salt
/
icinga2-formula
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

First commit

master
Ricardo Hernandez 8 years ago
commit
cfccec1fa5
46 changed files with 1327 additions and 0 deletions
Split View Show Diff Stats
  1. +5
    -0
      .gitignore
  2. +5
    -0
      AUTHORS
  3. +7
    -0
      CHANGELOG.rst
  4. +8
    -0
      FORMULA
  5. +15
    -0
      LICENSE
  6. +135
    -0
      README.rst
  7. +1
    -0
      VERSION
  8. +49
    -0
      icinga2/config.sls
  9. +201
    -0
      icinga2/defaults.yaml
  10. +24
    -0
      icinga2/features/api.sls
  11. +2
    -0
      icinga2/features/init.sls
  12. +20
    -0
      icinga2/init.sls
  13. +75
    -0
      icinga2/macros.jinja
  14. +8
    -0
      icinga2/map.jinja
  15. +11
    -0
      icinga2/master.sls
  16. +10
    -0
      icinga2/node.sls
  17. +9
    -0
      icinga2/os_family.yaml
  18. +68
    -0
      icinga2/pki/ca.sls
  19. +62
    -0
      icinga2/pki/cert.sls
  20. +18
    -0
      icinga2/pki/init.sls
  21. +11
    -0
      icinga2/pki/master.sls
  22. +20
    -0
      icinga2/pki/node.sls
  23. +9
    -0
      icinga2/pki/signing_policies.conf
  24. +12
    -0
      icinga2/templates/api.conf.jinja
  25. +23
    -0
      icinga2/templates/zones.conf.jinja
  26. +201
    -0
      pillar.example
  27. +66
    -0
      test/cluster/Vagrantfile
  28. +12
    -0
      test/cluster/conf/master
  29. +3
    -0
      test/cluster/conf/minion
  30. +27
    -0
      test/cluster/keys/master.pem
  31. +9
    -0
      test/cluster/keys/master.pub
  32. +27
    -0
      test/cluster/keys/min1.pem
  33. +9
    -0
      test/cluster/keys/min1.pub
  34. +27
    -0
      test/cluster/keys/min2.pem
  35. +9
    -0
      test/cluster/keys/min2.pub
  36. +27
    -0
      test/cluster/keys/min3.pem
  37. +9
    -0
      test/cluster/keys/min3.pub
  38. +9
    -0
      test/pillar/min1.sls
  39. +2
    -0
      test/pillar/node.sls
  40. +5
    -0
      test/pillar/top.sls
  41. +17
    -0
      test/salt/orch/icinga2.sls
  42. +3
    -0
      test/salt/top.sls
  43. +36
    -0
      test/single/Vagrantfile
  44. +13
    -0
      test/single/conf/minion
  45. +6
    -0
      test/single/tox.ini
  46. +2
    -0
      test/testinfra/test_icinga2.py

+ 5
- 0
.gitignore View File

@@ -0,0 +1,5 @@
.vagrant/*
.tox
.cache
__pycache__
*~

+ 5
- 0
AUTHORS View File

@@ -0,0 +1,5 @@
=======
Authors
=======

* Ricardo Hernandez (richerve)

+ 7
- 0
CHANGELOG.rst View File

@@ -0,0 +1,7 @@
icinga2 formula
===============

201605 (2016-05-18)
-------------------

- First release

+ 8
- 0
FORMULA View File

@@ -0,0 +1,8 @@
name: icinga2
os: Ubuntu
os_family: Debian
version: 201605
release: 0
summary: Icinga2 Formula
description: Icinga2 Formula
top_level_dir: icinga2

+ 15
- 0
LICENSE View File

@@ -0,0 +1,15 @@

Copyright (c) 2016 HeyStaks

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.


+ 135
- 0
README.rst View File

@@ -0,0 +1,135 @@
=======
icinga2
=======

Icinga2 Formula

.. note::

See the full `Salt Formulas installation and usage instructions
<http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.

Features
========

This formula can install, configure and run Icinga2. Can implement a single server or a cluster.

In cluster mode it is tested for `Local Configuration <http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/icinga2-client#icinga2-client-configuration-local>`_ scenario. So in this case Saltstack manage the changes of the configurations for each Icinga2 Client

Compatibility
=============

**Saltstack**: 2015.8.8

**Icinga2**: 2.4.8

Available states
================

.. contents::
:local:

``icinga2``
-----------

* Configure icinga2 repo
* Install icinga2 package
* Run icinga service

``icinga2.conf``
----------------

Configure almost all the options for icinga2 reading information from default values and/or pillar. It uses a wrapper to generate each configuration file programmaticaly reading the data from yaml. The `defaults.yaml <https://github.com/HeyStaks/icinga2-formula/tree/master/icinga2/defaults.yaml>`_ file has all the values for the default configuration of the basic installation for icinga2

``icinga2.pki``
---------------

* Install python-m2crypto dependency
* Create base directory for pki

``icinga2.pki.ca``
******************

Setup an CA for icinga2 to use. It uses the features of saltstack and the `x509 <https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html#module-salt.states.x509>`_ state module. It exports the CA certificate to the saltstack mine for other nodes to use it

``icinga2.pki.master``
**********************

Create the master certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. Then it exports the certificate to the mine for other nodes to use it

``icinga2.pki.node``
********************

Create the node certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. It also retrieves the master certificate.

``icinga2.features``
--------------------

Configure and enable features. For now it only manage the *api* feature

``icinga2.node``
----------------

* Run pki node
* Run config
* Run features

``icinga2.master``
------------------

* Run pki master
* Run config
* Run features

Running
=======

Standalone
----------

If you want to only install and run icinga with default configs

.. code-block:: bash

salt '*' state.sls icinga2

If you want to only install and run icinga with default configs

.. code-block:: bash

salt '*' state.sls icinga2.config

Cluster
-------

You must first create an orchestration state to run the steps in the proper way. The formula provides an example on `test/salt/orch/icinga2.sls <https://github.com/HeyStaks/icinga2-formula/tree/master/test/salt/orch>`_ and then run

.. code-block:: bash

salt-run state.orch orch.icinga2

The formula make use of saltstack mine functionality to store the certificates of the CA and master servers so you need to configure a couple of mine_functions to use this functionality.

Is also necessary to allow peer communication to allow communication between the minions that will become icinga2 nodes and the CA.

.. code-block:: yaml

peer:
.*:
- x509.sign_remote_certificate

Example pillar files to have the settings necessary for a cluster deployment can be found on the `test/cluster <https://github.com/HeyStaks/icinga2-formula/tree/master/test/cluster>`_ folder

Ideas and future development
============================

* Implement a proper salt module to communicate with Icinga2. Via CLI and/or API
* Support other modes of Icinga2 clustering manager
* Add configuration for all the features

Template
========

This formula was created from a cookiecutter template.

See https://github.com/richerve/saltstack-formula-cookiecutter.

+ 1
- 0
VERSION View File

@@ -0,0 +1 @@
201605

+ 49
- 0
icinga2/config.sls View File

@@ -0,0 +1,49 @@
{% from "icinga2/map.jinja" import icinga2 with context %}
{% from "icinga2/macros.jinja" import printconfig with context %}

include:
- icinga2

/etc/icinga2/conf.d:
file.directory:
- require:
- pkg: icinga2

{% set conf_files = {"hosts": "object",
"groups": "object",
"templates": "template",
"downtimes": "apply",
"services": "apply",
"downtimes": "apply"}
%}

{% for object, type in conf_files.items() %}
{% if icinga2.config[object] is defined %}
/etc/icinga2/conf.d/{{object}}.conf:
file.managed:
- listen_in:
- service: icinga2_service
- require:
- file: /etc/icinga2/conf.d
- contents: |
{%- for obj, objopts in icinga2.config[object].items() %}
{%- if objopts["for"] is defined %}
{{ printconfig("apply", objopts["type"], obj, objopts["conf"], objopts["for"], "for") }}
{%- elif objopts["to"] is defined %}
{{ printconfig("apply", objopts["type"], obj, objopts["conf"], objopts["to"], "to") }}
{%- else %}
{{ printconfig(type, objopts["type"], obj, objopts["conf"]) }}
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}

icinga2_zones_conf:
file.managed:
- name: {{icinga2.config_dir}}/zones.conf
- source: salt://icinga2/templates/zones.conf.jinja
- template: jinja
- require:
- pkg: icinga2
- listen_in:
- service: icinga2_service

+ 201
- 0
icinga2/defaults.yaml View File

@@ -0,0 +1,201 @@
icinga2:
master_host: salt
port: 5665
config:
templates:
generic-host:
type: Host
conf:
max_check_attempts: 3
check_interval: 1m
retry_interval: 30s
check_command: hostalive
generic-service:
type: Service
conf:
max_check_attempts: 5
check_interval: 1m
retry_interval: 30s
generic-user:
type: User
generic-template-all:
type: Notification
conf:
types:
- Problem
- Acknowledgement
- Recovery
- Custom
- FlappingStart
- FlappingEnd
- DowntimeStart
- DowntimeEnd
- DowntimeRemoved
period: "24x7"
mail-host-notification:
type: Notification
conf:
import: generic-template-all
command: mail-host-notification
states:
- Up
- Down
mail-service-notification:
type: Notification
conf:
import: generic-template-all
command: mail-service-notification
states:
- OK
- Warning
- Critical
- Unknown
hosts:
NodeName:
type: Host
conf:
import: generic-host
address: 127.0.0.1
vars:
os: Linux
disk_wfree: 15%
ssh_port: 22
notification.slack: "true"
http_vhosts:
Icinga web 2:
http_uri: /icingaweb2
http_port: 443
http_ssl: "true"
disks:
disk:
groups:
linux-servers:
type: HostGroup
conf:
display_name: "Linux Servers"
assign:
- host.vars.os == "Linux"
windows-servers:
type: HostGroup
conf:
display_name: "Windows Servers"
assign:
- host.vars.os == "Windows"
ping:
type: ServiceGroup
conf:
display_name: "Ping Service"
assign:
- match("ping*", service.name)
http:
type: ServiceGroup
conf:
display_name: "HTTP Service"
assign:
- match("http*", service.check_command)
disk:
type: ServiceGroup
conf:
display_name: "Disk Checks"
assign:
- match("disk*", service.check_command)
downtimes:
backup-downtime:
type: ScheduledDowntime
to: Service
conf:
author: icingaadmin
comment: Scheduled downtime for backup
ranges:
monday: service.vars.backup_downtime
tuesday: service.vars.backup_downtime
wednesday: service.vars.backup_downtime
thursday: service.vars.backup_downtime
friday: service.vars.backup_downtime
saturday: service.vars.backup_downtime
sunday: service.vars.backup_downtime
assign:
- service.vars.backup_downtime != ""
notifications:
mail-icingaadmin-host:
type: Notification
to: Host
conf:
import: mail-host-notification
user_groups: host.vars.notification.mail.groups
users: host.vars.notification.mail.users
assign:
- host.vars.notification.mail
mail-icingaadmin-service:
type: Notification
to: Service
conf:
import: mail-service-notification
user_groups: host.vars.notification.mail.groups
users: host.vars.notification.mail.users
assign:
- host.vars.notification.mail
services:
icinga:
type: Service
conf:
import: generic-service
check_command: icinga
assign:
- host.name == NodeName
procs:
type: Service
conf:
import: generic-service
check_command: procs
assign:
- host.name == NodeName
swap:
type: Service
conf:
import: generic-service
check_command: swap
assign:
- host.name == NodeName
users:
type: Service
conf:
import: generic-service
check_command: users
assign:
- host.name == NodeName
ping4:
type: Service
conf:
import: generic-service
check_command: ping4
assign:
- host.address
ssh:
type: Service
conf:
import: generic-service
check_command: ssh
assign:
- (host.address || host.address6) && host.vars.os == "Linux"
load:
type: Service
conf:
import: generic-service
check_command: load
vars:
backup_downtime: "02:00-03:00"
assign:
- host.name == NodeName
http_vhosts:
type: Service
for: (http_vhost => config in host.vars.http_vhosts)
conf:
import: generic-service
check_command: http
disks:
type: Service
for: (disk => config in host.vars.disks)
conf:
import: generic-service
check_command: disk

+ 24
- 0
icinga2/features/api.sls View File

@@ -0,0 +1,24 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2

icinga2_api_conf:
file.managed:
- name: /etc/icinga2/features-available/api.conf
- source: salt://icinga2/templates/api.conf.jinja
- template: jinja
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- require:
- pkg: icinga2_pkg

# Api enable
icinga2_api_enable:
file.symlink:
- name: /etc/icinga2/features-enabled/api.conf
- target: /etc/icinga2/features-available/api.conf
- require:
- file: icinga2_api_conf
- listen_in:
- service: icinga2_service

+ 2
- 0
icinga2/features/init.sls View File

@@ -0,0 +1,2 @@
include:
- .api

+ 20
- 0
icinga2/init.sls View File

@@ -0,0 +1,20 @@
{% from "icinga2/map.jinja" import icinga2 with context %}

icinga2_repo:
pkgrepo.managed:
- humanname: Icinga2 official repo
- name: {{ icinga2.pkg_repo }}
- file: {{ icinga2.repo_file }}
- key_url: http://packages.icinga.org/icinga.key

icinga2_pkg:
pkg.installed:
- name: icinga2
- require:
- pkgrepo: icinga2_repo

icinga2_service:
service.running:
- name: icinga2
- enable: True
- reload: True

+ 75
- 0
icinga2/macros.jinja View File

@@ -0,0 +1,75 @@
{% macro printassign(key, value) %}
{%- if value is number or "vars" in value %}
{{ key }} = {{ value }}
{%- elif value is string %}
{{ key }} = "{{ value }}"
{%- endif %}
{% endmacro %}

{%- macro printconfig(type, object, name, config, applyto="", applymethod="")%}
{%- if applymethod == "to" %}
{{ type }} {{ object }} "{{ name }}" to {{ applyto }} {
{%- elif applymethod == "for" %}
{{ type }} {{ object }} for {{ applyto }} {
{%- elif object == "Host" and type != "template" %}
{{ type }} {{ object }} {{ name }} {
{%- else %}
{{ type }} {{ object }} "{{ name }}" {
{%- endif %}
{%- if config is defined %}
{#- Check import first to be the first line on config blocks #}
{%- for key, value in config.items() %}
{%- if key == "import" %}
{{key}} "{{ value }}"
{%- endif %}
{%- endfor %}
{%- for key, value in config.items() if key != "import" %}
{#- Check values like: 3, 25, 3s, 45m, 8d #}
{%- if value is number or key in ["check_interval", "retry_interval"] %}
{{ key }} = {{ value }}
{#- Check string values, the more common #}
{%- elif value is string %}
{{ key }} = "{{ value }}"
{#- Handle vars values that can be a dict, list or value #}
{%- elif key == "vars" %}
{%- for varkey, varvalue in config.vars.items() %}
{%- if varvalue is mapping %}
{%- for k, v in varvalue.items() %}
vars.{{ varkey }}["{{ k }}"] = {
{%- if v is not none %}
{%- for k1, v1 in v.items() -%}
{{ printassign(k1, v1)|indent(4)}}
{%- endfor %}
{%- endif %}
}
{%- endfor %}
{%- elif varvalue is number %}
vars.{{ varkey }} = {{ varvalue }}
{%- else %}
vars.{{ varkey }} = "{{ varvalue }}"
{%- endif %}
{%- endfor %}
{#- Handle dict values mapping dict type on yaml with icinga2 syntax #}
{%- elif value is mapping %}
{{ key }} = {
{%- for k, v in value.items() -%}
{{ printassign(k, v)|indent(2) }}
{%- endfor %}
}
{#- Special case for assign and ignore #}
{%- elif key in ["assign", "ignore"] %}
{%- for item in value %}
{{ key }} where {{ item }}
{%- endfor %}
{#- Handle lists values mapping list type on yaml with icinga2 syntax #}
{%- elif value is iterable %}
{{ key }} = [ {{ value|join(",") }} ]
{%- endif %}
{%- endfor %}
{#- Add a line to aggregate variables read from dictionary #}
{%- if applymethod == "for" %}
vars += config
{%- endif %}
{%- endif %}
}
{%- endmacro %}

+ 8
- 0
icinga2/map.jinja View File

@@ -0,0 +1,8 @@
{% import_yaml 'icinga2/defaults.yaml' as defaults %}
{% import_yaml 'icinga2/os_family.yaml' as os_family_map %}

{% set os_family_values = salt['grains.filter_by'](os_family_map, grain='os_family') %}

{% do defaults.icinga2.update(os_family_values) %}

{% set icinga2 = salt['pillar.get']( 'icinga2', default=defaults.icinga2, merge=True) %}

+ 11
- 0
icinga2/master.sls View File

@@ -0,0 +1,11 @@
include:
- icinga2.pki.master
- icinga2.config
- icinga2.features

extend:
icinga2_api_enable:
file:
- require:
- x509: icinga2_node_ca_cert
- x509: icinga2_node_cert

+ 10
- 0
icinga2/node.sls View File

@@ -0,0 +1,10 @@
include:
- icinga2.pki.node
- icinga2.config
- icinga2.features

extend:
icinga2_api_enable:
file:
- require:
- x509: icinga2_node_cert

+ 9
- 0
icinga2/os_family.yaml View File

@@ -0,0 +1,9 @@
Debian:
user: nagios
group: nagios
pkg_repo: deb http://packages.icinga.org/ubuntu icinga-{{ grains.get("oscodename", 'unknown')}} main
repo_file: /etc/apt/sources.list.d/icinga2.list
config_dir: /etc/icinga2
ca_dir: /var/lib/icinga2/ca
pki_dir: /etc/icinga2/pki
pki_pkg: python-m2crypto

+ 68
- 0
icinga2/pki/ca.sls View File

@@ -0,0 +1,68 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2.pki

icinga2_ca_dir:
file.directory:
- name: {{icinga2.ca_dir}}
- user: {{icinga2.user}}
- group: {{icinga2.group}}

icinga2_ca_key:
x509.private_key_managed:
- name: {{icinga2.ca_dir}}/ca.key
- bits: 4096
- backup: True
- require:
- file: icinga2_ca_dir

icinga2_ca_key_perms:
file.managed:
- name: {{icinga2.ca_dir}}/ca.key
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- mode: 600
- watch:
- x509: icinga2_ca_key

icinga2_ca_cert:
x509.certificate_managed:
- name: {{icinga2.ca_dir}}/ca.crt
- signing_private_key: {{icinga2.ca_dir}}/ca.key
- CN: 'Icinga2 CA'
- basicConstraints: "critical CA:true"
- days_valid: 3650
- backup: True
- require:
- x509: icinga2_ca_key

icinga2_ca_cert_perms:
file.managed:
- name: {{icinga2.ca_dir}}/ca.crt
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- watch:
- x509: icinga2_ca_cert

/etc/salt/minion.d/signing_policies.conf:
file.managed:
- source: salt://icinga2/pki/signing_policies.conf
- template: jinja
- require:
- x509: icinga2_ca_cert

# Restart the salt minion if the signing_policies changes
icinga2_restart_ca_minion:
module.wait:
- name: service.restart
- m_name: salt-minion
- watch:
- file: /etc/salt/minion.d/signing_policies.conf

# Save the ca certificate in mine so the minions can collect it
icinga2_mine_ca_cert:
module.run:
- name: mine.update
- onchanges:
- x509: icinga2_ca_cert

+ 62
- 0
icinga2/pki/cert.sls View File

@@ -0,0 +1,62 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2.pki

{% set fqdn = salt.grains.get('fqdn') %}

# Get ca certificate from mine
icinga2_node_ca_cert:
x509.pem_managed:
- name: {{icinga2.pki_dir}}/ca.crt
- text: {{ salt['mine.get'](icinga2.master_host, 'icinga2_ca_cert')[icinga2.master_host]|replace('\n', '') }}
- require:
- file: icinga2_pki_dir

icinga2_node_ca_cert_perms:
file.managed:
- name: {{icinga2.pki_dir}}/ca.crt
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- watch:
- x509: icinga2_node_ca_cert

# Create the key
icinga2_node_key:
x509.private_key_managed:
- name: {{icinga2.pki_dir}}/{{fqdn}}.key
- bits: 4096
- backup: True
- require:
- file: icinga2_pki_dir

icinga2_node_key_perms:
file.managed:
- name: {{icinga2.pki_dir}}/{{fqdn}}.key
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- mode: 600
- watch:
- x509: icinga2_node_key

# Create the certificate, send it to ca_server to be signed and store it as crt
icinga2_node_cert:
x509.certificate_managed:
- name: {{icinga2.pki_dir}}/{{fqdn}}.crt
- ca_server: {{icinga2.master_host}}
- signing_policy: icinga2
- public_key: {{icinga2.pki_dir}}/{{fqdn}}.key
- CN: {{fqdn}}
- backup: True
- require:
- x509: icinga2_node_key
- onchanges:
- x509: icinga2_node_ca_cert

icinga2_node_cert_perms:
file.managed:
- name: {{icinga2.pki_dir}}/{{fqdn}}.crt
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- watch:
- x509: icinga2_node_cert

+ 18
- 0
icinga2/pki/init.sls View File

@@ -0,0 +1,18 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2

# Install python-m2crypto dependency
{{icinga2.pki_pkg}}:
pkg.installed:
- require:
- pkg: icinga2_pkg

icinga2_pki_dir:
file.directory:
- name: '/etc/icinga2/pki'
- user: {{ icinga2.user }}
- group: {{ icinga2.group }}
- require:
- pkg: {{icinga2.pki_pkg}}

+ 11
- 0
icinga2/pki/master.sls View File

@@ -0,0 +1,11 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2.pki.cert

# Update the master certificate in mine so the minions can collect it
icinga2_mine_master_cert:
module.run:
- name: mine.update
- onchanges:
- x509: icinga2_node_cert

+ 20
- 0
icinga2/pki/node.sls View File

@@ -0,0 +1,20 @@
{% from 'icinga2/map.jinja' import icinga2 with context %}

include:
- icinga2.pki.cert

# Get master certificate from mine
icinga2_node_master_cert:
x509.pem_managed:
- name: {{icinga2.pki_dir}}/trusted-master.crt
- text: {{ salt['mine.get'](icinga2.master_host, 'icinga2_master_cert')[icinga2.master_host]|replace('\n', '') }}
- require:
- file: icinga2_pki_dir

icinga2_node_master_cert_perms:
file.managed:
- name: {{icinga2.pki_dir}}/trusted-master.crt
- user: {{icinga2.user}}
- group: {{icinga2.group}}
- watch:
- x509: icinga2_node_master_cert

+ 9
- 0
icinga2/pki/signing_policies.conf View File

@@ -0,0 +1,9 @@
{%- from 'icinga2/map.jinja' import icinga2 with context -%}
x509_signing_policies:
icinga2:
- minions: '*'
- signing_private_key: {{icinga2.ca_dir}}/ca.key
- signing_cert: {{icinga2.ca_dir}}/ca.crt
- basicConstraints: "critical CA:false"
- days_valid: 365
- copy_path: {{icinga2.ca_dir}}

+ 12
- 0
icinga2/templates/api.conf.jinja View File

@@ -0,0 +1,12 @@
{%- from 'icinga2/map.jinja' import icinga2 with context -%}
{% set fqdn = salt.grains.get('fqdn') -%}

object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
{% if fqdn != icinga2.master_host -%}
accept_config = true
accept_commands = true
{% endif -%}
}

+ 23
- 0
icinga2/templates/zones.conf.jinja View File

@@ -0,0 +1,23 @@
{%- from 'icinga2/map.jinja' import icinga2 with context %}
{%- set fqdn = salt.grains.get('fqdn') -%}

{% if fqdn != icinga2.master_host -%}
object Endpoint "{{icinga2.master_host}}" {
host = "{{icinga2.master_host}}"
port = "5665"
}

object Zone "master" {
endpoints = [ "{{icinga2.master_host}}" ]
}
{%- endif %}

object Endpoint NodeName {
}

object Zone ZoneName {
endpoints = [ NodeName ]
{% if fqdn != icinga2.master_host -%}
parent = "master"
{%- endif %}
}

+ 201
- 0
pillar.example View File

@@ -0,0 +1,201 @@
icinga2:
master_host: salt
port: 5665
config:
templates:
generic-host:
type: Host
conf:
max_check_attempts: 3
check_interval: 1m
retry_interval: 30s
check_command: hostalive
generic-service:
type: Service
conf:
max_check_attempts: 5
check_interval: 1m
retry_interval: 30s
generic-user:
type: User
generic-template-all:
type: Notification
conf:
types:
- Problem
- Acknowledgenment
- Recovery
- Custom
- FlappingStart
- FlappingEnd
- DowntimeStart
- DowntimeEnd
- DowntimeRemoved
period: "24x7"
mail-host-notification:
type: Notification
conf:
import: generic-template-all
command: mail-host-notification
states:
- Up
- Down
mail-service-notification:
type: Notification
conf:
import: generic-template-all
command: mail-service-notification
states:
- OK
- Warning
- Critical
- Unknown
hosts:
NodeName:
type: Host
conf:
import: generic-host
address: 127.0.0.1
vars:
os: Linux
disk_wfree: 15%
ssh_port: 22
notification.slack: "true"
http_vhosts:
Icinga web 2:
http_uri: /icingaweb2
http_port: 443
http_ssl: "true"
disks:
disk:
groups:
linux-servers:
type: HostGroup
conf:
display_name: "Linux Servers"
assign:
- host.vars.os == "Linux"
windows-servers:
type: HostGroup
conf:
display_name: "Windows Servers"
assign:
- host.vars.os == "Windows"
ping:
type: ServiceGroup
conf:
display_name: "Ping Service"
assign:
- match("ping*", service.name)
http:
type: ServiceGroup
conf:
display_name: "HTTP Service"
assign:
- match("http*", service.check_command)
disk:
type: ServiceGroup
conf:
display_name: "Disk Checks"
assign:
- match("disk*", service.check_command)
downtimes:
backup-downtime:
type: ScheduledDowntime
to: Service
conf:
author: icingaadmin
comment: Scheduled downtime for backup
ranges:
monday: service.vars.backup_downtime
tuesday: service.vars.backup_downtime
wednesday: service.vars.backup_downtime
thursday: service.vars.backup_downtime
friday: service.vars.backup_downtime
saturday: service.vars.backup_downtime
sunday: service.vars.backup_downtime
assign:
- service.vars.backup_downtime != ""
notifications:
mail-icingaadmin-host:
type: Notification
to: Host
conf:
import: mail-host-notification
user_groups: host.vars.notification.mail.groups
users: host.vars.notification.mail.users
assign:
- host.vars.notification.mail
mail-icingaadmin-service:
type: Notification
to: Service
conf:
import: mail-service-notification
user_groups: host.vars.notification.mail.groups
users: host.vars.notification.mail.users
assign:
- host.vars.notification.mail
services:
icinga:
type: Service
conf:
import: generic-service
check_command: icinga
assign:
- host.name == NodeName
procs:
type: Service
conf:
import: generic-service
check_command: procs
assign:
- host.name == NodeName
swap:
type: Service
conf:
import: generic-service
check_command: swap
assign:
- host.name == NodeName
users:
type: Service
conf:
import: generic-service
check_command: users
assign:
- host.name == NodeName
ping4:
type: Service
conf:
import: generic-service
check_command: ping4
assign:
- host.address
ssh:
type: Service
conf:
import: generic-service
check_command: ssh
assign:
- (host.address || host.address6) && host.vars.os == "Linux"
load:
type: Service
conf:
import: generic-service
check_command: load
vars:
backup_downtime: "02:00-03:00"
assign:
- host.name == NodeName
http_vhosts:
type: Service
for: (http_vhost => config in host.vars.http_vhosts)
conf:
import: generic-service
check_command: http
disks:
type: Service
for: (disk => config in host.vars.disks)
conf:
import: generic-service
check_command: disk

+ 66
- 0
test/cluster/Vagrantfile View File

@@ -0,0 +1,66 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :

required_plugins = %w( vagrant-hostmanager )
required_plugins.each do |plugin|
exec "vagrant plugin install #{plugin};vagrant #{ARGV.join(" ")}" unless Vagrant.has_plugin? plugin || ARGV[0] == 'plugin'
end

Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"

if Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
end

config.hostmanager.enabled = true
config.hostmanager.manage_guest = true
config.hostmanager.include_offline = true

config.vm.provision :shell, inline: "sudo locale-gen en_IE.UTF-8"

(1..3).each do |m|
config.vm.define "min#{m}" do |min|
min.vm.network "private_network", ip: "172.16.199.1#{m}"
min.vm.hostname = "min#{m}"

min.vm.provider "virtualbox" do |vb|
vb.name = "icinga2-min#{m}"
vb.memory = "2048"
end

min.vm.provision :salt do |salt|
salt.minion_config = "conf/minion"
salt.minion_key = "keys/min#{m}.pem"
salt.minion_pub = "keys/min#{m}.pub"
end
end
end

config.vm.define :master do |master|
master.vm.network "private_network", ip: "172.16.199.10"
master.vm.hostname = "salt"
master.vm.synced_folder "../../icinga2", "/srv/formulas/icinga2"
master.vm.synced_folder "../salt", "/srv/salt"
master.vm.synced_folder "../pillar", "/srv/pillar"

master.vm.provider "virtualbox" do |vb|
vb.name = "icinga2-master"
vb.memory = "1024"
end

master.vm.provision :shell, inline: "sudo apt-get install -y python-git python-pip"

master.vm.provision :salt do |salt|
salt.run_highstate = false
salt.install_master = true
#salt.no_minion =
salt.master_config = "conf/master"
salt.master_key = "keys/master.pem"
salt.master_pub = "keys/master.pub"
salt.seed_master = {"min1": "keys/min1.pub",
"min2": "keys/min2.pub",
"min3": "keys/min3.pub"}
end
end
end

+ 12
- 0
test/cluster/conf/master View File

@@ -0,0 +1,12 @@
fileserver_backend:
- roots
- git

file_roots:
base:
- /srv/salt
- /srv/formulas

peer:
.*:
- x509.sign_remote_certificate

+ 3
- 0
test/cluster/conf/minion View File

@@ -0,0 +1,3 @@
grains:
roles:
- icinga2

+ 27
- 0
test/cluster/keys/master.pem View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAlbO37bcGrTXwDlHA7Oea2ZYS1e6UP6alvifCBfQNyPAqU/qr
tZmANExHev6jXjkgB8TKbwdZtg21zCsUfJzY2LAYlbj5iT3HDJ4fRnB0JIs5v6Zq
n/u8w2bB+K71TfqpzEFVcEbIQ7bMjfOTSx06XhqnsiDyLqKu7eoWUpCBtJO1+1UF
OYNJwVqnrGkab/4MPDSqnuOlNa0QP/OUSLANiw1nts4MFvdaOtFZ7fFCOuYdsocd
Ec6LFvzhqUjwSnCunIMndo7hiPUgKxyBogxSaTduPE6zCHeGNCkbov8LiuPYThvC
D+ZLZBje09QYPgNU8+iFaoAyOjIrEUja6LAlWwIDAQABAoIBAAR04DHcc/9uDqJu
fp7O2kZF+HOT8affbym1B0qkFFD6DViIqtnyIuXrq2kW8YgZjUGN8zTQ9DO+Pr5A
PhDjnnT88Q5r/km+pBFVF7tCF8MKvgJdkukGVn0+ruGXW8ghgTKKc1+vS8DwTTCg
oq7mxNkOVBWyc2M+BpUgld+JW8MjYuQItbxw8a/PNrJqKAdipFnE3THI0CIZhZEE
ja0ExjIJ4c+0bS5hPpq3LenQkeQbtBgeIFfPEm+1yO7ijtkeUEauwU0TAG4ELNOa
74biw7fyoI1i1PTSdHfBWJDTWsNm5mhi333bmwH84I6tmq6e6MM061cOKSOxRGYv
Z7dAykECgYEAtXQth67J4eLtNuqb4smplbDFLckVPQo5F34/kfy7rFKGWJdUJp4p
EzVOXeQ9J6oXYAHjz7yeb7bTYDvqp/rF6g9Ptui09Vt8oRdUYSlTZVBO/hYZkbMt
3IUOXC+R4+XVJZvvxkQtO8h70s/v4jL4PdchNqDZ30N5Y2CJCXWcuzsCgYEA0zQl
0JS9EB5Xl6U3T9p3I26KQp84TttTeWhUhlraojJZra9BnsXF4bqdzRBVAv0+gmeF
t+M9MjxPvGLOgZA0GQ3rJHjRMj5zAYiYFbxCfbvU0kvQ1lLfNameLtRnkQrLBCSN
4sTjETxd3HFNqRbGaif5OpV94maYOgzjQlbMXGECgYAi/9q8XiGAmYXJ3uzcjKtS
PTt7PlsDYBJtDqPyY75LWcuiEOZhYIZptxF7mMeW+/7wPM0VR7uDrs8Ms+HqLru4
DuYAUNh+rvvWEqrq5s64LwpdhiO+b8I708pWS7KnM7CuRWq1YncbHeuMWSFbDxvE
ydcVM2dy4g/q9DbahT4K+wKBgQCgOkSh6+VO8CX1ltLSkuOljrv3dQFr2bqHNZ5C
W3TYbihYusemo1XPPRtwMf68iNE+bzkj25JWpSi8u5z88CCGDWghwEK8wmHPfQgc
HTm4V6JKdFgX8MED3g1ya5OylqSUHQNDUakOL2Tp009egze921uZlUXuV3UPPS2/
60eYoQKBgQCqOPv/40dW1CE67y+z2qXWye6GNkUcxCM3A0WW3wRFFXuPfy+4lBSX
43+Zq6w6+sAcv4RpKQFF4kjtLGkekAOWgOmQmPafSeUUZ2dtuydVk0Q9GDMaAFHO
n1teSXnYfb2vZMz4kQ6a5PyrqKLhwfk7aCaDXYF4NlQTGokxtTqa5w==
-----END RSA PRIVATE KEY-----

+ 9
- 0
test/cluster/keys/master.pub View File

@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbO37bcGrTXwDlHA7Oea
2ZYS1e6UP6alvifCBfQNyPAqU/qrtZmANExHev6jXjkgB8TKbwdZtg21zCsUfJzY
2LAYlbj5iT3HDJ4fRnB0JIs5v6Zqn/u8w2bB+K71TfqpzEFVcEbIQ7bMjfOTSx06
XhqnsiDyLqKu7eoWUpCBtJO1+1UFOYNJwVqnrGkab/4MPDSqnuOlNa0QP/OUSLAN
iw1nts4MFvdaOtFZ7fFCOuYdsocdEc6LFvzhqUjwSnCunIMndo7hiPUgKxyBogxS
aTduPE6zCHeGNCkbov8LiuPYThvCD+ZLZBje09QYPgNU8+iFaoAyOjIrEUja6LAl
WwIDAQAB
-----END PUBLIC KEY-----

+ 27
- 0
test/cluster/keys/min1.pem View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAivO8wR28TXAcKJhZmt+8w9Dc/KpqakkjHVea3ujBweLSmajj
qJPwd9DkdzjwygZBLNTYm24DSljBHcolG/tByZxM6/lP8HIWCJqxSaIeW6L0Hwab
fyj/OU/mHbNH51HXzwnRkOsNWp1X+wU7cSJyBncA1IrObMw27A814h6y5CbYG6gc
mDk3WkljDjx29uzNY+Sd7lPpbLy9p2z5eMh2crCi+mgXrJmWZSLtlXHvDKFQhWZo
BJbZzs4hdjAia7y9QScbTra1rIxBYYEwiuOsymCVkGNyX18lCuu4DFop22Qnlbqz
Y0LzlYUlSUndLQraTDqh7D5HScUzj83jKie1owIDAQABAoIBAGNXGk1eeu9KBXeo
Y/drmcLNIhCprWbLXwVtSlWvRkbdaP9eVVSCX9rpR01NMijdC9+HVEza/BM9HOO1
T46PtVr0GbJjDZmzlrkUD0e7VcTh3XIJAUaKAt3wl24IbJGeW5GzTVY0FdoAv5PB
C9w4ahjhH4DUs/vojCN8RGOi2vZtGUfRs0slbRTqyHrIjKvhSCUOwJp7ZFGVLP3X
3aL2j/5CBy0/0m73EXR2YS68UvB+l8h1XUEYk+mi/SmN4x9QloW8reUCbb4CXmNr
3qlYpomQmwBjLsINvXlHgEG+mnqHNBvfCh3mZxcpvcT6wBtc6K1B6o3ThaV1qFbI
9/lDJ/ECgYEAu0QN7o/4PIgHSczUWzaC6hImagvJ4PcPH63hNVJaKborwlUrkT5X
lQNpSLMyK9kRd7TyABC0sZ9+UdRCHUuC7iXfn4RT98DiyuKpmtM/2ATnKuZ6Zzh3
WLRC93/mYz9/mp+GmvDDzeHJxrRK+LP4zsPuk0fXSF6i3Z9PjJ0Rvy8CgYEAvfQC
MXV4i5DhG+FnBMTDV0JGjDdyRaupwatowdQ19n9xvEscglQcY/NvJx+Q+lktWCiJ
F/BEbxe0C5QDZADat99u7x8rwBIl8o6nJHqzYbbCcUT7e6fIS+8gSpFgOaXtD0n0
/SfvYPyJp6aTRZt/aGpwlADqJrjkm2SBGT8I880CgYA59mWNirheHAiNej3cgbHh
u35yYnW5ER94QbysYXIQ6lPzEaOrkC1RrT2gR/7mfYifkb058fHL7L8PmvBf2uiK
x+RAnpfS3rwT6jZu+qYPOe1HZRFL87lVFm6H5umrnJLljC0AtjcU+acXvuRZuHLx
pMmqgpkLCGfGyzG3J0K/9wKBgQCb4SLvnXvn5GOm8okM07+N2vhz1ohy/hVXtidI
cLI774fRQj5KAWYu67U6gOADYa0hXFpsh6JRHD2HBtbleQIDxFqP5p+LhhkX/NLS
z9JnDIhyVW6eoihvj/OK3dP+Wti4JDPkj6IUkAkSyFKw25Nph3eNLVb5od8QWiDL
K/xXvQKBgEWAvAas9yGhgSEhgX9xMyGbll8CLie6Xd9VwqF9gnlkoYLUOcOxME9K
CU1j/dryAED1pjtZbkYS40hbzoWiw/Qvt5deQPzbKAn19C/RZK+5EnCNzkUgHlk6
5KPMzlXZ3nCwrnAYF12ItziAP3gDlpRbJqQGPCkVruY2teQjQOxU
-----END RSA PRIVATE KEY-----

+ 9
- 0
test/cluster/keys/min1.pub View File

@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivO8wR28TXAcKJhZmt+8
w9Dc/KpqakkjHVea3ujBweLSmajjqJPwd9DkdzjwygZBLNTYm24DSljBHcolG/tB
yZxM6/lP8HIWCJqxSaIeW6L0Hwabfyj/OU/mHbNH51HXzwnRkOsNWp1X+wU7cSJy
BncA1IrObMw27A814h6y5CbYG6gcmDk3WkljDjx29uzNY+Sd7lPpbLy9p2z5eMh2
crCi+mgXrJmWZSLtlXHvDKFQhWZoBJbZzs4hdjAia7y9QScbTra1rIxBYYEwiuOs
ymCVkGNyX18lCuu4DFop22QnlbqzY0LzlYUlSUndLQraTDqh7D5HScUzj83jKie1
owIDAQAB
-----END PUBLIC KEY-----

+ 27
- 0
test/cluster/keys/min2.pem View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1HA3HZrHBBeS22+ocqidpvY4nymcNjnpnytnRWzbPyLJHPmM
dPYGkmttaeApUtOFKaqmJ9WQoNvyEdrWgkRuMBl++1LavSqL1GDhxkz/nM/JI3vq
VByhyC7EFhMxtvltE8bqIk4CvPM2Ya+1iEL1f8vahigUNQU7TRq6Yi02w4xnL0sb
R5J8w/7DX5EvO8Se4mG6+0mb4EWg2UnYWdZO3BHpv0OrrA9uEzF+j02/R6JclFGg
3h1COc9aOlJ5q8rrd+4q+et/Q1JBo9cVV+9QiuJg62CwpfI2sPAihEts7SYKpOIn
5THt0dCVCv8/JGvBWdBnlcyeNSA/oWPbyMqJOwIDAQABAoIBAEMuHW/iQ2962PlF
7TodMoXbNXq32OuZEtVAD4935jmoEXt1O0K9jsR87oPd3JORynmrupG8Stlj1MBq
uQ1HAKV7Wpm10PCjZMbLwHpKXUdEunHbPPZOe6bniyED/uPDKwhnDiG9E8aXDyqD
O2AU9LfuSnPEdudxeRhgDHMBo2DhEL7ehKLAbpcusOiAQtevunYIKtLmpXKlOZ13
GUVgPa04meJaYu2grXAnC3pTMiGoGUO5HO/eDTPUirbZKBBMCLufiGQJq19C5NS4
FWj9nLDS1Bl8q+gnlLV6/LBC7Ieojkrv1zwKR5D+W4CskXt76dt1DfBmDCWbX+78
dd8biPECgYEA1uB8JCK1QZ+1QxaNzjLqOKLrePJ1O9grOV0NosqALJO6xDch5qnY
Fzr6tN39Yhd1dGP9Gyh4KB4t1RBQN4EmHDdbX3NdPmdYXH9MypXmTsap8cJdDVq+
iemGuyRP5kmbaL0Yobyjv1s9Ttd9oII5LBHdF9RS8tm1KnPN1oesMVkCgYEA/RhB
+6+wqPIMD1vV/iGDc0H8hCFkcn6geN5jui4RlBDNJWvRN5mie097L83Qhm8hxCjX
DXLOoRtf7FARUSHC5jT4rRH/0JDlYHwLYjOZ8IedLhKJNcTHYnRu5gHG3vZjC00J
a4dKaN+enqrgnmXzbAUgPntTvcQle8vDik47SLMCgYBEsGI+0vGKVtmE5rLSFaiW
Dk6jzS34wXOf1MVFIuKyXU845j7qE6VGV85I/yW+s60SVdxVUCyI9ozELYDXHWvn
XTLSYniOOE8g0njj0eNbj1pINE+2sylxwLsXG9aG0UTiyIAVQ848n5gLmgtIwhgw
pE0/DtqtUzb8qSRFzf0XkQKBgQCoOP9icpxRLtClRL0vdMcSTMGycR96mn++1tIi
ZYx5hdFVFhyxgARnQaT3WS1IrYUcBKkr3ytIGhHf2DgqXO5WZM8E+fm2fxh20Pwg
AXxIS1tFzDw26Nw9rHYpmvS8LbgXQtUIC5yBqGCdxaYWolzxZ1bPMNmwQDdJ2V3X
B7iP0QKBgFFNWvsKcTrKmAe+9XOgH2TH9pzpiLxY6k6qo2psRB6JjNB9O9kVXhUc
O49A+IVlhfrTAsT2/ygXhyGLPdDBQUyXu+mquiteg4lgVmzjOveEMXzwgjb94qdH
JsDSYLbuG6MfY6BztXALzTCXlo/mgWjY4NZPpDX5qUyfrgts+Xko
-----END RSA PRIVATE KEY-----

+ 9
- 0
test/cluster/keys/min2.pub View File

@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HA3HZrHBBeS22+ocqid
pvY4nymcNjnpnytnRWzbPyLJHPmMdPYGkmttaeApUtOFKaqmJ9WQoNvyEdrWgkRu
MBl++1LavSqL1GDhxkz/nM/JI3vqVByhyC7EFhMxtvltE8bqIk4CvPM2Ya+1iEL1
f8vahigUNQU7TRq6Yi02w4xnL0sbR5J8w/7DX5EvO8Se4mG6+0mb4EWg2UnYWdZO
3BHpv0OrrA9uEzF+j02/R6JclFGg3h1COc9aOlJ5q8rrd+4q+et/Q1JBo9cVV+9Q
iuJg62CwpfI2sPAihEts7SYKpOIn5THt0dCVCv8/JGvBWdBnlcyeNSA/oWPbyMqJ
OwIDAQAB
-----END PUBLIC KEY-----

+ 27
- 0
test/cluster/keys/min3.pem View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtir2HZ/CoT93HRHrj1IYPt91X63TAk6u+khbq1mGdf2QmhrW
s+OTGFVZh0pMFax0jJvJUIkii4jaehemJUtZzkmqfyS8Sk/Nlzg7FCokjnwqIftM
Q2+9PBcY2R3YSOoEuaNMpCbrBzTfrih3rKHM/pRJ/hOIPQ7XaKrqh+/L695AJXPH
FYvZx4DOX2RdCoGvuN4utJmGDDpF0jPEp8J/aV9hov/vPC0auuPBiIAGyPsRsI4a
IW5ghBZmGBILqkg7WO8Jyg6CVa0bU3ynr64Wltjz4mocH4vV1uOa7gxShXkyKROw
sDiOS7GRBKPqKkHpbMGRfBXEafIirS+6xzc2ewIDAQABAoIBAA68zwh6gk51Sfeq
GXqQ07FSdrZ045tOLk3FSNVF+uDU0LwG69PF14KidQnC8wDV4N/3QoQndAoB2lsC
Ssi9ndhYkViT6j/A0Qso2264Mhjs5qO1JuhVw+N2ouX9yh+r/xHdqjelhmIg3u/C
ClyHAoSeDpZlkiIOb1LicPLqbX75awpcSOkuMNtfa3XBW6BPPSgQh8QMF9CRs6fJ
xUNBRLjsUFLV6LUESei3DIbZQPwJwX+TzsMVtYTawQHwazNRsTB2yV4JJMA/6NKR
Txhr5VMuDhx9yMbsM/ye2r644Ha7RWS0ZxghaJi6XDpfm7GwJBVtFb8r14z9uTa3
acDsIsECgYEAy404/uKDq5CGMiATIXBQZkmtKpSBZxGalRAfSqZw5WJFv+Z1pc5I
4OxUoq7qS1TRyCXftbZyeo03gzqpCti4CTZovOOtG/+x0UVgUxz7ggpD4h+D/xM4
CfrOKizhhaUHJFJqG5RvehWKb/sTWiPSXmyeq3jJ3ZcvsVp2N8nIfdECgYEA5Rs1
HqcmNg7LJ9OzqjAerNX0SJBP8Y91F+qqfdF+BhPMByxamspzlWabOmBnSpnJaxUx
OX+5JCBhpR/5BtGFKaEgI+ppYHl8iooADWp6SzPd6lXhIJZGVF27qdimvEk73641
540hmJlIAymiCbvkyWdoLV0fvEseEz7NME/oBosCgYEAqc8hmjk7oRfLa+uoKgA5
gmu6Y8hJ/8MG044EnNEnY6VNDN9kjDMAR2vA24rSeI/FBpTaAQy4ihZfFkIMnbjY
Jw9V5yaE1tPD8xJOXmfSRdTsdqrWAih1WpX6AeM5LLXUtG9wh5uYOB/aQrsRlORH
bnBtGh2FQjALIIiYEMhsUtECgYAlVBeFlQpeyG5FYPLnCcwVsQ6KPCkqXIthiDSb
J2T3LIaTrKBelBnc/8jO7CIoP4JX1i4dBjhuMHB4bQswFzcxHzWTZIAi3ehy0iVM
Cks+sYa4xaFWo+V1nYgUFl6kUvJUcZgK0C3nJSJckY37NAgE4LpSmdev4DVYQWVB
N+PAHQKBgHLSijHknPIeXUzqmSpnsGy+QHY5bgVp+0lFOwPdl+jUs9ciJL+D5Agu
WXXbj+57WAKeGjd9rJhAUimAmTitINSlJ9ggNLqqHb3/2oTNKp5pdSjbCVY5S4pp
1lYwCVBwJvXk4SRx11XthNTdCfp3WY1J3chi9srC8P6OXzd9RtQZ
-----END RSA PRIVATE KEY-----

+ 9
- 0
test/cluster/keys/min3.pub View File

@@ -0,0 +1,9 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtir2HZ/CoT93HRHrj1IY
Pt91X63TAk6u+khbq1mGdf2QmhrWs+OTGFVZh0pMFax0jJvJUIkii4jaehemJUtZ
zkmqfyS8Sk/Nlzg7FCokjnwqIftMQ2+9PBcY2R3YSOoEuaNMpCbrBzTfrih3rKHM
/pRJ/hOIPQ7XaKrqh+/L695AJXPHFYvZx4DOX2RdCoGvuN4utJmGDDpF0jPEp8J/
aV9hov/vPC0auuPBiIAGyPsRsI4aIW5ghBZmGBILqkg7WO8Jyg6CVa0bU3ynr64W
ltjz4mocH4vV1uOa7gxShXkyKROwsDiOS7GRBKPqKkHpbMGRfBXEafIirS+6xzc2
ewIDAQAB
-----END PUBLIC KEY-----

+ 9
- 0
test/pillar/min1.sls View File

@@ -0,0 +1,9 @@
mine_functions:
icinga2_ca_cert:
- mine_function: x509.get_pem_entry
- /var/lib/icinga2/ca/ca.crt
icinga2_master_cert:
- mine_function: x509.get_pem_entry
- /etc/icinga2/pki/min1.crt
icinga2:
master_host: min1

+ 2
- 0
test/pillar/node.sls View File

@@ -0,0 +1,2 @@
icinga2:
master_host: min1

+ 5
- 0
test/pillar/top.sls View File

@@ -0,0 +1,5 @@
base:
'min1':
- min1
'min[2,3]':
- node

+ 17
- 0
test/salt/orch/icinga2.sls View File

@@ -0,0 +1,17 @@
icinga2_configure_ca:
salt.state:
- tgt: 'min1'
- sls:
- icinga2.pki.ca

icinga2_configure_master:
salt.state:
- tgt: 'min1'
- sls:
- icinga2.master

icinga2_configure_nodes:
salt.state:
- tgt: 'min[2,3]'
- sls:
- icinga2.node

+ 3
- 0
test/salt/top.sls View File

@@ -0,0 +1,3 @@
base:
'*':
- icinga2.conf

+ 36
- 0
test/single/Vagrantfile View File

@@ -0,0 +1,36 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"

if Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
end

config.vm.provision :shell, inline: "sudo locale-gen en_IE.UTF-8"

config.vm.network "private_network", type: "dhcp"
config.vm.hostname = "icinga2-formula"
config.vm.synced_folder "../../icinga2", "/srv/formulas/icinga2"
config.vm.synced_folder "../salt", "/srv/salt"
config.vm.synced_folder "../pillar", "/srv/pillar/"
# Testing with tox and testinfra
# config.vm.synced_folder "../testinfra", "/vagrant/testinfra"

config.vm.provider "virtualbox" do |vb|
vb.name = "icinga2-formula"
vb.memory = "1024"
end

config.vm.provision :salt do |salt|
salt.masterless = true
salt.minion_config = "conf/minion"
salt.run_highstate = true
end

#config.vm.provision "shell", inline: "sudo pip install tox"
#config.vm.provision "test", type: "shell" do |t|
# t.inline = "tox -c /vagrant/tox.ini"
#end
end

+ 13
- 0
test/single/conf/minion View File

@@ -0,0 +1,13 @@
file_client: local

fileserver_backend:
- roots

file_roots:
base:
- /srv/salt
- /srv/formulas

grains:
roles:
- icinga2

+ 6
- 0
test/single/tox.ini View File

@@ -0,0 +1,6 @@
[tox]
skipsdist = True

[testenv]
deps = testinfra
commands = testinfra -v

+ 2
- 0
test/testinfra/test_icinga2.py View File

@@ -0,0 +1,2 @@
def test_icinga2_pkg(Package):
assert Package("icinga2").is_installed

Write Preview
Loading…
Cancel
Save