init.sls 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. # Install icinga2 package
  9. icinga2:
  10. pkg.installed:
  11. - name: icinga2
  12. service.running:
  13. - enable: True
  14. - reload: True
  15. # Install plugins (official + our own)
  16. monitoring-plugin-pkgs:
  17. pkg.installed:
  18. - pkgs:
  19. - monitoring-plugins
  20. - nagios-plugins-contrib
  21. - libyaml-syck-perl
  22. - libmonitoring-plugin-perl
  23. - lsof
  24. - python3-dnspython
  25. - watch_in:
  26. - service: icinga2
  27. ffho-plugins:
  28. file.recurse:
  29. - name: /usr/local/share/monitoring-plugins/
  30. - source: salt://icinga2/plugins/
  31. - file_mode: 755
  32. - dir_mode: 755
  33. - user: root
  34. - group: root
  35. # Install sudoers file for Icinga2 checks
  36. /etc/sudoers.d/icinga2:
  37. file.managed:
  38. - source: salt://icinga2/icinga2.sudoers
  39. - mode: 0440
  40. # Icinga2 master config (for master and all nodes)
  41. /etc/icinga2/icinga2.conf:
  42. file.managed:
  43. - source:
  44. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  45. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  46. - salt://icinga2/icinga2.conf
  47. - require:
  48. - pkg: icinga2
  49. - watch_in:
  50. - service: icinga2
  51. # Add FFHOPluginDir
  52. /etc/icinga2/constants.conf:
  53. file.managed:
  54. - source: salt://icinga2/constants.conf
  55. - require:
  56. - pkg: icinga2
  57. - watch_in:
  58. - service: icinga2
  59. # Connect "master" and client zones
  60. /etc/icinga2/zones.conf:
  61. file.managed:
  62. - source:
  63. - salt://icinga2/zones.conf.H_{{ grains.id }}
  64. - salt://icinga2/zones.conf
  65. - template: jinja
  66. - require:
  67. - pkg: icinga2
  68. - watch_in:
  69. - service: icinga2
  70. # Install host cert + key readable for icinga
  71. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  72. /etc/icinga2/pki/ffhohost.cert.pem:
  73. file.managed:
  74. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  75. - source: salt://certs/certs/{{ cn }}.cert.pem
  76. {% else %}
  77. - contents_pillar: {{ pillar_name }}:cert
  78. {% endif %}
  79. - user: root
  80. - group: root
  81. - mode: 644
  82. - require:
  83. - pkg: icinga2
  84. - watch_in:
  85. - service: icinga2
  86. /etc/icinga2/pki/ffhohost.key.pem:
  87. file.managed:
  88. - contents_pillar: {{ pillar_name }}:privkey
  89. - user: root
  90. - group: nagios
  91. - mode: 440
  92. - require:
  93. - pkg: icinga2
  94. - watch_in:
  95. - service: icinga2
  96. # Activate Icinga2 features: API
  97. {% for feature in ['api'] %}
  98. /etc/icinga2/features-enabled/{{ feature }}.conf:
  99. file.symlink:
  100. - target: "../features-available/{{ feature }}.conf"
  101. - require:
  102. - pkg: icinga2
  103. - watch_in:
  104. - service: icinga2
  105. {% endfor %}
  106. # Install command definitions
  107. /etc/icinga2/commands.d:
  108. file.recurse:
  109. - source: salt://icinga2/commands.d
  110. - template: jinja
  111. - file_mode: 644
  112. - dir_mode: 755
  113. - user: root
  114. - group: root
  115. - clean: true
  116. - require:
  117. - pkg: icinga2
  118. - watch_in:
  119. - service: icinga2
  120. # Create directory for ffho specific configs
  121. /etc/icinga2/ffho-conf.d:
  122. file.directory:
  123. - makedirs: true
  124. - require:
  125. - pkg: icinga2
  126. ################################################################################
  127. # Icinga2 Server #
  128. ################################################################################
  129. {% if 'icinga2server' in roles %}
  130. # Install command definitions
  131. /etc/icinga2/ffho-conf.d/services:
  132. file.recurse:
  133. - source: salt://icinga2/services
  134. - file_mode: 644
  135. - dir_mode: 755
  136. - user: root
  137. - group: root
  138. - clean: true
  139. - template: jinja
  140. - require:
  141. - pkg: icinga2
  142. - watch_in:
  143. - service: icinga2
  144. # Create client node/zone objects
  145. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  146. file.directory:
  147. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  148. - makedirs: true
  149. - require:
  150. - pkg: icinga2
  151. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  152. file.directory:
  153. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  154. - clean: true
  155. - watch_in:
  156. - service: icinga2
  157. # Generate config file for every client known to pillar
  158. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  159. {# Only monitor hosts which are active or staged. #}
  160. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  161. {% continue %}
  162. {% endif %}
  163. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  164. file.managed:
  165. - source: salt://icinga2/host.conf.tmpl
  166. - template: jinja
  167. - context:
  168. node_id: {{ node_id }}
  169. node_config: {{ node_config }}
  170. - require:
  171. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  172. - require_in:
  173. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  174. - watch_in:
  175. - service: icinga2
  176. {% endfor %}
  177. # Create configuration for network devices
  178. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  179. file.directory:
  180. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  181. - makedirs: true
  182. - require:
  183. - pkg: icinga2
  184. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  185. file.directory:
  186. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  187. - makedirs: true
  188. - require:
  189. - pkg: icinga2
  190. - watch_in:
  191. - service: icinga2
  192. # Generate config files for every WBBL device known to pillar
  193. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  194. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  195. file.managed:
  196. - source: salt://icinga2/wbbl.conf.tmpl
  197. - template: jinja
  198. - context:
  199. link_id: {{ link_id }}
  200. link_config: {{ link_config }}
  201. - require:
  202. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  203. - require_in:
  204. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  205. - watch_in:
  206. - service: icinga2
  207. {% endfor %}
  208. ################################################################################
  209. # Icinga2 Client #
  210. ################################################################################
  211. {% else %}
  212. # Nodes should accept config and commands from Icinga2 server
  213. /etc/icinga2/features-available/api.conf:
  214. file.managed:
  215. - source: salt://icinga2/api.conf
  216. - require:
  217. - pkg: icinga2
  218. - watch_in:
  219. - service: icinga2
  220. # Client should not notify by themselves
  221. /etc/icinga2/features-enable/notification.conf:
  222. file.absent:
  223. - watch_in:
  224. - service: icinga2
  225. {% endif %}
  226. ################################################################################
  227. # Check related stuff #
  228. ################################################################################
  229. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  230. file.managed:
  231. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  232. - template: jinja
  233. - require:
  234. - file: /etc/icinga2/ffho-conf.d
  235. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  236. file.managed:
  237. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  238. - template: jinja
  239. - require:
  240. - file: /etc/icinga2/ffho-conf.d
  241. salt-cron-state-apply:
  242. cron.present:
  243. - identifier: SALT_CRON_STATE_APPLY
  244. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  245. - user: root
  246. - minute: random
  247. - hour: "*/6"