init.sls 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. - needrestart
  9. # Install icinga2 package
  10. icinga2:
  11. pkg.installed:
  12. - name: icinga2
  13. service.running:
  14. - enable: True
  15. - reload: True
  16. # Create directory for systemd overrides
  17. /etc/systemd/system/icinga2.service.d:
  18. file.directory:
  19. - require:
  20. - pkg: icinga2
  21. # Add override for ExecStart to close stdio
  22. /etc/systemd/system/icinga2.service.d/override.conf:
  23. file.managed:
  24. - source: salt://icinga2/systemd.override.conf
  25. - require:
  26. - file: /etc/systemd/system/icinga2.service.d
  27. - watch_in:
  28. - service: icinga2
  29. # Install plugins (official + our own)
  30. monitoring-plugin-pkgs:
  31. pkg.installed:
  32. - pkgs:
  33. - monitoring-plugins
  34. - nagios-plugins-contrib
  35. - libyaml-syck-perl
  36. - libmonitoring-plugin-perl
  37. - curl
  38. - lsof
  39. - python3-dnspython
  40. - watch_in:
  41. - service: icinga2
  42. ffho-plugins:
  43. file.recurse:
  44. - name: /usr/local/share/monitoring-plugins/
  45. - source: salt://icinga2/plugins/
  46. - file_mode: 755
  47. - dir_mode: 755
  48. - user: root
  49. - group: root
  50. # Install sudoers file for Icinga2 checks
  51. /etc/sudoers.d/icinga2:
  52. file.managed:
  53. - source: salt://icinga2/icinga2.sudoers
  54. - mode: 0440
  55. # Icinga2 master config (for master and all nodes)
  56. /etc/icinga2/icinga2.conf:
  57. file.managed:
  58. - source:
  59. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  60. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  61. - salt://icinga2/icinga2.conf
  62. - require:
  63. - pkg: icinga2
  64. - watch_in:
  65. - service: icinga2
  66. # Add FFHOPluginDir
  67. /etc/icinga2/constants.conf:
  68. file.managed:
  69. - source: salt://icinga2/constants.conf
  70. - require:
  71. - pkg: icinga2
  72. - watch_in:
  73. - service: icinga2
  74. # Connect "master" and client zones
  75. /etc/icinga2/zones.conf:
  76. file.managed:
  77. - source:
  78. - salt://icinga2/zones.conf.H_{{ grains.id }}
  79. - salt://icinga2/zones.conf
  80. - template: jinja
  81. - require:
  82. - pkg: icinga2
  83. - watch_in:
  84. - service: icinga2
  85. # Install host cert + key readable for icinga
  86. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  87. /etc/icinga2/pki/ffhohost.cert.pem:
  88. file.managed:
  89. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  90. - source: salt://certs/certs/{{ cn }}.cert.pem
  91. {% else %}
  92. - contents_pillar: {{ pillar_name }}:cert
  93. {% endif %}
  94. - user: root
  95. - group: root
  96. - mode: 644
  97. - require:
  98. - pkg: icinga2
  99. - watch_in:
  100. - service: icinga2
  101. /etc/icinga2/pki/ffhohost.key.pem:
  102. file.managed:
  103. - contents_pillar: {{ pillar_name }}:privkey
  104. - user: root
  105. - group: nagios
  106. - mode: 440
  107. - require:
  108. - pkg: icinga2
  109. - watch_in:
  110. - service: icinga2
  111. # Activate Icinga2 features: API
  112. {% for feature in ['api'] %}
  113. /etc/icinga2/features-enabled/{{ feature }}.conf:
  114. file.symlink:
  115. - target: "../features-available/{{ feature }}.conf"
  116. - require:
  117. - pkg: icinga2
  118. - watch_in:
  119. - service: icinga2
  120. {% endfor %}
  121. # Install command definitions
  122. /etc/icinga2/commands.d:
  123. file.recurse:
  124. - source: salt://icinga2/commands.d
  125. - template: jinja
  126. - file_mode: 644
  127. - dir_mode: 755
  128. - user: root
  129. - group: root
  130. - clean: true
  131. - require:
  132. - pkg: icinga2
  133. - watch_in:
  134. - service: icinga2
  135. # Create directory for ffho specific configs
  136. /etc/icinga2/ffho-conf.d:
  137. file.directory:
  138. - makedirs: true
  139. - require:
  140. - pkg: icinga2
  141. ################################################################################
  142. # Icinga2 Server #
  143. ################################################################################
  144. {% if 'icinga2server' in roles %}
  145. # Users and Notifications
  146. /etc/icinga2/ffho-conf.d/users.conf:
  147. file.managed:
  148. - source: salt://icinga2/users.conf.tmpl
  149. - template: jinja
  150. - require:
  151. - pkg: icinga2
  152. - watch_in:
  153. - service: icinga2
  154. /etc/icinga2/ffho-conf.d/notifications.conf:
  155. file.managed:
  156. - source: salt://icinga2/notifications.conf.tmpl
  157. - template: jinja
  158. - require:
  159. - pkg: icinga2
  160. - watch_in:
  161. - service: icinga2
  162. # Install command definitions
  163. /etc/icinga2/ffho-conf.d/services:
  164. file.recurse:
  165. - source: salt://icinga2/services
  166. - file_mode: 644
  167. - dir_mode: 755
  168. - user: root
  169. - group: root
  170. - clean: true
  171. - template: jinja
  172. - require:
  173. - pkg: icinga2
  174. - watch_in:
  175. - service: icinga2
  176. # Create client node/zone objects
  177. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  178. file.directory:
  179. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  180. - makedirs: true
  181. - require:
  182. - pkg: icinga2
  183. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  184. file.directory:
  185. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  186. - clean: true
  187. - watch_in:
  188. - service: icinga2
  189. # Generate config file for every client known to pillar
  190. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  191. {# Only monitor hosts which are active or staged. #}
  192. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  193. {% continue %}
  194. {% endif %}
  195. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  196. file.managed:
  197. - source: salt://icinga2/host.conf.tmpl
  198. - template: jinja
  199. - context:
  200. node_id: {{ node_id }}
  201. node_config: {{ node_config }}
  202. - require:
  203. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  204. - require_in:
  205. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  206. - watch_in:
  207. - service: icinga2
  208. {% endfor %}
  209. # Create configuration for network devices
  210. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  211. file.directory:
  212. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  213. - makedirs: true
  214. - require:
  215. - pkg: icinga2
  216. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  217. file.directory:
  218. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  219. - makedirs: true
  220. - require:
  221. - pkg: icinga2
  222. - watch_in:
  223. - service: icinga2
  224. # Generate config files for every WBBL device known to pillar
  225. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  226. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  227. file.managed:
  228. - source: salt://icinga2/wbbl.conf.tmpl
  229. - template: jinja
  230. - context:
  231. link_id: {{ link_id }}
  232. link_config: {{ link_config }}
  233. - require:
  234. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  235. - require_in:
  236. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  237. - watch_in:
  238. - service: icinga2
  239. {% endfor %}
  240. ################################################################################
  241. # Icinga2 Client #
  242. ################################################################################
  243. {% else %}
  244. # Nodes should accept config and commands from Icinga2 server
  245. /etc/icinga2/features-available/api.conf:
  246. file.managed:
  247. - source: salt://icinga2/api.conf
  248. - require:
  249. - pkg: icinga2
  250. - watch_in:
  251. - service: icinga2
  252. # Client should not notify by themselves
  253. /etc/icinga2/features-enabled/notification.conf:
  254. file.absent:
  255. - watch_in:
  256. - service: icinga2
  257. {% endif %}
  258. ################################################################################
  259. # Check related stuff #
  260. ################################################################################
  261. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  262. file.managed:
  263. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  264. - template: jinja
  265. - require:
  266. - file: /etc/icinga2/ffho-conf.d
  267. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  268. file.managed:
  269. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  270. - template: jinja
  271. - require:
  272. - file: /etc/icinga2/ffho-conf.d
  273. salt-cron-state-apply:
  274. cron.present:
  275. - identifier: SALT_CRON_STATE_APPLY
  276. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  277. - user: root
  278. - minute: random
  279. - hour: "*/6"