init.sls 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. - needrestart
  9. # Install icinga2 package
  10. icinga2:
  11. pkg.installed:
  12. - name: icinga2
  13. service.running:
  14. - enable: True
  15. - reload: True
  16. # Install plugins (official + our own)
  17. monitoring-plugin-pkgs:
  18. pkg.installed:
  19. - pkgs:
  20. - monitoring-plugins
  21. - nagios-plugins-contrib
  22. - libyaml-syck-perl
  23. - libmonitoring-plugin-perl
  24. - curl
  25. - lsof
  26. - python3-dnspython
  27. - watch_in:
  28. - service: icinga2
  29. ffho-plugins:
  30. file.recurse:
  31. - name: /usr/local/share/monitoring-plugins/
  32. - source: salt://icinga2/plugins/
  33. - file_mode: 755
  34. - dir_mode: 755
  35. - user: root
  36. - group: root
  37. # Install sudoers file for Icinga2 checks
  38. /etc/sudoers.d/icinga2:
  39. file.managed:
  40. - source: salt://icinga2/icinga2.sudoers
  41. - mode: 0440
  42. # Icinga2 master config (for master and all nodes)
  43. /etc/icinga2/icinga2.conf:
  44. file.managed:
  45. - source:
  46. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  47. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  48. - salt://icinga2/icinga2.conf
  49. - require:
  50. - pkg: icinga2
  51. - watch_in:
  52. - service: icinga2
  53. # Add FFHOPluginDir
  54. /etc/icinga2/constants.conf:
  55. file.managed:
  56. - source: salt://icinga2/constants.conf
  57. - require:
  58. - pkg: icinga2
  59. - watch_in:
  60. - service: icinga2
  61. # Connect "master" and client zones
  62. /etc/icinga2/zones.conf:
  63. file.managed:
  64. - source:
  65. - salt://icinga2/zones.conf.H_{{ grains.id }}
  66. - salt://icinga2/zones.conf
  67. - template: jinja
  68. - require:
  69. - pkg: icinga2
  70. - watch_in:
  71. - service: icinga2
  72. # Install host cert + key readable for icinga
  73. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  74. /etc/icinga2/pki/ffhohost.cert.pem:
  75. file.managed:
  76. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  77. - source: salt://certs/certs/{{ cn }}.cert.pem
  78. {% else %}
  79. - contents_pillar: {{ pillar_name }}:cert
  80. {% endif %}
  81. - user: root
  82. - group: root
  83. - mode: 644
  84. - require:
  85. - pkg: icinga2
  86. - watch_in:
  87. - service: icinga2
  88. /etc/icinga2/pki/ffhohost.key.pem:
  89. file.managed:
  90. - contents_pillar: {{ pillar_name }}:privkey
  91. - user: root
  92. - group: nagios
  93. - mode: 440
  94. - require:
  95. - pkg: icinga2
  96. - watch_in:
  97. - service: icinga2
  98. # Activate Icinga2 features: API
  99. {% for feature in ['api'] %}
  100. /etc/icinga2/features-enabled/{{ feature }}.conf:
  101. file.symlink:
  102. - target: "../features-available/{{ feature }}.conf"
  103. - require:
  104. - pkg: icinga2
  105. - watch_in:
  106. - service: icinga2
  107. {% endfor %}
  108. # Install command definitions
  109. /etc/icinga2/commands.d:
  110. file.recurse:
  111. - source: salt://icinga2/commands.d
  112. - template: jinja
  113. - file_mode: 644
  114. - dir_mode: 755
  115. - user: root
  116. - group: root
  117. - clean: true
  118. - require:
  119. - pkg: icinga2
  120. - watch_in:
  121. - service: icinga2
  122. # Create directory for ffho specific configs
  123. /etc/icinga2/ffho-conf.d:
  124. file.directory:
  125. - makedirs: true
  126. - require:
  127. - pkg: icinga2
  128. ################################################################################
  129. # Icinga2 Server #
  130. ################################################################################
  131. {% if 'icinga2server' in roles %}
  132. # Users and Notifications
  133. /etc/icinga2/ffho-conf.d/users.conf:
  134. file.managed:
  135. - source: salt://icinga2/users.conf.tmpl
  136. - template: jinja
  137. - require:
  138. - pkg: icinga2
  139. - watch_in:
  140. - service: icinga2
  141. /etc/icinga2/ffho-conf.d/notifications.conf:
  142. file.managed:
  143. - source: salt://icinga2/notifications.conf.tmpl
  144. - template: jinja
  145. - require:
  146. - pkg: icinga2
  147. - watch_in:
  148. - service: icinga2
  149. # Install command definitions
  150. /etc/icinga2/ffho-conf.d/services:
  151. file.recurse:
  152. - source: salt://icinga2/services
  153. - file_mode: 644
  154. - dir_mode: 755
  155. - user: root
  156. - group: root
  157. - clean: true
  158. - template: jinja
  159. - require:
  160. - pkg: icinga2
  161. - watch_in:
  162. - service: icinga2
  163. # Create client node/zone objects
  164. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  165. file.directory:
  166. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  167. - makedirs: true
  168. - require:
  169. - pkg: icinga2
  170. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  171. file.directory:
  172. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  173. - clean: true
  174. - watch_in:
  175. - service: icinga2
  176. # Generate config file for every client known to pillar
  177. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  178. {# Only monitor hosts which are active or staged. #}
  179. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  180. {% continue %}
  181. {% endif %}
  182. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  183. file.managed:
  184. - source: salt://icinga2/host.conf.tmpl
  185. - template: jinja
  186. - context:
  187. node_id: {{ node_id }}
  188. node_config: {{ node_config }}
  189. - require:
  190. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  191. - require_in:
  192. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  193. - watch_in:
  194. - service: icinga2
  195. {% endfor %}
  196. # Create configuration for network devices
  197. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  198. file.directory:
  199. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  200. - makedirs: true
  201. - require:
  202. - pkg: icinga2
  203. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  204. file.directory:
  205. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  206. - makedirs: true
  207. - require:
  208. - pkg: icinga2
  209. - watch_in:
  210. - service: icinga2
  211. # Generate config files for every WBBL device known to pillar
  212. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  213. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  214. file.managed:
  215. - source: salt://icinga2/wbbl.conf.tmpl
  216. - template: jinja
  217. - context:
  218. link_id: {{ link_id }}
  219. link_config: {{ link_config }}
  220. - require:
  221. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  222. - require_in:
  223. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  224. - watch_in:
  225. - service: icinga2
  226. {% endfor %}
  227. ################################################################################
  228. # Icinga2 Client #
  229. ################################################################################
  230. {% else %}
  231. # Nodes should accept config and commands from Icinga2 server
  232. /etc/icinga2/features-available/api.conf:
  233. file.managed:
  234. - source: salt://icinga2/api.conf
  235. - require:
  236. - pkg: icinga2
  237. - watch_in:
  238. - service: icinga2
  239. # Client should not notify by themselves
  240. /etc/icinga2/features-enabled/notification.conf:
  241. file.absent:
  242. - watch_in:
  243. - service: icinga2
  244. {% endif %}
  245. ################################################################################
  246. # Check related stuff #
  247. ################################################################################
  248. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  249. file.managed:
  250. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  251. - template: jinja
  252. - require:
  253. - file: /etc/icinga2/ffho-conf.d
  254. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  255. file.managed:
  256. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  257. - template: jinja
  258. - require:
  259. - file: /etc/icinga2/ffho-conf.d
  260. salt-cron-state-apply:
  261. cron.present:
  262. - identifier: SALT_CRON_STATE_APPLY
  263. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  264. - user: root
  265. - minute: random
  266. - hour: "*/6"