From 295927e1abb2922d1792ee71622bd094d975d300 Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 23 Feb 2022 21:03:19 -0600 Subject: [PATCH] Rework Nagios inventory template This new template, instead of querying out Netbox direct, assumes you run the nb_inventory plugin and pulls all of its service configuration from there. Also config context service checks are no longer a thing; formalize your shit. --- roles/nagios/tasks/main.yml | 2 +- .../templates/nagios-ansible-inventory.cfg.j2 | 216 ++++++++++++++++++ 2 files changed, 217 insertions(+), 1 deletion(-) create mode 100644 roles/nagios/templates/nagios-ansible-inventory.cfg.j2 diff --git a/roles/nagios/tasks/main.yml b/roles/nagios/tasks/main.yml index e6dba6c..8b61d82 100644 --- a/roles/nagios/tasks/main.yml +++ b/roles/nagios/tasks/main.yml @@ -33,7 +33,7 @@ - notify-by-matrix tags: [ nagios, template, plugins ] - name: template out config for nagios - template: src=nagios-ansible.cfg.j2 dest="{{ nagios_data_dir }}/etc/objects/ansible.cfg" owner=root group=root mode=0644 + template: src=nagios-ansible-inventory.cfg.j2 dest="{{ nagios_data_dir }}/etc/objects/ansible.cfg" owner=root group=root mode=0644 tags: [ nagios, template ] notify: restart nagios - name: assure config file is loaded diff --git a/roles/nagios/templates/nagios-ansible-inventory.cfg.j2 b/roles/nagios/templates/nagios-ansible-inventory.cfg.j2 new file mode 100644 index 0000000..824c21f --- /dev/null +++ b/roles/nagios/templates/nagios-ansible-inventory.cfg.j2 @@ -0,0 +1,216 @@ +# {{ ansible_managed }} + +# Templates +define host { + name ansible-linux-server + check_period 24x7 + check_interval 10 + retry_interval 3 + max_check_attempts 10 + check_command check-host-alive + notification_period 24x7 + notification_interval 120 + hostgroups ansible + check_period 24x7 + contacts salt + register 0 +} +define service { + use generic-service + name ansible-generic-service + max_check_attempts 10 + check_interval 10 + retry_interval 2 + register 0 +} + +# Default hostgroup +define hostgroup { + hostgroup_name ansible + alias Ansible-managed Hosts +} + +# Additional timeperiods for convenience +define timeperiod { + timeperiod_name ansible-not-late-at-night + alias Not Late at Night + sunday 07:00-22:00 + monday 07:00-22:00 + tuesday 07:00-22:00 + wednesday 07:00-22:00 + thursday 07:00-22:00 + friday 07:00-22:00 + saturday 07:00-22:00 +} + +{% if nagios_contacts is defined %} +# Contacts +# Everything here is defined in nagios_contacts +{% for contact in nagios_contacts %} +define contact { + contact_name {{ contact.name }} + alias {{ contact.alias | default(contact.name, true ) }} + host_notifications_enabled {{ contact.host_notifications_enabled | default('1', true) }} + host_notification_period {{ contact.host_notification_period | default('24x7', true) }} + host_notification_options {{ contact.host_notification_options | default('d,u,r,f', true ) }} + host_notification_commands {{ contact.host_notification_commands }} + service_notifications_enabled {{ contact.service_notifications_enabled | default('1', true) }} + service_notification_period {{ contact.service_notification_period | default('24x7', true) }} + service_notification_options {{ contact.service_notification_options | default('w,c,r,f', true ) }} + service_notification_commands {{ contact.service_notification_commands }} + {% if contact.extra is defined %} + {% for kvp in contact.extra %} + {{ kvp.key }} {{ kvp.value }} + {% endfor %} + {% endif %} +} +{% endfor %} +{% endif %} + +# And a contactgroup +define contactgroup { + contactgroup_name ansible + alias Ansible notification contacts + members nagiosadmin +} + +{% if nagios_commands is defined %} +# Commands +# Everything here is defined in nagios_commands +{% for command in nagios_commands %} +define command { + command_name {{ command.name }} + command_line {{ command.command }} + {% if command.extra is defined %} + {% for kvp in command.extra %} + {{ kvp.key }} {{ kvp.value }} + {% endfor %} + {% endif %} +} +{% endfor %} +{% endif %} + +{% if nagios_services is defined %} +# Services +# Everything here is defined in nagios_services +{% for service in nagios_services %} +define service { + use ansible-generic-service + service_description {{ service.name }} + check_command {{ service.command }} + hostgroup_name {{ service.hostgroup | default('ansible', true) }} + contact_groups ansible + {% if service.extra is defined %} + {% for kvp in service.extra %} + {{ kvp.key }} {{ kvp.value }} + {% endfor %} + {% endif %} +} +{% endfor %} +{% endif %} + +# Hostgroups +{% for role in query('netbox.netbox.nb_lookup', 'device-roles', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %} +# Device Role: {{ role.value.name }} +# Description: {{ role.value.description }} +# Created: {{ role.value.created }} +# Updated: {{ role.value.last_updated }} +define hostgroup { + hostgroup_name role-{{ role.value.slug }} + alias {{ role.value.display }} +} +{% endfor %} +{% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %} +# Tag: {{ tag.value.name }} +# Description: {{ tag.value.description }} +define hostgroup { + hostgroup_name tag-{{ tag.value.slug }} + alias {{ tag.value.display }} +} +{% endfor %} +{% for type in query('netbox.netbox.nb_lookup', 'device-types', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %} +# Type: {{ type.value.display }} +define hostgroup { + hostgroup_name device-type-{{ type.value.slug }} + alias {{ type.value.display }} +} +{% endfor %} + +# Inventory Hosts and related services +{% for host in groups['tags_nagios'] %} +{% set vars = hostvars[host] %} +define host { + use ansible-linux-server + host_name {{ host }} + alias {{ host }} + address {{ vars.ansible_host }} + hostgroups ansible{% for tag in vars.tags %},tag-{{ tag }}{% endfor %}{% for role in vars.device_roles %},role-{{ role }}{% endfor %}{% if vars.device_types is defined %}{% for type in vars.device_types %},device-type-{{ type }}{% endfor %}{% endif %} + + contact_groups ansible +} +{% for service in vars.services %} +{% for tag in service.tags %} +{# #} +{% if tag.slug == "nagios-checkmatrix" %} +{% for port in service.ports %} +define service { + use ansible-generic-service + service_description Matrix Synapse - {{ service.name }} - {{ port }} + check_command check_http!--ssl -H {{ service.name }} -u https://{{ service.name }}/health -s OK -p {{ port }} -f sticky + host_name {{ host }} + contact_groups ansible +} +{% endfor %} +{% endif %} +{# #} +{% if tag.slug == "nagios-checkminecraft" %} +{% for port in service.ports %} +define service { + use ansible-generic-service + service_description Minecraft - {{ service.name }} - {{ port }} + check_command check_by_ssh!/usr/local/bin/monitoring-scripts/check_minecraft -H {{ host }} -p {{ port }} -m "{{ service.description }}" -f -w 3 -c 5 + host_name {{ host }} + contact_groups ansible +} +{% endfor %} +{% endif %} +{# #} +{% if tag.slug == "nagios-checkhttp" %} +{% for port in service.ports %} +define service { + use ansible-generic-service + service_description HTTP - {{ service.name }} - {{ port }} + check_command check_http!-H {{ service.name }} -p {{ port }} -f sticky + host_name {{ host }} + contact_groups ansible +} +{% endfor %} +{% endif %} +{# #} +{% if tag.slug == "nagios-checkhttps" %} +{% for port in service.ports %} +define service { + use ansible-generic-service + service_description HTTPS - {{ service.name }} - {{ port }} + check_command check_http!--ssl -H {{ service.name }} -p {{ port }} -f sticky + host_name {{ host }} + contact_groups ansible +} +{% endfor %} +{% endif %} +{# #} +{% if tag.slug == "nagios-checktcp" %} +{% for port in service.ports %} +define service { + use ansible-generic-service + service_description TCP {{ service.name }} - {{ port }} + check_command check_tcp!{{ port }} + host_name {{ host }} + contact_groups ansible +} +{% endfor %} +{% endif %} +{# #} +{% endfor %} +{% endfor %} +{% endfor %}