diff --git a/roles/icinga2/files/check_ldap_syncrepl_status.pl b/roles/icinga2/files/check_ldap_syncrepl_status.pl new file mode 100644 index 0000000..16f0a8a --- /dev/null +++ b/roles/icinga2/files/check_ldap_syncrepl_status.pl @@ -0,0 +1,597 @@ +#! /usr/bin/perl -w + +#========================================================================== +# Summary +#========================================================================== +# Check OpenLDAP Syncrepl status +# +# To know if a slave and a master are in sync, get the ContextCSN +# and compare them +# +# Copyright (C) 2007 Clement OUDOT +# Copyright (C) 2009 LTB-project.org +# +#========================================================================== +# License: GPLv2+ +#========================================================================== +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# GPL License: http://www.gnu.org/licenses/gpl.txt +#========================================================================== + +#========================================================================== +# Version +#========================================================================== +my $VERSION = '0.8'; +my $TEMPLATE_VERSION = '1.0.0'; + +#========================================================================== +# Modules +#========================================================================== +use strict; +use lib + qw(/usr/local/nagios/libexec /usr/lib/nagios/plugins /usr/lib64/nagios/plugins); +use utils qw /$TIMEOUT %ERRORS &print_revision &support/; +use Getopt::Long; +&Getopt::Long::config('bundling'); +use File::Basename; +use POSIX; +use Net::LDAP; +use Time::Piece; + +#========================================================================== +# Options +#========================================================================== +my $progname = basename($0); +my $help; +my $version; +my $verbose = 0; +my $host; +my $warning; +my $critical; +my $logname; +my $authentication; +my $log_file; +my $perf_data; +my $name; +my $port; +my $timeout = $TIMEOUT; +my $regexp; +my $eregexp; +my $exclude; +my $minute = 60; +my $url; + +# For SNMP plugins +my $snmp_version; +my $snmp_v1; +my $snmp_v2c; +my $snmp_v3; +my $community; +my $seclevel; +my $authproto; +my $privpasswd; +my $oid; + +# For LDAP plugins +my $ldap_binddn; +my $ldap_bindpw; +my $ldap_binduri; +my $slave_ldap_suffix; +my $master_ldap_suffix; +my $ldap_serverid; +my $ldap_singlemaster; + +GetOptions( + 'h' => \$help, + 'help' => \$help, + 'V' => \$version, + 'version' => \$version, + 'v+' => \$verbose, + 'verbose+' => \$verbose, + 'H:s' => \$host, + 'host:s' => \$host, + 'w:f' => \$warning, + 'warning:f' => \$warning, + 'c:f' => \$critical, + 'critical:f' => \$critical, + + #'l:s'=> \$logname,'logname:s'=> \$logname, + #'a:s'=> \$authentication, + #'authentication:s'=> \$authentication, + #'F:s'=> \$log_file,'log_file:s'=> \$log_file, + 'f' => \$perf_data, + 'perf_data' => \$perf_data, + 'n:s' => \$name, + 'name:s' => \$name, + 'p:i' => \$port, + 'port:i' => \$port, + 't:i' => \$timeout, + 'timeout:i' => \$timeout, + + #'r:s'=> \$regexp,'regexp:s'=> \$regexp, + #'e:s'=> \$exclude,'exclude:s'=> \$exclude, + #'m:s'=> \$minute,'minute:s'=> \$minute, + #'u:s'=> \$url,'url:s'=> \$url, + # For SNMP plugins + #'snmp_version:s'=> \$snmp_version,'1'=> \$snmp_v1, + #'2'=> \$snmp_v2c,'3'=> \$snmp_v3, + #'C:s'=> \$community,'community:s'=> \$community, + #'L:s'=> \$seclevel,'seclevel:s'=> \$seclevel, + #'A:s'=> \$authproto,'authproto:s'=> \$authproto, + #'X:s'=> \$privpasswd,'privpasswd:s'=> \$privpasswd, + #'o:s'=> \$oid,'oid:s'=> \$oid, + # For LDAP plugins + 'D:s' => \$ldap_binddn, + 'binddn:s' => \$ldap_binddn, + 'P:s' => \$ldap_bindpw, + 'bindpw:s' => \$ldap_bindpw, + 'U:s' => \$ldap_binduri, + 'binduri:s' => \$ldap_binduri, + 'S:s' => \$slave_ldap_suffix, + 'suffix:s' => \$slave_ldap_suffix, + 'M:s' => \$master_ldap_suffix, + 'mastersuffix:s' => \$master_ldap_suffix, + 'I:s' => \$ldap_serverid, + 'serverid:s' => \$ldap_serverid, + 's' => \$ldap_singlemaster, + 'singlemaster' => \$ldap_singlemaster, +); + +# Fix SMNP Version +unless ($snmp_version) { + $snmp_version = "1" if $snmp_v1; + $snmp_version = "2c" if $snmp_v2c; + $snmp_version = "3" if $snmp_v3; +} + +#========================================================================== +# Usage +#========================================================================== +sub print_usage { + print "Usage: \n"; + print "$progname -H [-h] [-v] [-V]\n\n"; + print "Use option --help for more information\n\n"; + print "$progname comes with ABSOLUTELY NO WARRANTY\n\n"; +} + +#========================================================================= +# Version +#========================================================================= +if ($version) { + &print_revision( $progname, + "\$Revision: $VERSION (TPL: $TEMPLATE_VERSION)\$" ); + exit $ERRORS{'UNKNOWN'}; +} + +#========================================================================= +# Help +#========================================================================= +if ($help) { + &print_revision( $progname, "\$Revision: $VERSION\$" ); + + print +"\n\nConnect to master and slave directories,\nsearch for ContextCSN and check if they are in sync.\n\n"; + + &print_usage; + + print "-v, --verbose\n"; + print "\tPrint extra debugging information.\n"; + print "-V, --version\n"; + print "\tPrint version and exit.\n"; + print "-h, --help\n"; + print "\tPrint this help message and exit.\n"; + print "-H, --host=STRING\n"; + print +"\tIP or name (FQDN) of the slave directory. You can use URI (ldap://, ldaps://, ldap+tls://)\n"; + print "-p, --port=INTEGER\n"; + print "\tSlave directory port to connect to.\n"; + print "-w, --warning=DOUBLE\n"; + print "\t Level to return a warning status.\n"; + print "-c, --critical=DOUBLE\n"; + print "\tLevel to return a critical status.\n"; + + #print "-l, --logname=STRING\n"; + #print "\tUser id for login.\n"; + #print "-a, --authentication=STRING\n"; + #print "\tSSH private key file.\n"; + #print "-F, --log_file=STRING\n"; + #print "\tStatus or log file.\n"; + print "-f, --perf_data\n"; + print "\tDisplay performance data.\n"; + + #print "-n, --name=STRING\n"; + #print "\tName (database, table, service, ...).\n"; + print "-t, --timeout=INTEGER\n"; + print "\tSeconds before connection times out (default: $TIMEOUT).\n"; + + #print "-r, --regexp=STRING\n"; + #print "\tCase sensitive regular expression.\n"; + #print "-e, --exclude=STRING\n"; + #print "\nExclude this regular expression.\n"; + #print "-u, --url=STRING\n"; + #print "\tURL.\n"; + #print "-1, -2, -3, --snmp_version=(1|2c|3)\n"; + #print "\tSNMP protocol version.\n"; + #print "-C, --community=STRING\n"; + #print "\tSNMP community (v1 and v2c).\n"; + #print "-L, --seclevel=(noAuthNoPriv|authNoPriv|authPriv))\n"; + #print "\tSNMP security level (v3).\n"; + #print "-A, --authproto=(MD5|SHA)\n"; + #print "\tSNMP authentication protocol (v3).\n"; + #print "-X, --privpasswd=STRING\n"; + #print "\tSNMP cipher password (v3).\n"; + #print "-o, --oid=STRING\n"; + #print "\tSNMP OID.\n"; + print "-D, --binddn=STRING\n"; + print +"\tBind DN to master and slave directories. Bind anonymous if not present.\n"; + print "-P, --bindpw=STRING\n"; + print +"\tBind passwd to master and slave directories. Need the Bind DN option to work.\n"; + print "-U, --binduri=STRING\n"; + print +"\tBind URI (ldap://, ldaps://, ldap+tls://) of the master directory. Retrieve this value in cn=monitor if not present.\n"; + print "-S, --suffix=STRING\n"; + print "-M, --mastersuffix=STRING\n"; + print +"\tSuffix of the directories. Retrieve this value in RootDSE if not present.\n"; + print "-I, --serverid=STRING\n"; + print "\tSID of the syncrepl link\n"; + print "-s, --singlemaster\n"; + print "\tClassic master-slave. No multi-mastering\n"; + print "\n"; + + &support; + + exit $ERRORS{'UNKNOWN'}; +} + +#========================================================================= +# Functions +#========================================================================= + +# DEBUG function +sub verbose { + my $output_code = shift; + my $text = shift; + if ( $verbose >= $output_code ) { + printf "VERBOSE $output_code ===> %s\n", $text; + } +} + +# check if -H is used +sub check_host_param { + if ( !defined($host) ) { + printf "UNKNOWN: you have to define a hostname.\n"; + &print_usage; + exit $ERRORS{UNKNOWN}; + } +} + +# check if -w is used +sub check_warning_param { + if ( !defined($warning) ) { + printf "UNKNOWN: you have to define a warning threshold.\n"; + &print_usage; + exit $ERRORS{UNKNOWN}; + } +} + +# check if -c is used +sub check_critical_param { + if ( !defined($critical) ) { + printf "UNKNOWN: you have to define a critical threshold.\n"; + &print_usage; + exit $ERRORS{UNKNOWN}; + } +} + +# Parse CSN +# See http://www.openldap.org/faq/index.cgi?_highlightWords=csn&file=1145 +sub parse_csn { + &verbose( '3', "Enter &parse_csn" ); + my ($csn) = @_; + my ( $utime, $mtime, $count, $sid, $mod ) = + ( $csn =~ m/(\d{14})\.?(\d{6})?Z#(\w{6})#(\w{2,3})#(\w{6})/g ); + &verbose( '2', "Parse $csn into $utime - $count - $sid - $mod" ); + &verbose( '3', "Leave &parse_csn" ); + return ( $utime, $count, $sid, $mod ); +} + +# Bind to LDAP server +sub get_ldapconn { + &verbose( '3', "Enter &get_ldapconn" ); + my ( $server, $binddn, $bindpw ) = @_; + my ( $useTls, $tlsParam ); + + # Manage ldap+tls:// URI + if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) { + $useTls = 1; + $server = $1; + $tlsParam = $2 || ""; + } + else { + $useTls = 0; + } + + my $ldap = Net::LDAP->new( $server, timeout => $timeout ); + + return ('1') unless ($ldap); + &verbose( '2', "Connected to $server" ); + + if ($useTls) { + my %h = split( /[&=]/, $tlsParam ); + my $message = $ldap->start_tls(%h); + $message->code + && &verbose( '1', $message->error ) + && return ( $message->code, $message->error ); + &verbose( '2', "startTLS success on $server" ); + } + + if ( $binddn && $bindpw ) { + + # Bind witch credentials + my $req_bind = $ldap->bind( $binddn, password => $bindpw ); + $req_bind->code + && &verbose( '1', $req_bind->error ) + && return ( $req_bind->code, $req_bind->error ); + &verbose( '2', "Bind with $binddn" ); + } + else { + my $req_bind = $ldap->bind(); + $req_bind->code + && &verbose( '1', $req_bind->error ) + && return ( $req_bind->code, $req_bind->error ); + &verbose( '2', "Bind anonymous" ); + } + &verbose( '3', "Leave &get_ldapconn" ); + return ( '0', $ldap ); +} + +# Get the master URI from cn=monitor +sub get_masteruri { + &verbose( '3', "Enter &get_masteruri" ); + my ($ldapconn) = @_; + my $result; + my $message; + my $entry; + $message = $ldapconn->search( + base => 'cn=monitor', + scope => 'sub', + filter => '(&(namingContexts=*)(MonitorUpdateRef=*))', + attrs => [ 'monitorupdateref', 'namingContexts' ] + ); + $message->code + && &verbose( '1', $message->error ) + && return ( $message->code, $message->error ); + $entry = $message->entry(0); + return ( 1, "No data" ) unless $entry; + &verbose( '2', + "Found Master URI: " . $entry->get_value('monitorupdateref') ); + &verbose( '3', "Leave &get_masteruri" ); + return ( 0, $entry->get_value('monitorupdateref') ); +} + +# Get the suffix from RootDSE +sub get_suffix { + &verbose( '3', "Enter &get_suffix" ); + + # Return the first namingContext of the RootDSE + my ($ldapconn) = @_; + my $result; + my $message; + my $entry; + $message = $ldapconn->search( + base => '', + scope => 'base', + filter => '(objectClass=*)', + attrs => ['namingcontexts'] + ); + $message->code + && &verbose( '1', $message->error ) + && return ( $message->code, $message->error ); + $entry = $message->entry(0); + return ( 1, "No data" ) unless $entry; + &verbose( '2', "Found suffix: " . $entry->get_value('namingcontexts') ); + &verbose( '3', "Leave &get_suffix" ); + return ( 0, $entry->get_value('namingcontexts') ); +} + +# Get the ContextCSN +sub get_contextcsn { + &verbose( '3', "Enter &get_contextCSN" ); + my ( $ldapconn, $base, $serverid ) = @_; + my $result; + my $message; + my $entry; + my $contextcsn; + $message = $ldapconn->search( + base => $base, + scope => 'base', + filter => '(objectclass=*)', + attrs => ['contextCSN'] + ); + $message->code + && &verbose( '1', $message->error ) + && return ( $message->code, $message->error ); + $entry = $message->entry(0); + return ( 1, "No data" ) unless $entry; + + # Get values + foreach ( $entry->get_value('contextCSN') ) { + &verbose( '2', "Found ContextCSN: " . $_ ); + + # Keep only ContextCSN with SID + my @csn = &parse_csn($_); + if ( !$ldap_singlemaster ) { + if ( $serverid eq $csn[2] ) { + $contextcsn = $_; + &verbose( '2', + "ContextCSN match with SID $serverid: " . $contextcsn ); + last; + } + } + else { + $contextcsn = $_; + &verbose( '2', + "ContextCSN match with SID $serverid: " . $contextcsn ); + } + } + unless ($contextcsn) { + &verbose( '2', "Found no ContextCSN with SID $serverid" ); + return ( '1', "No data" ); + } + &verbose( '3', "Leave &get_contextCSN" ); + return ( 0, $contextcsn ); +} + +#========================================================================= +# Main +#========================================================================= + +# Options checks +&check_host_param(); +&check_warning_param(); +&check_critical_param(); + +my $errorcode; + +# Set SID to 000 if not defined +$ldap_serverid ||= "000"; + +# Connect to the slave +# If $host is an URI, use it directly +my $slave_uri; +if ( $host =~ m#ldap(\+tls)?(s)?://.*# ) { + $slave_uri = $host; + $slave_uri .= ":$port" if ( $port and $host !~ m#:(\d)+# ); +} +else { + $slave_uri = "ldap://$host"; + $slave_uri .= ":$port" if $port; +} + +my $ldap_slave; +( $errorcode, $ldap_slave ) = + &get_ldapconn( $slave_uri, $ldap_binddn, $ldap_bindpw ); +if ($errorcode) { + print "Can't connect to $slave_uri.\n"; + exit $ERRORS{'CRITICAL'}; +} + +# Get the suffix if not provided +if ( !$slave_ldap_suffix ) { + ( $errorcode, $slave_ldap_suffix ) = &get_suffix($ldap_slave); + if ($errorcode) { + print +"Can't get suffix from $slave_uri. Please provide it with -S option.\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# Get the master URI if not provided +my $master_uri = $ldap_binduri; +if ( !$master_uri ) { + ( $errorcode, $master_uri ) = &get_masteruri($ldap_slave); + if ($errorcode) { + print +"Can't get Master URI from $slave_uri. Please provide it with -U option.\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# Connect to the master +my $ldap_master; +( $errorcode, $ldap_master ) = + &get_ldapconn( $master_uri, $ldap_binddn, $ldap_bindpw ); +if ($errorcode) { + print "Can't connect to $master_uri.\n"; + exit $ERRORS{'CRITICAL'}; +} + +# Get the suffix if not provided +if ( !$master_ldap_suffix ) { + ( $errorcode, $master_ldap_suffix ) = &get_suffix($ldap_master); + if ($errorcode) { + print +"Can't get suffix from $master_uri. Please provide it with -M option.\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# Get the contextCSN +my $slavecsn; +my $mastercsn; + +( $errorcode, $slavecsn ) = + &get_contextcsn( $ldap_slave, $slave_ldap_suffix, $ldap_serverid ); +if ($errorcode) { + print +"Can't get Context CSN with SID $ldap_serverid from $slave_uri. Please set SID with -I option.\n"; + exit $ERRORS{'UNKNOWN'}; +} + +( $errorcode, $mastercsn ) = + &get_contextcsn( $ldap_master, $master_ldap_suffix, $ldap_serverid ); +if ($errorcode) { + print +"Can't get Context CSN with SID $ldap_serverid from $master_uri. Please set SID with -I option.\n"; + exit $ERRORS{'UNKNOWN'}; +} + +# Compare the utime in CSN +my @slavecsn_elts = &parse_csn($slavecsn); +my @mastercsn_elts = &parse_csn($mastercsn); +my $time_master = Time::Piece->strptime( $mastercsn_elts[0], "%Y%m%d%H%M%S" ); +my $time_slave = Time::Piece->strptime( $slavecsn_elts[0], "%Y%m%d%H%M%S" ); +&verbose( '2', "Master times: $time_master" ); +&verbose( '2', "Slave times: $time_slave" ); +my $utime_master = $time_master->epoch; +my $utime_slave = $time_slave->epoch; +&verbose( '2', "Master timestamp: $utime_master" ); +&verbose( '2', "Slave timestamp: $utime_slave" ); +my $deltacsn = abs( $utime_master - $utime_slave ); + +#========================================================================== +# Exit with Nagios codes +#========================================================================== + +# Prepare PerfParse data +my $perfparse = " "; +if ($perf_data) { + $perfparse = "|'deltatime'=" . $deltacsn . "s;$warning;$critical"; +} + +# Test the delta and exit +if ( $deltacsn == 0 ) { + print "OK - directories are in sync (W:$warning - C:$critical)$perfparse"; + exit $ERRORS{'OK'}; +} +else { + if ( $deltacsn < $warning ) { + print +"OK - directories are not in sync - $deltacsn seconds late (W:$warning - C:$critical)$perfparse"; + exit $ERRORS{'OK'}; + } + elsif ( $deltacsn > $warning and $deltacsn < $critical ) { + print +"WARNING - directories are not in sync - $deltacsn seconds late (W:$warning - C:$critical)$perfparse"; + exit $ERRORS{'WARNING'}; + } + else { + print +"CRITICAL - directories are not in sync - $deltacsn seconds late (W:$warning - C:$critical)$perfparse"; + exit $ERRORS{'CRITICAL'}; + } +} + +exit $ERRORS{'UNKNOWN'}; diff --git a/roles/icinga2/files/icinga2/apt.conf b/roles/icinga2/files/icinga2/apt.conf new file mode 100644 index 0000000..27a64fd --- /dev/null +++ b/roles/icinga2/files/icinga2/apt.conf @@ -0,0 +1,6 @@ +apply Service "apt" { + check_command = "apt" + import "generic-agent-service" + + assign where host.vars.os == "Linux" +} diff --git a/roles/icinga2/files/icinga2/command-ldapsync.conf b/roles/icinga2/files/icinga2/command-ldapsync.conf new file mode 100644 index 0000000..0f1d84b --- /dev/null +++ b/roles/icinga2/files/icinga2/command-ldapsync.conf @@ -0,0 +1,71 @@ +object CheckCommand "ldap_sync" { + import "ipv4-or-ipv6" + + command = [ PluginDir + "/check_ldap_syncrepl_status.pl" ] + + arguments = { + "-H" = { + value = "$ldap_sync_address$" + description = "IP or name (FQDN) of the slave directory. You can use URI (ldap://, ldaps://, ldap+tls://)" + } + "-p" = { + value = "$ldap_sync_port$" + description = "Slave directory port to connect to." + } + "-w" = { + value = "$ldap_sync_warning$" + description = "Level to return a warning status." + } + "-c" = { + value = "$ldap_sync_critical$" + description = "Level to return a critical status." + } + "-f" = { + set_if = "$ldap_sync_perfdata$" + description = "Display performance data." + } + "-t" = { + value = "$ldap_sync_timeout$" + description = "Seconds before connection times out (default: 15)." + } + "-D" = { + value = "$ldap_sync_binddn$" + description = "Bind DN to master and slave directories. Bind anonymous if not present." + } + "-P" = { + value = "$ldap_sync_bindpw$" + description = "Bind passwd to master and slave directories. Need the Bind DN option to work." + } + "-U" = { + value = "$ldap_sync_master$" + description = "Bind URI (ldap://, ldaps://, ldap+tls://) of the master directory. Retrieve this value in cn=monitor if not present." + } + "-S" = { + value = "$ldap_sync_suffix$" + description = "Suffix of the slave directory. Retrieve this value in RootDSE if not present." + } + "-M" = { + value = "$ldap_sync_mastersuffix$" + description = "Suffix of the master directory. Retrieve this value in RootDSE if not present." + } + "-I" = { + value = "$ldap_sync_serverid$" + description = "SID of the syncrepl link." + } + "-s" = { + set_if = "$ldap_sync_singlemaster$" + description = "Classic master-slave. No multi-mastering." + } + "-v" = { + set_if = "$ldap_sync_verbose$" + description = "Print extra debugging information." + } + } + + vars.ldap_sync_address = "$check_address$" + vars.ldap_sync_warning = 0 + vars.ldap_sync_critical = 1 + vars.ldap_sync_perfdata = true + vars.ldap_sync_singlemaster = false + vars.ldap_sync_verbose = false +} diff --git a/roles/icinga2/files/icinga2/services.conf b/roles/icinga2/files/icinga2/services.conf index 0505c0f..4b9d41b 100644 --- a/roles/icinga2/files/icinga2/services.conf +++ b/roles/icinga2/files/icinga2/services.conf @@ -79,13 +79,7 @@ apply Service "load" { check_command = "load" import "generic-agent-service" - vars.load_cload1 = 10 - vars.load_cload5 = 6 - vars.load_cload15 = 4 - vars.load_wload1 = 5 - vars.load_wload5 = 4 - vars.load_wload15 = 3 - vars.load_percpu = false + vars.notification_interval = 1h /* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */ vars.backup_downtime = "02:00-03:00" @@ -98,9 +92,12 @@ apply Service "mem" { import "generic-agent-service" vars.mem_free = true + vars.mem_cache = true vars.mem_warning = 50 vars.mem_critical = 20 + vars.notification_interval = 1h + assign where (host.vars.os == "Linux" && host.vars.host_type == "physical") } @@ -108,6 +105,10 @@ apply Service "procs" { check_command = "procs" import "generic-agent-service" + vars += host.vars + + vars.notification_interval = 1h + assign where host.vars.os == "Linux" } @@ -125,5 +126,20 @@ apply Service "users" { assign where host.vars.os == "Linux" } +apply Service "ldap" { + import "generic-service" + check_command = "ldap" + vars.ldap_base = host.vars.ldap_base + vars.ldap_v3 = true + assign where host.vars.ldap_base +} + +apply Service "ldap_sync" { + import "generic-service" + check_command = "ldap_sync" + vars.ldap_sync_master = host.vars.ldap_master + + assign where host.vars.ldap_master +} diff --git a/roles/icinga2/files/icinga2/templates.conf b/roles/icinga2/files/icinga2/templates.conf index 1828ab3..5a31d28 100644 --- a/roles/icinga2/files/icinga2/templates.conf +++ b/roles/icinga2/files/icinga2/templates.conf @@ -5,6 +5,9 @@ template Host "generic-host" { check_command = "hostalive" + vars.notification.matrix.groups = [ "icingaadmins" ] + vars.notification.matrix.users = [ ] + /* Disk monitoring enabled by default in Agent hosts */ vars.disks["disk"] = { /* No parameters. */ @@ -62,7 +65,7 @@ template Service "ssh-service" { vars.by_ssh_logname = "icinga" // Required to match Host principals during certificate validation. - vars.by_ssh_options = "HostKeyAlias="+host.name + vars.by_ssh_options = [ "ControlMaster=auto","ControlPath=/var/run/icinga2/$host.name$","ControlPersist=10m","HostKeyAlias="+host.name ] } diff --git a/roles/icinga2/tasks/main.yaml b/roles/icinga2/tasks/main.yaml index 01367e3..281017c 100644 --- a/roles/icinga2/tasks/main.yaml +++ b/roles/icinga2/tasks/main.yaml @@ -31,8 +31,19 @@ - 'icingacli' - 'icinga2-ido-pgsql' - 'monitoring-plugins' + - 'libnet-ldap-perl' # - 'nagios-plugins-contrib' +- name: 'install extra monitoring plugins' + copy: + src: '{{ item }}' + dest: '/usr/lib/nagios/plugins/{{ item }}' + mode: '0755' + owner: 'nagios' + group: 'nagios' + loop: + - 'check_ldap_syncrepl_status.pl' + - name: 'create directory for hosts configuration' file: path: '/etc/icinga2/conf.d/hosts/' @@ -50,6 +61,7 @@ - 'templates.conf' - 'services.conf' - 'apt.conf' + - 'command-ldapsync.conf' - name: 'disable local host conf.d' file: