PeterEdmond/Icingaweb2
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added the ICINGA2 configuration files - Need to add these to the deployment process

Browse Source
This commit is contained in:
Peter Edmond 2025-07-03 09:43:17 +01:00
parent e46a04ebec
commit 3e542c7a52
16 changed files with 913 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ANSIBLE/eoq.yml Normal file
View File

@ -0,0 +1,18 @@
---
#- import_playbook: httpd.yml
- name: Install http php and mariadb
hosts: eoq
become: yes
gather_facts: yes
vars_files:
- group_vars/db/vault.yml # This is encrypted
roles:
- httpd_with_php
#- mariadb
tasks:
- debug:
msg: "Finished configuring DNS"

1
ANSIBLE/files/monitor.telos.digital/conf.d/app.conf Normal file
View File

@ -0,0 +1 @@
object IcingaApplication "app" { }

13
ANSIBLE/files/monitor.telos.digital/conf.d/apt.conf Normal file
View File

@ -0,0 +1,13 @@
apply Service "apt" {
import "generic-service"
check_command = "apt"
check_interval = 1d
retry_interval = 2h
max_check_attempts = 2
assign where host.name == NodeName
}

229
ANSIBLE/files/monitor.telos.digital/conf.d/commands.conf Normal file
View File

@ -0,0 +1,229 @@
/* Command objects */
/* Notification Commands
*
* Please check the documentation for all required and
* optional parameters.
*/
object NotificationCommand "mail-host-notification" {
command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-f" = {
value = "$notification_from$"
description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_hostoutput$"
}
"-r" = {
required = true
value = "$notification_useremail$"
}
"-s" = {
required = true
value = "$notification_hoststate$"
}
"-X" = "$notification_hostnotes$"
"-t" = {
required = true
value = "$notification_type$"
}
"-v" = "$notification_logtosyslog$"
}
vars += {
notification_address = "$address$"
notification_address6 = "$address6$"
notification_author = "$notification.author$"
notification_comment = "$notification.comment$"
notification_type = "$notification.type$"
notification_date = "$icinga.long_date_time$"
notification_hostname = "$host.name$"
notification_hostdisplayname = "$host.display_name$"
notification_hostoutput = "$host.output$"
notification_hoststate = "$host.state$"
notification_useremail = "$user.email$"
notification_hostnotes = "$host.notes$"
}
}
object NotificationCommand "mail-service-notification" {
command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-e" = {
required = true
value = "$notification_servicename$"
}
"-f" = {
value = "$notification_from$"
description = "Set from address. Requires GNU mailutils (Debian/Ubuntu) or mailx (RHEL/SUSE)"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_serviceoutput$"
}
"-r" = {
required = true
value = "$notification_useremail$"
}
"-s" = {
required = true
value = "$notification_servicestate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-X" = "$notification_hostnotes$"
"-x" = "$notification_servicenotes$"
"-u" = {
required = true
value = "$notification_servicedisplayname$"
}
"-v" = "$notification_logtosyslog$"
}
vars += {
notification_address = "$address$"
notification_address6 = "$address6$"
notification_author = "$notification.author$"
notification_comment = "$notification.comment$"
notification_type = "$notification.type$"
notification_date = "$icinga.long_date_time$"
notification_hostname = "$host.name$"
notification_hostdisplayname = "$host.display_name$"
notification_servicename = "$service.name$"
notification_serviceoutput = "$service.output$"
notification_servicestate = "$service.state$"
notification_useremail = "$user.email$"
notification_servicedisplayname = "$service.display_name$"
notification_hostnotes = "$host.notes$"
notification_servicenotes = "$service.notes$"
}
}
/*
* If you prefer to use the notification scripts with environment
* variables instead of command line parameters, you can use
* the following commands. They have been updated from < 2.7
* to support the new notification scripts and should help
* with an upgrade.
* Remove the comment blocks and comment the notification commands above.
*/
/*
object NotificationCommand "mail-host-notification" {
command = [ ConfigDir + "/scripts/mail-host-notification.sh" ]
env = {
NOTIFICATIONTYPE = "$notification.type$"
HOSTDISPLAYNAME = "$host.display_name$"
HOSTNAME = "$host.name$"
HOSTADDRESS = "$address$"
HOSTSTATE = "$host.state$"
LONGDATETIME = "$icinga.long_date_time$"
HOSTOUTPUT = "$host.output$"
NOTIFICATIONAUTHORNAME = "$notification.author$"
NOTIFICATIONCOMMENT = "$notification.comment$"
HOSTDISPLAYNAME = "$host.display_name$"
USEREMAIL = "$user.email$"
HOSTNOTES = "$host.notes$"
}
}
object NotificationCommand "mail-service-notification" {
command = [ ConfigDir + "/scripts/mail-service-notification.sh" ]
env = {
NOTIFICATIONTYPE = "$notification.type$"
SERVICENAME = "$service.name$"
HOSTNAME = "$host.name$"
HOSTDISPLAYNAME = "$host.display_name$"
HOSTADDRESS = "$address$"
SERVICESTATE = "$service.state$"
LONGDATETIME = "$icinga.long_date_time$"
SERVICEOUTPUT = "$service.output$"
NOTIFICATIONAUTHORNAME = "$notification.author$"
NOTIFICATIONCOMMENT = "$notification.comment$"
HOSTDISPLAYNAME = "$host.display_name$"
SERVICEDISPLAYNAME = "$service.display_name$"
USEREMAIL = "$user.email$"
HOSTNOTES = "$host.notes$"
SERVICENOTES = "$service.notes$"
}
}
*/
object CheckCommand "imap_ssl_cert" {
import "plugin-check-command"
command = [ PluginDir + "/imap_ssl_cert" ]
arguments = {
"-H" = {
value = "$imap_ssl_cert_host$"
required = true
}
"-p" = {
value = "$imap_ssl_cert_port$"
description = "Port to check (usually 993)"
}
"-w" = {
value = "$imap_ssl_cert_warn_days$"
description = "Warn if cert expires in <n> days"
}
"-c" = {
value = "$imap_ssl_cert_crit_days$"
description = "Critical if cert expires in <n> days"
}
}
vars.imap_ssl_cert_port = 993
vars.imap_ssl_cert_warn_days = 30
vars.imap_ssl_cert_crit_days = 15
}

20
ANSIBLE/files/monitor.telos.digital/conf.d/downtimes.conf Normal file
View File

@ -0,0 +1,20 @@
/**
* The example downtime apply rule.
*/
apply ScheduledDowntime "backup-downtime" to Service {
author = "icingaadmin"
comment = "Scheduled downtime for backup"
ranges = {
monday = service.vars.backup_downtime
tuesday = service.vars.backup_downtime
wednesday = service.vars.backup_downtime
thursday = service.vars.backup_downtime
friday = service.vars.backup_downtime
saturday = service.vars.backup_downtime
sunday = service.vars.backup_downtime
}
assign where service.vars.backup_downtime != ""
}

63
ANSIBLE/files/monitor.telos.digital/conf.d/groups.conf Normal file
View File

@ -0,0 +1,63 @@
/**
* Host group examples.
*/
object HostGroup "Infrastructure" {
display_name = "Infrastructure systems"
}
object HostGroup "linux-servers" {
display_name = "Linux Servers"
assign where host.vars.os == "Linux"
}
/* Not needed
object HostGroup "windows-servers" {
display_name = "Windows Servers"
assign where host.vars.os == "Windows"
}
*/
object HostGroup "https-checked" {
display_name = "HTTPS web services"
}
object HostGroup "mail-server" {
display_name = "Mail services"
}
object HostGroup "Davis" {
display_name = "Services related to the Davis Method"
}
object HostGroup "Digital" {
display_name = "Digital infrastructure and projects"
}
object HostGroup "Telos Partners" {
display_name = "Telos Partners infrastructure"
}
/**
* Service group examples.
*/
object ServiceGroup "ping" {
display_name = "Ping Checks"
assign where match("ping*", service.name)
}
object ServiceGroup "http" {
display_name = "HTTP Checks"
assign where match("http*", service.check_command)
}
object ServiceGroup "disk" {
display_name = "Disk Checks"
assign where match("disk*", service.check_command)
}

196
ANSIBLE/files/monitor.telos.digital/conf.d/hosts.conf Normal file
View File

@ -0,0 +1,196 @@
/*
* Host definitions with object attributes
* used for apply rules for Service, Notification,
* Dependency and ScheduledDowntime objects.
*
* Tip: Use `icinga2 object list --type Host` to
* list all host objects after running
* configuration validation (`icinga2 daemon -C`).
*/
/*
* This is an example host based on your
* local host's FQDN. Specify the NodeName
* constant in `constants.conf` or use your
* own description, e.g. "db-host-1".
*/
object Host NodeName {
/* Import the default host template defined in `templates.conf`. */
import "generic-host"
groups = ["https-checked"]
/* Specify the address attributes for checks e.g. `ssh` or `http`. */
address = "127.0.0.1"
address6 = "::1"
/* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
vars.os = "Linux"
/* Define http vhost attributes for service apply rules in `services.conf`. */
vars.http_vhosts["http"] = {
http_uri = "/"
}
/* Uncomment if you've successfully installed Icinga Web 2. */
//vars.http_vhosts["Icinga Web 2"] = {
// http_uri = "/icingaweb2"
//}
/* Define disks and attributes for service apply rules in `services.conf`. */
vars.disks["disk"] = {
/* No parameters. */
}
vars.disks["disk /"] = {
disk_partitions = "/"
}
/* Define notification mail attributes for notification apply rules in `notifications.conf`. */
vars.notification["mail"] = {
/* The UserGroup `icingaadmins` is defined in `users.conf`. */
groups = [ "icingaadmins" ]
}
}
object Host "telos-vhost02.telos.digital" {
import "generic-host"
address = "telos-vhost02.telos.digital"
check_command = "ping4"
check_command = "ssh"
vars.ssh_port = 22022
vars.ping = true
groups = ["Infrastructure"]
}
object Host "git.telos.digital" {
import "generic-host"
address = "git.telos.digital"
vars.http_vhost = "git.telos.digital"
check_command = "ssh"
vars.ssh_port = 22
check_interval = 53m
retry_interval = 3m
max_check_attempts = 2
groups = ["https-checked","Digital"]
}
object Host "wiki.telos.digital" {
import "generic-host"
address = "wiki.telos.digital"
vars.http_vhost = "wiki.telos.digital"
check_interval = 57m
retry_interval = 5m
max_check_attempts = 3
groups = ["https-checked","Digital"]
}
object Host "www.telospartners.com" {
import "generic-host"
address = "www.telospartners.com"
vars.http_vhost = "www.telospartners.com"
check_interval = 103m
retry_interval = 5m
max_check_attempts = 3
groups = ["https-checked","Telos Partners"]
}
object Host "davismethod.com" {
import "generic-host"
address = "davismethod.com"
vars.http_vhost = "davismethod.com"
check_interval = 21m
retry_interval = 7m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "learn.davismethod.com" {
import "generic-host"
address = "learn.davismethod.com"
vars.http_vhost = "learn.davismethod.com"
check_interval = 22m
retry_interval = 11m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "know.davismethod.com" {
import "generic-host"
address = "know.davismethod.com"
vars.http_vhost = "know.davismethod.com"
check_interval = 41m
retry_interval = 3m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "home.davismethod.com" {
import "generic-host"
address = "home.davismethod.com"
vars.http_vhost = "home.davismethod.com"
check_interval = 22m
retry_interval = 4m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "webmail.davismethod.com" {
import "generic-host"
address = "webmail.davismethod.com"
vars.http_vhost = "webmail.davismethod.com"
groups = ["https-checked","Davis"]
}
object Host "login.davismethod.com" {
import "generic-host"
address = "login.davismethod.com"
vars.http_vhost = "login.davismethod.com"
check_interval = 10m
retry_interval = 1m
max_check_attempts = 6
groups = ["https-checked","Davis"]
}
object Host "support.davismethod.com" {
import "generic-host"
address = "support.davismethod.com"
vars.http_vhost = "support.davismethod.com"
check_interval = 53m
retry_interval = 11m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "work.davismethod.com" {
import "generic-host"
address = "work.davismethod.com"
vars.http_vhost = "work.davismethod.com"
check_interval = 23m
retry_interval = 5m
max_check_attempts = 2
groups = ["https-checked","Davis"]
}
object Host "eoq.telos.digital" {
import "generic-host"
address = "eoq.telos.digital"
vars.http_vhost = "eoq.telos.digital"
vars.ping = false
check_interval = 5m
retry_interval = 1m
max_check_attempts = 2
groups = ["https-checked","Digital"]
}
object Host "imap.davismethod.com" {
import "generic-host"
address = "imap.davismethod.com"
vars.http_vhost = "imap.davismethod.com"
vars.smtp_host = "smtp.davismethod.com"
vars.ping = false
groups = ["mail-server","Davis"]
}

33
ANSIBLE/files/monitor.telos.digital/conf.d/notifications.conf Normal file
View File

@ -0,0 +1,33 @@
/**
* The example notification apply rules.
*
* Only applied if host/service objects have
* the custom variable `notification` defined
* and containing `mail` as key.
*
* Check `hosts.conf` for an example.
*/
apply Notification "mail-icingaadmin" to Host {
import "mail-host-notification"
user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail
}
apply Notification "mail-icingaadmin" to Service {
import "mail-service-notification"
user_groups = host.vars.notification.mail.groups
users = host.vars.notification.mail.users
//interval = 2h
//vars.notification_logtosyslog = true
assign where host.vars.notification.mail
}

186
ANSIBLE/files/monitor.telos.digital/conf.d/services.conf Normal file
View File

@ -0,0 +1,186 @@
/*
* Service apply rules.
*
* The CheckCommand objects `ping4`, `ping6`, etc
* are provided by the plugin check command templates.
* Check the documentation for details.
*
* Tip: Use `icinga2 object list --type Service` to
* list all service objects after running
* configuration validation (`icinga2 daemon -C`).
*/
/*
* This is an example host based on your
* local host's FQDN. Specify the NodeName
* constant in `constants.conf` or use your
* own description, e.g. "db-host-1".
*/
/*
* These are generic `ping4` and `ping6`
* checks applied to all hosts having the
* `address` resp. `address6` attribute
* defined.
*/
apply Service "ping4" {
import "generic-service"
check_command = "ping4"
assign where host.vars.ping == true /* Only if the host has vars.ping = true */
}
apply Service "ping6" {
import "generic-service"
check_command = "ping6"
assign where host.address6
}
/*
* Apply the `ssh` service to all hosts
* with the `address` attribute defined and
* the custom variable `os` set to `Linux`.
*/
apply Service "ssh" {
import "generic-service"
check_command = "ssh"
assign where (host.address || host.address6) && host.vars.os == "Linux"
}
apply Service for (http_vhost => config in host.vars.http_vhosts) {
import "generic-service"
check_command = "http"
vars += config
}
apply Service for (disk => config in host.vars.disks) {
import "generic-service"
check_command = "disk"
vars += config
}
apply Service "icinga" {
import "generic-service"
check_command = "icinga"
assign where host.name == NodeName
}
apply Service "load" {
import "generic-service"
check_command = "load"
/* Used by the ScheduledDowntime apply rule in `downtimes.conf`. */
vars.backup_downtime = "02:00-03:00"
assign where host.name == NodeName
}
apply Service "procs" {
import "generic-service"
check_command = "procs"
assign where host.name == NodeName
}
/* COMMENTED OUT AS NO SWAP ON THIS TINY SERVER
*apply Service "swap" {
* import "generic-service"
*
* check_command = "swap"
*
* assign where host.name == NodeName
*}
*/
apply Service "users" {
import "generic-service"
check_command = "users"
assign where host.name == NodeName
}
apply Service "https" {
import "generic-service"
check_command = "http"
vars.http_ssl = true
vars.http_sni = true
vars.http_address = host.address
vars.http_port = 443
vars.http_certificate = "20,7"
check_interval = 51m
retry_interval = 5m
max_check_attempts = 2
assign where "https-checked" in host.groups
}
apply Service "ssl-cert-expiry" {
import "generic-service"
check_command = "ssl_cert"
vars.ssl_cert_host = host.address
vars.ssl_cert_port = 443
vars.ssl_cert_critical = 3
vars.ssl_cert_warn = 7
check_interval = 53m
retry_interval = 3m
max_check_attempts = 3
assign where "https-checked" in host.groups
}
apply Service "imap-cert-expiry" {
import "generic-service"
check_command = "ssl_cert"
vars.ssl_cert_host = host.address
vars.ssl_cert_port = 993
vars.ssl_cert_critical = 3
vars.ssl_cert_warn = 7
check_interval = 13m
retry_interval = 3m
max_check_attempts = 3
assign where "mail-server" in host.groups
}
/* Not needed as mailserver using the same imap certificate for SMTP
apply Service "smtp-cert-expiry" {
import "generic-service"
check_command = "ssl_cert"
vars.ssl_cert_host = vars.smtp_host
vars.ssl_cert_port = 465
vars.ssl_cert_critical = 3
vars.ssl_cert_warn = 7
check_interval = 13m
retry_interval = 3m
max_check_attempts = 3
assign where "mail-server" in host.groups
}
*/
apply Service "mail_cert_check" {
import "generic-service"
check_command = "imap_ssl_cert"
vars.imap_ssl_cert_host = host.name
vars.imap_ssl_cert_warn_days = 30
vars.imap_ssl_cert_crit_days = 10
assign where "mail-server" in host.groups
}

83
ANSIBLE/files/monitor.telos.digital/conf.d/templates.conf Normal file
View File

@ -0,0 +1,83 @@
/*
* Generic template examples.
*/
/**
* Provides default settings for hosts. By convention
* all hosts should import this template.
*
* The CheckCommand object `hostalive` is provided by
* the plugin check command templates.
* Check the documentation for details.
*/
template Host "generic-host" {
max_check_attempts = 3
check_interval = 1m
retry_interval = 30s
check_command = "hostalive"
}
/**
* Provides default settings for services. By convention
* all services should import this template.
*/
template Service "generic-service" {
max_check_attempts = 5
check_interval = 1m
retry_interval = 30s
}
/**
* Provides default settings for users. By convention
* all users should inherit from this template.
*/
template User "generic-user" {
}
/**
* Provides default settings for host notifications.
* By convention all host notifications should import
* this template.
*/
template Notification "mail-host-notification" {
command = "mail-host-notification"
states = [ Up, Down ]
types = [ Problem, Acknowledgement, Recovery, Custom,
FlappingStart, FlappingEnd,
DowntimeStart, DowntimeEnd, DowntimeRemoved ]
vars += {
// notification_icingaweb2url = "https://www.example.com/icingaweb2"
// notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
notification_logtosyslog = false
}
period = "24x7"
}
/**
* Provides default settings for service notifications.
* By convention all service notifications should import
* this template.
*/
template Notification "mail-service-notification" {
command = "mail-service-notification"
states = [ OK, Warning, Critical, Unknown ]
types = [ Problem, Acknowledgement, Recovery, Custom,
FlappingStart, FlappingEnd,
DowntimeStart, DowntimeEnd, DowntimeRemoved ]
vars += {
// notification_icingaweb2url = "https://www.example.com/icingaweb2"
// notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
notification_logtosyslog = false
}
period = "24x7"
}

35
ANSIBLE/files/monitor.telos.digital/conf.d/timeperiods.conf Normal file
View File

@ -0,0 +1,35 @@
/**
* Sample timeperiods for Icinga 2.
* Check the documentation for details.
*/
object TimePeriod "24x7" {
display_name = "Icinga 2 24x7 TimePeriod"
ranges = {
"monday" = "00:00-24:00"
"tuesday" = "00:00-24:00"
"wednesday" = "00:00-24:00"
"thursday" = "00:00-24:00"
"friday" = "00:00-24:00"
"saturday" = "00:00-24:00"
"sunday" = "00:00-24:00"
}
}
object TimePeriod "9to5" {
display_name = "Icinga 2 9to5 TimePeriod"
ranges = {
"monday" = "09:00-17:00"
"tuesday" = "09:00-17:00"
"wednesday" = "09:00-17:00"
"thursday" = "09:00-17:00"
"friday" = "09:00-17:00"
}
}
object TimePeriod "never" {
display_name = "Icinga 2 never TimePeriod"
ranges = {
}
}

17
ANSIBLE/files/monitor.telos.digital/conf.d/users.conf Normal file
View File

@ -0,0 +1,17 @@
/**
* The example user 'icingaadmin' and the example
* group 'icingaadmins'.
*/
object User "icingaadmin" {
import "generic-user"
display_name = "Icinga 2 Admin"
groups = [ "icingaadmins" ]
email = "root@localhost"
}
object UserGroup "icingaadmins" {
display_name = "Icinga 2 Admin Group"
}

15
ANSIBLE/host_vars/eoq.telos.digital.yml Normal file
View File

@ -0,0 +1,15 @@
site_name: eoq.telos.digital
site_root: /var/www/html
admin_email: peter.edmond@telos.digital
php_version: 8.3
#These are not used but can be used to customise the php-fpm environment if required.
php_upload_max_filesize: 20M
php_post_max_size: 25M
php_memory_limit: 128M
php_max_execution_time: 60

2
ANSIBLE/hosts
View File

@ -1,6 +1,8 @@
[web]
monitor.telos.digital
[eoq]
eoq.telos.digital
[monitor]
monitor.telos.digital

2
ANSIBLE/roles/httpd/tasks/main.yml
View File

@ -52,7 +52,7 @@
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email your-email@example.com
--email {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem

2
ANSIBLE/roles/httpd_with_php/tasks/main.yml
View File

@ -52,7 +52,7 @@
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email your-email@example.com
--email {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem