init.sls 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. - needrestart
  9. # Install icinga2 package
  10. icinga2:
  11. pkg.installed:
  12. - name: icinga2
  13. service.running:
  14. - enable: True
  15. - reload: True
  16. # Create directory for systemd overrides
  17. /etc/systemd/system/icinga2.service.d:
  18. file.directory:
  19. - require:
  20. - pkg: icinga2
  21. # Add override for ExecStart to close stdio
  22. /etc/systemd/system/icinga2.service.d/override.conf:
  23. {% if grains.oscodename == "buster" %}
  24. file.managed:
  25. - source: salt://icinga2/systemd.override.conf
  26. - require:
  27. - file: /etc/systemd/system/icinga2.service.d
  28. - watch_in:
  29. - service: icinga2
  30. {% else %}
  31. file.absent
  32. {% endif %}
  33. systemd-reload:
  34. cmd.run:
  35. - name: systemctl daemon-reload
  36. - watch:
  37. - file: /etc/systemd/system/icinga2.service.d/override.conf
  38. # Install plugins (official + our own)
  39. monitoring-plugin-pkgs:
  40. pkg.installed:
  41. - pkgs:
  42. - monitoring-plugins
  43. - nagios-plugins-contrib
  44. - libyaml-syck-perl
  45. - libmonitoring-plugin-perl
  46. - curl
  47. - lsof
  48. - python3-dnspython
  49. - watch_in:
  50. - service: icinga2
  51. ffho-plugins:
  52. file.recurse:
  53. - name: /usr/local/share/monitoring-plugins/
  54. - source: salt://icinga2/plugins/
  55. - file_mode: 755
  56. - dir_mode: 755
  57. - user: root
  58. - group: root
  59. # Install sudoers file for Icinga2 checks
  60. /etc/sudoers.d/icinga2:
  61. file.managed:
  62. - source: salt://icinga2/icinga2.sudoers
  63. - mode: 0440
  64. # Icinga2 master config (for master and all nodes)
  65. /etc/icinga2/icinga2.conf:
  66. file.managed:
  67. - source:
  68. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  69. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  70. - salt://icinga2/icinga2.conf
  71. - require:
  72. - pkg: icinga2
  73. - watch_in:
  74. - service: icinga2
  75. # Add FFHOPluginDir
  76. /etc/icinga2/constants.conf:
  77. file.managed:
  78. - source: salt://icinga2/constants.conf
  79. - require:
  80. - pkg: icinga2
  81. - watch_in:
  82. - service: icinga2
  83. # Connect "master" and client zones
  84. /etc/icinga2/zones.conf:
  85. file.managed:
  86. - source:
  87. - salt://icinga2/zones.conf.H_{{ grains.id }}
  88. - salt://icinga2/zones.conf
  89. - template: jinja
  90. - require:
  91. - pkg: icinga2
  92. - watch_in:
  93. - service: icinga2
  94. # Install host cert + key readable for icinga
  95. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  96. /etc/icinga2/pki/ffhohost.cert.pem:
  97. file.managed:
  98. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  99. - source: salt://certs/certs/{{ cn }}.cert.pem
  100. {% else %}
  101. - contents_pillar: {{ pillar_name }}:cert
  102. {% endif %}
  103. - user: root
  104. - group: root
  105. - mode: 644
  106. - require:
  107. - pkg: icinga2
  108. - watch_in:
  109. - service: icinga2
  110. /etc/icinga2/pki/ffhohost.key.pem:
  111. file.managed:
  112. - contents_pillar: {{ pillar_name }}:privkey
  113. - user: root
  114. - group: nagios
  115. - mode: 440
  116. - require:
  117. - pkg: icinga2
  118. - watch_in:
  119. - service: icinga2
  120. # Activate Icinga2 features: API
  121. {% for feature in ['api'] %}
  122. /etc/icinga2/features-enabled/{{ feature }}.conf:
  123. file.symlink:
  124. - target: "../features-available/{{ feature }}.conf"
  125. - require:
  126. - pkg: icinga2
  127. - watch_in:
  128. - service: icinga2
  129. {% endfor %}
  130. # Install command definitions
  131. /etc/icinga2/commands.d:
  132. file.recurse:
  133. - source: salt://icinga2/commands.d
  134. - template: jinja
  135. - file_mode: 644
  136. - dir_mode: 755
  137. - user: root
  138. - group: root
  139. - clean: true
  140. - require:
  141. - pkg: icinga2
  142. - watch_in:
  143. - service: icinga2
  144. # Create directory for ffho specific configs
  145. /etc/icinga2/ffho-conf.d:
  146. file.directory:
  147. - makedirs: true
  148. - require:
  149. - pkg: icinga2
  150. ################################################################################
  151. # Icinga2 Server #
  152. ################################################################################
  153. {% if 'icinga2server' in roles %}
  154. # Users and Notifications
  155. /etc/icinga2/ffho-conf.d/users.conf:
  156. file.managed:
  157. - source: salt://icinga2/users.conf.tmpl
  158. - template: jinja
  159. - require:
  160. - pkg: icinga2
  161. - watch_in:
  162. - service: icinga2
  163. /etc/icinga2/ffho-conf.d/notifications.conf:
  164. file.managed:
  165. - source: salt://icinga2/notifications.conf.tmpl
  166. - template: jinja
  167. - require:
  168. - pkg: icinga2
  169. - watch_in:
  170. - service: icinga2
  171. # Install command definitions
  172. /etc/icinga2/ffho-conf.d/services:
  173. file.recurse:
  174. - source: salt://icinga2/services
  175. - file_mode: 644
  176. - dir_mode: 755
  177. - user: root
  178. - group: root
  179. - clean: true
  180. - template: jinja
  181. - require:
  182. - pkg: icinga2
  183. - watch_in:
  184. - service: icinga2
  185. # Create client node/zone objects
  186. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  187. file.directory:
  188. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  189. - makedirs: true
  190. - require:
  191. - pkg: icinga2
  192. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  193. file.directory:
  194. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  195. - clean: true
  196. - watch_in:
  197. - service: icinga2
  198. # Generate config file for every client known to pillar
  199. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  200. {# Only monitor hosts which are active or staged. #}
  201. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  202. {% continue %}
  203. {% endif %}
  204. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  205. file.managed:
  206. - source: salt://icinga2/host.conf.tmpl
  207. - template: jinja
  208. - context:
  209. node_id: {{ node_id }}
  210. node_config: {{ node_config }}
  211. - require:
  212. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  213. - require_in:
  214. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  215. - watch_in:
  216. - service: icinga2
  217. {% endfor %}
  218. # Create configuration for network devices
  219. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  220. file.directory:
  221. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  222. - makedirs: true
  223. - require:
  224. - pkg: icinga2
  225. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  226. file.directory:
  227. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  228. - makedirs: true
  229. - require:
  230. - pkg: icinga2
  231. - watch_in:
  232. - service: icinga2
  233. # Generate config files for every WBBL device known to pillar
  234. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  235. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  236. file.managed:
  237. - source: salt://icinga2/wbbl.conf.tmpl
  238. - template: jinja
  239. - context:
  240. link_id: {{ link_id }}
  241. link_config: {{ link_config }}
  242. - require:
  243. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  244. - require_in:
  245. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  246. - watch_in:
  247. - service: icinga2
  248. {% endfor %}
  249. ################################################################################
  250. # Icinga2 Client #
  251. ################################################################################
  252. {% else %}
  253. # Nodes should accept config and commands from Icinga2 server
  254. /etc/icinga2/features-available/api.conf:
  255. file.managed:
  256. - source: salt://icinga2/api.conf
  257. - require:
  258. - pkg: icinga2
  259. - watch_in:
  260. - service: icinga2
  261. # Client should not notify by themselves
  262. /etc/icinga2/features-enabled/notification.conf:
  263. file.absent:
  264. - watch_in:
  265. - service: icinga2
  266. {% endif %}
  267. ################################################################################
  268. # Check related stuff #
  269. ################################################################################
  270. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  271. file.managed:
  272. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  273. - template: jinja
  274. - require:
  275. - file: /etc/icinga2/ffho-conf.d
  276. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  277. file.managed:
  278. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  279. - template: jinja
  280. - require:
  281. - file: /etc/icinga2/ffho-conf.d
  282. salt-cron-state-apply:
  283. cron.present:
  284. - identifier: SALT_CRON_STATE_APPLY
  285. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  286. - user: root
  287. - minute: random
  288. - hour: "*/6"