Commit 0eff7f6e authored by Walter Heck's avatar Walter Heck

initial attempt to update puppet modules for icinga

parent 656d6a93
mod 'icingaweb2',
:git => 'https://github.com/olindata/puppet-icingaweb2.git'
mod 'icinga2',
:git => 'https://github.com/olindata/puppet-icinga2.git',
:branch => 'develop'
mod 'kibana5',
:git => 'https://github.com/walterheck/puppet-kibana5.git'
......@@ -14,6 +7,9 @@ mod 'grafana',
mod 'gitlab',
:git => 'https://github.com/walterheck/puppet-gitlab.git'
mod 'icingaweb2',
:git => 'https://github.com/Icinga/puppet-icingaweb2.git'
# forge modules should be listed with a specific version and stay in
# NOTE: alphabetical order
mod 'abrader/gms', '1.0.3'
......@@ -23,6 +19,7 @@ mod 'ceritsc/yum', '0.9.8'
mod 'elastic/logstash', '5.0.3'
mod 'elasticsearch/elasticsearch', '0.15.1'
mod 'golja/influxdb', '4.0.0'
mod 'icinga/icinga2', '1.0.1'
mod 'pcfens/filebeat', '0.9.2'
mod 'puppet/r10k', '4.1.0'
mod 'puppetlabs/apache', '1.11.0'
......@@ -41,3 +38,4 @@ mod 'richardc/datacat', '0.6.2'
mod 'stahnma/epel', '1.2.2'
mod 'thias/sysctl', '1.0.6'
mod 'yo61/logrotate', '1.4.0'
mod 'zack/exports', '0.0.6'
......@@ -159,6 +159,8 @@
'opstheater::icingaweb::ldap::password': "%{hiera('opstheater::ldap::password')}"
'opstheater::icingaweb::ldap::base_dn': "%{hiera('opstheater::ldap::base_dn')}"
'opstheater::icingaweb::manage_mysql_client': true
##########################
## elasticsearch stack related settings
##########################
......
......@@ -2,14 +2,12 @@ class opstheater::profile::base::icinga {
$lowercase_fqdn = downcase($::fqdn)
Icinga2::Object::Host {
display_name => $lowercase_fqdn,
check_command => 'cluster-zone',
target_dir => '/etc/icinga2/objects/hosts',
target_file_name=> "${lowercase_fqdn}.conf",
display_name => $lowercase_fqdn,
check_command => 'cluster-zone',
target => "/etc/icinga2/conf.d/${lowercase_fqdn}.conf",
}
@@icinga2::object::host { $lowercase_fqdn:
ipv4_address => $::ipaddress,
vars => {
os => 'Linux',
remote => true,
......
class opstheater::profile::icinga::checks {
Icinga2::Object::Apply_service {
assign_where => 'host.address && host.vars.remote == true && host.vars.remote_endpoint',
Icinga2::Object::Service {
assign => 'host.address && host.vars.remote == true && host.vars.remote_endpoint',
command_endpoint => 'host.vars.remote_endpoint',
target => '/etc/icinga2/zones.d/global-templates/services.conf',
}
icinga2::object::apply_service { 'user':
icinga2::object::service { 'user':
check_command => 'users',
}
icinga2::object::apply_service { 'load':
icinga2::object::service { 'load':
check_command => 'load',
}
icinga2::object::apply_service { 'process':
icinga2::object::service { 'process':
check_command => 'procs',
}
icinga2::object::apply_service { 'swap':
icinga2::object::service { 'swap':
check_command => 'swap',
}
icinga2::object::apply_service { 'disk':
icinga2::object::service { 'disk':
check_command => 'disk',
}
......
class opstheater::profile::icinga::client (
$icinga2_web_fqdn = hiera('opstheater::icingaweb::fqdn')
) inherits opstheater::profile::params {
$lowercase_fqdn = downcase($::fqdn)
class { '::icinga2':
pid_file => '/var/run/icinga2/icinga2.pid',
confd => false,
features => ['checker','mainlog'],
}
include ::icinga2::feature::command
class { '::icinga2::feature::api':
accept_commands => true,
pki => 'none',
accept_config => true,
manage_zone => false,
cert_path => "/etc/icinga2/pki/${lowercase_fqdn}.crt",
key_path => "/etc/icinga2/pki/${lowercase_fqdn}.key",
}
include opstheater::profile::filebeat::icinga::client
# icinga2::pki::puppet class needs to be declared
# after the icinga2::feature::api class in order
# to avoid resource duplication
class{'::icinga2::pki::puppet':
cert_path => "/etc/icinga2/pki/${lowercase_fqdn}.crt",
cert_source => "${::settings::ssldir}/certs/${lowercase_fqdn}.pem",
key_path => "/etc/icinga2/pki/${lowercase_fqdn}.key",
key_source => "${::settings::ssldir}/private_keys/${lowercase_fqdn}.pem",
}
@@icinga2::object::zone { $lowercase_fqdn:
endpoints => {
$lowercase_fqdn => {
host => $lowercase_fqdn,
},
accept_commands => true,
endpoints => {
'NodeName' => {},
'icinga2.opstheater.vm' => {
'host' => '10.20.1.20',
}
},
parent => 'master',
}
icinga2::object::zone { 'master':
endpoints => {
$icinga2_web_fqdn => {
host => $icinga2_web_fqdn,
zones => {
'ZoneName' => {
'endpoints' => ['NodeName'],
'parent' => 'opstheater',
},
},
'opstheater' => {
'endpoints' => ['icinga2.opstheater.vm'],
}
}
}
Icinga2::Object::Zone <<| |>>
include opstheater::profile::filebeat::icinga::client
@firewall { '201 allow access to icinga client':
chain => 'INPUT',
......
......@@ -5,47 +5,46 @@ class opstheater::profile::icinga::server (
) inherits opstheater::profile::params {
class { 'icinga2':
db_type => 'mysql',
db_host => $icinga2_db_ipaddress,
db_port => '3306',
db_name => 'icinga2_data',
db_user => 'icinga2',
db_pass => $icinga2_ido_password,
manage_database => true,
pid_file => '/var/run/icinga2/icinga2.pid',
confd => false,
manage_repo => true,
features => ['checker','mainlog','notification','statusdata','compatlog','command'],
constants => {
'ZoneName' => 'master',
},
}
class { 'icinga2::feature::idomysql':
host => $icinga2_db_ipaddress,
port => '3306',
database => 'icinga2_data',
user => 'icinga2',
password => $icinga2_ido_password,
}
include ::icinga2::feature::command
icinga2::object::zone { 'global-templates':
global => true,
}
icinga2::object::zone { 'master':
endpoints => {
$icinga2_web_fqdn => {
host => $icinga2_web_fqdn,
},
},
}
$lowercase_fqdn = downcase($::fqdn)
class { '::icinga2::feature::api':
manage_zone => false,
cert_path => "/etc/icinga2/pki/${lowercase_fqdn}.crt",
key_path => "/etc/icinga2/pki/${lowercase_fqdn}.key",
accept_commands => true,
# when having multiple masters, you should enable:
# accept_config => true,
endpoints => {
'master.example.org'=> {},
},
zones => {
'master' => {
'endpoints' => [$icinga2_web_fqdn],
},
'opstheater' => {
'endpoints' => [$icinga2_web_fqdn],
'parent' => 'master',
},
}
}
# icinga2::pki::puppet class needs to be declared
# after the icinga2::feature::api class in order
# to avoid resource duplication
class{'::icinga2::pki::puppet':
cert_path => "/etc/icinga2/pki/${lowercase_fqdn}.crt",
cert_source => "${::settings::ssldir}/certs/${lowercase_fqdn}.pem",
key_path => "/etc/icinga2/pki/${lowercase_fqdn}.key",
key_source => "${::settings::ssldir}/private_keys/${lowercase_fqdn}.pem",
}
contain ::icinga2::pki::puppet
include icinga2::feature::api
Icinga2::Object::Host <<| |>>
Icinga2::Object::Service <<| |>>
......
......@@ -9,7 +9,7 @@ class opstheater::profile::icinga::web (
$icinga2_ido_password = hiera('opstheater::icinga::ido_password'),
$manage_package_repo = false,
$manage_epel_repo = false,
$manage_mysql_client = false,
$manage_mysql_client = hiera('opstheater::icingaweb::manage_mysql_client'),
$icingaweb_ldap_group_filter = '"cn=Puppet-Admins"',
$icingaweb_ldap_enabled = hiera('opstheater::icingaweb::ldap::enabled'),
$icingaweb_ldap_server = hiera('opstheater::icingaweb::ldap::server'),
......@@ -167,7 +167,7 @@ class opstheater::profile::icinga::web (
ini_setting { 'ldap group base dn':
path => '/etc/icingaweb2/groups.ini',
setting => 'base_dn',
value => '"ou=Administrative accounts,dc=RaetsMarine,dc=local"',
value => '"ou=Administrative accounts,dc=OpsTheater,dc=vm"',
}
ini_setting { 'ldap group backend':
......@@ -239,7 +239,6 @@ class opstheater::profile::icinga::web (
}
}
exec { 'populate-icinga2_web-mysql-db':
path => '/bin:/usr/bin:/sbin:/usr/sbin',
unless => "[ `mysql -h ${icinga2_db_ipaddress} -uicinga2_web -p${icinga2_webdb_password} icinga2_web -ABN -e 'select 1 from icingaweb_user limit 1'` -eq 1 ]",
......@@ -247,26 +246,6 @@ class opstheater::profile::icinga::web (
require => [ Class['::mysql::client'], Package['icingaweb2'] ],
} ->
file { '/etc/icingaweb2/enabledModules/monitoring':
ensure => 'link',
target => '/usr/share/icingaweb2/modules/monitoring',
}
file { '/etc/icingaweb2/modules/monitoring':
ensure => 'directory',
mode => '2770',
owner => 'root',
group => 'icingaweb2',
}
file { '/etc/icingaweb2/modules/monitoring/backends.ini':
ensure => 'file',
mode => '0770',
owner => 'root',
group => 'icingaweb2',
content => "[icinga2]\ntype = \"ido\"\nresource = \"icinga_ido\"\n",
}
file { '/etc/icingaweb2/groups.ini':
ensure => 'file',
mode => '0770',
......@@ -275,22 +254,6 @@ class opstheater::profile::icinga::web (
content => "[icingaweb2]\nresource = \"icingaweb_db\"\nbackend = \"db\"\n",
}
file { '/etc/icingaweb2/modules/monitoring/config.ini':
ensure => 'file',
mode => '0770',
owner => 'root',
group => 'icingaweb2',
content => "[security]\nprotected_customvars = \"*pw*,*pass*,community\"\n",
}
file { '/etc/icingaweb2/modules/monitoring/commandtransports.ini':
ensure => 'file',
mode => '0770',
owner => 'root',
group => 'icingaweb2',
content => "[icinga2]\ntransport = \"local\"\npath = \"/var/run/icinga2/cmd/icinga2.cmd\"\n",
}
include icingaweb2::mod::monitoring
ini_setting { 'set icinga php timezone':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment