Merge pull request #69 from dpavlos/nagios_config

ARGO-389 Nagios configurations

group_vars/monitoring_engine

 ---
 cert_path: /etc/pki/tls/certs/localhost.crt
 key_path: /etc/pki/tls/private/localhost.key
+ca_path: /etc/pki/tls/certs/ca-bundle.crt
 
 iptables_rules:
   input:

private_files

+../private_files
\ No newline at end of file

roles/monitoring_engine/defaults/main.yml

@@ -2,6 +2,7 @@
 nagios_components:
   - { name: argo-ncg                , repo: argo-prod }
   - { name: argo-msg-nagios         , repo: argo-prod }
+  - { name: perl-Crypt-SSLeay       , repo: ""        }
 
 ## NCG vars ##
 nagios_server: localhost
@@ -17,7 +18,7 @@ include_empty_hosts: "0"
 enable_notifications: "0"
 local_metric_store: "0"
 check_hosts: "0"
-tenant_name: TENANT_A
+tenant_name: tenant_a
 poem_root_url: http://localhost/poem
 include_proxy_checks: "0"
 include_msg_checks_recv: "0"
@@ -25,11 +26,11 @@ backup_instance: "false"
 
 ## CGI vars ##
 authorized_for_all_service_commands:
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
 authorized_for_all_host_commands:
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1
-  - /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_1"
+  - "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=SomeCN_2"
 
 ## Nagios.cfg vars ##
 host_perfdata_file_processing_command: ncg-process-host-perfdata-file
@@ -49,5 +50,6 @@ process_performance_data: "1"
 
 ## Other vars
 ca_bundle_install: false
-
+configure_apache_ssl: false
+configure_nagios_apache: false
 

roles/monitoring_engine/tasks/main.yml

@@ -2,65 +2,71 @@
 
 - name: Install Nagios
   yum: name=nagios state=latest enablerepo=nagios
+  tags: install
 
 - name: Install pnp4nagios
   yum: name=pnp4nagios state=latest
+  tags: install
 
 - name: Install Apache and mod_ssl
   yum: name={{ item }} state=latest
   with_items:
     - httpd
     - mod_ssl
+  tags: install
 
 - name: Install fetch-crl
   yum: name=fetch-crl state=latest
   when: ca_bundle_install
+  tags: install
 
 - name: Install NCG and MSG conponents
   yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
   with_items: nagios_components
+  tags: install
 
 - name: Install Nagios plugins
   yum: name={{ item.name }} state=latest enablerepo={{ item.repo }}
   with_items: nagios_plugins
-  
-- name: Install Nagios UMD plugins
-  yum: name={{ item }} state=latest
-  with_items: nagios_plugins_umd
-  when: nagios_plugins_umd is defined
+  tags: install
 
 - name: Copy nagios.cfg file
   template: src=nagios.cfg.j2
             dest=/etc/nagios/nagios.cfg
             owner=nagios group=nagios mode=0644
   notify: reload nagios
+  tags: config
 
 - name: Copy cgi.cfg file
   template: src=cgi.cfg.j2
             dest=/etc/nagios/cgi.cfg
             owner=nagios group=nagios mode=0644
   notify: reload nagios
+  tags: config
 
 #FIXME: Make this tenant unaware
 - name: Copy ncg.conf file for EGI
   template: src=ncg.conf.j2
             dest=/etc/argo-ncg/ncg.conf
             owner=root group=root
-  when: tenant_name == "EGI"
+  when: tenant_name|lower == "egi"
   notify: reload nagios
+  tags: config
 
 - name: Copy ncg.conf file for EUDAT
   template: src=ncg.conf.eudat.j2
             dest=/etc/ncg/ncg.conf
             owner=root group=root
-  when: tenant_name == "EUDAT"
+  when: tenant_name|lower == "eudat"
   notify: reload nagios
+  tags: config
 
 - name: Copy argo-voms-htpasswd.conf file
   template: src=argo-voms-htpasswd.conf.j2
             dest=/etc/argo-voms-htpasswd/argo-voms-htpasswd.conf
             owner=root group=root
   when: voms_htpasswd is defined
+  tags: config
 
 #FIXME: Temp workaround for tenants without BDII infrastructure.
 - name: Copy broker-list file
@@ -68,6 +74,7 @@
             dest=/var/cache/msg/broker-cache-file/broker-list
             owner=root group=root mode=0644
   when: broker_host is defined
+  tags: config
 ##
 
 - name: Copy argo-msg-cache file
@@ -75,12 +82,21 @@
             dest=/etc/argo-msg-cache.conf
             owner=root group=root
   when: lcg_gfal_infosys is defined and broker_network is defined
+  tags: config
+
+- name: Create unicore log dir
+  file: path=/var/log/unicore
+        state=directory 
+        owner=nagios group=nagios mode=0755
+  when: enable_unicore_probes is defined and enable_unicore_probes == "1"
+  tags: config
 
 - name: Create vomses dir
-- file: path=/etc/vomses 
+  file: path=/etc/vomses 
         state=directory 
         owner=root group=root mode=0755
   when: vomses is defined
+  tags: config
 
 - name: Copy vomses files
   template: src=vomses.j2
@@ -88,56 +104,92 @@
             owner=root group=root mode=0644
   when: vomses is defined
   with_items: vomses
+  tags: config
 
 - name: Create voms lsc dir
-- file: path=/etc/grid-security/vomsdir/{{ item.vo }}
+  file: path=/etc/grid-security/vomsdir/{{ item.vo }}
         state=directory 
         owner=root group=root mode=0755
   when: vomses is defined
   with_items: vomses
+  tags: config
 
 - name: Create voms lsc files
-- template: src=voms_lsc.j2
+  template: src=voms_lsc.j2
             dest=/etc/grid-security/vomsdir/{{ item.vo }}/{{ item.server }}.lsc
             owner=root group=root mode=0644
   when: vomses is defined
   with_items: vomses
+  tags: config
 
 - name: Create sha checksum for dashboard config
   shell: echo -n {{ nagios_server }} | sha1sum | cut -f1 -d' '
   register: sha
+  tags: config
   
 - name: Create dashboard config for msg-to-handler
   template: src=dashboard.conf.j2
             dest=/etc/msg-to-handler.d/DASHBOARD.conf
             owner=root group=root mode=0644
   when: send_to_dashboard is defined and send_to_dashboard == "1"
+  tags: config
 
 - name: Create apel config for msg-to-handler
   template: src=apel.conf.j2
             dest=/etc/msg-to-handler.d/APEL.conf
             owner=root group=root mode=0644
   when: send_to_apel is defined and send_to_apel == "1"
+  tags: config
+
+- name: Create a cron job to restart apache 
+  cron: name=restart_httpd 
+        user="root"
+        minute="53" hour="2,8,14,20" 
+        job="( /sbin/service httpd status && /sbin/service httpd graceful ) > /dev/null 2>&1" 
+  when: ca_bundle_install
+  tags: config
+
+- name: create apache nagios conf
+  template: src=nagios_apache.conf.j2
+            dest=/etc/httpd/conf.d/nagios.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_nagios_apache
+  tags: config
+
+- name: create apache ssl conf
+  template: src=ssl.conf.j2
+            dest=/etc/httpd/conf.d/ssl.conf
+            owner=root group=root mode=0644
+  notify: reload httpd
+  when: configure_apache_ssl
+  tags: config
 
 - name: Enable nagios and httpd on boot and start service
   service: name={{ item }} state=started enabled=yes
   with_items:
     - nagios
     - httpd
+  tags: config
 
 - name: Start fetch-crl cron
   service: name=fetch-crl-cron state=started enabled=yes
   when: ca_bundle_install
+  tags: config
 
 - name: Start fetch-crl boot
   service: name=fetch-crl-boot state=started enabled=no
   when: ca_bundle_install
   ignore_errors: yes
+  tags: config
 
 - name: Enable argo-voms-htpasswd on boot and start service
   service: name=argo-voms-htpasswd state=started enabled=yes
   when: voms_htpasswd is defined
+  tags: config
 
 - name: Enable argo-msg-cache on boot and start service
   service: name=argo-msg-cache state=started enabled=yes
-  when: lcg_gfal_infosys is defined
\ No newline at end of file
+  when: lcg_gfal_infosys is defined
+  tags: config
+  

roles/monitoring_engine/templates/argo-msg-cache.conf.j2

@@ -9,4 +9,4 @@
 LCG_GFAL_INFOSYS={% for bdii in lcg_gfal_infosys %}{{ bdii }}{% if not loop.last %},{% endif %}{% endfor %}
 
 # BROKER_NETWORK=PROD
-BROKER_NETWORK={{ broker_network }}
\ No newline at end of file
+BROKER_NETWORK={{ broker_network }}

roles/monitoring_engine/templates/cgi.cfg.j2

@@ -168,6 +168,7 @@ authorized_for_all_hosts=*
 # user who has authenticated to the web server.
 
 authorized_for_all_service_commands={% for dn in authorized_for_all_service_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
+
 authorized_for_all_host_commands={% for dn in authorized_for_all_host_commands %}{{ dn }}{% if not loop.last %},{% endif %}{% endfor %}
 
 

roles/monitoring_engine/templates/nagios_apache.conf.j2

+{% include "private_files/" + ansible_fqdn + "/files/etc/httpd/conf.d/nagios.conf"  %}
\ No newline at end of file

roles/monitoring_engine/templates/ncg.conf.eudat.j2

@@ -35,7 +35,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
     INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
     ENABLE_NOTIFICATIONS = {{ enable_notifications }}
     CHECK_HOSTS = {{ check_hosts }}
-    TENANT = {{ tenant_name }}
+    TENANT = {{ tenant_name|lower }}
   </Nagios>
 </NCG::ConfigGen>
 

roles/monitoring_engine/templates/ncg.conf.j2

@@ -14,12 +14,9 @@ VO = {{ vo }}
 ENABLE_UNICORE_PROBES= {{ enable_unicore_probes }}
 MYPROXY_SERVER = {{ myproxy_server }}
 
-BACKUP_INSTANCE = {{ backup_instance }}
-
 <NCG::SiteSet>
   <GOCDB>
     GOCDB_ROOT_URL={{ gocdb_root_url }}
-    CERT_STATUS={{ cert_status }}
     ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
   </GOCDB>
   <File>
@@ -61,10 +58,10 @@ BACKUP_INSTANCE = {{ backup_instance }}
     ENABLE_UNICORE_PROBES=$ENABLE_UNICORE_PROBES
     BDII_HOST={{ bdii_host }}
     INCLUDE_PROXY_CHECKS = {{ include_proxy_checks }}
-    LOCAL_METRIC_STORE = {{ local_metric_store }}
   </Active>
   <LDAP>
     LDAP_ADDRESS={{ bdii_host }}
+    BDII_LEVEL={{ bdii_level }}
   </LDAP>
   <File>
     DB_FILE=/etc/argo-ncg/ncg.localdb
@@ -74,12 +71,12 @@ BACKUP_INSTANCE = {{ backup_instance }}
 
 <NCG::ConfigGen>
   <Nagios>
-    NAGIOS_ROLE = {{ nagios_role }}
+    NAGIOS_ROLE = {{ nagios_role|lower }}
     INCLUDE_EMPTY_HOSTS = {{ include_empty_hosts }}
     ENABLE_NOTIFICATIONS = {{ enable_notifications }}
     SEND_TO_DASHBOARD = {{ send_to_dashboard }}
     CHECK_HOSTS = {{ check_hosts }}
-    TENANT = {{ tenant_name }}
+    TENANT = {{ tenant_name|lower }}
   </Nagios>
 </NCG::ConfigGen>
 
@@ -90,7 +87,7 @@ BACKUP_INSTANCE = {{ backup_instance }}
   </File>
   <POEM>
     POEM_ROOT_URL = {{ poem_root_url }}
-    POEM_PROFILES = {% for poem in poem_profiles %}{{ poem }}{% if not loop.last %},{% endif %}{% endfor %}
+    POEM_PROFILES = {% for poem in poem_profiles %}{{ poem|upper }}{% if not loop.last %},{% endif %}{% endfor %}
 
   </POEM>
 </NCG::LocalMetrics>

roles/monitoring_engine/templates/ssl.conf.j2

+{% include "private_files/" + ansible_fqdn + "/templates/ssl.conf.j2"  %}
\ No newline at end of file

roles/repos/tasks/main.yml

@@ -24,7 +24,7 @@
   copy: src=etc/yum.repos.d/EGI-trustanchors.repo
         dest=/etc/yum.repos.d/EGI-trustanchors.repo backup=no
         owner=root group=root mode=0644
-  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui
+  when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui or ca_bundle_install==true
 
 - name: Install cloudera-cdh5 repo
   tags: cloudera-cdh5_repo