Rework Nagios inventory template

This new template, instead of querying out Netbox direct, assumes you run the nb_inventory plugin and pulls all of its service configuration from there. Also config context service checks are no longer a thing; formalize your shit.
2022-02-23 21:03:19 -06:00 · 2022-02-23 21:03:19 -06:00 · 295927e1ab
commit 295927e1ab
parent 6707ce48bd
2 changed files with 217 additions and 1 deletions
--- a/roles/nagios/tasks/main.yml
+++ b/roles/nagios/tasks/main.yml
@ -33,7 +33,7 @@
    - notify-by-matrix
  tags: [ nagios, template, plugins ]
 - name: template out config for nagios
-  template: src=nagios-ansible.cfg.j2 dest="{{ nagios_data_dir }}/etc/objects/ansible.cfg" owner=root group=root mode=0644
+  template: src=nagios-ansible-inventory.cfg.j2 dest="{{ nagios_data_dir }}/etc/objects/ansible.cfg" owner=root group=root mode=0644
  tags: [ nagios, template ]
  notify: restart nagios
 - name: assure config file is loaded
--- a/roles/nagios/templates/nagios-ansible-inventory.cfg.j2
+++ b/roles/nagios/templates/nagios-ansible-inventory.cfg.j2
@ -0,0 +1,216 @@
+# {{ ansible_managed }}
+
+# Templates
+define host {
+	name			ansible-linux-server
+	check_period		24x7
+	check_interval		10
+	retry_interval		3
+	max_check_attempts	10
+	check_command		check-host-alive
+	notification_period	24x7
+	notification_interval	120
+	hostgroups		ansible
+	check_period		24x7
+	contacts		salt
+	register		0
+}
+define service {
+	use			generic-service
+	name			ansible-generic-service
+	max_check_attempts	10
+	check_interval		10
+	retry_interval		2
+	register		0
+}
+
+# Default hostgroup
+define hostgroup {
+	hostgroup_name		ansible
+	alias			Ansible-managed Hosts
+}
+
+# Additional timeperiods for convenience
+define timeperiod {
+	timeperiod_name		ansible-not-late-at-night
+	alias			Not Late at Night
+	sunday			07:00-22:00
+	monday			07:00-22:00
+	tuesday			07:00-22:00
+	wednesday		07:00-22:00
+	thursday		07:00-22:00
+	friday			07:00-22:00
+	saturday		07:00-22:00
+}
+
+{% if nagios_contacts is defined %}
+# Contacts
+# Everything here is defined in nagios_contacts
+{% for contact in nagios_contacts %}
+define contact {
+	contact_name			{{ contact.name }}
+	alias				{{ contact.alias | default(contact.name, true ) }}
+	host_notifications_enabled	{{ contact.host_notifications_enabled | default('1', true) }}
+	host_notification_period	{{ contact.host_notification_period | default('24x7', true) }}
+	host_notification_options	{{ contact.host_notification_options | default('d,u,r,f', true ) }}
+	host_notification_commands	{{ contact.host_notification_commands }}
+	service_notifications_enabled	{{ contact.service_notifications_enabled | default('1', true) }}
+	service_notification_period	{{ contact.service_notification_period | default('24x7', true) }}
+	service_notification_options	{{ contact.service_notification_options | default('w,c,r,f', true ) }}
+	service_notification_commands	{{ contact.service_notification_commands }}
+	{% if contact.extra is defined %}
+	{% for kvp in contact.extra %}
+	{{ kvp.key }} {{ kvp.value }}
+	{% endfor %}
+	{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+# And a contactgroup
+define contactgroup {
+	contactgroup_name		ansible
+	alias				Ansible notification contacts
+	members				nagiosadmin
+}
+
+{% if nagios_commands is defined %}
+# Commands
+# Everything here is defined in nagios_commands
+{% for command in nagios_commands %}
+define command {
+	command_name		{{ command.name }}
+	command_line		{{ command.command }}
+	{% if command.extra is defined %}
+	{% for kvp in command.extra %}
+	{{ kvp.key }} {{ kvp.value }}
+	{% endfor %}
+	{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+{% if nagios_services is defined %}
+# Services
+# Everything here is defined in nagios_services
+{% for service in nagios_services %}
+define service {
+	use			ansible-generic-service
+	service_description	{{ service.name }}
+	check_command		{{ service.command }}
+	hostgroup_name		{{ service.hostgroup | default('ansible', true) }}
+	contact_groups		ansible
+	{% if service.extra is defined %}
+	{% for kvp in service.extra %}
+	{{ kvp.key }} {{ kvp.value }}
+	{% endfor %}
+	{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+# Hostgroups
+{% for role in query('netbox.netbox.nb_lookup', 'device-roles', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
+# Device Role:		{{ role.value.name }}
+# 	Description:	{{ role.value.description }}
+# 	Created:	{{ role.value.created }}
+# 	Updated:	{{ role.value.last_updated }}
+define hostgroup {
+	hostgroup_name		role-{{ role.value.slug }}
+	alias			{{ role.value.display }}
+}
+{% endfor %}
+{% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
+# Tag:			{{ tag.value.name }}
+# 	Description:	{{ tag.value.description }}
+define hostgroup {
+	hostgroup_name		tag-{{ tag.value.slug }}
+	alias			{{ tag.value.display }}
+}
+{% endfor %}
+{% for type in query('netbox.netbox.nb_lookup', 'device-types', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
+# Type:			{{ type.value.display }}
+define hostgroup {
+	hostgroup_name		device-type-{{ type.value.slug }}
+	alias			{{ type.value.display }}
+}
+{% endfor %}
+
+# Inventory Hosts and related services
+{% for host in groups['tags_nagios'] %}
+{% set vars = hostvars[host] %}
+define host {
+	use			ansible-linux-server
+	host_name		{{ host }}
+	alias			{{ host }}
+	address			{{ vars.ansible_host }}
+	hostgroups		ansible{% for tag in vars.tags %},tag-{{ tag }}{% endfor %}{% for role in vars.device_roles %},role-{{ role }}{% endfor %}{% if vars.device_types is defined %}{% for type in vars.device_types %},device-type-{{ type }}{% endfor %}{% endif %}
+
+	contact_groups		ansible
+}
+{% for service in vars.services %}
+{% for tag in service.tags %}
+{# #}
+{% if tag.slug == "nagios-checkmatrix" %}
+{% for port in service.ports %}
+define service {
+	use			ansible-generic-service
+	service_description	Matrix Synapse - {{ service.name }} - {{ port }}
+	check_command		check_http!--ssl -H {{ service.name }} -u https://{{ service.name }}/health -s OK -p {{ port }} -f sticky
+	host_name		{{ host }}
+	contact_groups		ansible
+}
+{% endfor %}
+{% endif %}
+{# #}
+{% if tag.slug == "nagios-checkminecraft" %}
+{% for port in service.ports %}
+define service {
+	use			ansible-generic-service
+	service_description	Minecraft - {{ service.name }} - {{ port }}
+	check_command		check_by_ssh!/usr/local/bin/monitoring-scripts/check_minecraft -H {{ host }} -p {{ port }} -m "{{ service.description }}" -f -w 3 -c 5
+	host_name		{{ host }}
+	contact_groups		ansible
+}
+{% endfor %}
+{% endif %}
+{# #}
+{% if tag.slug == "nagios-checkhttp" %}
+{% for port in service.ports %}
+define service {
+	use			ansible-generic-service
+	service_description	HTTP - {{ service.name }} - {{ port }}
+	check_command		check_http!-H {{ service.name }} -p {{ port }} -f sticky
+	host_name		{{ host }}
+	contact_groups		ansible
+}
+{% endfor %}
+{% endif %}
+{# #}
+{% if tag.slug == "nagios-checkhttps" %}
+{% for port in service.ports %}
+define service {
+	use			ansible-generic-service
+	service_description	HTTPS - {{ service.name }} - {{ port }}
+	check_command		check_http!--ssl -H {{ service.name }} -p {{ port }} -f sticky
+	host_name		{{ host }}
+	contact_groups		ansible
+}
+{% endfor %}
+{% endif %}
+{# #}
+{% if tag.slug == "nagios-checktcp" %}
+{% for port in service.ports %}
+define service {
+	use			ansible-generic-service
+	service_description	TCP {{ service.name }} - {{ port }}
+	check_command		check_tcp!{{ port }}
+	host_name		{{ host }}
+	contact_groups		ansible
+}
+{% endfor %}
+{% endif %}
+{# #}
+{% endfor %}
+{% endfor %}
+{% endfor %}