diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/nagios_server/templates/etc/nagios | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/nagios_server/templates/etc/nagios')
12 files changed, 954 insertions, 0 deletions
diff --git a/roles/nagios_server/templates/etc/nagios/cgi.cfg.j2 b/roles/nagios_server/templates/etc/nagios/cgi.cfg.j2 new file mode 100644 index 0000000..2910a7b --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/cgi.cfg.j2 @@ -0,0 +1,24 @@ +main_config_file=/etc/nagios/nagios.cfg +physical_html_path=/usr/share/nagios/html +url_html_path=/ +show_context_help=0 +use_pending_states=1 +use_authentication=1 +use_ssl_authentication=0 +authorized_for_system_information=* +authorized_for_configuration_information=* +authorized_for_system_commands=* +authorized_for_all_services=* +authorized_for_all_hosts=* +authorized_for_all_service_commands=* +authorized_for_all_host_commands=* +default_statuswrl_layout=4 +ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$ +refresh_rate=90 +result_limit=100 +escape_html_tags=1 +action_url_target=_blank +notes_url_target=_blank +lock_author_names=1 +navbar_search_for_addresses=1 +navbar_search_for_aliases=1 diff --git a/roles/nagios_server/templates/etc/nagios/nagios.cfg.j2 b/roles/nagios_server/templates/etc/nagios/nagios.cfg.j2 new file mode 100644 index 0000000..1e48e0a --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/nagios.cfg.j2 @@ -0,0 +1,105 @@ +log_file=/var/log/nagios/nagios.log +cfg_dir=/etc/nagios/objects +object_cache_file=/var/spool/nagios/objects.cache +precached_object_file=/var/spool/nagios/objects.precache +resource_file=/etc/nagios/private/resource.cfg +status_file={{ nagios_status_file }} +status_update_interval=10 +nagios_user=nagios +nagios_group=nagios +check_external_commands=1 +command_file=/var/spool/nagios/cmd/nagios.cmd +lock_file=/var/run/nagios/nagios.pid +temp_file=/var/spool/nagios/nagios.tmp +temp_path=/tmp +event_broker_options=-1 +log_rotation_method=d +log_archive_path=/var/log/nagios/archives +use_syslog=1 +log_notifications=1 +log_service_retries=1 +log_host_retries=1 +log_event_handlers=1 +log_initial_states=0 +log_current_states=1 +log_external_commands=1 +log_passive_checks=1 +service_inter_check_delay_method=s +max_service_check_spread=30 +service_interleave_factor=s +host_inter_check_delay_method=s +max_host_check_spread=30 +max_concurrent_checks=0 +check_result_reaper_frequency=10 +max_check_result_reaper_time=30 +check_result_path=/var/spool/nagios/checkresults +max_check_result_file_age=3600 +cached_host_check_horizon=15 +cached_service_check_horizon=15 +enable_predictive_host_dependency_checks=1 +enable_predictive_service_dependency_checks=1 +soft_state_dependencies=0 +auto_reschedule_checks=0 +auto_rescheduling_interval=30 +auto_rescheduling_window=180 +service_check_timeout=60 +host_check_timeout=30 +event_handler_timeout=30 +notification_timeout=30 +ocsp_timeout=5 +ochp_timeout=5 +perfdata_timeout=5 +retain_state_information=1 +state_retention_file={{ nagios_state_retention_file }} +retention_update_interval=60 +use_retained_program_state=1 +use_retained_scheduling_info=1 +retained_host_attribute_mask=0 +retained_service_attribute_mask=0 +retained_process_host_attribute_mask=0 +retained_process_service_attribute_mask=0 +retained_contact_host_attribute_mask=0 +retained_contact_service_attribute_mask=0 +interval_length=60 +check_for_updates=0 +bare_update_check=0 +use_aggressive_host_checking=0 +execute_service_checks=1 +accept_passive_service_checks=1 +execute_host_checks=1 +accept_passive_host_checks=1 +enable_notifications=1 +enable_event_handlers=1 +process_performance_data=0 +obsess_over_services=0 +obsess_over_hosts=0 +translate_passive_host_checks=0 +passive_host_checks_are_soft=0 +check_for_orphaned_services=1 +check_for_orphaned_hosts=1 +check_service_freshness=1 +service_freshness_check_interval=60 +service_check_timeout_state=c +check_host_freshness=0 +host_freshness_check_interval=60 +additional_freshness_latency=15 +enable_flap_detection=1 +low_service_flap_threshold=5.0 +high_service_flap_threshold=20.0 +low_host_flap_threshold=5.0 +high_host_flap_threshold=20.0 +date_format=us +illegal_object_name_chars=`~!$%^&*|'"<>?,()= +illegal_macro_output_chars=`~$&|'"<> +use_regexp_matching=1 +use_true_regexp_matching=0 +admin_email={{ nagios_admin_email }} +admin_pager={{ nagios_admin_pager }} +daemon_dumps_core=0 +use_large_installation_tweaks=0 +enable_environment_macros=0 +debug_level=0 +debug_verbosity=1 +debug_file=/var/log/nagios/nagios.debug +max_debug_file_size=1000000 +allow_empty_hostgroup_assignment=0 diff --git a/roles/nagios_server/templates/etc/nagios/objects/commands.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/commands.cfg.j2 new file mode 100644 index 0000000..e44d6ab --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/commands.cfg.j2 @@ -0,0 +1,285 @@ +################# +### Notifications +################# +define command { + command_name notify-host-by-email + command_line /usr/bin/printf "%b" "Notification Type: $NOTIFICATIONTYPE$\n\nHost: $HOSTNAME$\nAddress: $HOSTADDRESS$\nState: $HOSTSTATE$\n\nDate/Time: $LONGDATETIME$\n\n$HOSTOUTPUT$\n\n$LONGHOSTOUTPUT$" \ + | /usr/bin/mail -s "$NOTIFICATIONTYPE$: $HOSTNAME$ is $HOSTSTATE$" $CONTACTEMAIL$ +} + +define command { + command_name notify-service-by-email + command_line /usr/bin/printf "%b" "Notification Type: $NOTIFICATIONTYPE$\n\nHost: $HOSTALIAS$\nService: $SERVICEDESC$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\n$SERVICEOUTPUT$\n\n$LONGSERVICEOUTPUT$" \ + | /usr/bin/mail -s "$NOTIFICATIONTYPE$: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$" $CONTACTEMAIL$ +} + + +############### +### Host Checks +############### +define command { + command_name check_ping + command_line $USER1$/check_ping \ + --hostname='$ARG1$' \ + --packets='$ARG2$' \ + --warning='$ARG3$' \ + --critical='$ARG4$' +} + +define command { + command_name check_dummy + command_line $USER1$/check_dummy 0 +} + + +########################## +### Service Checks: Common +########################## +define command { + command_name check_ssh + command_line $USER1$/check_ssh '$HOSTADDRESS$' +} + +define command { + command_name check_systemd_by_ssh + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_systemd' +} + +define command { + command_name check_needs_restart_by_ssh + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_needs_restart' +} + +define command { + command_name check_mem_by_ssh + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_mem -u -C -z -w $ARG1$ -c $ARG2$' +} + +define command { + command_name check_swap_by_ssh + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_swap -n ok -w $ARG1$ -c $ARG2$' +} + +define command { + command_name check_snmp_interface + command_line $USER1$/check_snmp_int.pl \ + {{ nagios_manubulon_args }} \ + --ign-admindown \ + --use-ifname \ + --perfdata \ + --error \ + --perfspeed \ + --perfcheck \ + --extperfcheck \ + --64bits \ + --label \ + --kbits \ + --mega \ + --name='$ARG1$' \ + --warning='$ARG2$' \ + --critical='$ARG3$' \ + --octetlength={{ nagios_snmp_max_size }} \ + $ARG4$ +} + +define command { + command_name check_snmp_storage + command_line $USER1$/check_snmp_storage.pl \ + {{ nagios_manubulon_args }} \ + --name='$ARG1$' \ + --warn='$ARG2$' \ + --crit='$ARG3$' \ + --storagetype=FixedDisk \ + --perfdata \ + --gigabyte \ + --short=1,1 \ + --octetlength={{ nagios_snmp_max_size }} \ + $ARG4$ +} + +define command { + command_name check_snmp_storage_terse + command_line $USER1$/check_snmp_storage.pl \ + {{ nagios_manubulon_args }} \ + --name='$ARG1$' \ + --warn='$ARG2$' \ + --crit='$ARG3$' \ + --storagetype=FixedDisk \ + --gigabyte \ + --short=0,1 \ + --octetlength={{ nagios_snmp_max_size }} \ + $ARG4$ +} + +define command { + command_name check_snmp_load + command_line $USER1$/check_snmp_load.pl \ + {{ nagios_manubulon_args }} \ + --perfdata \ + --type=netsl \ + --warn='$ARG1$' \ + --crit='$ARG2$' +} + +define command { + command_name check_snmp_mem + command_line $USER1$/check_snmp_mem.pl \ + {{ nagios_manubulon_args }} \ + --perfdata \ + --warn='$ARG1$' \ + --crit='$ARG2$' +} + + +####################### +### Service Checks: ZFS +####################### +define command { + command_name check_zpools_by_ssh + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_zpools -w $ARG1$ -c $ARG2$' +} + + +################################## +### Service Checks: Infrastructure +################################## +define command { + command_name check_cyberpower + command_line $USER1$/check_cyberpower -u -H $HOSTADDRESS$ -C {{ nagios_snmp_community | quote }} -l $ARG1$ $ARG2$ +} + + +########################## +# Service Checks: Asterisk +########################## +define command { + command_name check_asterisk_endpoints + command_line $USER1$/check_asterisk_endpoints -H '$_HOSTFQDN$' -P '$ARG1$' -u '$ARG2$' -p '$ARG3$' $ARG4$ +} + + +###################################### +# Service Checks: Certificate Validity +###################################### +define command { + command_name check_ssl_validity + command_line $USER1$/check_ssl_validity -I '$HOSTADDRESS$' -C 3600 -p '$ARG1$' -H '$ARG2$' -w '$ARG3$' -c '$ARG4$' +} + + +###################### +# Service Checks: SMTP +###################### +define command { + command_name check_smtp + command_line $USER1$/check_smtp -H '$HOSTADDRESS$' -p 25 -S -D '$ARG1$,$ARG2$' -w '$ARG3$' -c '$ARG4$' +} + +define command { + command_name check_mailq + command_line $USER1$/check_by_ssh \ + {{ nagios_check_by_ssh_args }} \ + --command='check_mailq -M postfix -w $ARG1$ -c $ARG2$' +} + +###################### +# Service Checks: IMAP +###################### +define command { + command_name check_imap + command_line $USER1$/check_imap -H '$HOSTADDRESS$' -p 993 -S -D '$ARG1$,$ARG2$' -w '$ARG3$' -c '$ARG4$' +} + +###################### +# Service Checks: XMPP +###################### +define command { + command_name check_xmpp + command_line $USER1$/check_ssl_cert \ + --host '$HOSTADDRESS$' \ + --protocol xmpp-server \ + --ignore-sct \ + --timeout 60 \ + --xmpphost '$ARG1$' \ + --warning '$ARG2$' \ + --critical '$ARG3$' +} + +############################ +# Service Checks: PostgreSQL +############################ +define command { + command_name check_postgres + command_line $USER1$/check_ssl_cert \ + --host '$HOSTADDRESS$' \ + --protocol postgres \ + --ignore-sct \ + --timeout 60 \ + --warning '$ARG1$' \ + --critical '$ARG2$' +} + +############################ +# Service Checks: LDAP +############################ +define command { + command_name check_ldaps + command_line $USER1$/check_ldaps \ + --hostname='$_HOSTFQDN$' \ + --ver3 \ + --base='$ARG1$' \ + --age='$ARG2$,$ARG3$' +} + +###################################### +# Service Checks: HTTPS +###################################### +define command { + command_name check_https + command_line $USER1$/check_http \ + --IP-address='$HOSTADDRESS$' \ + --hostname='$ARG1$' \ + --port=443 \ + --ssl=1.2 \ + --sni \ + --verify-host \ + --certificate '$ARG2$,$ARG3$' \ + --continue-after-certificate \ + --no-body \ + --onredirect=ok \ + --warning='$ARG4$' \ + --critical='$ARG5$' \ + $ARG6$ +} + +###################################### +# Service Checks: DNS +###################################### +define command { + command_name check_dns + command_line $USER1$/check_dns \ + --accept-cname \ + --server='$HOSTADDRESS$' \ + --hostname='$ARG1$' \ + --querytype='$ARG2$' +} + +define command { + command_name check_dns_response + command_line $USER1$/check_dns \ + --accept-cname \ + --server='$ARG1$' \ + --hostname='$ARG2$' \ + --querytype='$ARG3$' \ + --expected-address='$ARG4$' +} diff --git a/roles/nagios_server/templates/etc/nagios/objects/contacts.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/contacts.cfg.j2 new file mode 100644 index 0000000..797adbc --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/contacts.cfg.j2 @@ -0,0 +1,6 @@ +define contact { + contact_name sysadmins + alias System Administrators + email {{ nagios_email }} + use generic-contact +} diff --git a/roles/nagios_server/templates/etc/nagios/objects/hostgroups.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/hostgroups.cfg.j2 new file mode 100644 index 0000000..2051447 --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/hostgroups.cfg.j2 @@ -0,0 +1,10 @@ +{% for groupname in groups.keys() | difference(['all','ungrouped'] + nagios_excluded_groups) %} +{% if groups[groupname] | reject('in', nagios_excluded_groups | map('extract', groups) | flatten) %} +define hostgroup { + hostgroup_name {{ groupname }} + alias {{ groupname | replace('_', ' ') | title }} + members {{ groups[groupname] | reject('in', nagios_excluded_groups | map('extract', groups) | flatten) | join(',') }} +} + +{% endif %} +{% endfor %} diff --git a/roles/nagios_server/templates/etc/nagios/objects/hosts.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/hosts.cfg.j2 new file mode 100644 index 0000000..3e8d72f --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/hosts.cfg.j2 @@ -0,0 +1,31 @@ +define host { + host_name {{ inventory_hostname }} + alias {{ inventory_hostname }} + address 127.0.0.1 + use generic-host + check_command check_dummy + notification_period 24x7 + _fqdn {{ ansible_fqdn }} + _snmp_user {{ hostvars[inventory_hostname].nagios_snmp_user }} + _snmp_priv_pass {{ hostvars[inventory_hostname].nagios_snmp_priv_pass }} + _snmp_priv_proto {{ hostvars[inventory_hostname].nagios_snmp_priv_proto }} + _snmp_auth_pass {{ hostvars[inventory_hostname].nagios_snmp_auth_pass }} + _snmp_auth_proto {{ hostvars[inventory_hostname].nagios_snmp_auth_proto }} +} + +{% for host in groups['all'] | reject('equalto', inventory_hostname) | reject('in', nagios_excluded_groups | map('extract', groups) | flatten) %} +define host { + host_name {{ host }} + alias {{ host }} + address {{ hostvars[host].ip }} + use generic-host + check_command check_ping!$HOSTADDRESS$!{{ hostvars[host].nagios_ping_count }}!{{ hostvars[host].nagios_ping_rtt_warn }},{{ hostvars[host].nagios_ping_loss_warn | replace('%', '') }}%!{{ hostvars[host].nagios_ping_rtt_crit }},{{ hostvars[host].nagios_ping_loss_crit | replace('%', '') }}% + _fqdn {{ hostvars[host].fqdn }} + _snmp_user {{ hostvars[host].nagios_snmp_user }} + _snmp_priv_pass {{ hostvars[host].nagios_snmp_priv_pass }} + _snmp_priv_proto {{ hostvars[host].nagios_snmp_priv_proto }} + _snmp_auth_pass {{ hostvars[host].nagios_snmp_auth_pass }} + _snmp_auth_proto {{ hostvars[host].nagios_snmp_auth_proto }} +} + +{% endfor %} diff --git a/roles/nagios_server/templates/etc/nagios/objects/servicedependencies.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/servicedependencies.cfg.j2 new file mode 100644 index 0000000..050a1cd --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/servicedependencies.cfg.j2 @@ -0,0 +1,8 @@ +# ssh-based checks depend on the ssh service being OK +define servicedependency { + hostgroup nagios_check_ssh + service_description ssh + dependent_servicegroup_name ssh + execution_failure_criteria c,u + notification_failure_criteria c,u +} diff --git a/roles/nagios_server/templates/etc/nagios/objects/servicegroups.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/servicegroups.cfg.j2 new file mode 100644 index 0000000..c8e6a98 --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/servicegroups.cfg.j2 @@ -0,0 +1,19 @@ +define servicegroup { + servicegroup_name ssh + alias SSH-based checks +} + +define servicegroup { + servicegroup_name snmp + alias SNMP-based checks +} + +define servicegroup { + servicegroup_name https + alias HTTPS-based checks +} + +define servicegroup { + servicegroup_name dns + alias DNS-based checks +} diff --git a/roles/nagios_server/templates/etc/nagios/objects/services.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/services.cfg.j2 new file mode 100644 index 0000000..68b4fe4 --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/services.cfg.j2 @@ -0,0 +1,375 @@ +############### +# Local checks +############### + +# Upstream packet loss +define service { + service_description upstream-packet-loss + host_name {{ inventory_hostname }} + use generic-service + check_command check_ping!{{ nagios_connectivity_check_host }}!{{ nagios_connectivity_check_count }}!{{ nagios_connectivity_check_rtt_warn }},{{ nagios_connectivity_check_loss_warn | replace('%', '') }}%!{{ nagios_connectivity_check_rtt_crit }},{{ nagios_connectivity_check_loss_crit | replace('%', '') }}% +} + +# Nagios web gui +define service { + service_description https + host_name {{ inventory_hostname }} + use generic-service + check_command check_https!$_HOSTFQDN$!{{ nagios_certificate_warn }}!{{ nagios_certificate_crit }}!{{ nagios_http_warn }}!{{ nagios_http_crit }}!-e 'HTTP/1.1 401' + servicegroups https +} + +############### +# DNS checks +############### + +{% for item in nagios_check_dns %} +# {{ item.name }} - {{ item.qtype | default('A') | upper }} +define service { + {% if (item.qtype | default('A') | upper) == 'A' %} + service_description dns-{{ item.name }} + {% else %} + service_description dns-{{ item.name }}-{{ item.qtype | lower }} + {% endif %} + host_name {{ inventory_hostname }} + use generic-service + check_command check_dns_response!{{ item.server }}!{{ item.name }}!{{ item.qtype | default('A') | upper }}!{{ item.expect }} + servicegroups dns +} + +{% endfor %} + + +############### +# Common checks +############### + +# SSH +define service { + service_description ssh + hostgroups nagios_check_ssh + use generic-service + check_command check_ssh +} + +# Systemd +define service { + service_description systemd + hostgroups nagios_check_systemd + use generic-service + check_command check_systemd_by_ssh + servicegroups ssh +} + +# Check if services need restart or system needs reboot +define service { + service_description needs-restart + hostgroups nagios_el_clients + use generic-service + check_command check_needs_restart_by_ssh + servicegroups ssh + check_interval 60 + # only alert if needs-restart doesn't resolve within 24h + first_notification_delay 1440 +} + +{% for host in groups.nagios_check_load %} +# Load - {{ host }} +define service { + service_description load + host_name {{ host }} + use generic-service + check_command check_snmp_load!{{ hostvars[host].nagios_load_1m_warn }},{{ hostvars[host].nagios_load_5m_warn }},{{ hostvars[host].nagios_load_15m_warn }}!{{ hostvars[host].nagios_load_1m_crit }},{{ hostvars[host].nagios_load_5m_crit }},{{ hostvars[host].nagios_load_15m_crit }} + servicegroups snmp +} + +{% endfor %} + +{% for host in groups.nagios_check_mem %} +# Memory / Swap - {{ host }} +{% if host in groups.nagios_check_zfs %} +define service { + service_description mem + host_name {{ host }} + use generic-service + check_command check_mem_by_ssh!{{ hostvars[host].nagios_mem_warn | replace('%', '') }}!{{ hostvars[host].nagios_mem_crit | replace('%', '') }} + servicegroups ssh +} +define service { + service_description swap + host_name {{ host }} + use generic-service + check_command check_swap_by_ssh!{{ 100 - (hostvars[host].nagios_swap_warn | replace('%', '') | int) }}%!{{ 100 - (hostvars[host].nagios_swap_crit | replace('%', '') | int) }}% + servicegroups ssh +} +{% else %} +define service { + service_description mem + host_name {{ host }} + use generic-service + check_command check_snmp_mem!{{ hostvars[host].nagios_mem_warn | replace('%', '') }},{{ hostvars[host].nagios_swap_warn | replace('%', '') }}!{{ hostvars[host].nagios_mem_crit | replace('%', '') }},{{ hostvars[host].nagios_swap_crit | replace('%', '') }} + servicegroups snmp +} +{% endif %} + +{% endfor %} + +{% for host in groups.nagios_check_disk %} +# Disk Usage - {{ host }} +{% for disk in hostvars[host].nagios_disks %} +define service { + service_description {% if disk is string %}{{ disk }}{% elif disk.description is defined %}{{ disk.description }}{% else %}{{ disk.path }}{% endif %} + + host_name {{ host }} + use generic-service + check_command check_snmp_storage{% if disk.terse | default(false) %}_terse{% endif %}!{% if disk is string %}{{ disk }}{% elif disk.regex is defined %}{{ disk.regex | replace('!', '\\!') }}{% else %}{{ disk.path }}{% endif %}!{{ disk.warn | default(hostvars[host].nagios_disk_warn) }}!{{ disk.crit | default(hostvars[host].nagios_disk_crit) }}!{% if disk.exclude | default(false) %}--exclude{% endif %} {% if disk.regex is not defined %}--noregexp{% endif %} + + servicegroups snmp +} + +{% endfor %} +{% endfor %} + +{% for host in groups.nagios_check_interfaces %} +# Network Interfaces - {{ host }} +{% for intf in hostvars[host].nagios_interfaces %} +define service { + service_description {% if intf is string %}{{ intf }}{% elif intf.description is defined %}{{ intf.description }}{% else %}{{ intf.name }}{% endif %} + + host_name {{ host }} + use generic-service + check_interval 5 + retry_interval 5 + check_command check_snmp_interface!{% if intf is string %}{{ intf }}{% elif intf.regex is defined %}{{ intf.regex | replace('!', '\\!') }}{% else %}{{ intf.name }}{% endif %}!{{ intf.bandwidth_warn | default(hostvars[host].nagios_interface_bandwidth_warn) }},{{ intf.bandwidth_warn | default(hostvars[host].nagios_interface_bandwidth_warn) }},{{ intf.error_warn | default(hostvars[host].nagios_interface_error_warn) }},{{ intf.error_warn | default(hostvars[host].nagios_interface_error_warn) }},{{ intf.discard_warn | default(hostvars[host].nagios_interface_discard_warn) }},{{ intf.discard_warn | default(hostvars[host].nagios_interface_discard_warn) }}!{{ intf.bandwidth_crit | default(hostvars[host].nagios_interface_bandwidth_crit) }},{{ intf.bandwidth_crit | default(hostvars[host].nagios_interface_bandwidth_crit) }},{{ intf.error_crit | default(hostvars[host].nagios_interface_error_crit) }},{{ intf.error_crit | default(hostvars[host].nagios_interface_error_crit) }},{{ intf.discard_crit | default(hostvars[host].nagios_interface_discard_crit) }},{{ intf.discard_crit | default(hostvars[host].nagios_interface_discard_crit) }}!{% if intf.down_ok | default(false) %}--down{% endif %} {% if intf.regex is not defined %}--noregexp{% endif %} + servicegroups snmp +} + +{% endfor %} +{% endfor %} + + +############ +# ZFS Checks +############ + +{% for host in groups.nagios_check_zfs %} +# zpools - {{ host }} +define service { + service_description zpool + host_name {{ host }} + use generic-service + check_command check_zpools_by_ssh!{{ 100 - (hostvars[host].nagios_disk_warn|replace('%','') | int) }}!{{ 100 - (hostvars[host].nagios_disk_crit|replace('%','') | int) }} + servicegroups ssh +} + +{% endfor %} + + +####################### +# Infrastructure Checks +####################### + +# UPS +define service { + service_description status + hostgroups ups + use generic-service + check_command check_cyberpower!status + servicegroups snmp +} + +define service { + service_description health + hostgroups ups + use generic-service + check_command check_cyberpower!health + servicegroups snmp +} + +define service { + service_description battery + hostgroups ups + use generic-service + check_command check_cyberpower!battery + servicegroups snmp +} + +define service { + service_description transfer + hostgroups ups + use generic-service + check_command check_cyberpower!transfer + servicegroups snmp +} + +{% for host in groups.ups %} +# UPS Temp - {{ host }} +define service { + service_description temp + host_name {{ host }} + use generic-service + check_command check_cyberpower!temp!-w {{ hostvars[host].nagios_temp_warn }} -c {{ hostvars[host].nagios_temp_crit }} + servicegroups snmp +} + +define service { +# UPS Load - {{ host }} + service_description load + host_name {{ host }} + use generic-service + check_command check_cyberpower!load! -w {{ hostvars[host].nagios_power_draw_warn | replace('%', '') }} -c {{ hostvars[host].nagios_power_draw_crit | replace('%', '') }} + servicegroups snmp +} + +{% endfor %} + + +################# +# Asterisk Checks +################# + +{% for host in groups.asterisk_servers %} +# endpoints - {{ host }} +define service { + service_description endpoints + host_name {{ host }} + use generic-service + check_command check_asterisk_endpoints!{{ hostvars[host].asterisk_https_port | default(8089) }}!nagios!{{ hostvars[host].asterisk_ari_users | selectattr('name', '==', 'nagios') | map(attribute='password') | first }}!{{ (hostvars[host].asterisk_sip_trunks + hostvars[host].asterisk_sip_extensions) | map(attribute='name') | join(' ' ) }} +} +{% endfor %} + + +###################### +# SMTP Checks +###################### + +{% for host in groups.mail_servers %} +define service { + service_description smtp + host_name {{ host }} + use generic-service + check_command check_smtp!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }}!{{ hostvars[host].nagios_smtp_warn }}!{{ hostvars[host].nagios_smtp_crit }} +} + +define service { + service_description mailq + host_name {{ host }} + use generic-service + check_command check_mailq!{{ hostvars[host].nagios_mailq_warn }}!{{ hostvars[host].nagios_mailq_crit }} +} + +{% endfor %} + + +###################### +# IMAP Checks +###################### + +{% for host in groups.imap_servers %} +define service { + service_description imap + host_name {{ host }} + use generic-service + check_command check_imap!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }}!{{ hostvars[host].nagios_imap_warn }}!{{ hostvars[host].nagios_imap_crit }} +} + +{% endfor %} + + +###################### +# XMPP Checks +###################### + +{% for host in groups.xmpp_servers %} +{% for vhost in hostvars[host].prosody_vhosts %} +define service { + service_description xmpp-{{ vhost }} + host_name {{ host }} + use generic-service + check_command check_xmpp!{{ vhost }}!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }} +} + +{% endfor %} +{% for vhost in hostvars[host].prosody_conference_vhosts | default(['conference.'] | product(hostvars[host].prosody_vhosts) | map('join') | list) %} +define service { + service_description xmpp-{{ vhost }} + host_name {{ host }} + use generic-service + check_command check_xmpp!{{ vhost }}!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }} +} + +{% endfor %} +{% endfor %} + + +###################### +# PostgreSQL Checks +###################### + +{% for host in groups.postgresql_servers %} +define service { + service_description postgres + host_name {{ host }} + use generic-service + check_command check_postgres!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }} +} + +{% endfor %} + + +###################### +# HTTPS Checks +###################### + +{% for host in groups.nagios_check_https %} +# {{ host }} +{% for vhost in hostvars[host].nagios_https_vhosts | default(['$_HOSTFQDN$']) %} +define service { + service_description {{ 'https' if loop.length == 1 else 'https-'~(vhost if vhost is string else vhost.name) }} + host_name {{ host }} + use generic-service + check_command check_https!{{ vhost if vhost is string else vhost.name }}!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }}!{{ hostvars[host].nagios_http_warn }}!{{ hostvars[host].nagios_http_crit }}!{{ '-e HTTP/1.1 '~vhost.status if vhost.status is defined else '-e HTTP/1.1 '~hostvars[host].nagios_http_status if hostvars[host].nagios_http_status is defined else '' }} + servicegroups https +} +{% endfor %} + +{% endfor %} + + +###################### +# DNS Checks +###################### + +{% for host in groups.authoritative_nameservers %} +{% for zone in hostvars[host].nsd_zones | map(attribute='name') %} +define service { + service_description dns-{{ zone }} + host_name {{ host }} + use generic-service + check_command check_dns!{{ zone }}!SOA +} + +{% endfor %} +{% endfor %} + + +###################### +# FreeIPA Checks +###################### + +define service { + service_description dns + hostgroups freeipa_servers + use generic-service + check_command check_dns!{{ domain }}!SOA +} + +{% for host in groups.freeipa_servers %} +define service { + service_description ldap + hostgroups freeipa_servers + use generic-service + check_command check_ldaps!{{ freeipa_basedn }}!{{ hostvars[host].nagios_certificate_warn }}!{{ hostvars[host].nagios_certificate_crit }} +} + +{% endfor %} diff --git a/roles/nagios_server/templates/etc/nagios/objects/templates.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/templates.cfg.j2 new file mode 100644 index 0000000..4f9d306 --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/templates.cfg.j2 @@ -0,0 +1,51 @@ +define contact { + name generic-contact + host_notification_period 24x7 + host_notification_options d,u,r,f,s + host_notification_commands notify-host-by-email + service_notification_period 24x7 + service_notification_options w,u,c,r,f,s + service_notification_commands notify-service-by-email + register 0 +} + +define host { + name generic-host + notifications_enabled 1 + event_handler_enabled 1 + flap_detection_enabled 0 + process_perf_data 1 + retain_status_information 1 + retain_nonstatus_information 1 + notification_period 24x7-except-reboot-window + notification_interval 0 + notification_options d,u,r,f + first_notification_delay 0 + check_period 24x7 + check_interval 5 + retry_interval 1 + max_check_attempts 3 + contacts sysadmins + register 0 +} + +define service { + name generic-service + parallelize_check 1 + check_freshness 0 + notifications_enabled 1 + event_handler_enabled 1 + flap_detection_enabled 0 + process_perf_data 1 + retain_status_information 1 + retain_nonstatus_information 1 + is_volatile 0 + max_check_attempts 3 + check_interval 10 + retry_interval 1 + notification_options w,u,c,r,f + notification_interval 0 + first_notification_delay 0 + contacts sysadmins + register 0 +} diff --git a/roles/nagios_server/templates/etc/nagios/objects/timeperiods.cfg.j2 b/roles/nagios_server/templates/etc/nagios/objects/timeperiods.cfg.j2 new file mode 100644 index 0000000..2a0c885 --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/objects/timeperiods.cfg.j2 @@ -0,0 +1,39 @@ +define timeperiod { + timeperiod_name reboot-window + alias reboot window + + sunday {{ nagios_reboot_window }} + monday {{ nagios_reboot_window }} + tuesday {{ nagios_reboot_window }} + wednesday {{ nagios_reboot_window }} + thursday {{ nagios_reboot_window }} + friday {{ nagios_reboot_window }} + saturday {{ nagios_reboot_window }} +} + +define timeperiod { + timeperiod_name 24x7 + alias 24x7 + + sunday 00:00-24:00 + monday 00:00-24:00 + tuesday 00:00-24:00 + wednesday 00:00-24:00 + thursday 00:00-24:00 + friday 00:00-24:00 + saturday 00:00-24:00 +} + +define timeperiod { + timeperiod_name 24x7-except-reboot-window + alias 24x7 (except reboot window) + exclude reboot-window + + sunday 00:00-24:00 + monday 00:00-24:00 + tuesday 00:00-24:00 + wednesday 00:00-24:00 + thursday 00:00-24:00 + friday 00:00-24:00 + saturday 00:00-24:00 +} diff --git a/roles/nagios_server/templates/etc/nagios/private/resource.cfg.j2 b/roles/nagios_server/templates/etc/nagios/private/resource.cfg.j2 new file mode 100644 index 0000000..b8c4e8c --- /dev/null +++ b/roles/nagios_server/templates/etc/nagios/private/resource.cfg.j2 @@ -0,0 +1 @@ +$USER1$=/usr/lib64/nagios/plugins |