aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/etc/icinga2/conf.d
diff options
context:
space:
mode:
authorCullum Smith <cullum@sacredheartsc.com>2024-10-25 00:49:42 -0400
committerCullum Smith <cullum@sacredheartsc.com>2024-10-25 00:49:42 -0400
commit7bb5176a0e1d3a7d8a119b92758404d514f59be9 (patch)
tree216cc2c9b1af8ddd337d619bc8c77e44bba94b1a /files/usr/local/etc/icinga2/conf.d
parente2fc0433de38c322ce46ad250bc0f0f03e7710c8 (diff)
downloadinfrastructure-7bb5176a0e1d3a7d8a119b92758404d514f59be9.tar.gz
icinga stuff
Diffstat (limited to 'files/usr/local/etc/icinga2/conf.d')
-rw-r--r--files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server1
-rw-r--r--files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server40
-rw-r--r--files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server0
-rw-r--r--files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server119
-rw-r--r--files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server3
-rw-r--r--files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server23
-rw-r--r--files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server165
-rw-r--r--files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server50
-rw-r--r--files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server18
-rw-r--r--files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server12
10 files changed, 431 insertions, 0 deletions
diff --git a/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server
new file mode 100644
index 0000000..3e4be0d
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server
@@ -0,0 +1 @@
+object IcingaApplication "app" { }
diff --git a/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
new file mode 100644
index 0000000..dd78f14
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server
@@ -0,0 +1,40 @@
+object NotificationCommand "mail-host-notification" {
+ command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
+
+ env = {
+ NOTIFICATIONTYPE = "$notification.type$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ HOSTNAME = "$host.name$"
+ HOSTADDRESS = "$address$"
+ HOSTSTATE = "$host.state$"
+ LONGDATETIME = "$icinga.long_date_time$"
+ HOSTOUTPUT = "$host.output$"
+ NOTIFICATIONAUTHORNAME = "$notification.author$"
+ NOTIFICATIONCOMMENT = "$notification.comment$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ USEREMAIL = "$user.email$"
+ HOSTNOTES = "$host.notes$"
+ }
+}
+
+object NotificationCommand "mail-service-notification" {
+ command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
+
+ env = {
+ NOTIFICATIONTYPE = "$notification.type$"
+ SERVICENAME = "$service.name$"
+ HOSTNAME = "$host.name$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ HOSTADDRESS = "$address$"
+ SERVICESTATE = "$service.state$"
+ LONGDATETIME = "$icinga.long_date_time$"
+ SERVICEOUTPUT = "$service.output$"
+ NOTIFICATIONAUTHORNAME = "$notification.author$"
+ NOTIFICATIONCOMMENT = "$notification.comment$"
+ HOSTDISPLAYNAME = "$host.display_name$"
+ SERVICEDISPLAYNAME = "$service.display_name$"
+ USEREMAIL = "$user.email$"
+ HOSTNOTES = "$host.notes$"
+ SERVICENOTES = "$service.notes$"
+ }
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server
diff --git a/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
new file mode 100644
index 0000000..f6f13b8
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
@@ -0,0 +1,119 @@
+object HostGroup "hypervisors" {
+ display_name = "Hypervisors"
+ assign where regex("^alcatraz[0-9]+", host.name)
+}
+
+object HostGroup "idm-servers" {
+ display_name = "IDM Servers"
+ assign where regex("^idm[0-9]+", host.name)
+}
+
+object HostGroup "pkg-repositories" {
+ display_name = "Pkg Repositories"
+ assign where regex("^pkg[0-9]+", host.name)
+}
+
+object HostGroup "smtp-servers" {
+ display_name = "SMTP Servers"
+ assign where regex("^smtp[0-9]+", host.name)
+}
+
+object HostGroup "imap-servers" {
+ display_name = "IMAP Servers"
+ assign where regex("^imap[0-9]+", host.name)
+}
+
+object HostGroup "radius-servers" {
+ display_name = "RADIUS Servers"
+ assign where regex("^radius[0-9]+", host.name)
+}
+
+object HostGroup "desktops" {
+ display_name = "Desktops"
+ assign where regex("^desktop[0-9]+", host.name)
+}
+
+object HostGroup "laptops" {
+ display_name = "Laptops"
+ assign where regex("^laptop[0-9]+", host.name)
+}
+
+object HostGroup "postgresql-servers" {
+ display_name = "PostgreSQL Servers"
+ assign where regex("^postgres[0-9]+", host.name)
+}
+
+object HostGroup "dav-servers" {
+ display_name = "DAV Servers"
+ assign where regex("^dav[0-9]+", host.name)
+}
+
+object HostGroup "bitwarden-servers" {
+ display_name = "Bitwarden Servers"
+ assign where regex("^bitwarden[0-9]+", host.name)
+}
+
+object HostGroup "ttrss-servers" {
+ display_name = "TT-RSS Servers"
+ assign where regex("^ttrss[0-9]+", host.name)
+}
+
+object HostGroup "znc-servers" {
+ display_name = "ZNC Servers"
+ assign where regex("^znc[0-9]+", host.name)
+}
+
+object HostGroup "cups-servers" {
+ display_name = "CUPS Servers"
+ assign where regex("^cups[0-9]+", host.name)
+}
+
+object HostGroup "unifi-controllers" {
+ display_name = "UniFi Controllers"
+ assign where regex("^unifi[0-9]+", host.name)
+}
+
+object HostGroup "invidious-servers" {
+ display_name = "Invidious Servers"
+ assign where regex("^invidious[0-9]+", host.name)
+}
+
+object HostGroup "git-servers" {
+ display_name = "Git Servers"
+ assign where regex("^git[0-9]+", host.name)
+}
+
+object HostGroup "xmpp-servers" {
+ display_name = "XMPP Servers"
+ assign where regex("^xmpp[0-9]+", host.name)
+}
+
+object HostGroup "web-servers" {
+ display_name = "Web Servers"
+ assign where regex("^(www|web)[0-9]+", host.name)
+}
+
+object HostGroup "nameservers" {
+ display_name = "Nameservers"
+ assign where regex("^ns[0-9]+", host.name)
+}
+
+object HostGroup "asterisk-servers" {
+ display_name = "Asterisk Servers"
+ assign where regex("^pbx[0-9]+", host.name)
+}
+
+object HostGroup "nfs-servers" {
+ display_name = "NFS Servers"
+ assign where regex("^nfs[0-9]+", host.name)
+}
+
+object HostGroup "turn-servers" {
+ display_name = "TURN Servers"
+ assign where regex("^turn[0-9]+", host.name)
+}
+
+object HostGroup "icinga-servers" {
+ display_name = "Icinga Servers"
+ assign where regex("^icinga[0-9]+", host.name)
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
new file mode 100644
index 0000000..dbc2a54
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server
@@ -0,0 +1,3 @@
+/*
+ * Add custom hosts here.
+ */
diff --git a/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
new file mode 100644
index 0000000..effff9e
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server
@@ -0,0 +1,23 @@
+apply Notification "mail-icingaadmin" to Host {
+ import "mail-host-notification"
+ user_groups = host.vars.notification.mail.groups
+ users = host.vars.notification.mail.users
+
+ //interval = 2h
+
+ //vars.notification_logtosyslog = true
+
+ assign where host.vars.notification.mail
+}
+
+apply Notification "mail-icingaadmin" to Service {
+ import "mail-service-notification"
+ user_groups = host.vars.notification.mail.groups
+ users = host.vars.notification.mail.users
+
+ //interval = 2h
+
+ //vars.notification_logtosyslog = true
+
+ assign where host.vars.notification.mail
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
new file mode 100644
index 0000000..5b00864
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -0,0 +1,165 @@
+apply Service "ssh" {
+ import "generic-service"
+ check_command = "ssh"
+ assign where host.vars.os in ["FreeBSD","Linux"]
+}
+
+apply Service "icinga" {
+ import "generic-service"
+ check_command = "icinga"
+ assign where host.name == NodeName
+}
+
+apply Service "dns" {
+ import "generic-service"
+ check_command = "dns"
+ vars.dns_lookup = "$address$"
+ vars.dns_server = "$address$"
+ vars.dns_wtime = ResponseTimeWarn
+ vars.dns_ctime = ResponseTimeCrit
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "ldap" {
+ import "generic-service"
+ check_command = "ldap"
+ vars.ldap_port = 389
+ vars.ldap_warning = ResponseTimeWarn
+ vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_v2 = false
+ vars.ldap_v3 = true
+ vars.ldap_starttls = true
+ vars.ldap_bind = IcingaDN
+ vars.ldap_pass = IcingaPassword
+ vars.ldap_base = HostsBaseDn
+ vars.ldap_attr = "(cn=" + NodeName + ")"
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "ldaps" {
+ import "generic-service"
+ check_command = "ldap"
+ vars.ldap_port = 636
+ vars.ldap_warning = ResponseTimeWarn
+ vars.ldap_critical = ResponseTimeCrit
+ vars.ldap_v2 = false
+ vars.ldap_v3 = true
+ vars.ldap_ssl = true
+ vars.ldap_bind = IcingaDN
+ vars.ldap_pass = IcingaPassword
+ vars.ldap_base = HostsBaseDn
+ vars.ldap_attr = "(cn=" + NodeName + ")"
+ assign where "idm-servers" in host.groups
+}
+
+apply Service "imap" {
+ import "generic-service"
+ check_command = "imap"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_certificate_age = CertDaysWarn
+ vars.imap_warning = ResponseTimeWarn
+ vars.imap_critical = ResponseTimeCrit
+ assign where "imap-servers" in host.groups
+}
+
+apply Service "smtp" {
+ import "generic-service"
+ check_command = "smtp"
+ vars.smtp_port = 25
+ vars.smtp_certificate_age = CertDaysWarn
+ vars.smtp_starttls = true
+ vars.smtp_warning = ResponseTimeWarn
+ vars.smtp_critical = ResponseTimeCrit
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "submission" {
+ import "generic-service"
+ check_command = "smtp"
+ vars.smtp_port = 587
+ vars.smtp_certificate_age = CertDaysWarn
+ vars.smtp_starttls = true
+ vars.smtp_warning = ResponseTimeWarn
+ vars.smtp_critical = ResponseTimeCrit
+ assign where "smtp-servers" in host.groups
+}
+
+apply Service "postgres" {
+ import "generic-service"
+ check_command = "pgsql"
+ vars.pgsql_warning = ResponseTimeWarn
+ vars.pgsql_critical = ResponseTimeCrit
+ vars.pgsql_username = IcingaUsername
+ vars.pgsql_password = IcingaPassword
+ assign where "postgresql-servers" in host.groups
+}
+
+// Expect HTTP 200
+apply Service "http" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 200 OK"
+ vars.http_ssl = false
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("cups-servers" in host.groups
+ || "pkg-repositories" in host.groups)
+}
+
+// Expect HTTP 301
+apply Service "http" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 301 Moved Permanently"
+ vars.http_ssl = false
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("dav-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "ttrss-servers" in host.groups
+ || "invidious-servers" in host.groups
+ || "nfs-servers" in host.groups
+ || "pkg-servers" in host.groups
+ || "unifi-controllers" in host.groups
+ || "web-servers" in host.groups
+ || "xmpp-servers" in host.groups
+ || "znc-servers" in host.groups)
+}
+
+// Expect HTTPS 401
+apply Service "https" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 401 Unauthorized"
+ vars.http_ssl = true
+ vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("dav-servers" in host.groups
+ || "cups-servers" in host.groups
+ || "smtp-servers" in host.groups
+ || "ttrss-servers" in host.groups)
+}
+
+// Expect HTTPS 200
+apply Service "https" {
+ import "generic-service"
+ check_command = "http"
+ vars.http_vhost = "$address$"
+ vars.http_expect = "HTTP/1.1 200 OK"
+ vars.http_ssl = true
+ vars.http_certificate = CertDaysWarn + "," + CertDaysCrit
+ vars.http_warn_time = ResponseTimeWarn
+ vars.http_critical_time = ResponseTimeCrit
+ assign where ("invidious-servers" in host.groups
+ || "nfs-servers" in host.groups
+ || "pkg-servers" in host.groups
+ || "unifi-controllers" in host.groups
+ || "web-servers" in host.groups
+ || "xmpp-servers" in host.groups
+ || "znc-servers" in host.groups)
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
new file mode 100644
index 0000000..1aae5ac
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server
@@ -0,0 +1,50 @@
+template Host "generic-host" default {
+ max_check_attempts = 3
+ check_interval = 1m
+ retry_interval = 30s
+ check_command = "hostalive"
+}
+
+template Service "generic-service" default {
+ max_check_attempts = 5
+ check_interval = 1m
+ retry_interval = 30s
+}
+
+template User "generic-user" default {
+
+}
+
+template Notification "mail-host-notification" {
+ command = "mail-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
+
+template Notification "mail-service-notification" {
+ command = "mail-service-notification"
+
+ states = [ OK, Warning, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
diff --git a/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server
new file mode 100644
index 0000000..64cd925
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server
@@ -0,0 +1,18 @@
+object TimePeriod "24x7" {
+ display_name = "24x7"
+ ranges = {
+ "monday" = "00:00-24:00"
+ "tuesday" = "00:00-24:00"
+ "wednesday" = "00:00-24:00"
+ "thursday" = "00:00-24:00"
+ "friday" = "00:00-24:00"
+ "saturday" = "00:00-24:00"
+ "sunday" = "00:00-24:00"
+ }
+}
+
+object TimePeriod "never" {
+ display_name = "Never"
+ ranges = { }
+}
+
diff --git a/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
new file mode 100644
index 0000000..1ddaf55
--- /dev/null
+++ b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server
@@ -0,0 +1,12 @@
+object User "icingaadmin" {
+ import "generic-user"
+
+ display_name = "Icinga 2 Admin"
+ groups = [ "icingaadmins" ]
+
+ email = "icinga@localhost"
+}
+
+object UserGroup "icingaadmins" {
+ display_name = "Icinga 2 Admin Group"
+}