Merge pull request #69 from dpavlos/nagios_config

ARGO-389 Nagios configurations

Merge pull request #69 from dpavlos/nagios_config
ARGO-389 Nagios configurations
169b2b76 · Paschalis Korosoglou · e5d7022b · 9c9590a1 · 169b2b76 · 169b2b76
Commit 169b2b76 authored Mar 29, 2016 by Paschalis Korosoglou
--- a/group_vars/monitoring_engine
+++ b/group_vars/monitoring_engine
 ---
 cert_path: /etc/pki/tls/certs/localhost.crt
 key_path: /etc/pki/tls/private/localhost.key
+ca_path: /etc/pki/tls/certs/ca-bundle.crt

 iptables_rules:
  input:

--- a/private_files
+++ b/private_files
+../private_files
\ No newline at end of file
--- a/roles/monitoring_engine/defaults/main.yml
+++ b/roles/monitoring_engine/defaults/main.yml
@@ -2,6 +2,7 @@
 nagios_components:
  - { name: argo-ncg                , repo: argo-prod }
  - { name: argo-msg-nagios         , repo: argo-prod }
+  - { name: perl-Crypt-SSLeay       , repo: ""        }

 ## NCG vars ##
 nagios_server: localhost
@@ -17,7 +18,7 @@ include_empty_hosts: "0"
 enable_notifications: "0"
 local_metric_store: "0"
 check_hosts: "0"
-tenant_name: TENANT_A
+tenant_name: tenant_a
 poem_root_url: http://localhost/poem
 include_proxy_checks: "0"
 include_msg_checks_recv: "0"
@@ -25,11 +26,11 @@ backup_instance: "false"

 ## CGI vars ##
 authorized_for_all_service_commands:
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
 authorized_for_all_host_commands:
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"

 ## Nagios.cfg vars ##
 host_perfdata_file_processing_command: ncg-process-host-perfdata-file
@@ -49,5 +50,6 @@ process_performance_data: "1"

 ## Other vars
 ca_bundle_install: false
-
+configure_apache_ssl: false
+configure_nagios_apache: false

--- a/roles/monitoring_engine/tasks/main.yml
+++ b/roles/monitoring_engine/tasks/main.yml
@@ -2,65 +2,71 @@

 - name: Install Nagios
  yum: name=nagios state=latest enablerepo=nagios
+  tags: install

 - name: Install pnp4nagios
  yum: name=pnp4nagios state=latest
+  tags: install

 - name: Install Apache and mod_ssl
  yum: name={{ item }} state=latest
  with_items:
    - httpd
    - mod_ssl
+  tags: install

 - name: Install fetch-crl
  yum: name=fetch-crl state=latest
  when: ca_bundle_install
+  tags: install

 - name: Install NCG and MSG conponents
  yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
  with_items: nagios_components
+  tags: install

 - name: Install Nagios plugins
  yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
  with_items: nagios_plugins
-  
- name: Install Nagios UMD plugins
-  yum: name={{ item }} state=latest
-  with_items: nagios_plugins_umd
-  when: nagios_plugins_umd is defined
+  tags: install

 - name: Copy nagios.cfg file
  template: src=nagios.cfg.j2
            dest=/etc/nagios/nagios.cfg
            owner=nagios group=nagios mode=0644
  notify: reload nagios
+  tags: config

 - name: Copy cgi.cfg file
  template: src=cgi.cfg.j2
            dest=/etc/nagios/cgi.cfg
            owner=nagios group=nagios mode=0644
  notify: reload nagios
+  tags: config

 #FIXME: Make this tenant unaware
 - name: Copy ncg.conf file for EGI
  template: src=ncg.conf.j2
            dest=/etc/argo-ncg/ncg.conf
            owner=root group=root
-  when: tenant_name == "EGI"
+  when: tenant_name|lower == "egi"
  notify: reload nagios
+  tags: config

 - name: Copy ncg.conf file for EUDAT
  template: src=ncg.conf.eudat.j2
            dest=/etc/ncg/ncg.conf
            owner=root group=root
-  when: tenant_name == "EUDAT"
+  when: tenant_name|lower == "eudat"
  notify: reload nagios
+  tags: config

 - name: Copy argo-voms-htpasswd.conf file
  template: src=argo-voms-htpasswd.conf.j2
            dest=/etc/argo-voms-htpasswd/argo-voms-htpasswd.conf
            owner=root group=root
  when: voms_htpasswd is defined
+  tags: config

 #FIXME: Temp workaround for tenants without BDII infrastructure.
 - name: Copy broker-list file
@@ -68,6 +74,7 @@
            dest=/var/cache/msg/broker-cache-file/broker-list
            owner=root group=root mode=0644
  when: broker_host is defined
+  tags: config
 ##

 - name: Copy argo-msg-cache file
@@ -75,12 +82,21 @@
            dest=/etc/argo-msg-cache.conf
            owner=root group=root
  when: lcg_gfal_infosys is defined and broker_network is defined
+  tags: config
+
+- name: Create unicore log dir
+  file: path=/var/log/unicore
+        state=directory 
+        owner=nagios group=nagios mode=0755
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config

 - name: Create vomses dir
- file: path=/etc/vomses 
+  file: path=/etc/vomses 
        state=directory 
        owner=root group=root mode=0755
  when: vomses is defined
+  tags: config

 - name: Copy vomses files
  template: src=vomses.j2
@@ -88,56 +104,92 @@
            owner=root group=root mode=0644
  when: vomses is defined
  with_items: vomses
+  tags: config

 - name: Create voms lsc dir
- file: path=/etc/grid-security/vomsdir/{{ item.vo }}
+  file: path=/etc/grid-security/vomsdir/{{ item.vo }}
        state=directory 
        owner=root group=root mode=0755
  when: vomses is defined
  with_items: vomses
+  tags: config

 - name: Create voms lsc files
- template: src=voms_lsc.j2
+  template: src=voms_lsc.j2
            dest=/etc/grid-security/vomsdir/{{ item.vo }}/{{ item.server }}.lsc
            owner=root group=root mode=0644
  when: vomses is defined
  with_items: vomses
+  tags: config

 - name: Create sha checksum for dashboard config
  shell: echo -n {{ nagios_server }} | sha1sum | cut -f1 -d' '
  register: sha
+  tags: config
  
 - name: Create dashboard config for msg-to-handler
  template: src=dashboard.conf.j2
            dest=/etc/msg-to-handler.d/DASHBOARD.conf
            owner=root group=root mode=0644
  when: send_to_dashboard is defined and send_to_dashboard == "1"
+  tags: config

 - name: Create apel config for msg-to-handler
  template: src=apel.conf.j2
            dest=/etc/msg-to-handler.d/APEL.conf
            owner=root group=root mode=0644
  when: send_to_apel is defined and send_to_apel == "1"
+  tags: config
+
+- name: Create a cron job to restart apache 
+  cron: name=restart_httpd 
+        user="root"
+        minute="53" hour="2,8,14,20" 
+        job="( /sbin/service httpd status && /sbin/service httpd graceful ) > /dev/null 2>&1" 
+  when: ca_bundle_install
+  tags: config
+
+- name: create apache nagios conf
+  template: src=nagios_apache.conf.j2
+            dest=/etc/httpd/conf.d/nagios.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_nagios_apache
+  tags: config
+
+- name: create apache ssl conf
+  template: src=ssl.conf.j2
+            dest=/etc/httpd/conf.d/ssl.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_apache_ssl
+  tags: config

 - name: Enable nagios and httpd on boot and start service
  service: name={{ item }} state=started enabled=yes
  with_items:
    - nagios
    - httpd
+  tags: config

 - name: Start fetch-crl cron
  service: name=fetch-crl-cron state=started enabled=yes
  when: ca_bundle_install
+  tags: config

 - name: Start fetch-crl boot
  service: name=fetch-crl-boot state=started enabled=no
  when: ca_bundle_install
  ignore_errors: yes
+  tags: config

 - name: Enable argo-voms-htpasswd on boot and start service
  service: name=argo-voms-htpasswd state=started enabled=yes
  when: voms_htpasswd is defined
+  tags: config

 - name: Enable argo-msg-cache on boot and start service
  service: name=argo-msg-cache state=started enabled=yes
-  when: lcg_gfal_infosys is defined
\ No newline at end of file
+  when: lcg_gfal_infosys is defined
+  tags: config
+  
--- a/roles/monitoring_engine/templates/argo-msg-cache.conf.j2
+++ b/roles/monitoring_engine/templates/argo-msg-cache.conf.j2
@@ -9,4 +9,4 @@
 LCG_GFAL_INFOSYS={% for bdii in lcg_gfal_infosys %}{{ bdii }}{% if not loop.last %},{% endif %}{% endfor %}

 # BROKER_NETWORK=PROD
-BROKER_NETWORK={{ broker_network }}
\ No newline at end of file
+BROKER_NETWORK={{ broker_network }}
--- a/roles/monitoring_engine/templates/cgi.cfg.j2
+++ b/roles/monitoring_engine/templates/cgi.cfg.j2
@@ -168,6 +168,7 @@ authorized_for_all_hosts=*
 # user who has authenticated to the web server.

 authorized_for_all_service_commands={% for dn in authorized_for_all_service_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
+
 authorized_for_all_host_commands={% for dn in authorized_for_all_host_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}



--- a/roles/monitoring_engine/templates/nagios_apache.conf.j2
+++ b/roles/monitoring_engine/templates/nagios_apache.conf.j2
+{% include "private_files/" + ansible_fqdn + "/files/etc/httpd/conf.d/nagios.conf"  %}
\ No newline at end of file
--- a/roles/monitoring_engine/templates/ncg.conf.eudat.j2
+++ b/roles/monitoring_engine/templates/ncg.conf.eudat.j2
@@ -35,7 +35,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
    INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
    ENABLE_NOTIFICATIONS = {{ enable_notifications }}
    CHECK_HOSTS = {{ check_hosts }}
-    TENANT = {{ tenant_name }}
+    TENANT = {{ tenant_name|lower }}
  </Nagios>
 </NCG::ConfigGen>


--- a/roles/monitoring_engine/templates/ncg.conf.j2
+++ b/roles/monitoring_engine/templates/ncg.conf.j2
@@ -14,12 +14,9 @@ VO = {{ vo }}
 ENABLE_UNICORE_PROBES= {{ enable_unicore_probes }}
 MYPROXY_SERVER = {{ myproxy_server }}

-BACKUP_INSTANCE = {{ backup_instance }}
-
 <NCG::SiteSet>
  <GOCDB>
    GOCDB_ROOT_URL={{ gocdb_root_url }}
-    CERT_STATUS={{ cert_status }}
    ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
  </GOCDB>
  <File>
@@ -61,10 +58,10 @@ BACKUP_INSTANCE = {{ backup_instance }}
    ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
    BDII_HOST={{ bdii_host }}
    INCLUDE_PROXY_CHECKS = {{ include_proxy_checks }}
-    LOCAL_METRIC_STORE = {{ local_metric_store }}
  </Active>
  <LDAP>
    LDAP_ADDRESS={{ bdii_host }}
+    BDII_LEVEL={{ bdii_level }}
  </LDAP>
  <File>
    DB_FILE=/etc/argo-ncg/ncg.localdb
@@ -74,12 +71,12 @@ BACKUP_INSTANCE = {{ backup_instance }}

 <NCG::ConfigGen>
  <Nagios>
-    NAGIOS_ROLE = {{ nagios_role }}
+    NAGIOS_ROLE = {{ nagios_role|lower }}
    INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
    ENABLE_NOTIFICATIONS = {{ enable_notifications }}
    SEND_TO_DASHBOARD = {{ send_to_dashboard }}
    CHECK_HOSTS = {{ check_hosts }}
-    TENANT = {{ tenant_name }}
+    TENANT = {{ tenant_name|lower }}
  </Nagios>
 </NCG::ConfigGen>

@@ -90,7 +87,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
  </File>
  <POEM>
    POEM_ROOT_URL = {{ poem_root_url }}
-    POEM_PROFILES = {% for poem in poem_profiles %}{{ poem }}{% if not loop.last %},{% endif %}{% endfor %}
+    POEM_PROFILES = {% for poem in poem_profiles %}{{ poem|upper }}{% if not loop.last %},{% endif %}{% endfor %}

  </POEM>
 </NCG::LocalMetrics>

--- a/roles/monitoring_engine/templates/ssl.conf.j2
+++ b/roles/monitoring_engine/templates/ssl.conf.j2
+{% include "private_files/" + ansible_fqdn + "/templates/ssl.conf.j2"  %}
\ No newline at end of file
--- a/roles/repos/tasks/main.yml
+++ b/roles/repos/tasks/main.yml
@@ -24,7 +24,7 @@
  copy: src=etc/yum.repos.d/EGI-trustanchors.repo
        dest=/etc/yum.repos.d/EGI-trustanchors.repo backup=no
        owner=root group=root mode=0644
-  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui
+  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui or ca_bundle_install==true

 - name: Install cloudera-cdh5 repo
  tags: cloudera-cdh5_repo