init.sls 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. - needrestart
  9. # Install icinga2 package
  10. icinga2:
  11. pkg.installed:
  12. - name: icinga2
  13. service.running:
  14. - enable: True
  15. - reload: True
  16. # Install plugins (official + our own)
  17. monitoring-plugin-pkgs:
  18. pkg.installed:
  19. - pkgs:
  20. - monitoring-plugins
  21. - nagios-plugins-contrib
  22. - libyaml-syck-perl
  23. - libmonitoring-plugin-perl
  24. - lsof
  25. - python3-dnspython
  26. - watch_in:
  27. - service: icinga2
  28. ffho-plugins:
  29. file.recurse:
  30. - name: /usr/local/share/monitoring-plugins/
  31. - source: salt://icinga2/plugins/
  32. - file_mode: 755
  33. - dir_mode: 755
  34. - user: root
  35. - group: root
  36. # Install sudoers file for Icinga2 checks
  37. /etc/sudoers.d/icinga2:
  38. file.managed:
  39. - source: salt://icinga2/icinga2.sudoers
  40. - mode: 0440
  41. # Icinga2 master config (for master and all nodes)
  42. /etc/icinga2/icinga2.conf:
  43. file.managed:
  44. - source:
  45. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  46. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  47. - salt://icinga2/icinga2.conf
  48. - require:
  49. - pkg: icinga2
  50. - watch_in:
  51. - service: icinga2
  52. # Add FFHOPluginDir
  53. /etc/icinga2/constants.conf:
  54. file.managed:
  55. - source: salt://icinga2/constants.conf
  56. - require:
  57. - pkg: icinga2
  58. - watch_in:
  59. - service: icinga2
  60. # Connect "master" and client zones
  61. /etc/icinga2/zones.conf:
  62. file.managed:
  63. - source:
  64. - salt://icinga2/zones.conf.H_{{ grains.id }}
  65. - salt://icinga2/zones.conf
  66. - template: jinja
  67. - require:
  68. - pkg: icinga2
  69. - watch_in:
  70. - service: icinga2
  71. # Install host cert + key readable for icinga
  72. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  73. /etc/icinga2/pki/ffhohost.cert.pem:
  74. file.managed:
  75. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  76. - source: salt://certs/certs/{{ cn }}.cert.pem
  77. {% else %}
  78. - contents_pillar: {{ pillar_name }}:cert
  79. {% endif %}
  80. - user: root
  81. - group: root
  82. - mode: 644
  83. - require:
  84. - pkg: icinga2
  85. - watch_in:
  86. - service: icinga2
  87. /etc/icinga2/pki/ffhohost.key.pem:
  88. file.managed:
  89. - contents_pillar: {{ pillar_name }}:privkey
  90. - user: root
  91. - group: nagios
  92. - mode: 440
  93. - require:
  94. - pkg: icinga2
  95. - watch_in:
  96. - service: icinga2
  97. # Activate Icinga2 features: API
  98. {% for feature in ['api'] %}
  99. /etc/icinga2/features-enabled/{{ feature }}.conf:
  100. file.symlink:
  101. - target: "../features-available/{{ feature }}.conf"
  102. - require:
  103. - pkg: icinga2
  104. - watch_in:
  105. - service: icinga2
  106. {% endfor %}
  107. # Install command definitions
  108. /etc/icinga2/commands.d:
  109. file.recurse:
  110. - source: salt://icinga2/commands.d
  111. - template: jinja
  112. - file_mode: 644
  113. - dir_mode: 755
  114. - user: root
  115. - group: root
  116. - clean: true
  117. - require:
  118. - pkg: icinga2
  119. - watch_in:
  120. - service: icinga2
  121. # Create directory for ffho specific configs
  122. /etc/icinga2/ffho-conf.d:
  123. file.directory:
  124. - makedirs: true
  125. - require:
  126. - pkg: icinga2
  127. ################################################################################
  128. # Icinga2 Server #
  129. ################################################################################
  130. {% if 'icinga2server' in roles %}
  131. # Users and Notifications
  132. /etc/icinga2/ffho-conf.d/users.conf:
  133. file.managed:
  134. - source: salt://icinga2/users.conf.tmpl
  135. - template: jinja
  136. - require:
  137. - pkg: icinga2
  138. - watch_in:
  139. - service: icinga2
  140. /etc/icinga2/ffho-conf.d/notifications.conf:
  141. file.managed:
  142. - source: salt://icinga2/notifications.conf.tmpl
  143. - template: jinja
  144. - require:
  145. - pkg: icinga2
  146. - watch_in:
  147. - service: icinga2
  148. # Install command definitions
  149. /etc/icinga2/ffho-conf.d/services:
  150. file.recurse:
  151. - source: salt://icinga2/services
  152. - file_mode: 644
  153. - dir_mode: 755
  154. - user: root
  155. - group: root
  156. - clean: true
  157. - template: jinja
  158. - require:
  159. - pkg: icinga2
  160. - watch_in:
  161. - service: icinga2
  162. # Create client node/zone objects
  163. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  164. file.directory:
  165. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  166. - makedirs: true
  167. - require:
  168. - pkg: icinga2
  169. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  170. file.directory:
  171. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  172. - clean: true
  173. - watch_in:
  174. - service: icinga2
  175. # Generate config file for every client known to pillar
  176. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  177. {# Only monitor hosts which are active or staged. #}
  178. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  179. {% continue %}
  180. {% endif %}
  181. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  182. file.managed:
  183. - source: salt://icinga2/host.conf.tmpl
  184. - template: jinja
  185. - context:
  186. node_id: {{ node_id }}
  187. node_config: {{ node_config }}
  188. - require:
  189. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  190. - require_in:
  191. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  192. - watch_in:
  193. - service: icinga2
  194. {% endfor %}
  195. # Create configuration for network devices
  196. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  197. file.directory:
  198. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  199. - makedirs: true
  200. - require:
  201. - pkg: icinga2
  202. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  203. file.directory:
  204. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  205. - makedirs: true
  206. - require:
  207. - pkg: icinga2
  208. - watch_in:
  209. - service: icinga2
  210. # Generate config files for every WBBL device known to pillar
  211. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  212. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  213. file.managed:
  214. - source: salt://icinga2/wbbl.conf.tmpl
  215. - template: jinja
  216. - context:
  217. link_id: {{ link_id }}
  218. link_config: {{ link_config }}
  219. - require:
  220. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  221. - require_in:
  222. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  223. - watch_in:
  224. - service: icinga2
  225. {% endfor %}
  226. ################################################################################
  227. # Icinga2 Client #
  228. ################################################################################
  229. {% else %}
  230. # Nodes should accept config and commands from Icinga2 server
  231. /etc/icinga2/features-available/api.conf:
  232. file.managed:
  233. - source: salt://icinga2/api.conf
  234. - require:
  235. - pkg: icinga2
  236. - watch_in:
  237. - service: icinga2
  238. # Client should not notify by themselves
  239. /etc/icinga2/features-enable/notification.conf:
  240. file.absent:
  241. - watch_in:
  242. - service: icinga2
  243. {% endif %}
  244. ################################################################################
  245. # Check related stuff #
  246. ################################################################################
  247. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  248. file.managed:
  249. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  250. - template: jinja
  251. - require:
  252. - file: /etc/icinga2/ffho-conf.d
  253. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  254. file.managed:
  255. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  256. - template: jinja
  257. - require:
  258. - file: /etc/icinga2/ffho-conf.d
  259. salt-cron-state-apply:
  260. cron.present:
  261. - identifier: SALT_CRON_STATE_APPLY
  262. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  263. - user: root
  264. - minute: random
  265. - hour: "*/6"