Commit 169b2b76 authored by Paschalis Korosoglou's avatar Paschalis Korosoglou

Merge pull request #69 from dpavlos/nagios_config

ARGO-389 Nagios configurations
parents e5d7022b 9c9590a1
---
cert_path: /etc/pki/tls/certs/localhost.crt
key_path: /etc/pki/tls/private/localhost.key
ca_path: /etc/pki/tls/certs/ca-bundle.crt
iptables_rules:
input:
......
../private_files
\ No newline at end of file
......@@ -2,6 +2,7 @@
nagios_components:
- { name: argo-ncg , repo: argo-prod }
- { name: argo-msg-nagios , repo: argo-prod }
- { name: perl-Crypt-SSLeay , repo: "" }
## NCG vars ##
nagios_server: localhost
......@@ -17,7 +18,7 @@ include_empty_hosts: "0"
enable_notifications: "0"
local_metric_store: "0"
check_hosts: "0"
tenant_name: TENANT_A
tenant_name: tenant_a
poem_root_url: http://localhost/poem
include_proxy_checks: "0"
include_msg_checks_recv: "0"
......@@ -25,11 +26,11 @@ backup_instance: "false"
## CGI vars ##
authorized_for_all_service_commands:
- /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
- /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
- "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
- "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
authorized_for_all_host_commands:
- /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
- /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
- "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
- "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
## Nagios.cfg vars ##
host_perfdata_file_processing_command: ncg-process-host-perfdata-file
......@@ -49,5 +50,6 @@ process_performance_data: "1"
## Other vars
ca_bundle_install: false
configure_apache_ssl: false
configure_nagios_apache: false
......@@ -2,65 +2,71 @@
- name: Install Nagios
yum: name=nagios state=latest enablerepo=nagios
tags: install
- name: Install pnp4nagios
yum: name=pnp4nagios state=latest
tags: install
- name: Install Apache and mod_ssl
yum: name={{ item }} state=latest
with_items:
- httpd
- mod_ssl
tags: install
- name: Install fetch-crl
yum: name=fetch-crl state=latest
when: ca_bundle_install
tags: install
- name: Install NCG and MSG conponents
yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
with_items: nagios_components
tags: install
- name: Install Nagios plugins
yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
with_items: nagios_plugins
- name: Install Nagios UMD plugins
yum: name={{ item }} state=latest
with_items: nagios_plugins_umd
when: nagios_plugins_umd is defined
tags: install
- name: Copy nagios.cfg file
template: src=nagios.cfg.j2
dest=/etc/nagios/nagios.cfg
owner=nagios group=nagios mode=0644
notify: reload nagios
tags: config
- name: Copy cgi.cfg file
template: src=cgi.cfg.j2
dest=/etc/nagios/cgi.cfg
owner=nagios group=nagios mode=0644
notify: reload nagios
tags: config
#FIXME: Make this tenant unaware
- name: Copy ncg.conf file for EGI
template: src=ncg.conf.j2
dest=/etc/argo-ncg/ncg.conf
owner=root group=root
when: tenant_name == "EGI"
when: tenant_name|lower == "egi"
notify: reload nagios
tags: config
- name: Copy ncg.conf file for EUDAT
template: src=ncg.conf.eudat.j2
dest=/etc/ncg/ncg.conf
owner=root group=root
when: tenant_name == "EUDAT"
when: tenant_name|lower == "eudat"
notify: reload nagios
tags: config
- name: Copy argo-voms-htpasswd.conf file
template: src=argo-voms-htpasswd.conf.j2
dest=/etc/argo-voms-htpasswd/argo-voms-htpasswd.conf
owner=root group=root
when: voms_htpasswd is defined
tags: config
#FIXME: Temp workaround for tenants without BDII infrastructure.
- name: Copy broker-list file
......@@ -68,6 +74,7 @@
dest=/var/cache/msg/broker-cache-file/broker-list
owner=root group=root mode=0644
when: broker_host is defined
tags: config
##
- name: Copy argo-msg-cache file
......@@ -75,12 +82,21 @@
dest=/etc/argo-msg-cache.conf
owner=root group=root
when: lcg_gfal_infosys is defined and broker_network is defined
tags: config
- name: Create unicore log dir
file: path=/var/log/unicore
state=directory
owner=nagios group=nagios mode=0755
when: enable_unicore_probes is defined and enable_unicore_probes == "1"
tags: config
- name: Create vomses dir
- file: path=/etc/vomses
file: path=/etc/vomses
state=directory
owner=root group=root mode=0755
when: vomses is defined
tags: config
- name: Copy vomses files
template: src=vomses.j2
......@@ -88,56 +104,92 @@
owner=root group=root mode=0644
when: vomses is defined
with_items: vomses
tags: config
- name: Create voms lsc dir
- file: path=/etc/grid-security/vomsdir/{{ item.vo }}
file: path=/etc/grid-security/vomsdir/{{ item.vo }}
state=directory
owner=root group=root mode=0755
when: vomses is defined
with_items: vomses
tags: config
- name: Create voms lsc files
- template: src=voms_lsc.j2
template: src=voms_lsc.j2
dest=/etc/grid-security/vomsdir/{{ item.vo }}/{{ item.server }}.lsc
owner=root group=root mode=0644
when: vomses is defined
with_items: vomses
tags: config
- name: Create sha checksum for dashboard config
shell: echo -n {{ nagios_server }} | sha1sum | cut -f1 -d' '
register: sha
tags: config
- name: Create dashboard config for msg-to-handler
template: src=dashboard.conf.j2
dest=/etc/msg-to-handler.d/DASHBOARD.conf
owner=root group=root mode=0644
when: send_to_dashboard is defined and send_to_dashboard == "1"
tags: config
- name: Create apel config for msg-to-handler
template: src=apel.conf.j2
dest=/etc/msg-to-handler.d/APEL.conf
owner=root group=root mode=0644
when: send_to_apel is defined and send_to_apel == "1"
tags: config
- name: Create a cron job to restart apache
cron: name=restart_httpd
user="root"
minute="53" hour="2,8,14,20"
job="( /sbin/service httpd status && /sbin/service httpd graceful ) > /dev/null 2>&1"
when: ca_bundle_install
tags: config
- name: create apache nagios conf
template: src=nagios_apache.conf.j2
dest=/etc/httpd/conf.d/nagios.conf
owner=root group=root mode=0644
notify: reload httpd
when: configure_nagios_apache
tags: config
- name: create apache ssl conf
template: src=ssl.conf.j2
dest=/etc/httpd/conf.d/ssl.conf
owner=root group=root mode=0644
notify: reload httpd
when: configure_apache_ssl
tags: config
- name: Enable nagios and httpd on boot and start service
service: name={{ item }} state=started enabled=yes
with_items:
- nagios
- httpd
tags: config
- name: Start fetch-crl cron
service: name=fetch-crl-cron state=started enabled=yes
when: ca_bundle_install
tags: config
- name: Start fetch-crl boot
service: name=fetch-crl-boot state=started enabled=no
when: ca_bundle_install
ignore_errors: yes
tags: config
- name: Enable argo-voms-htpasswd on boot and start service
service: name=argo-voms-htpasswd state=started enabled=yes
when: voms_htpasswd is defined
tags: config
- name: Enable argo-msg-cache on boot and start service
service: name=argo-msg-cache state=started enabled=yes
when: lcg_gfal_infosys is defined
\ No newline at end of file
when: lcg_gfal_infosys is defined
tags: config
......@@ -9,4 +9,4 @@
LCG_GFAL_INFOSYS={% for bdii in lcg_gfal_infosys %}{{ bdii }}{% if not loop.last %},{% endif %}{% endfor %}
# BROKER_NETWORK=PROD
BROKER_NETWORK={{ broker_network }}
\ No newline at end of file
BROKER_NETWORK={{ broker_network }}
......@@ -168,6 +168,7 @@ authorized_for_all_hosts=*
# user who has authenticated to the web server.
authorized_for_all_service_commands={% for dn in authorized_for_all_service_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
authorized_for_all_host_commands={% for dn in authorized_for_all_host_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
......
{% include "private_files/" + ansible_fqdn + "/files/etc/httpd/conf.d/nagios.conf" %}
\ No newline at end of file
......@@ -35,7 +35,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
ENABLE_NOTIFICATIONS = {{ enable_notifications }}
CHECK_HOSTS = {{ check_hosts }}
TENANT = {{ tenant_name }}
TENANT = {{ tenant_name|lower }}
</Nagios>
</NCG::ConfigGen>
......
......@@ -14,12 +14,9 @@ VO = {{ vo }}
ENABLE_UNICORE_PROBES= {{ enable_unicore_probes }}
MYPROXY_SERVER = {{ myproxy_server }}
BACKUP_INSTANCE = {{ backup_instance }}
<NCG::SiteSet>
<GOCDB>
GOCDB_ROOT_URL={{ gocdb_root_url }}
CERT_STATUS={{ cert_status }}
ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
</GOCDB>
<File>
......@@ -61,10 +58,10 @@ BACKUP_INSTANCE = {{ backup_instance }}
ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
BDII_HOST={{ bdii_host }}
INCLUDE_PROXY_CHECKS = {{ include_proxy_checks }}
LOCAL_METRIC_STORE = {{ local_metric_store }}
</Active>
<LDAP>
LDAP_ADDRESS={{ bdii_host }}
BDII_LEVEL={{ bdii_level }}
</LDAP>
<File>
DB_FILE=/etc/argo-ncg/ncg.localdb
......@@ -74,12 +71,12 @@ BACKUP_INSTANCE = {{ backup_instance }}
<NCG::ConfigGen>
<Nagios>
NAGIOS_ROLE = {{ nagios_role }}
NAGIOS_ROLE = {{ nagios_role|lower }}
INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
ENABLE_NOTIFICATIONS = {{ enable_notifications }}
SEND_TO_DASHBOARD = {{ send_to_dashboard }}
CHECK_HOSTS = {{ check_hosts }}
TENANT = {{ tenant_name }}
TENANT = {{ tenant_name|lower }}
</Nagios>
</NCG::ConfigGen>
......@@ -90,7 +87,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
</File>
<POEM>
POEM_ROOT_URL = {{ poem_root_url }}
POEM_PROFILES = {% for poem in poem_profiles %}{{ poem }}{% if not loop.last %},{% endif %}{% endfor %}
POEM_PROFILES = {% for poem in poem_profiles %}{{ poem|upper }}{% if not loop.last %},{% endif %}{% endfor %}
</POEM>
</NCG::LocalMetrics>
......
{% include "private_files/" + ansible_fqdn + "/templates/ssl.conf.j2" %}
\ No newline at end of file
......@@ -24,7 +24,7 @@
copy: src=etc/yum.repos.d/EGI-trustanchors.repo
dest=/etc/yum.repos.d/EGI-trustanchors.repo backup=no
owner=root group=root mode=0644
when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui
when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui or ca_bundle_install==true
- name: Install cloudera-cdh5 repo
tags: cloudera-cdh5_repo
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment