From 7bb5176a0e1d3a7d8a119b92758404d514f59be9 Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Fri, 25 Oct 2024 00:49:42 -0400 Subject: icinga stuff --- .../etc/icinga2/conf.d/app.conf.icinga_server | 1 + .../etc/icinga2/conf.d/commands.conf.icinga_server | 40 +++++ .../icinga2/conf.d/downtimes.conf.icinga_server | 0 .../etc/icinga2/conf.d/groups.conf.icinga_server | 119 +++++++++++++++ .../etc/icinga2/conf.d/hosts.conf.icinga_server | 3 + .../conf.d/notifications.conf.icinga_server | 23 +++ .../etc/icinga2/conf.d/services.conf.icinga_server | 165 +++++++++++++++++++++ .../icinga2/conf.d/templates.conf.icinga_server | 50 +++++++ .../icinga2/conf.d/timeperiods.conf.icinga_server | 18 +++ .../etc/icinga2/conf.d/users.conf.icinga_server | 12 ++ .../local/etc/icinga2/constants.conf.icinga_server | 14 ++ .../local/etc/icinga2/icinga2.conf.icinga_server | 9 ++ .../usr/local/etc/icinga2/zones.conf.icinga_server | 7 + 13 files changed, 461 insertions(+) create mode 100644 files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/constants.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/icinga2.conf.icinga_server create mode 100644 files/usr/local/etc/icinga2/zones.conf.icinga_server (limited to 'files/usr/local/etc/icinga2') diff --git a/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server new file mode 100644 index 0000000..3e4be0d --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/app.conf.icinga_server @@ -0,0 +1 @@ +object IcingaApplication "app" { } diff --git a/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server new file mode 100644 index 0000000..dd78f14 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/commands.conf.icinga_server @@ -0,0 +1,40 @@ +object NotificationCommand "mail-host-notification" { + command = [ ConfigDir + "/scripts/mail-host-notification.sh" ] + + env = { + NOTIFICATIONTYPE = "$notification.type$" + HOSTDISPLAYNAME = "$host.display_name$" + HOSTNAME = "$host.name$" + HOSTADDRESS = "$address$" + HOSTSTATE = "$host.state$" + LONGDATETIME = "$icinga.long_date_time$" + HOSTOUTPUT = "$host.output$" + NOTIFICATIONAUTHORNAME = "$notification.author$" + NOTIFICATIONCOMMENT = "$notification.comment$" + HOSTDISPLAYNAME = "$host.display_name$" + USEREMAIL = "$user.email$" + HOSTNOTES = "$host.notes$" + } +} + +object NotificationCommand "mail-service-notification" { + command = [ ConfigDir + "/scripts/mail-service-notification.sh" ] + + env = { + NOTIFICATIONTYPE = "$notification.type$" + SERVICENAME = "$service.name$" + HOSTNAME = "$host.name$" + HOSTDISPLAYNAME = "$host.display_name$" + HOSTADDRESS = "$address$" + SERVICESTATE = "$service.state$" + LONGDATETIME = "$icinga.long_date_time$" + SERVICEOUTPUT = "$service.output$" + NOTIFICATIONAUTHORNAME = "$notification.author$" + NOTIFICATIONCOMMENT = "$notification.comment$" + HOSTDISPLAYNAME = "$host.display_name$" + SERVICEDISPLAYNAME = "$service.display_name$" + USEREMAIL = "$user.email$" + HOSTNOTES = "$host.notes$" + SERVICENOTES = "$service.notes$" + } +} diff --git a/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/downtimes.conf.icinga_server new file mode 100644 index 0000000..e69de29 diff --git a/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server new file mode 100644 index 0000000..f6f13b8 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server @@ -0,0 +1,119 @@ +object HostGroup "hypervisors" { + display_name = "Hypervisors" + assign where regex("^alcatraz[0-9]+", host.name) +} + +object HostGroup "idm-servers" { + display_name = "IDM Servers" + assign where regex("^idm[0-9]+", host.name) +} + +object HostGroup "pkg-repositories" { + display_name = "Pkg Repositories" + assign where regex("^pkg[0-9]+", host.name) +} + +object HostGroup "smtp-servers" { + display_name = "SMTP Servers" + assign where regex("^smtp[0-9]+", host.name) +} + +object HostGroup "imap-servers" { + display_name = "IMAP Servers" + assign where regex("^imap[0-9]+", host.name) +} + +object HostGroup "radius-servers" { + display_name = "RADIUS Servers" + assign where regex("^radius[0-9]+", host.name) +} + +object HostGroup "desktops" { + display_name = "Desktops" + assign where regex("^desktop[0-9]+", host.name) +} + +object HostGroup "laptops" { + display_name = "Laptops" + assign where regex("^laptop[0-9]+", host.name) +} + +object HostGroup "postgresql-servers" { + display_name = "PostgreSQL Servers" + assign where regex("^postgres[0-9]+", host.name) +} + +object HostGroup "dav-servers" { + display_name = "DAV Servers" + assign where regex("^dav[0-9]+", host.name) +} + +object HostGroup "bitwarden-servers" { + display_name = "Bitwarden Servers" + assign where regex("^bitwarden[0-9]+", host.name) +} + +object HostGroup "ttrss-servers" { + display_name = "TT-RSS Servers" + assign where regex("^ttrss[0-9]+", host.name) +} + +object HostGroup "znc-servers" { + display_name = "ZNC Servers" + assign where regex("^znc[0-9]+", host.name) +} + +object HostGroup "cups-servers" { + display_name = "CUPS Servers" + assign where regex("^cups[0-9]+", host.name) +} + +object HostGroup "unifi-controllers" { + display_name = "UniFi Controllers" + assign where regex("^unifi[0-9]+", host.name) +} + +object HostGroup "invidious-servers" { + display_name = "Invidious Servers" + assign where regex("^invidious[0-9]+", host.name) +} + +object HostGroup "git-servers" { + display_name = "Git Servers" + assign where regex("^git[0-9]+", host.name) +} + +object HostGroup "xmpp-servers" { + display_name = "XMPP Servers" + assign where regex("^xmpp[0-9]+", host.name) +} + +object HostGroup "web-servers" { + display_name = "Web Servers" + assign where regex("^(www|web)[0-9]+", host.name) +} + +object HostGroup "nameservers" { + display_name = "Nameservers" + assign where regex("^ns[0-9]+", host.name) +} + +object HostGroup "asterisk-servers" { + display_name = "Asterisk Servers" + assign where regex("^pbx[0-9]+", host.name) +} + +object HostGroup "nfs-servers" { + display_name = "NFS Servers" + assign where regex("^nfs[0-9]+", host.name) +} + +object HostGroup "turn-servers" { + display_name = "TURN Servers" + assign where regex("^turn[0-9]+", host.name) +} + +object HostGroup "icinga-servers" { + display_name = "Icinga Servers" + assign where regex("^icinga[0-9]+", host.name) +} diff --git a/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server new file mode 100644 index 0000000..dbc2a54 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/hosts.conf.icinga_server @@ -0,0 +1,3 @@ +/* + * Add custom hosts here. + */ diff --git a/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server new file mode 100644 index 0000000..effff9e --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/notifications.conf.icinga_server @@ -0,0 +1,23 @@ +apply Notification "mail-icingaadmin" to Host { + import "mail-host-notification" + user_groups = host.vars.notification.mail.groups + users = host.vars.notification.mail.users + + //interval = 2h + + //vars.notification_logtosyslog = true + + assign where host.vars.notification.mail +} + +apply Notification "mail-icingaadmin" to Service { + import "mail-service-notification" + user_groups = host.vars.notification.mail.groups + users = host.vars.notification.mail.users + + //interval = 2h + + //vars.notification_logtosyslog = true + + assign where host.vars.notification.mail +} diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server new file mode 100644 index 0000000..5b00864 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server @@ -0,0 +1,165 @@ +apply Service "ssh" { + import "generic-service" + check_command = "ssh" + assign where host.vars.os in ["FreeBSD","Linux"] +} + +apply Service "icinga" { + import "generic-service" + check_command = "icinga" + assign where host.name == NodeName +} + +apply Service "dns" { + import "generic-service" + check_command = "dns" + vars.dns_lookup = "$address$" + vars.dns_server = "$address$" + vars.dns_wtime = ResponseTimeWarn + vars.dns_ctime = ResponseTimeCrit + assign where "idm-servers" in host.groups +} + +apply Service "ldap" { + import "generic-service" + check_command = "ldap" + vars.ldap_port = 389 + vars.ldap_warning = ResponseTimeWarn + vars.ldap_critical = ResponseTimeCrit + vars.ldap_v2 = false + vars.ldap_v3 = true + vars.ldap_starttls = true + vars.ldap_bind = IcingaDN + vars.ldap_pass = IcingaPassword + vars.ldap_base = HostsBaseDn + vars.ldap_attr = "(cn=" + NodeName + ")" + assign where "idm-servers" in host.groups +} + +apply Service "ldaps" { + import "generic-service" + check_command = "ldap" + vars.ldap_port = 636 + vars.ldap_warning = ResponseTimeWarn + vars.ldap_critical = ResponseTimeCrit + vars.ldap_v2 = false + vars.ldap_v3 = true + vars.ldap_ssl = true + vars.ldap_bind = IcingaDN + vars.ldap_pass = IcingaPassword + vars.ldap_base = HostsBaseDn + vars.ldap_attr = "(cn=" + NodeName + ")" + assign where "idm-servers" in host.groups +} + +apply Service "imap" { + import "generic-service" + check_command = "imap" + vars.imap_port = 993 + vars.imap_ssl = true + vars.imap_certificate_age = CertDaysWarn + vars.imap_warning = ResponseTimeWarn + vars.imap_critical = ResponseTimeCrit + assign where "imap-servers" in host.groups +} + +apply Service "smtp" { + import "generic-service" + check_command = "smtp" + vars.smtp_port = 25 + vars.smtp_certificate_age = CertDaysWarn + vars.smtp_starttls = true + vars.smtp_warning = ResponseTimeWarn + vars.smtp_critical = ResponseTimeCrit + assign where "smtp-servers" in host.groups +} + +apply Service "submission" { + import "generic-service" + check_command = "smtp" + vars.smtp_port = 587 + vars.smtp_certificate_age = CertDaysWarn + vars.smtp_starttls = true + vars.smtp_warning = ResponseTimeWarn + vars.smtp_critical = ResponseTimeCrit + assign where "smtp-servers" in host.groups +} + +apply Service "postgres" { + import "generic-service" + check_command = "pgsql" + vars.pgsql_warning = ResponseTimeWarn + vars.pgsql_critical = ResponseTimeCrit + vars.pgsql_username = IcingaUsername + vars.pgsql_password = IcingaPassword + assign where "postgresql-servers" in host.groups +} + +// Expect HTTP 200 +apply Service "http" { + import "generic-service" + check_command = "http" + vars.http_vhost = "$address$" + vars.http_expect = "HTTP/1.1 200 OK" + vars.http_ssl = false + vars.http_warn_time = ResponseTimeWarn + vars.http_critical_time = ResponseTimeCrit + assign where ("cups-servers" in host.groups + || "pkg-repositories" in host.groups) +} + +// Expect HTTP 301 +apply Service "http" { + import "generic-service" + check_command = "http" + vars.http_vhost = "$address$" + vars.http_expect = "HTTP/1.1 301 Moved Permanently" + vars.http_ssl = false + vars.http_warn_time = ResponseTimeWarn + vars.http_critical_time = ResponseTimeCrit + assign where ("dav-servers" in host.groups + || "smtp-servers" in host.groups + || "ttrss-servers" in host.groups + || "invidious-servers" in host.groups + || "nfs-servers" in host.groups + || "pkg-servers" in host.groups + || "unifi-controllers" in host.groups + || "web-servers" in host.groups + || "xmpp-servers" in host.groups + || "znc-servers" in host.groups) +} + +// Expect HTTPS 401 +apply Service "https" { + import "generic-service" + check_command = "http" + vars.http_vhost = "$address$" + vars.http_expect = "HTTP/1.1 401 Unauthorized" + vars.http_ssl = true + vars.http_certificate = CertDaysWarn + "," + CertDaysCrit + vars.http_warn_time = ResponseTimeWarn + vars.http_critical_time = ResponseTimeCrit + assign where ("dav-servers" in host.groups + || "cups-servers" in host.groups + || "smtp-servers" in host.groups + || "ttrss-servers" in host.groups) +} + +// Expect HTTPS 200 +apply Service "https" { + import "generic-service" + check_command = "http" + vars.http_vhost = "$address$" + vars.http_expect = "HTTP/1.1 200 OK" + vars.http_ssl = true + vars.http_certificate = CertDaysWarn + "," + CertDaysCrit + vars.http_warn_time = ResponseTimeWarn + vars.http_critical_time = ResponseTimeCrit + assign where ("invidious-servers" in host.groups + || "nfs-servers" in host.groups + || "pkg-servers" in host.groups + || "unifi-controllers" in host.groups + || "web-servers" in host.groups + || "xmpp-servers" in host.groups + || "znc-servers" in host.groups) +} diff --git a/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server new file mode 100644 index 0000000..1aae5ac --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/templates.conf.icinga_server @@ -0,0 +1,50 @@ +template Host "generic-host" default { + max_check_attempts = 3 + check_interval = 1m + retry_interval = 30s + check_command = "hostalive" +} + +template Service "generic-service" default { + max_check_attempts = 5 + check_interval = 1m + retry_interval = 30s +} + +template User "generic-user" default { + +} + +template Notification "mail-host-notification" { + command = "mail-host-notification" + + states = [ Up, Down ] + types = [ Problem, Acknowledgement, Recovery, Custom, + FlappingStart, FlappingEnd, + DowntimeStart, DowntimeEnd, DowntimeRemoved ] + + vars += { + // notification_icingaweb2url = "https://www.example.com/icingaweb2" + // notification_from = "Icinga 2 Host Monitoring " + notification_logtosyslog = false + } + + period = "24x7" +} + +template Notification "mail-service-notification" { + command = "mail-service-notification" + + states = [ OK, Warning, Critical, Unknown ] + types = [ Problem, Acknowledgement, Recovery, Custom, + FlappingStart, FlappingEnd, + DowntimeStart, DowntimeEnd, DowntimeRemoved ] + + vars += { + // notification_icingaweb2url = "https://www.example.com/icingaweb2" + // notification_from = "Icinga 2 Service Monitoring " + notification_logtosyslog = false + } + + period = "24x7" +} diff --git a/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server new file mode 100644 index 0000000..64cd925 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/timeperiods.conf.icinga_server @@ -0,0 +1,18 @@ +object TimePeriod "24x7" { + display_name = "24x7" + ranges = { + "monday" = "00:00-24:00" + "tuesday" = "00:00-24:00" + "wednesday" = "00:00-24:00" + "thursday" = "00:00-24:00" + "friday" = "00:00-24:00" + "saturday" = "00:00-24:00" + "sunday" = "00:00-24:00" + } +} + +object TimePeriod "never" { + display_name = "Never" + ranges = { } +} + diff --git a/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server new file mode 100644 index 0000000..1ddaf55 --- /dev/null +++ b/files/usr/local/etc/icinga2/conf.d/users.conf.icinga_server @@ -0,0 +1,12 @@ +object User "icingaadmin" { + import "generic-user" + + display_name = "Icinga 2 Admin" + groups = [ "icingaadmins" ] + + email = "icinga@localhost" +} + +object UserGroup "icingaadmins" { + display_name = "Icinga 2 Admin Group" +} diff --git a/files/usr/local/etc/icinga2/constants.conf.icinga_server b/files/usr/local/etc/icinga2/constants.conf.icinga_server new file mode 100644 index 0000000..592da99 --- /dev/null +++ b/files/usr/local/etc/icinga2/constants.conf.icinga_server @@ -0,0 +1,14 @@ +const PluginDir = "/usr/local/libexec/nagios" +const ManubulonPluginDir = "/usr/local/libexec/nagios" +const PluginContribDir = "/usr/local/libexec/nagios" +const NodeName = "${BOXCONF_HOSTNAME}" +const ZoneName = NodeName +const TicketSalt = "${icinga_ticket_salt}" +const CertDaysWarn = 30 +const CertDaysCrit = 20 +const ResponseTimeWarn = 0.5 +const ResponseTimeCrit = 1 +const HostsBaseDn = "${hosts_basedn}" +const IcingaUsername = "${icinga_username}" +const IcingaPassword = "${icinga_password}" +const IcingaDN = "${icinga_dn}" diff --git a/files/usr/local/etc/icinga2/icinga2.conf.icinga_server b/files/usr/local/etc/icinga2/icinga2.conf.icinga_server new file mode 100644 index 0000000..c97f5fc --- /dev/null +++ b/files/usr/local/etc/icinga2/icinga2.conf.icinga_server @@ -0,0 +1,9 @@ +include "constants.conf" +include "api-users.conf" +include "zones.conf" +include +include +include +include +include "features-enabled/*.conf" +include_recursive "conf.d" diff --git a/files/usr/local/etc/icinga2/zones.conf.icinga_server b/files/usr/local/etc/icinga2/zones.conf.icinga_server new file mode 100644 index 0000000..59b1fdb --- /dev/null +++ b/files/usr/local/etc/icinga2/zones.conf.icinga_server @@ -0,0 +1,7 @@ +object Endpoint NodeName { + host = NodeName +} + +object Zone ZoneName { + endpoints = [ NodeName ] +} -- cgit v1.2.3