init.sls 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293
  1. #
  2. # Icinga2
  3. #
  4. {% set roles = salt['pillar.get']('nodes:' ~ grains.id ~ ':roles', []) %}
  5. include:
  6. - apt
  7. - sudo
  8. # Install icinga2 package
  9. icinga2:
  10. pkg.installed:
  11. - name: icinga2
  12. service.running:
  13. - enable: True
  14. - reload: True
  15. # Install plugins (official + our own)
  16. monitoring-plugin-pkgs:
  17. pkg.installed:
  18. - pkgs:
  19. - monitoring-plugins
  20. - nagios-plugins-contrib
  21. - libyaml-syck-perl
  22. {% if grains['oscodename'] == 'jessie' %}
  23. - libnagios-plugin-perl
  24. {% else %}
  25. - libmonitoring-plugin-perl
  26. {% endif %}
  27. - lsof
  28. - watch_in:
  29. - service: icinga2
  30. ffho-plugins:
  31. file.recurse:
  32. - name: /usr/local/share/monitoring-plugins/
  33. - source: salt://icinga2/plugins/
  34. - file_mode: 755
  35. - dir_mode: 755
  36. - user: root
  37. - group: root
  38. # Install sudoers file for Icinga2 checks
  39. /etc/sudoers.d/icinga2:
  40. file.managed:
  41. - source: salt://icinga2/icinga2.sudoers
  42. - mode: 0440
  43. # Icinga2 master config (for master and all nodes)
  44. /etc/icinga2/icinga2.conf:
  45. file.managed:
  46. - source:
  47. - salt://icinga2/icinga2.conf.H_{{ grains.id }}
  48. - salt://icinga2/icinga2.conf.{{ grains.os }}.{{ grains.oscodename }}
  49. - salt://icinga2/icinga2.conf
  50. - require:
  51. - pkg: icinga2
  52. - watch_in:
  53. - service: icinga2
  54. # Add FFHOPluginDir
  55. /etc/icinga2/constants.conf:
  56. file.managed:
  57. - source: salt://icinga2/constants.conf
  58. - require:
  59. - pkg: icinga2
  60. - watch_in:
  61. - service: icinga2
  62. # Connect "master" and client zones
  63. /etc/icinga2/zones.conf:
  64. file.managed:
  65. - source:
  66. - salt://icinga2/zones.conf.H_{{ grains.id }}
  67. - salt://icinga2/zones.conf
  68. - template: jinja
  69. - require:
  70. - pkg: icinga2
  71. - watch_in:
  72. - service: icinga2
  73. # Install host cert + key readable for icinga
  74. {% set pillar_name = 'nodes:' ~ grains['id'] ~ ':certs:' ~ grains['id'] %}
  75. /etc/icinga2/pki/ffhohost.cert.pem:
  76. file.managed:
  77. {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
  78. - source: salt://certs/certs/{{ cn }}.cert.pem
  79. {% else %}
  80. - contents_pillar: {{ pillar_name }}:cert
  81. {% endif %}
  82. - user: root
  83. - group: root
  84. - mode: 644
  85. - require:
  86. - pkg: icinga2
  87. - watch_in:
  88. - service: icinga2
  89. /etc/icinga2/pki/ffhohost.key.pem:
  90. file.managed:
  91. - contents_pillar: {{ pillar_name }}:privkey
  92. - user: root
  93. - group: nagios
  94. - mode: 440
  95. - require:
  96. - pkg: icinga2
  97. - watch_in:
  98. - service: icinga2
  99. # Activate Icinga2 features: API
  100. {% for feature in ['api'] %}
  101. /etc/icinga2/features-enabled/{{ feature }}.conf:
  102. file.symlink:
  103. - target: "../features-available/{{ feature }}.conf"
  104. - require:
  105. - pkg: icinga2
  106. - watch_in:
  107. - service: icinga2
  108. {% endfor %}
  109. # Install command definitions
  110. /etc/icinga2/commands.d:
  111. file.recurse:
  112. - source: salt://icinga2/commands.d
  113. - template: jinja
  114. - file_mode: 644
  115. - dir_mode: 755
  116. - user: root
  117. - group: root
  118. - clean: true
  119. - require:
  120. - pkg: icinga2
  121. - watch_in:
  122. - service: icinga2
  123. # Create directory for ffho specific configs
  124. /etc/icinga2/ffho-conf.d:
  125. file.directory:
  126. - makedirs: true
  127. - require:
  128. - pkg: icinga2
  129. ################################################################################
  130. # Icinga2 Server #
  131. ################################################################################
  132. {% if 'icinga2server' in roles %}
  133. # Install command definitions
  134. /etc/icinga2/ffho-conf.d/services:
  135. file.recurse:
  136. - source: salt://icinga2/services
  137. - file_mode: 644
  138. - dir_mode: 755
  139. - user: root
  140. - group: root
  141. - clean: true
  142. - require:
  143. - pkg: icinga2
  144. - watch_in:
  145. - service: icinga2
  146. # Create client node/zone objects
  147. Create /etc/icinga2/ffho-conf.d/hosts/generated/:
  148. file.directory:
  149. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  150. - makedirs: true
  151. - require:
  152. - pkg: icinga2
  153. Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/:
  154. file.directory:
  155. - name: /etc/icinga2/ffho-conf.d/hosts/generated/
  156. - clean: true
  157. - watch_in:
  158. - service: icinga2
  159. # Generate config file for every client known to pillar
  160. {% for node_id, node_config in salt['pillar.get']('nodes', {}).items () %}
  161. {# Only monitor hosts which are active or staged. #}
  162. {% if node_config.get ('status', '') not in [ '', 'active', 'staged' ] %}
  163. {% continue %}
  164. {% endif %}
  165. /etc/icinga2/ffho-conf.d/hosts/generated/{{ node_id }}.conf:
  166. file.managed:
  167. - source: salt://icinga2/host.conf.tmpl
  168. - template: jinja
  169. - context:
  170. node_id: {{ node_id }}
  171. node_config: {{ node_config }}
  172. - require:
  173. - file: Create /etc/icinga2/ffho-conf.d/hosts/generated/
  174. - require_in:
  175. - file: Cleanup /etc/icinga2/ffho-conf.d/hosts/generated/
  176. - watch_in:
  177. - service: icinga2
  178. {% endfor %}
  179. # Create configuration for network devices
  180. Create /etc/icinga2/ffho-conf.d/net/wbbl/:
  181. file.directory:
  182. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  183. - makedirs: true
  184. - require:
  185. - pkg: icinga2
  186. Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/:
  187. file.directory:
  188. - name: /etc/icinga2/ffho-conf.d/net/wbbl/
  189. - makedirs: true
  190. - require:
  191. - pkg: icinga2
  192. - watch_in:
  193. - service: icinga2
  194. # Generate config files for every WBBL device known to pillar
  195. {% for link_id, link_config in salt['pillar.get']('net:wbbl', {}).items () %}
  196. /etc/icinga2/ffho-conf.d/net/wbbl/{{ link_id }}.conf:
  197. file.managed:
  198. - source: salt://icinga2/wbbl.conf.tmpl
  199. - template: jinja
  200. - context:
  201. link_id: {{ link_id }}
  202. link_config: {{ link_config }}
  203. - require:
  204. - file: Create /etc/icinga2/ffho-conf.d/net/wbbl/
  205. - require_in:
  206. - file: Cleanup /etc/icinga2/ffho-conf.d/net/wbbl/
  207. - watch_in:
  208. - service: icinga2
  209. {% endfor %}
  210. ################################################################################
  211. # Icinga2 Client #
  212. ################################################################################
  213. {% else %}
  214. # Nodes should accept config and commands from Icinga2 server
  215. /etc/icinga2/features-available/api.conf:
  216. file.managed:
  217. - source: salt://icinga2/api.conf
  218. - require:
  219. - pkg: icinga2
  220. - watch_in:
  221. - service: icinga2
  222. /etc/icinga2/check-commands.conf:
  223. file.absent:
  224. - watch_in:
  225. - service: icinga2
  226. {% endif %}
  227. ################################################################################
  228. # Check related stuff #
  229. ################################################################################
  230. /etc/icinga2/ffho-conf.d/bird_ospf_interfaces_down_ok.txt:
  231. file.managed:
  232. - source: salt://icinga2/bird_ospf_interfaces_down_ok.txt.tmpl
  233. - template: jinja
  234. - require:
  235. - file: /etc/icinga2/ffho-conf.d
  236. /etc/icinga2/ffho-conf.d/bird_ibgp_sessions_down_ok.txt:
  237. file.managed:
  238. - source: salt://icinga2/bird_ibgp_sessions_down_ok.txt.tmpl
  239. - template: jinja
  240. - require:
  241. - file: /etc/icinga2/ffho-conf.d
  242. salt-cron-state-apply:
  243. cron.present:
  244. - identifier: SALT_CRON_STATE_APPLY
  245. - name: "/usr/bin/salt-call state.highstate --state-verbose=False test=True > /var/cache/salt/state_apply.tmp 2>/dev/null ; mv /var/cache/salt/state_apply.tmp /var/cache/salt/state_apply"
  246. - user: root
  247. - minute: random
  248. - hour: "*/6"