From 29550d2dba3d0ab75581e3724971872e7ec2c67e Mon Sep 17 00:00:00 2001 From: Karl Goetz Date: Fri, 19 Sep 2014 16:22:40 +1000 Subject: [PATCH] First commit of new Shinken role This is part way through morphing from my 'install files to etc' to templates and grace - as such its broken in this commit but will improve with some testing. --- README.md | 38 ++++++++ defaults/main.yml | 29 +++++++ handlers/main.yml | 4 + meta/main.yml | 124 +++++++++++++++++++++++++++ tasks/configure-hosts.yml | 11 +++ tasks/configure-jessie-repo.yml | 4 + tasks/configure-piwik-script.yml | 7 ++ tasks/configure-shinken-contacts.yml | 9 ++ tasks/configure-shinken-hosts.yml | 11 +++ tasks/configure-shinken-webui.yml | 6 ++ tasks/install-shinken-packages.yml | 10 +++ tasks/main.yml | 9 ++ templates/broker-webui.cfg.tmpl | 49 +++++++++++ templates/contacts.cfg.tmpl | 10 +++ templates/ping.cfg.tmpl | 9 ++ templates/shinken-hosts.tmpl | 17 ++++ vars/main.yml | 2 + 17 files changed, 349 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/configure-hosts.yml create mode 100644 tasks/configure-jessie-repo.yml create mode 100644 tasks/configure-piwik-script.yml create mode 100644 tasks/configure-shinken-contacts.yml create mode 100644 tasks/configure-shinken-hosts.yml create mode 100644 tasks/configure-shinken-webui.yml create mode 100644 tasks/install-shinken-packages.yml create mode 100644 tasks/main.yml create mode 100644 templates/broker-webui.cfg.tmpl create mode 100644 templates/contacts.cfg.tmpl create mode 100644 templates/ping.cfg.tmpl create mode 100644 templates/shinken-hosts.tmpl create mode 100644 vars/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c7a8bc5 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# Shinken web UI configuration, only changed items are here so far. +shinken_broker_webui_host: 0.0.0.0 +shinken_broker_webui_port: 7767 +shinken_broker_webui_auth_secret: SiteSpecificAuthSecret + +shinken_config_contacts_name: admin +shinken_config_contacts_email: shinken@localhost +shinken_config_contacts_password: password + +# Where should the host configuration go +shinken_config_hosts: /etc/shinken/hosts/ +# where do service configuration go? +shinken_config_services: /etc/shinken/services/ +# Which hosts are we monitoring? +shinken_targets: +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +***REMOVED*** +# What services are we monitoring? +shinken_services: + - { } + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..091fb45 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +# Broker didn't do what i wanted, lets try restarting arbiter +- name: restart shinken arbiter + service: name=shinken-arbiter state=restarted + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..c5c362c --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,124 @@ +--- +galaxy_info: + author: your name + description: + company: your company (optional) + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + min_ansible_version: 1.2 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + #categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- clustering + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + #- web +dependencies: [] + # List your role dependencies here, one per line. Only + # dependencies available via galaxy should be listed here. + # Be sure to remove the '[]' above if you add dependencies + # to this list. + diff --git a/tasks/configure-hosts.yml b/tasks/configure-hosts.yml new file mode 100644 index 0000000..ce40329 --- /dev/null +++ b/tasks/configure-hosts.yml @@ -0,0 +1,11 @@ +--- +- name: Create configuration for hosts to monitor + template: + dest=/etc/shinken/hosts/{{ hostvars[item]['ansible_hostname'] }}.cfg + src=shinken-hosts.tmpl + when: hostvars[item]['ansible_hostname'] is defined + with_items: shinken_targets + +# TODO: figure out how to set the parent node per host in a useful way. +# with_items: groups['all'] + diff --git a/tasks/configure-jessie-repo.yml b/tasks/configure-jessie-repo.yml new file mode 100644 index 0000000..491c138 --- /dev/null +++ b/tasks/configure-jessie-repo.yml @@ -0,0 +1,4 @@ +# This should only be used while installing shinken +- name: Enable jessie (testing) for package installs + copy: content='deb http://ftp.iinet.net.au/debian/debian/ jessie main' dest=/var/lib/ansible/jessie.sources.list group=root owner=root + diff --git a/tasks/configure-piwik-script.yml b/tasks/configure-piwik-script.yml new file mode 100644 index 0000000..f1b83f1 --- /dev/null +++ b/tasks/configure-piwik-script.yml @@ -0,0 +1,7 @@ +--- +# From http://debian.piwik.org/ +# http://piwik.org/blog/2014/04/piwik-debian-package/ + +- name: Make log import script executable + file: path=/usr/share/piwik/misc/log-analytics/import_logs.py mode=755 + diff --git a/tasks/configure-shinken-contacts.yml b/tasks/configure-shinken-contacts.yml new file mode 100644 index 0000000..df75f35 --- /dev/null +++ b/tasks/configure-shinken-contacts.yml @@ -0,0 +1,9 @@ +# This doubles as the login details +- name: Configure shinken admin user and login + template: + src=shinken-contacts.cfg.tmpl + dest=/etc/shinken/contacts.cfg + mode=640 + notify: + - restart shinken broker + diff --git a/tasks/configure-shinken-hosts.yml b/tasks/configure-shinken-hosts.yml new file mode 100644 index 0000000..1da42e7 --- /dev/null +++ b/tasks/configure-shinken-hosts.yml @@ -0,0 +1,11 @@ +- name: Install hosts.cfg +# copy: src=shinken-hosts/ dest=/etc/shinken/hosts/ + template: user=root owner=root + src=shinken-hosts.tmpl +# how do we get loop to pass in items? + with_items: + - loop over hosts here + notify: + - restart shinken broker + + diff --git a/tasks/configure-shinken-webui.yml b/tasks/configure-shinken-webui.yml new file mode 100644 index 0000000..2602188 --- /dev/null +++ b/tasks/configure-shinken-webui.yml @@ -0,0 +1,6 @@ +- name: Set up Shinken web ui + template: src=broker-webui.cfg.tmpl dest=/etc/shinken/shinken-specific/broker-webui.cfg + owner=root group=root mode=444 + notify: + - restart shinken broker + diff --git a/tasks/install-shinken-packages.yml b/tasks/install-shinken-packages.yml new file mode 100644 index 0000000..59ec9e9 --- /dev/null +++ b/tasks/install-shinken-packages.yml @@ -0,0 +1,10 @@ +- name: Install shinken including web UI + command: apt-get -o Dir::Etc::SourceParts=/var/lib/ansible/jessie.sources.list install {{ item }} + creates=/etc/init.d/shinken + with_items: + - shinken + - shinken-module-arbiter-hotdependencies + +- name: Allow bi directional HTTP access to shinken frontend on 7767 + ufw: rule=allow port=7767 proto=tcp + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..aed1d74 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# Couldn't get pinning working so i've had to do this the long and work aroundy way +- include: configure-jessie-repo.yml +- include: install-shinken-packages.yml + +- include: configure-shinken-webui.yml +- include: configure-shinken-contacts.yml +- include: configure-shinken-hosts.yml + diff --git a/templates/broker-webui.cfg.tmpl b/templates/broker-webui.cfg.tmpl new file mode 100644 index 0000000..bc7129c --- /dev/null +++ b/templates/broker-webui.cfg.tmpl @@ -0,0 +1,49 @@ +# {{ ansible_managed }} +## Module: WebUI +## Loaded by: Broker +# The Shinken web interface and integrated web server. +define module { + module_name WebUI + module_type webui + host {{ shinken_broker_webui_host }} ; All interfaces = 0.0.0.0 + port {{ shinken_broker_webui_port }} + # auth_secret CHANGE_ME ; CHANGE THIS or someone could forge + auth_secret {{ shinken_broker_webui_auth_secret }} + ; cookies!! + allow_html_output 0 ; Allow or not HTML chars in plugins output. + ; WARNING: Allowing can be a security issue. + max_output_length 100 ; Maximum output length for plugin output in webui + manage_acl 1 ; Use contacts ACL. 0 allow actions for all. + play_sound 0 ; Play sound on new non-acknowledged problems. + #login_text Welcome on Shinken WebUI ; Text in the login form. + + ## Modules for WebUI + # - Apache_passwd = Use an htpasswd file for auth backend. + # - ActiveDir_UI = Use AD for auth backend (and retrieve photos). + # - Cfg_password = Use the password setted in Shinken contact for auth. + # - PNP_UI = Use PNP graphs in the UI. + # - GRAPHITE_UI = Use graphs from Graphite time series database. + # - Mongodb = Save user preferences to a Mongodb database + # - SQLitedb = Save user preferences to a SQLite database + #modules Apache_passwd, ActiveDir_UI, Cfg_password, PNP_UI, Mongodb, Glances_UI + modules SQLitedb,Cfg_password + + ## Advanced Options + # Don't use them as long as you don't know what you are doing! + #http_backend auto ; Choice is: auto, wsgiref, cherrypy, flup, + ; flupscgi, paste, tornado, twisted or gevent. + ; Leave auto to find the best available. + #remote_user_enable 1 ; If WebUI is behind a web server which + ; has already authentified user, enable. + #remote_user_enable 2 ; Look for remote user in the WSGI environment + ; instead of the HTTP header. This allows + ; for fastcgi (flup) and scgi (flupscgi) + ; integration, eg. with the apache modules. + #remote_user_variable X_Remote_User ; Set to the HTTP header containing + ; the authentificated user s name, which + ; must be a Shinken contact. + # If you got external plugins (pages) to load on webui + #additional_plugins_dir + +} + diff --git a/templates/contacts.cfg.tmpl b/templates/contacts.cfg.tmpl new file mode 100644 index 0000000..be71371 --- /dev/null +++ b/templates/contacts.cfg.tmpl @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +define contact{ + use generic-contact + contact_name {{ shinken_config_contacts_name }} + email {{ shinken_config_contacts_email }} + pager 0600000000 ; contact phone number + password {{ shinken_config_contacts_password }} + is_admin 1 +} + diff --git a/templates/ping.cfg.tmpl b/templates/ping.cfg.tmpl new file mode 100644 index 0000000..753cfca --- /dev/null +++ b/templates/ping.cfg.tmpl @@ -0,0 +1,9 @@ +# {{ ansible_managed }} + +# Define a service to "ping" the local machine +define service{ + use generic-service ; Name of service template to use + host_name medeopolis.com + service_description PING + check_command {{ shinken_cfg_ping_check_command |default('check_ping!100.0,20%!500.0,60%') }} + } diff --git a/templates/shinken-hosts.tmpl b/templates/shinken-hosts.tmpl new file mode 100644 index 0000000..1c4bb39 --- /dev/null +++ b/templates/shinken-hosts.tmpl @@ -0,0 +1,17 @@ +# {{ ansible_managed }} +############################################################################### +# +# HOST DEFINITION +# +############################################################################### + +# Define a host for the local machine +define host{ + use linux + host_name {{ item.hostname }} + address {{ item.hostname }} +{% if item.parent != '' %} + parents {{ item.parent }} +{% endif %} +} + diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..16dd02e --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tproles/goetzk.shinken