Salt
bad192e93e
I was never particularly fond of having a random one-off daemon doing my RCE. Sure, it offers some protection, but limiting my exposure to the open internet is far more ideal. I have tremendously more trust in the OpenSSH project than I do in Nagios. And for that reason, I'll be deprecating NRPE and shredding config files once these plays clean up
156 lines
4.3 KiB
Django/Jinja
156 lines
4.3 KiB
Django/Jinja
#
|
|
# STOP
|
|
#
|
|
# This file is managed via Ansible; any changes made WILL be overwritten
|
|
# If you need to add site-specific configuration, do it in another file!
|
|
#
|
|
|
|
# Templates
|
|
define host {
|
|
name ansible-linux-server
|
|
check_period 24x7
|
|
check_interval 5
|
|
retry_interval 1
|
|
max_check_attempts 10
|
|
check_command check-host-alive
|
|
notification_period 24x7
|
|
notification_interval 120
|
|
hostgroups ansible
|
|
check_period 24x7
|
|
contacts salt
|
|
register 0
|
|
}
|
|
define service {
|
|
use generic-service
|
|
name ansible-generic-service
|
|
max_check_attempts 5
|
|
check_interval 5
|
|
retry_interval 1
|
|
register 0
|
|
}
|
|
|
|
# Contacts
|
|
define contact {
|
|
contact_name salt
|
|
host_notifications_enabled 1
|
|
host_notification_period 24x7
|
|
host_notification_commands notify-host-by-email
|
|
service_notifications_enabled 1
|
|
service_notification_period 24x7
|
|
service_notification_commands notify-service-by-email
|
|
email rehashedsalt@cock.li
|
|
}
|
|
|
|
# Default hostgroup
|
|
define hostgroup {
|
|
hostgroup_name ansible
|
|
alias Ansible-managed Hosts
|
|
}
|
|
|
|
# Commands
|
|
# Everything here is defined in nagios_commands
|
|
{% if nagios_commands is defined %}
|
|
{% for command in nagios_commands %}
|
|
define command {
|
|
command_name {{ command.name }}
|
|
command_line {{ command.command }}
|
|
{% if command.extra is defined %}
|
|
{% for kvp in command.extra %}
|
|
{{ kvp.key }} {{ kvp.value }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
# Services
|
|
# Everything here is defined in nagios_services
|
|
{% if nagios_services is defined %}
|
|
{% for service in nagios_services %}
|
|
define service {
|
|
use ansible-generic-service
|
|
service_description {{ service.name }}
|
|
check_command {{ service.command }}
|
|
hostgroup_name {{ service.hostgroup | default('ansible', true) }}
|
|
{% if service.extra is defined %}
|
|
{% for kvp in service.extra %}
|
|
{{ kvp.key }} {{ kvp.value }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
# Hostgroups
|
|
# Everything here is dynamically-generated based on tags from Netbox
|
|
{% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
|
|
define hostgroup {
|
|
hostgroup_name {{ tag.value.slug }}
|
|
alias {{ tag.value.display }}
|
|
}
|
|
{% endfor %}
|
|
|
|
# This list of hosts is dynamically generated based on devices and VMs tagged with "nagios" in Netbox
|
|
{% for host in query('netbox.netbox.nb_lookup', 'devices', api_endpoint='https://netbox.desu.ltd', token=netbox_token) + query('netbox.netbox.nb_lookup', 'virtual-machines', api_endpoint='https://netbox.desu.ltd', token=netbox_token)%}
|
|
{% if host.value.primary_ip %}
|
|
{% for tag in host.value.tags %}
|
|
{% if tag.slug == "nagios" %}
|
|
define host {
|
|
use ansible-linux-server
|
|
host_name {{ host.value.name }}
|
|
alias {{ host.value.display }}
|
|
address {{ host.value.primary_ip.address.split('/',1)[0] }}
|
|
hostgroups ansible{% for tag in host.value.tags %},{{ tag.slug }}{% endfor %}
|
|
|
|
}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
# This list of services is dynamically generated based on services in Netbox and how they're tagged
|
|
{% for service in query('netbox.netbox.nb_lookup', 'services', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}
|
|
{% if service.value.device %}
|
|
{% set host_name = service.value.device.name %}
|
|
{% elif service.value.virtual_machine %}
|
|
{% set host_name = service.value.virtual_machine.name %}
|
|
{% endif %}
|
|
# {{ host_name }} - {{ service.value.display }}
|
|
# Description: {{ service.value.description }}
|
|
# Created: {{ service.value.created }}
|
|
# Updated: {{ service.value.last_updated }}
|
|
{% for tag in service.value.tags %}
|
|
{# #}
|
|
{% if tag.slug == "nagios-checkhttp" %}
|
|
{% if 80 in service.value.ports %}
|
|
define service {
|
|
use ansible-generic-service
|
|
service_description HTTP - {{ service.value.name }}
|
|
check_command check_http!-H {{ service.value.name }} -f sticky
|
|
host_name {{ host_name }}
|
|
}
|
|
{% endif %}
|
|
{% if 443 in service.value.ports %}
|
|
define service {
|
|
use ansible-generic-service
|
|
service_description HTTPS - {{ service.value.name }}
|
|
check_command check_http!--ssl -H {{ service.value.name }} -f sticky
|
|
host_name {{ host_name }}
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
{# #}
|
|
{% if tag.slug == "nagios-checktcp" %}
|
|
{% for port in service.value.ports %}
|
|
define service {
|
|
use ansible-generic-service
|
|
service_description TCP {{ service.value.name }} - {{ port }}
|
|
check_command check_tcp!{{ port }}
|
|
host_name {{ host_name }}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{# #}
|
|
{% endfor %}
|
|
{% endfor %}
|