forked from nephoscale/cloudscript
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnagios.cloudscript
More file actions
398 lines (341 loc) · 15 KB
/
nagios.cloudscript
File metadata and controls
398 lines (341 loc) · 15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
cloudscript nagios_chef_client
version = _latest
result_template = nagios_server_result_template
globals
nagios_server_hostname = 'nagios-server'
nagios_instance_type = 'CS1-SSD' # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps
nagios_image_type = 'Ubuntu Server 14.04 LTS'
#latest version always here: https://www.chef.io/download-chef-client/
system = 'ubuntu'
sys_server_version = 'trusty'
sys_client_version = '13.04'
chef_version = '12.0.6-1_amd64'
server_pass = lib::random_password()
console_pass = lib::random_password()
chef_slice_user = 'chef'
organization_short = 'companyname'
organization_full = 'Company Name'
admin_user = 'admin'
admin_user_full = 'Chef Administrator' #Format is two separated words
admin_mail = 'admin@companyname.com'
chef_client_version = '12.1.2-1_amd64'
server_password = lib::random_password()
admin_password = lib::random_password()
console_password = lib::random_password()
nagios_slice_user = 'nagios'
thread chef_setup
tasks = [nagios_server_setup]
task nagios_server_setup
#-------------------------------
# create keys
#-------------------------------
# create nagios admin password key
/key/password nagios_admin_password_key read_or_create
key_group = _SERVER
password = admin_password
# create nagios server root password key
/key/password nagios_server_password_key read_or_create
key_group = _SERVER
password = server_password
# create nagios server console key
/key/password nagios_server_console_key read_or_create
key_group = _CONSOLE
password = console_password
# create storage slice keys
/key/token nagios_slice_key read_or_create
username = nagios_slice_user
#-------------------------------
# create slice and container
#-------------------------------
# create slice to store script in cloudstorage
/storage/slice nagios_slice read_or_create
keys = [nagios_slice_key]
# create slice container to store script in cloudstorage
/storage/container nagios_container => [nagios_slice] read_or_create
slice = nagios_slice
#-------------------------------
# create nagios bootstrap
# script and recipe
#-------------------------------
# place script data in cloudstorage
/storage/object nagios_server_bootstrap_object => [nagios_slice, nagios_container] read_or_create
container_name = 'nagios_container'
file_name = 'bootstrap_nagios_server.sh'
slice = nagios_slice
content_data = nagios_server_script_template
# associate the cloudstorage object with the haproxy script
/orchestration/script nagios_server_bootstrap_script => [nagios_slice, nagios_container, nagios_server_bootstrap_object] read_or_create
data_uri = 'cloudstorage://nagios_slice/nagios_container/bootstrap_nagios_server.sh'
script_type = _SHELL
encoding = _STORAGE
# create the recipe and associate the script
/orchestration/recipe nagios_server_bootstrap_recipe read_or_create
scripts = [nagios_server_bootstrap_script]
#-------------------------------
# create the nagios server
#-------------------------------
/server/cloud nagios_server read_or_create
hostname = '{{ nagios_server_hostname }}'
image = '{{ nagios_image_type }}'
service_type = '{{ nagios_instance_type }}'
keys = [nagios_server_password_key, nagios_server_console_key]
recipes = [nagios_server_bootstrap_recipe]
recipe_timeout = 600
text_template nagios_server_script_template
#!/bin/bash
#Update repo
apt-get update
#Install git
apt-get install git -y
# Download latest version of chef-server for Ubuntu 14.04
wget https://web-dl.packagecloud.io/chef/stable/packages/{{ system }}/{{ sys_server_version }}/chef-server-core_{{ chef_version }}.deb
# Install chef-server
dpkg -i chef-server-core_{{ chef_version }}.deb
sleep 20s
export HOME="/root"
# Initial reconfiguring chef-server
chef-server-ctl reconfigure
# Install opscode-manage
#chef-server-ctl install opscode-manage
#opscode-manage-ctl reconfigure
# Reconfiguring chef-server with opscode-manage
#chef-server-ctl reconfigure
# Create admin user and organization
chef-server-ctl user-create {{ admin_user }} {{ admin_user_full }} {{ admin_mail }} {{ nagios_admin_password_key.password }} --filename /etc/chef/{{ admin_user }}.pem
chef-server-ctl org-create {{ organization_short }} {{ organization_full }} --association_user {{ admin_user }} --filename /etc/chef/{{ organization_short }}-validator.pem
#Download latest version of chef-client
wget https://opscode-omnibus-packages.s3.amazonaws.com/{{ system }}/{{ sys_client_version }}/x86_64/chef_{{ chef_client_version }}.deb
#Install it
dpkg -i chef_{{ chef_client_version }}.deb
#Create chef-client config
cat <<\EOF> /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://{{ nagios_server_hostname }}:443/organizations/{{ organization_short }}'
validation_key "/etc/chef/{{ organization_short }}-validator.pem"
validation_client_name '{{ organization_short }}-validator'
trusted_certs_dir "/etc/chef/trusted_certs"
EOF
#Create dirs
mkdir /etc/chef/trusted_certs
mkdir /etc/chef/cookbooks
mkdir /etc/chef/syntax_check_cache
#Create knife config
cat <<\EOF> /etc/chef/knife.rb
log_level :info
log_location STDOUT
node_name '{{ admin_user }}'
client_key '/etc/chef/{{ admin_user }}.pem'
validation_client_name '{{ organization_short }}-validator'
validation_key '/etc/chef/{{ organization_short }}-validator.pem'
chef_server_url 'https://{{ nagios_server_hostname }}/organizations/{{ organization_short }}'
syntax_check_cache_path '/etc/chef/syntax_check_cache'
cookbook_path [ '/etc/chef/cookbooks' ]
knife[:editor] = "vim"
EOF
#Copy SSL certificate
cd /etc/chef
knife ssl fetch
#Create github key
mkdir -p /tmp/private_code/.ssh
cat <<\EOF> /tmp/private_code/.ssh/github
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA0WAjWtkShNC/Hde4pblsTS1xlGrBNUjgAyj09SZl509xPwBT
9mYm1uwWWMcrD8Rpg/m07ARrYJrr87g8U4SL57olaZ6WmP0KLByzyT8++MFk9y7Y
s7rE3gyDpS4jiasqcpXlcyE1U0/peeU9nEn+PvDtalMLaV0asZkVM/JFclFWTBgC
FVVrfkIjsmvuwRgYFxREBw076tDh0fzWCNDgv819Ef4lOujHOEbHaszM4tqVgAP4
owwNdYcZM5ojILowyFBhaSa3WvkVdolz2weLvjIk06gxueRhkTua0H4/5XJvSJJ1
7CFEbzZ8SpZxe9bWErzuHd/WZhF7xQy4MaUSpwIDAQABAoIBADLLKuiQPtDfv22i
9tWljSOQAbzqxSKDIm1B02NhxFkASc3p63ScRZHgRm+VKdoyYRK2UnDrhY0zKEjB
CkmMn1BBNXBRG+HTiVM4R1lsMX+xkyfwQnwftEDWMl2xOsfcMXkI6lgq1z/15ANB
XNf8j2R/mGkx6lPOVXp+U8l9XeGkby3gyreusA2b8oNpFsfgE0MU/2CP7TC1LlZ2
A7SkfjajliLHZe+99/GvOLIQW/2QDYnIELawUvpiU9+GHhpxnxecs2Zh5oFTTOez
izNuVBtZRGaDCtYqGg0cvF4nGG2dGX7uGDIGc5u9bRT8uBWGaIqkdUewy+iGZoJM
2hgLa/kCgYEA+dGawwESzbuCUzXd06pJLUXWPqZP48coOD4LmSZBpecJ5diIiV1b
/gEkifcJt0KEop6j1WrNeqlXCoFEy88/tdrq5Vo+Wlkh7AJhHS4XqX/EGhCQi58S
7dmIcqHFMADxxbcMxeTn5D/xZhrRUbF0Nj0h/XPQmzNVyHqrE5+cxcUCgYEA1o5b
8ElCovkPYwF25ngxfUJeQ+Q8obrMiUBmvrOzVQKAsSiHKgppIDv2KeqTPuFF4LAs
4MnNexnG0BynFDrT7qmD5oE9l1Ld+B5HwSPW0incrjKCNDLLZPLs00fFBCi/uxIJ
OEtjV64Nu2o8//AF4LkjNaQuYNaw9cNQpjbnqXsCgYA9hwcz0fbcnrr5XYH12LHP
Ka0bnwB8HBfmyjk3DfoLLzz70/nEwy6d/5ANPr+w1/wsxR+at4RGGqDqYG4eODv7
wSArPq+uttco9mkOs8R2JZaZyMyg5pvV4sa9XORg70qcpHnL35XRXIJK4H3/PdJe
bW4Kq1SMdPdCuhuaaKxG9QKBgFJ20uVu8vq6qWxPMsjwJ21SZfLINXmf119lblgb
r3CcDqSIxDKnX7Jw+XMw4rlHUllCvW0Eg0KuLJjuelUvKyfO5ZBh2i9gPUpRMRkN
0lJinpwhc6PmZgB90gJ+0j1///lBvGNzrlIT5tlCwwFH2qp93geO+/hibA95q3TH
I5EjAoGACgi6h0xXcDh24GKBtbSpeHiGfaKXdsslDHS0q8nE4e3gPyQ+D6XMkHs7
E0GjMcSYdmYAc9NOLI0BYXXJY5Y0wrkHfhVicYuyh3gv6Wz7jS8brKtJGAb9LLL6
xxSqObPyp0/rA3w4k1kAQGvcw93qnCqWsUCSmZYgS6ONyR81P98=
-----END RSA PRIVATE KEY-----
EOF
chmod 0600 /tmp/private_code/.ssh/github
#Copy chef-repo cookbook from github
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.tmp
sed -e 's/^.*StrictHostKeyChecking.*/StrictHostKeyChecking no/g' /etc/ssh/ssh_config.tmp > /etc/ssh/ssh_config
eval `ssh-agent -s`
ssh-add /tmp/private_code/.ssh/github
cd /etc/chef
git clone git@github.com:nephoscale/chef-repo.git -b hds cookbooks/chef-repo
#Copy nagios cookbook from github
wget https://github.com/tas50/nagios/archive/v5.0.2.zip
apt-get install unzip -y
unzip -qq v5.0.2.zip -d cookbooks/
mv cookbooks/nagios-5.0.2 cookbooks/nagios
#Download dependencies
knife cookbook site download apache2
knife cookbook site download build-essential
knife cookbook site download nginx
knife cookbook site download nginx_simplecgi
knife cookbook site download php
knife cookbook site download yum
knife cookbook site download iptables
knife cookbook site download logrotate
knife cookbook site download apt
knife cookbook site download ohai
knife cookbook site download runit
knife cookbook site download yum-epel
knife cookbook site download bluepill
knife cookbook site download rsyslog
knife cookbook site download perl
knife cookbook site download xml
knife cookbook site download mysql
knife cookbook site download windows
knife cookbook site download iis
knife cookbook site download chef-sugar
knife cookbook site download yum-mysql-community
knife cookbook site download smf
knife cookbook site download rbac
knife cookbook site download chef_handler
knife cookbook site download nrpe
#Extract dependencies
ls *.tar.gz | xargs -i tar -zxf {} -C cookbooks/
rm *.tar.gz
#Install dependencies
knife cookbook upload build-essential
knife cookbook upload yum
knife cookbook upload logrotate
knife cookbook upload iptables
knife cookbook upload apache2
knife cookbook upload apt
knife cookbook upload ohai
knife cookbook upload yum-epel
knife cookbook upload rsyslog
knife cookbook upload bluepill
knife cookbook upload runit
knife cookbook upload nginx
knife cookbook upload perl
knife cookbook upload nginx_simplecgi
knife cookbook upload chef-sugar
knife cookbook upload xml
knife cookbook upload yum-mysql-community
knife cookbook upload rbac
knife cookbook upload smf
knife cookbook upload mysql
knife cookbook upload chef_handler
knife cookbook upload windows
knife cookbook upload iis
knife cookbook upload php
knife cookbook upload nrpe
knife cookbook upload nagios
#Create role on server
cat <<\EOF> /etc/chef/role_nagios.json
{
"name": "nagios-server",
"description": "nasios server cookbook",
"json_class": "Chef::Role",
"default_attributes": {
},
"override_attributes": {
"nagios": {
"server": {
"web_server": "apache",
"stop_apache": "false"
},
"server_auth_method": "htpasswd"
}
},
"chef_type": "role",
"run_list": [
"recipe[nagios]"
],
"env_run_lists": {
}
}
EOF
#Add role to server
knife role from file role_nagios.json
#Create role and run-list for node
cat <<\EOF> /etc/chef/nagios-server.json
{
"run_list": [
"role[nagios-server]"
]
}
EOF
#Change default nagios admin password
####This is for test mode
#apt-get install apache2-utils -y
#mkdir /etc/nagios3/
#htpasswd -cb /etc/nagios3/htpasswd.users nagiosadmin {{ nagios_admin_password_key.password }}
#PASSWORD=`htpasswd -nbs nagiosadmin {{ nagios_admin_password_key.password }} | sed -r 's/nagiosadmin://g'`#
#
##Create databag "Users"
#cat <<\EOF> /etc/chef/users.json
#{
# "id": "nagiosadmin",
# "groups": "sysadmin",
# "htpasswd": "PASSWORD",
# "nagios": {
# "pager": "nagiosadmin_pager@example.com",
# "email": "nagiosadmin@example.com"
# }
#}
#EOF
#sed -r "s/PASSWORD/$PASSWORD/g" /etc/chef/users.json > /etc/chef/users_new.json
#mv /etc/chef/users_new.json /etc/chef/users.json
#knife data bag create users
#knife data bag from file users /etc/chef/users.json
#### This works only with "nagios_users" data bag
knife data bag create users
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_users/ -type f`; do knife data bag from file users $ff; done
#Create empty databags
knife data bag create nagios_services
knife data bag create nagios_servicegroups
knife data bag create nagios_templates
knife data bag create nagios_hosttemplates
knife data bag create nagios_eventhandlers
knife data bag create nagios_unmanagedhosts
knife data bag create nagios_serviceescalations
knife data bag create nagios_hostescalations
knife data bag create nagios_contacts
knife data bag create nagios_contactgroups
knife data bag create nagios_servicedependencies
knife data bag create nagios_timeperiods
#Upload databags
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_services/ -type f`; do knife data bag from file nagios_services $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_servicegroups/ -type f`; do knife data bag from file nagios_servicegroups $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_templates/ -type f`; do knife data bag from file nagios_templates nagios_hosttemplates $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_eventhandlers/ -type f`; do knife data bag from file nagios_eventhandlers $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_unmanagedhosts/ -type f`; do knife data bag from file nagios_unmanagedhosts $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_serviceescalations/ -type f`; do knife data bag from file nagios_serviceescalations $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_hostescalations/ -type f`; do knife data bag from file nagios_hostescalations $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_contacts/ -type f`; do knife data bag from file nagios_contacts $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_contactgroups/ -type f`; do knife data bag from file nagios_contactgroups $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_servicedependencies/ -type f`; do knife data bag from file nagios_servicedependencies $ff; done
for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_timeperiods/ -type f`; do knife data bag from file nagios_timeperiods $ff; done
#Change nginx listen port and restart nginx
cp /var/opt/opscode/nginx/etc/nginx.conf /var/opt/opscode/nginx/etc/nginx.conf.bak
sed -r "s/listen 80;/listen 81;/g" /var/opt/opscode/nginx/etc/nginx.conf.bak > /var/opt/opscode/nginx/etc/nginx.conf
#Restart nginx
/opt/opscode/embedded/sbin/nginx -s quit
#Register node with chef-server
/usr/bin/chef-client --json-attributes /etc/chef/nagios-server.json
_eof
text_template nagios_server_result_template
Thank you for provisioning a nagios server setup.
Your server is available now here:
http://{{ nagios_server.ipaddress_public }}/nagios3/
Please login using your credentials.
If test mode for users active, then use
Login: nagiosadmin
Password: {{ nagios_admin_password_key.password }}
_eof