4" FULLCHAINFILE="$4"
CHAINFILE="$5" CHAINFILE="$5"
case $DOMAIN in case $DOMAIN in
% for domain, conf in sorted(domains.items()): % for domain, conf in sorted(domains.items()):
<% if not conf: continue %>\ <% if not conf: continue %>\
${domain}) ${domain})
% if conf.get('location', None): % if conf.get('location', None):
cat "$KEYFILE" > "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}" cat "$KEYFILE" > "${conf['location']}/privkey.pem"
cat "$CERTFILE" > "${conf['location']}/${conf.get('cert_name', 'cert.pem')}" cat "$CERTFILE" > "${conf['location']}/cert.pem"
cat "$FULLCHAINFILE" > "${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}" cat "$FULLCHAINFILE" > "${conf['location']}/fullchain.pem"
cat "$CHAINFILE" > "${conf['location']}/${conf.get('chain_name', 'chain.pem')}" cat "$CHAINFILE" > "${conf['location']}/chain.pem"
% endif % endif
% if conf.get('owner', None): % if conf.get('owner', None):
chown ${conf['owner']}:${conf.get('group', '')} \ chown ${conf['owner']} "${conf['location']}/privkey.pem" "${conf['location']}/cert.pem" "${conf['location']}/fullchain.pem" "${conf['location']}/chain.pem"
"${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}" \
"${conf['location']}/${conf.get('cert_name', 'cert.pem')}" \
"${conf['location']}/${conf.get('fullchain_name', 'fullchain.pem')}" \
"${conf['location']}/${conf.get('chain_name', 'chain.pem')}"
% endif % endif
% for service in sorted(conf.get('reload', [])): % for service in sorted(conf.get('reload', [])):
systemctl reload-or-restart ${service} systemctl reload-or-restart ${service}