From dfc2d06a4bece8cc93d5a4736d33c5fdae7edcc7 Mon Sep 17 00:00:00 2001 From: Zolfa Date: Thu, 7 May 2020 00:24:54 +0200 Subject: [PATCH] roles/icinga2: allow remote ssh agents --- roles/icinga2/files/icinga2/services.conf | 118 ++++++++++++++++++ roles/icinga2/files/icinga2/ssh_services.conf | 52 ++++++++ roles/icinga2/files/icinga2/templates.conf | 91 ++++++++++++++ roles/icinga2/tasks/main.yaml | 10 +- 4 files changed, 270 insertions(+), 1 deletion(-) create mode 100644 roles/icinga2/files/icinga2/services.conf create mode 100644 roles/icinga2/files/icinga2/ssh_services.conf create mode 100644 roles/icinga2/files/icinga2/templates.conf diff --git a/roles/icinga2/files/icinga2/services.conf b/roles/icinga2/files/icinga2/services.conf new file mode 100644 index 0000000..e031bc4 --- /dev/null +++ b/roles/icinga2/files/icinga2/services.conf @@ -0,0 +1,118 @@ +/* + * Service apply rules. + * + * The CheckCommand objects `ping4`, `ping6`, etc + * are provided by the plugin check command templates. + * Check the documentation for details. + * + * Tip: Use `icinga2 object list --type Service` to + * list all service objects after running + * configuration validation (`icinga2 daemon -C`). + */ + +/* + * This is an example host based on your + * local host's FQDN. Specify the NodeName + * constant in `constants.conf` or use your + * own description, e.g. "db-host-1". + */ + +/* + * These are generic `ping4` and `ping6` + * checks applied to all hosts having the + * `address` resp. `address6` attribute + * defined. + */ +apply Service "ping4" { + import "generic-service" + + check_command = "ping4" + + assign where host.address +} + +apply Service "ping6" { + import "generic-service" + + check_command = "ping6" + + assign where host.address6 +} + +/* + * Apply the `ssh` service to all hosts + * with the `address` attribute defined and + * the custom attribute `os` set to `Linux`. + */ +apply Service "ssh" { + import "generic-service" + + check_command = "ssh" + + assign where (host.address || host.address6) && host.vars.os == "Linux" +} + + +apply Service for (http_vhost => config in host.vars.http_vhosts) { + import "generic-service" + + check_command = "http" + + vars += config +} + +apply Service for (disk => config in host.vars.disks) { + import "generic-service" + + check_command = "disk" + + vars += config + + assign where host.name == NodeName +} + +apply Service "icinga" { + import "generic-service" + + check_command = "icinga" + + assign where host.name == NodeName +} + +apply Service "load" { + import "generic-service" + + check_command = "load" + + /* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */ + vars.backup_downtime = "02:00-03:00" + + assign where host.name == NodeName +} + +apply Service "procs" { + import "generic-service" + + check_command = "procs" + + assign where host.name == NodeName +} + +apply Service "swap" { + import "generic-service" + + check_command = "swap" + + assign where host.name == NodeName +} + +apply Service "users" { + import "generic-service" + + check_command = "users" + + assign where host.name == NodeName +} + + + diff --git a/roles/icinga2/files/icinga2/ssh_services.conf b/roles/icinga2/files/icinga2/ssh_services.conf new file mode 100644 index 0000000..7731a31 --- /dev/null +++ b/roles/icinga2/files/icinga2/ssh_services.conf @@ -0,0 +1,52 @@ +/* + * Service apply rules for ssh remote agents. + * + * For the moment the following service are supported: + * - disk + * - procs + * - apt + * + */ + +apply Service for (disk => config in host.vars.disks) { + import "generic-service" + + check_command = "by_ssh" + vars.by_ssh_options = "HostKeyAlias="+host.name + vars.by_ssh_logname = "icinga" + vars.by_ssh_command = [ "/usr/lib/nagios/plugins/check_disk" ] + vars.by_ssh_arguments = { + "-w" = { + value = "20%" + } + "-c" = { + value = "10%" + } + } + vars += config + assign where host.vars.agent_type == "ssh" + +} + +apply Service "procs" { + import "generic-service" + + check_command = "by_ssh" + vars.by_ssh_options = "HostKeyAlias="+host.name + vars.by_ssh_logname = "icinga" + vars.by_ssh_command = [ "/usr/lib/nagios/plugins/check_procs" ] + + assign where host.vars.agent_type == "ssh" + +} + +apply Service "apt" { + import "generic-service" + + check_command = "by_ssh" + vars.by_ssh_options = "HostKeyAlias="+host.name + vars.by_ssh_logname = "icinga" + vars.by_ssh_command = [ "/usr/lib/nagios/plugins/check_apt" ] + + assign where host.vars.agent_type == "ssh" +} diff --git a/roles/icinga2/files/icinga2/templates.conf b/roles/icinga2/files/icinga2/templates.conf new file mode 100644 index 0000000..84fed2d --- /dev/null +++ b/roles/icinga2/files/icinga2/templates.conf @@ -0,0 +1,91 @@ +template Host "generic-host" { + max_check_attempts = 3 + check_interval = 1m + retry_interval = 30s + + check_command = "hostalive" + + /* Disk monitoring enabled by default in Agent hosts */ + vars.disks["disk"] = { + /* No parameters. */ + } + +} + +/* + * Generic template examples. + */ + + +/** + * Provides default settings for hosts. By convention + * all hosts should import this template. + * + * The CheckCommand object `hostalive` is provided by + * the plugin check command templates. + * Check the documentation for details. + */ + + +/** + * Provides default settings for services. By convention + * all services should import this template. + */ +template Service "generic-service" { + max_check_attempts = 5 + check_interval = 1m + retry_interval = 30s +} + +/** + * Provides default settings for users. By convention + * all users should inherit from this template. + */ + +template User "generic-user" { + +} + +/** + * Provides default settings for host notifications. + * By convention all host notifications should import + * this template. + */ +template Notification "mail-host-notification" { + command = "mail-host-notification" + + states = [ Up, Down ] + types = [ Problem, Acknowledgement, Recovery, Custom, + FlappingStart, FlappingEnd, + DowntimeStart, DowntimeEnd, DowntimeRemoved ] + + vars += { + // notification_icingaweb2url = "https://www.example.com/icingaweb2" + // notification_from = "Icinga 2 Host Monitoring " + notification_logtosyslog = false + } + + period = "24x7" +} + +/** + * Provides default settings for service notifications. + * By convention all service notifications should import + * this template. + */ +template Notification "mail-service-notification" { + command = "mail-service-notification" + + states = [ OK, Warning, Critical, Unknown ] + types = [ Problem, Acknowledgement, Recovery, Custom, + FlappingStart, FlappingEnd, + DowntimeStart, DowntimeEnd, DowntimeRemoved ] + + vars += { + // notification_icingaweb2url = "https://www.example.com/icingaweb2" + // notification_from = "Icinga 2 Service Monitoring " + notification_logtosyslog = false + } + + period = "24x7" +} diff --git a/roles/icinga2/tasks/main.yaml b/roles/icinga2/tasks/main.yaml index 389d547..4dbea01 100644 --- a/roles/icinga2/tasks/main.yaml +++ b/roles/icinga2/tasks/main.yaml @@ -41,7 +41,15 @@ group: 'nagios' mode: '0770' -# ToDo: more icinga2/conf.d customization +- name: 'customize icinga2 host conf.d' + copy: + src: 'icinga2/{{ item }}' + dest: '/etc/icinga2/conf.d/{{ item }}' + notify: 'reload icinga2' + loop: + - 'templates.conf' + - 'services.conf' + - 'ssh_services.conf' # ***** IcingaWeb2 ***** - name: 'PGSQL | IcingaWeb2 tunings'