Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Debian12 readyness #126

Merged
merged 15 commits into from
Sep 27, 2024
Merged
Show file tree
Hide file tree
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@ icinga2_master_template_confd_users: "users.conf"
icinga2_master_template_globaltemplates:
- "services.conf"
- "templates.conf"

# If the nagios plugin directory differs, you can also change it:
icinga2_master_nagios_plugin_dir: /usr/lib/nagios/plugins
```

If you want to use [Twilio](https://www.twilio.com) for the alerting,
Expand Down
53 changes: 37 additions & 16 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,37 +110,37 @@ icinga2_master_timeperiods:
display_name: Holidays
ranges:
- day: december 25
time: "00:00-24:00"
time: 00:00-24:00
- name: premium
display_name: SLA Premium
ranges:
- day: monday
time: "00:00-24:00"
time: 00:00-24:00
- day: tuesday
time: "00:00-24:00"
time: 00:00-24:00
- day: wednesday
time: "00:00-24:00"
time: 00:00-24:00
- day: thursday
time: "00:00-24:00"
time: 00:00-24:00
- day: friday
time: "00:00-24:00"
time: 00:00-24:00
- day: saturday
time: "00:00-24:00"
time: 00:00-24:00
- day: sunday
time: "00:00-24:00"
time: 00:00-24:00
- name: standard
display_name: SLA Standard
ranges:
- day: monday
time: "08:00-18:00"
time: 08:00-18:00
- day: tuesday
time: "08:00-18:00"
time: 08:00-18:00
- day: wednesday
time: "08:00-18:00"
time: 08:00-18:00
- day: thursday
time: "08:00-18:00"
time: 08:00-18:00
- day: friday
time: "08:00-18:00"
time: 08:00-18:00
excludes:
- holidays

Expand All @@ -153,14 +153,31 @@ icinga2_master_graphite_host: 127.0.0.1
# The port graphite is listening on
icinga2_master_graphite_port: 2003

## Icinga2 ido database settings
## Icinga2db settings (DO NOT USE ICINGADB AND IDO AT THE SAME TIME)
gianklug marked this conversation as resolved.
Show resolved Hide resolved

# Enable ido feature
# Enable icingadb feature
icinga2_master_icingadb_enabled: false

# Icingadb database user
icinga2_master_icingadb_user: icingadb

# Database user's password
icinga2_master_icingadb_password: passw0rd

# Database name for icingadb
icinga2_master_icingadb_database: icingadb

# Enable ido feature (deprecated)
icinga2_master_ido_enabled: false

# redis default password, please change
icinga2_master_redis_password: sheag6oghoo0ohXa1Ito

# Icinga2 database settings

# icinga2 database name
icinga2_master_icinga2_database_name: icinga2
#

# icinga2 database host
icinga2_master_icinga2_database_host: 127.0.0.1

Expand Down Expand Up @@ -208,6 +225,10 @@ icinga2_master_template_globaltemplates:
icinga2_master_global_zones:
- global-templates


# Plugin directory for nagios plugins
icinga2_master_nagios_plugin_dir: /usr/lib/nagios/plugins

## Global alerting settings

# The URL from icingaweb2. Will be attached to the alerts
Expand Down
5 changes: 5 additions & 0 deletions handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,8 @@
ansible.builtin.service:
name: icinga2
state: reloaded

- name: Restart icingadb-redis
ansible.builtin.service:
name: icingadb-redis
state: restarted
60 changes: 60 additions & 0 deletions tasks/configuration.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,64 @@
---
- name: Configure icingadb feature
ansible.builtin.template:
src: etc/icinga2/features-available/icingadb.conf.j2
dest: /etc/icinga2/features-available/icingadb.conf
owner: "{{ icinga2_master_owner }}"
group: "{{ icinga2_master_group }}"
mode: "0640"
seuser: system_u
serole: object_r
setype: icinga2_etc_t
selevel: s0
when: icinga2_master_icingadb_enabled|bool

- name: Configure icingadb
ansible.builtin.template:
src: etc/icingadb/config.yml.j2
dest: /etc/icingadb/config.yml
owner: icingadb
group: "{{ icinga2_master_group }}"
mode: "0640"
seuser: system_u
serole: object_r
setype: icinga2_etc_t
selevel: s0
when: icinga2_master_icingadb_enabled|bool

- name: Configure icingadb-redis
ansible.builtin.template:
src: etc/icingadb-redis/icingadb-redis.conf.j2
dest: /etc/icingadb-redis/icingadb-redis.conf
owner: icingadb-redis
group: "{{ icinga2_master_group }}"
mode: "0640"
seuser: system_u
serole: object_r
setype: icinga2_etc_t
selevel: s0
notify: Restart icingadb-redis
when: icinga2_master_icingadb_enabled|bool

- name: Ensure that icingadb-redis is enabled on boot
ansible.builtin.service:
name: icingadb-redis
enabled: true
when: icinga2_master_icingadb_enabled|bool

- name: Ensure that icingadb is started and enabled on boot
ansible.builtin.service:
name: icingadb
state: started
enabled: true
when: icinga2_master_icingadb_enabled|bool

- name: Enable icingadb feature
ansible.builtin.file:
src: /etc/icinga2/features-available/icingadb.conf
dest: /etc/icinga2/features-enabled/icingadb.conf
state: link
when: icinga2_master_icingadb_enabled|bool

- name: Configure icinga2 ido feature
ansible.builtin.template:
src: etc/icinga2/features-available/ido-mysql.conf.j2
Expand Down
86 changes: 64 additions & 22 deletions tasks/installation.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
---
- name: Install packages
- name: Install packages for icingadb
ansible.builtin.package:
name: "{{ icinga2_master_icingadb_packages }}"
state: present
when: icinga2_master_icingadb_enabled|bool
register: icinga2_master_register_packages_installed
until: icinga2_master_register_packages_installed is success
retries: 10
delay: 2

- name: Install packages for ido
ansible.builtin.package:
name: "{{ icinga2_master_ido_packages }}"
state: present
Expand All @@ -9,46 +19,78 @@
retries: 10
delay: 2

- name: Check if icingadb table and user in mysql exist (this might fail but is expected to)
ansible.builtin.shell: >
set -o pipefail;
mysql
--user={{ icinga2_master_icingadb_database_user }}
--password={{ icinga2_master_icingadb_database_pass }}
--host={{ icinga2_master_icingadb_database_host }}
--ssl-ca={{ icinga2_master_ca_path }}
{{ icinga2_master_icingadb_database_name }}
-e "SHOW TABLES;" | grep "host"
args:
executable: /bin/bash
register: icinga2_master_register_icingadb_imported
changed_when: icinga2_master_register_icingadb_imported.rc == 1
when: icinga2_master_icingadb_enabled|bool
check_mode: false
ignore_errors: true
run_once: true

- name: Print variable for debugging icingadb creation
ansible.builtin.debug:
var: icinga2_master_register_icingadb_imported.rc
verbosity: 2
run_once: true

- name: Import icingadb database schema
community.mysql.mysql_db:
name: "{{ icinga2_master_icingadb_database_name }}"
login_host: "{{ icinga2_master_icingadb_database_host }}"
login_port: "{{ icinga2_master_icingadb_database_port }}"
login_user: "{{ icinga2_master_icingadb_database_user }}"
login_password: "{{ icinga2_master_icingadb_database_pass }}"
ssl_ca: "{{ icinga2_master_ca_path }}"
state: import
target: /usr/share/icingadb/schema/mysql/schema.sql
run_once: true
when: icinga2_master_icingadb_enabled|bool and icinga2_master_register_icingadb_imported.rc == 1

- name: Check if icinga2 ido table and user in mysql exist
ansible.builtin.shell: >
set -o pipefail;
mysql
--user={{ icinga2_master_db_root_user }}
--password={{ icinga2_master_db_root_pass }}
--user={{ icinga2_master_icinga2_database_user }}
--password={{ icinga2_master_icinga2_database_pass }}
--host={{ icinga2_master_icinga2_database_host }}
--ssl-ca={{ icinga2_master_ca_path }}
{{ icinga2_master_icinga2_database_name }}
-e "SHOW TABLES;" | grep "icinga_hosts"
args:
executable: /bin/bash
register: icinga2_master_register_icinga2_imported
changed_when: icinga2_master_register_icinga2_imported.rc == 1
failed_when: "'Access denied for' in icinga2_master_register_icinga2_imported.stderr"
when: icinga2_master_ido_enabled|bool
check_mode: false
ignore_errors: true
run_once: true

- name: Print variable for debugging icinga2 creation
ansible.builtin.debug:
var: icinga2_master_register_icingadb_imported.rc
verbosity: 2
run_once: true

- name: Import icinga2 ido database schema using the root user
- name: Import icinga2 ido database schema
community.mysql.mysql_db:
name: "{{ icinga2_master_icinga2_database_name }}"
login_host: "{{ icinga2_master_icinga2_database_host }}"
login_port: "{{ icinga2_master_icinga2_database_port }}"
login_user: "{{ icinga2_master_db_root_user }}"
login_password: "{{ icinga2_master_db_root_pass }}"
login_user: "{{ icinga2_master_icinga2_database_user }}"
login_password: "{{ icinga2_master_icinga2_database_pass }}"
ssl_ca: "{{ icinga2_master_ca_path }}"
state: import
target: /usr/share/icinga2-ido-mysql/schema/mysql.sql
run_once: true
when: icinga2_master_ido_enabled|bool and icinga2_master_register_icinga2_imported.rc == 1

- name: Create a user with access only to the ido database using the root user
community.mysql.mysql_user:
name: '{{ icinga2_master_icinga2_database_user.split("@")[0] }}'
password: "{{ icinga2_master_icinga2_database_pass }}"
priv: "{{ icinga2_master_icinga2_database_name }}.*:ALL"
host: "{{ icinga2_master_icinga2_database_hostpattern }}"
login_host: "{{ icinga2_master_icinga2_database_host }}"
login_port: "{{ icinga2_master_icinga2_database_port }}"
login_user: "{{ icinga2_master_db_root_user }}"
login_password: "{{ icinga2_master_db_root_pass }}"
ssl_ca: "{{ icinga2_master_ca_path }}"
state: present
run_once: true
when: icinga2_master_ido_enabled|bool and icinga2_master_register_icinga2_imported.rc == 1
17 changes: 0 additions & 17 deletions templates/etc/icinga2/conf.d/templates.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,6 @@
* Icinga2 templates
*/

template Host "generic-host" {
max_check_attempts = 3
check_interval = 1m
retry_interval = 30s

check_command = "hostalive"
}

template Service "generic-service" {
max_check_attempts = 5
check_interval = 1m
retry_interval = 30s
}

template User "generic-user" {
}

template Notification "mail-host-notification" {
command = "mail-host-notification"

Expand Down
6 changes: 3 additions & 3 deletions templates/etc/icinga2/constants.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@
*/

/* The directory which contains the plugins from the Monitoring Plugins project. */
const PluginDir = "/usr/lib64/nagios/plugins"
const PluginDir = "{{ icinga2_master_nagios_plugin_dir }}"
jon4hz marked this conversation as resolved.
Show resolved Hide resolved

/* The directory which contains the Manubulon plugins.
* Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
*/
const ManubulonPluginDir = "/usr/lib64/nagios/plugins"
const ManubulonPluginDir = "{{ icinga2_master_nagios_plugin_dir }}"

/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for.
* Check the documentation, chapter "Plugins Contribution", for details.
*/
const PluginContribDir = "/usr/lib64/nagios/plugins"
const PluginContribDir = "{{ icinga2_master_nagios_plugin_dir }}"

/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
* This should be the common name from the API certificate.
Expand Down
5 changes: 5 additions & 0 deletions templates/etc/icinga2/features-available/icingadb.conf.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
object IcingaDB "icingadb" {
host = "127.0.0.1"
port = 6380
password = "{{ icinga2_master_icingadb_redis_pass }}"
}
2 changes: 1 addition & 1 deletion templates/etc/icinga2/features-available/ido-mysql.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@ object IdoMysqlConnection "ido-mysql" {
host = "{{ icinga2_master_icinga2_database_host }}"
database = "{{ icinga2_master_icinga2_database_name }}"
{% if icinga2_master_icinga2_database_ssl -%}
enable_ssl = true
enable_ssl = "{{ icinga2_master_icinga2_database_ssl }}"
gianklug marked this conversation as resolved.
Show resolved Hide resolved
{% endif %}
}
Loading