wip

2022-08-13 15:31:52 +02:00 · 2022-08-13 15:31:52 +02:00 · 2022-08-13 15:31:52 +02:00 · 2022-08-13 15:31:52 +02:00 · 2022-08-13 15:31:52 +02:00 · 2022-08-13 15:31:52 +02:00
14 changed files with 381 additions and 3 deletions
--- a/bundles/icinga2/files/conf.d/templates.conf
+++ b/bundles/icinga2/files/conf.d/templates.conf
@ -0,0 +1,13 @@
 template Host "generic-host" {
  max_check_attempts = 3
  check_interval = 1m
  retry_interval = 30s
  check_command = "hostalive"
 }
 template Service "generic-service" {
  max_check_attempts = 5
  check_interval = 1m
  retry_interval = 30s
 }
--- a/bundles/icinga2/files/constants.conf
+++ b/bundles/icinga2/files/constants.conf
@ -0,0 +1,6 @@
 const PluginDir = "/usr/lib/nagios/plugins"
 const ManubulonPluginDir = "/usr/lib/nagios/plugins"
 const PluginContribDir = "/usr/lib/nagios/plugins"
 const NodeName = "${domain}"
 const ZoneName = NodeName
 const TicketSalt = ""
--- a/bundles/icinga2/files/features/ido-pgsql.conf
+++ b/bundles/icinga2/files/features/ido-pgsql.conf
@ -0,0 +1,8 @@
 library "db_ido_pgsql"
 object IdoPgsqlConnection "ido-pgsql" {
  user = "icinga2",
  password = "${db_password}",
  host = "localhost",
  database = "icinga2"
 }
--- a/bundles/icinga2/files/hosts.d/host.conf
+++ b/bundles/icinga2/files/hosts.d/host.conf
@ -0,0 +1,36 @@
 <%!
    def render_value(key, value):
        if isinstance(value, Fault):
            return render_value(key, value.value)
        elif isinstance(value, type(None)):
            return '""'
        elif isinstance(value, bool):
            return 'true' if value else 'false'
        elif isinstance(value, int):
            return str(value)
        elif isinstance(value, str):
            if key.endswith('_interval'):
                return value
            else:
                return f'"{value}"'
        elif isinstance(value, (list, set)):
            return '[' + ', '.join(render_value(e) for e in sorted(value)) + ']'
        else:
            raise Exception(f"cant process type '{type(value)}' of value '{value}'")
 %>
 object Host "${host_name}" {
  import "generic-host"
  % for key, value in sorted(host_settings.items()):
  ${key} = ${render_value(key, value)}
  % endfor
 }
 % for service_name, service_config in sorted(services.items(), key=lambda e: [e[1]['vars.bundle'], e[0]]):
 object Service "${service_name}" {
  import "generic-service"
  % for key, value in sorted(service_config.items()):
  ${key} = ${render_value(key, value)}
  % endfor
 }
 % endfor
--- a/bundles/icinga2/files/icinga2.conf
+++ b/bundles/icinga2/files/icinga2.conf
@ -0,0 +1,4 @@
 include "constants.conf"
 include_recursive "features.d"
 include_recursive "conf.d"
 include_recursive "hosts.d"
--- a/bundles/icinga2/items.py
+++ b/bundles/icinga2/items.py
@ -0,0 +1,68 @@
 # Git-Hash for Icinga1: b63bb0ef52bf213715e567c81e3ed097024e61af
 directories = {
    '/etc/icinga2': {
        'purge': True,
        'owner': 'nagios',
    },
    '/etc/icinga2/conf.d': {
        'purge': True,
        'owner': 'nagios',
    },
    '/etc/icinga2/hosts.d': {
        'purge': True,
        'owner': 'nagios',
    },
    '/etc/icinga2/features.d': {
        'purge': True,
        'owner': 'nagios',
    },
 }
 files = {
    '/etc/icinga2/icinga2.conf': {
        'owner': 'nagios',
    },
    '/etc/icinga2/constants.conf': {
        'owner': 'nagios',
        'context': {
            'hostname': node.metadata.get('icinga2/hostname')
        },
    },
    '/etc/icinga2/conf.d/templates.conf': {
        'source': 'conf.d/templates.conf',
        'owner': 'nagios',
    },
    '/etc/icinga2/features/ido-pgsql.conf': {
        'source': 'features/ido-pgsql.conf',
        'content_type': 'mako',
        'owner': 'nagios',
        'context': {
            'db_password': node.metadata.get('postgresql/roles/icinga2/password')
        },
        'needs': [
            'pkg_apt:icinga2-ido-pgsql',
        ],
    },
 }
 for other_node in repo.nodes:
    files[f'/etc/icinga2/hosts.d/{other_node.name}.conf'] = {
        'content_type': 'mako',
        'source': 'hosts.d/host.conf',
        'owner': 'nagios',
        'context': {
            'host_name': other_node.name,
            'host_settings': {},
            'services': other_node.metadata.get('monitoring', {}),
        },
    }
 svc_systemd = {
    'icinga2': {
        'needs': [
            'pkg_apt:icinga2-ido-pgsql',
            'svc_systemd:postgresql',
        ],
    },
 }
--- a/bundles/icinga2/metadata.py
+++ b/bundles/icinga2/metadata.py
@ -0,0 +1,38 @@
 from hashlib import sha3_256
 defaults = {
    'apt': {
        'packages': {
            'icinga2': {},
            'icinga2-ido-pgsql': {},
            'icingacli': {},
        },
        'sources': {
            'deb https://packages.icinga.com/debian icinga-{release} main',
        },
    },
    'postgresql': {
        'databases': {
            'icinga2': {
                'owner': 'icinga2',
            },
        },
        'roles': {
            'icinga2': {
                'password': repo.vault.password_for(f'psql icinga2 on {node.name}'),
            },
        },
    },
    'zfs': {
        'datasets': {
            'tank/icinga2': {
                'mountpoint': '/var/lib/icinga2',
                'needed_by': {
                    'pkg_apt:icinga2',
                    'pkg_apt:icingaweb2',
                    'pkg_apt:icinga2-ido-pgsql',
                },
            },
        },
    },
 }
--- a/bundles/icingadb/items.py
+++ b/bundles/icingadb/items.py
@ -0,0 +1,14 @@
 import yaml, json
 from bundlewrap.metadata import MetadataJSONEncoder
 files = {
    '/etc/icingadb/config.yml': {
        'content': yaml.dump(
            json.loads(
                json.dumps(node.metadata.get('icingadb'), sort_keys=True, cls=MetadataJSONEncoder)
            ),
        ),
        'mode': '0640',
        'owner': 'icingadb',
    },
 }
--- a/bundles/icingadb/metadata.py
+++ b/bundles/icingadb/metadata.py
@ -0,0 +1,53 @@
 defaults = {
    'apt': {
        'packages': {
            'icingadb': {},
            'icingadb-redis': {},
            'icingadb-web': {},
        },
        'sources': {
            'deb https://packages.icinga.com/debian icinga-{release} main',
            'deb https://packages.icinga.com/debian icinga-{release}-snapshots main',
        },
    },
    'postgresql': {
        'databases': {
            'icingadb': {
                'owner': 'icingadb',
            },
        },
        'roles': {
            'icingadb': {
                'password': repo.vault.password_for(f'psql icingadb on {node.name}'),
            },
        },
    },
    'redis': {
        'icingadb': {
            'port': '6381',
        },
    },
 }
@metadata_reactor.provides(
    'icingadb',
 )
 def config(metadata):
    return {
        'icingadb': {
            'database': {
                'type': 'postgresql',
                'host': 'localhost',
                'port': 3306,
                'database': 'icingadb',
                'user': 'icingadb',
                'password': metadata.get('postgresql/roles/icingadb/password'),
            },
            'redis': {
                'address': 'localhost:6380',
            },
            'logging': {
                'level': 'info',
            },
        },
    }
--- a/bundles/icingaweb2/items.py
+++ b/bundles/icingaweb2/items.py
@ -0,0 +1,6 @@
 files = {
    '/etc/icingaweb2/setup.token': {
        'content': node.metadata.get('icingaweb2/setup_token'),
        'owner': 'nagios',
    },
 }
--- a/bundles/icingaweb2/metadata.py
+++ b/bundles/icingaweb2/metadata.py
@ -0,0 +1,67 @@
 from hashlib import sha3_256
 defaults = {
    'apt': {
        'packages': {
            'icingaweb2': {},
        },
        'sources': {
            'deb https://packages.icinga.com/debian icinga-{release} main',
            'deb https://packages.icinga.com/debian icinga-{release}-snapshots main',
        },
    },
    'postgresql': {
        'databases': {
            'icingaweb2': {
                'owner': 'icingaweb2',
            },
        },
        'roles': {
            'icingaweb2': {
                'password': str(repo.vault.password_for(f'psql icingaweb2 on {node.name}')),
            },
        },
    },
    'redis': {
        'icingadb': {},
    },
 }
@metadata_reactor.provides(
    'icingaweb2/hostname',
 )
 def hostname(metadata):
    return {
        'icingaweb2': {
            'hostname': metadata.get('icinga2/hostname'),
        },
    }
@metadata_reactor.provides(
    'icingaweb2/setup_token',
 )
 def setup_token(metadata):
    return {
        'icingaweb2': {
            'setup_token': sha3_256(metadata.get('id').encode()).hexdigest()[:16],
        },
    }
@metadata_reactor.provides(
    'nginx/vhosts',
 )
 def nginx(metadata):
    return {
        'nginx': {
            'vhosts': {
                metadata.get('icingaweb2/hostname'): {
                    'content': 'icingaweb2/vhost.conf',
                    'context': {
                    },
                },
            },
        },
    }
--- a/data/apt/keys/packages.icinga.com.asc
+++ b/data/apt/keys/packages.icinga.com.asc
@ -0,0 +1,30 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 mQGiBFKHzk4RBACSHMIFTtfw4ZsNKAA03Gf5t7ovsKWnS7kcMYleAidypqhOmkGg
 0petiYsMPYT+MOepCJFGNzwQwJhZrdLUxxMSWay4Xj0ArgpD9vbvU+gj8Tb02l+x
 SqNGP8jXMV5UnK4gZsrYGLUPvx47uNNYRIRJAGOPYTvohhnFJiG402dzlwCg4u5I
 1RdFplkp9JM6vNM9VBIAmcED/2jr7UQGsPs8YOiPkskGHLh/zXgO8SvcNAxCLgbp
 BjGcF4Iso/A2TAI/2KGJW6kBW/Paf722ltU6s/6mutdXJppgNAz5nfpEt4uZKZyu
 oSWf77179B2B/Wl1BsX/Oc3chscAgQb2pD/qPF/VYRJU+hvdQkq1zfi6cVsxyREV
 k+IwA/46nXh51CQxE29ayuy1BoIOxezvuXFUXZ8rP6aCh4KaiN9AJoy7pBieCzsq
 d7rPEeGIzBjI+yhEu8p92W6KWzL0xduWfYg9I7a2GTk8CaLX2OCLuwnKd7RVDyyZ
 yzRjWs0T5U7SRAWspLStYxMdKert9lLyQiRHtLwmlgBPqa0gh7Q+SWNpbmdhIE9w
 ZW4gU291cmNlIE1vbml0b3JpbmcgKEJ1aWxkIHNlcnZlcikgPGluZm9AaWNpbmdh
 Lm9yZz6IYAQTEQIAIAUCUofOTgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ
 EMbjGcM0QQaCgSQAnRjXdbsyqziqhmxfAKffNJYuMPwdAKCS/IRCVyQzApFBtIBQ
 1xuoym/4C7kCDQRSh85OEAgAvPwjlURCi8z6+7i60no4n16dNcSzd6AT8Kizpv2r
 9BmNBff/GNYGnHyob/DMtmO2esEuVG8w62rO9m1wzzXzjbtmtU7NZ1Tg+C+reU2I
 GNVu3SYtEVK/UTJHAhLcgry9yD99610tYPN2Fx33Efse94mXOreBfCvDsmFGSc7j
 GVNCWXpMR3jTYyGj1igYd5ztOzG63D8gPyOucTTl+RWN/G9EoGBv6sWqk5eCd1Fs
 JlWyQX4BJn3YsCZx3uj1DWL0dAl2zqcn6m1M4oj1ozW47MqM/efKOcV6VvCs9SL8
 F/NFvZcH4LKzeupCQ5jEONqcTlVlnLlIqId95Z4DI4AV9wADBQf/S6sKA4oH49tD
 Yb5xAfUyEp5ben05TzUJbXs0Z7hfRQzy9+vQbWGamWLgg3QRUVPx1e4IT+W5vEm5
 dggNTMEwlLMI7izCPDcD32B5oxNVxlfj428KGllYWCFj+edY+xKTvw/PHnn+drKs
 LE65Gwx4BPHm9EqWHIBX6aPzbgbJZZ06f6jWVBi/N7e/5n8lkxXqS23DBKemapyu
 S1i56sH7mQSMaRZP/iiOroAJemPNxv1IQkykxw2woWMmTLKLMCD/i+4DxejE50tK
 dxaOLTc4HDCsattw/RVJO6fwE414IXHMv330z4HKWJevMQ+CmQGfswvCwgeBP9n8
 PItLjBQAXIhJBBgRAgAJBQJSh85OAhsMAAoJEMbjGcM0QQaCzpAAmwUNoRyySf9p
 5G3/2UD1PMueIwOtAKDVVDXEq5LJPVg4iafNu0SRMwgP0Q==
 =icbY
 -----END PGP PUBLIC KEY BLOCK-----
--- a/data/icingaweb2/vhost.conf
+++ b/data/icingaweb2/vhost.conf
@ -0,0 +1,30 @@
 # icingacli setup config webserver nginx --document-root /usr/share/icingaweb2/public --config /etc/icingaweb2 --fpm-uri 127.0.0.1:9000
 server {
      listen 443      ssl http2;
      listen [::]:443 ssl http2;
      server_name ${server_name};
      ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
      ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
      location / {
        return 302 /icingaweb2/index.php;
      }
      location ~ ^/icingaweb2/index\.php(.*)$ {
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/share/icingaweb2/public/index.php;
        fastcgi_param ICINGAWEB_CONFIGDIR /etc/icingaweb2;
        fastcgi_param REMOTE_USER $remote_user;
      }
      location ~ ^/icingaweb2(.+)? {
        alias /usr/share/icingaweb2/public;
        index index.php;
        try_files $1 $uri $uri/ /icingaweb2/index.php$is_args$args;
      }
 }
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -18,7 +18,9 @@
        'gitea',
 #        'gollum',
        'grafana',
-        'grub',
+        'icinga2',
        'icingadb',
        'icingaweb2',
        'influxdb2',
        'mirror',
        'postgresql',
@ -70,8 +72,11 @@
            'hostname': 'grafana.sublimity.de',
            'influxdb_node': 'home.server',
        },
-        'grub': {
+        'icinga2': {
-            'kernel_params': {'nomodeset'}, # nvidia GT1030 freeze fix
+            'hostname': 'icinga.sublimity.de',
        },
        'icingaweb2': {
            'hostname': 'icinga.sublimity.de',
        },
        'influxdb': {
            'hostname': 'influxdb.sublimity.de',
Author	SHA1	Message	Date
mwiegand	ec26eb548f	wip	2022-08-13 15:31:52 +02:00
mwiegand	17181f9df0	wip	2022-08-13 15:31:52 +02:00
mwiegand	3d8deecd68	wip	2022-08-13 15:31:52 +02:00
mwiegand	7f42679f29	wip	2022-08-13 15:31:52 +02:00
mwiegand	a9918735ea	wip	2022-08-13 15:31:52 +02:00
mwiegand	ef192700ba	wip	2022-08-13 15:31:52 +02:00