init.sls 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. # Install icinga2 package
  8. icinga2:
  9. pkg.installed:
  10. - name: icinga2
  11. service.running:
  12. - enable: True
  13. - reload: True
  14. # Install plugins (official + our own)
  15. monitoring-plugin-pkgs:
  16. pkg.installed:
  17. - pkgs:
  18. - monitoring-plugins
  19. - nagios-plugins-contrib
  20. - libyaml-syck-perl
  21. - libnagios-plugin-perl
  22. - lsof
  23. - watch_in:
  24. - service: icinga2
  25. ffho-plugins:
  26. file.recurse:
  27. - name: /usr/local/share/monitoring-plugins/
  28. - source: salt://icinga2/plugins/
  29. - file_mode: 755
  30. - dir_mode: 755
  31. - user: root
  32. - group: root
  33. # Install sudo
  34. sudo:
  35. pkg.installed
  36. /etc/sudoers.d/icinga2:
  37. file.managed:
  38. - source: salt://icinga2/icinga2.sudoers
  39. - mode: 0440
  40. # Icinga2 master config (for master and all nodes)
  41. /etc/icinga2/icinga2.conf:
  42. file.managed:
  43. - source:
  44. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  45. - salt://icinga2/icinga2.conf
  46. - require:
  47. - pkg: icinga2
  48. - watch_in:
  49. - service: icinga2
  50. # Add FFHOPluginDir
  51. /etc/icinga2/constants.conf:
  52. file.managed:
  53. - source: salt://icinga2/constants.conf
  54. - require:
  55. - pkg: icinga2
  56. - watch_in:
  57. - service: icinga2
  58. # Connect "master" and client zones
  59. /etc/icinga2/zones.conf:
  60. file.managed:
  61. - source:
  62. - salt://icinga2/zones.conf.H_{{ grains.id }}
  63. - salt://icinga2/zones.conf
  64. - require:
  65. - pkg: icinga2
  66. - watch_in:
  67. - service: icinga2
  68. # Install host cert + key readable for icinga
  69. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  70. /etc/icinga2/pki/ffhohost.cert.pem:
  71. file.managed:
  72. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  73. - source: salt://certs/certs/{{ cn }}.cert.pem
  74. {% else %}
  75. - contents_pillar: {{ pillar_name }}:cert
  76. {% endif %}
  77. - user: root
  78. - group: root
  79. - mode: 644
  80. - require:
  81. - pkg: icinga2
  82. - watch_in:
  83. - service: icinga2
  84. /etc/icinga2/pki/ffhohost.key.pem:
  85. file.managed:
  86. - contents_pillar: {{ pillar_name }}:privkey
  87. - user: root
  88. - group: nagios
  89. - mode: 440
  90. - require:
  91. - pkg: icinga2
  92. - watch_in:
  93. - service: icinga2
  94. # Activate Icinga2 features: API
  95. {% for feature in ['api'] %}
  96. /etc/icinga2/features-enabled/{{ feature }}.conf:
  97. file.symlink:
  98. - target: "../features-available/{{ feature }}.conf"
  99. - require:
  100. - pkg: icinga2
  101. - watch_in:
  102. - service: icinga2
  103. {% endfor %}
  104. # Install command definitions
  105. /etc/icinga2/commands.d:
  106. file.recurse:
  107. - source: salt://icinga2/commands.d
  108. - file_mode: 644
  109. - dir_mode: 755
  110. - user: root
  111. - group: root
  112. - clean: true
  113. - require:
  114. - pkg: icinga2
  115. - watch_in:
  116. - service: icinga2
  117. ################################################################################
  118. # Icinga2 Server #
  119. ################################################################################
  120. {% if 'icinga2server' in roles %}
  121. # Create directory for ffho specific configs
  122. /etc/icinga2/ffho-conf.d:
  123. file.directory:
  124. - makedirs: true
  125. - require:
  126. - pkg: icinga2
  127. # Install command definitions
  128. /etc/icinga2/ffho-conf.d/services:
  129. file.recurse:
  130. - source: salt://icinga2/services
  131. - file_mode: 644
  132. - dir_mode: 755
  133. - user: root
  134. - group: root
  135. - clean: true
  136. - require:
  137. - pkg: icinga2
  138. - watch_in:
  139. - service: icinga2
  140. # Create client node/zone objects
  141. /etc/icinga2/ffho-conf.d/hosts/:
  142. file.directory:
  143. - makedirs: true
  144. - require:
  145. - pkg: icinga2
  146. # Generate config file for every client known to pillar
  147. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  148. {% if node_config.get ('icinga2', "") != 'ignore' %}
  149. /etc/icinga2/ffho-conf.d/hosts/{{ node_id }}.conf:
  150. file.managed:
  151. - source: salt://icinga2/host.conf.tmpl
  152. - template: jinja
  153. - context:
  154. node_id: {{ node_id }}
  155. node_config: {{ node_config }}
  156. - require:
  157. - file: /etc/icinga2/ffho-conf.d/hosts/
  158. - watch_in:
  159. - service: icinga2
  160. {% endif %}
  161. {% endfor %}
  162. ################################################################################
  163. # Icinga2 Client #
  164. ################################################################################
  165. {% else %}
  166. # Nodes should accept config and commands from Icinga2 server
  167. /etc/icinga2/features-available/api.conf:
  168. file.managed:
  169. - source: salt://icinga2/api.conf
  170. - require:
  171. - pkg: icinga2
  172. - watch_in:
  173. - service: icinga2
  174. /etc/icinga2/ffho-conf.d/:
  175. file.absent:
  176. - watch_in:
  177. - service: icinga2
  178. /etc/icinga2/check-commands.conf:
  179. file.absent:
  180. - watch_in:
  181. - service: icinga2
  182. {% endif %}