salt
/
icinga2-formula
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
Tree: 44989afea2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '44989afea2'
${ noResults }
icinga2-formula/README.rst

README.rst 3.9KB
Raw Normal View History

First commit
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. =======

  2. icinga2

  3. =======

  4. 

  5. Icinga2 Formula

  6. 

  7. .. note::

  8. 

  9.     See the full `Salt Formulas installation and usage instructions

  10.     <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.

  11. 

  12. Features

  13. ========

  14. 

  15. This formula can install, configure and run Icinga2. Can implement a single server or a cluster.

  16. 

  17. In cluster mode it is tested for `Local Configuration <http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/icinga2-client#icinga2-client-configuration-local>`_ scenario. So in this case Saltstack manage the changes of the configurations for each Icinga2 Client

  18. 

  19. Compatibility

  20. =============

  21. 

  22. **Saltstack**: 2015.8.8

  23. 

  24. **Icinga2**: 2.4.8

  25. 

  26. Available states

  27. ================

  28. 

  29. .. contents::

  30.     :local:

  31. 

  32. ``icinga2``

  33. -----------

  34. 

  35. * Configure icinga2 repo

  36. * Install icinga2 package

  37. * Run icinga service

  38. 

  39. ``icinga2.conf``

  40. ----------------

  41. 

  42. Configure almost all the options for icinga2 reading information from default values and/or pillar. It uses a wrapper to generate each configuration file programmaticaly reading the data from yaml. The `defaults.yaml <https://github.com/HeyStaks/icinga2-formula/tree/master/icinga2/defaults.yaml>`_ file has all the values for the default configuration of the basic installation for icinga2

  43. 

  44. ``icinga2.pki``

  45. ---------------

  46. 

  47. * Install python-m2crypto dependency

  48. * Create base directory for pki

  49. 

  50. ``icinga2.pki.ca``

  51. ******************

  52. 

  53. Setup an CA for icinga2 to use. It uses the features of saltstack and the `x509 <https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html#module-salt.states.x509>`_ state module. It exports the CA certificate to the saltstack mine for other nodes to use it

  54. 

  55. ``icinga2.pki.master``

  56. **********************

  57. 

  58. Create the master certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. Then it exports the certificate to the mine for other nodes to use it

  59. 

  60. ``icinga2.pki.node``

  61. ********************

  62. 

  63. Create the node certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. It also retrieves the master certificate.

  64. 

  65. ``icinga2.features``

  66. --------------------

  67. 

  68. Configure and enable features. For now it only manage the *api* feature

  69. 

  70. ``icinga2.node``

  71. ----------------

  72. 

  73. * Run pki node

  74. * Run config

  75. * Run features

  76. 

  77. ``icinga2.master``

  78. ------------------

  79. 

  80. * Run pki master

  81. * Run config

  82. * Run features

  83. 

  84. Running

  85. =======

  86. 

  87. Standalone

  88. ----------

  89. 

  90. If you want to only install and run icinga with default configs

  91. 

  92. .. code-block:: bash

  93. 

  94.     salt '*' state.sls icinga2

  95. 

  96. If you want to only install and run icinga with default configs

  97. 

  98. .. code-block:: bash

  99. 

  100.     salt '*' state.sls icinga2.config

  101. 

  102. Cluster

  103. -------

  104. 

  105. You must first create an orchestration state to run the steps in the proper way. The formula provides an example on `test/salt/orch/icinga2.sls <https://github.com/HeyStaks/icinga2-formula/tree/master/test/salt/orch>`_ and then run

  106. 

  107. .. code-block:: bash

  108. 

  109.     salt-run state.orch orch.icinga2

  110. 

  111. The formula make use of saltstack mine functionality to store the certificates of the CA and master servers so you need to configure a couple of mine_functions to use this functionality.

  112. 

  113. Is also necessary to allow peer communication to allow communication between the minions that will become icinga2 nodes and the CA.

  114. 

  115. .. code-block:: yaml

  116. 

  117.     peer:

  118.       .*:

  119.         - x509.sign_remote_certificate

  120. 

  121. Example pillar files to have the settings necessary for a cluster deployment can be found on the `test/cluster <https://github.com/HeyStaks/icinga2-formula/tree/master/test/cluster>`_ folder

  122. 

  123. Ideas and future development

  124. ============================

  125. 

  126. * Implement a proper salt module to communicate with Icinga2. Via CLI and/or API

  127. * Support other modes of Icinga2 clustering manager

  128. * Add configuration for all the features

  129. 

  130. Template

  131. ========

  132. 

  133. This formula was created from a cookiecutter template.

  134. 

  135. See https://github.com/richerve/saltstack-formula-cookiecutter.