Define new role infrastructure_alerting
Change-Id: I700c59c350942776b150d8f9c59bc0b92f3d037d
This commit is contained in:
parent
e2d97b5b3e
commit
a0528556f8
@ -12,46 +12,41 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
$plugin = hiera('lma_infrastructure_alerting')
|
||||
$user_node_name = hiera('user_node_name')
|
||||
|
||||
if $plugin['node_name'] == $user_node_name {
|
||||
class {'::firewall':}
|
||||
|
||||
class {'::firewall':}
|
||||
|
||||
firewall { '000 accept all icmp requests':
|
||||
proto => 'icmp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '001 accept all to lo interface':
|
||||
proto => 'all',
|
||||
iniface => 'lo',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '002 accept related established rules':
|
||||
proto => 'all',
|
||||
state => ['RELATED', 'ESTABLISHED'],
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall {'020 ssh':
|
||||
port => 22,
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '300 nagios cgi':
|
||||
# Important: must match the $lma_infra_alerting::params::nagios_http_port
|
||||
port => 8001,
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '999 drop all other requests':
|
||||
proto => 'all',
|
||||
chain => 'INPUT',
|
||||
action => 'drop',
|
||||
}
|
||||
firewall { '000 accept all icmp requests':
|
||||
proto => 'icmp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '001 accept all to lo interface':
|
||||
proto => 'all',
|
||||
iniface => 'lo',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '002 accept related established rules':
|
||||
proto => 'all',
|
||||
state => ['RELATED', 'ESTABLISHED'],
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall {'020 ssh':
|
||||
port => 22,
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '300 nagios cgi':
|
||||
# Important: must match the $lma_infra_alerting::params::nagios_http_port
|
||||
port => 8001,
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
firewall { '999 drop all other requests':
|
||||
proto => 'all',
|
||||
chain => 'INPUT',
|
||||
action => 'drop',
|
||||
}
|
||||
|
@ -43,139 +43,138 @@ if $storage_options['objects_ceph']{
|
||||
$services['openstack.swift.status'] = true
|
||||
}
|
||||
|
||||
if $plugin['node_name'] == hiera('user_node_name') {
|
||||
class { 'lma_infra_alerting':
|
||||
openstack_deployment_name => $env_id,
|
||||
openstack_management_vip => $management_vip,
|
||||
additional_services => keys($services),
|
||||
# UI password
|
||||
password => $password,
|
||||
}
|
||||
class { 'lma_infra_alerting':
|
||||
openstack_deployment_name => $env_id,
|
||||
openstack_management_vip => $management_vip,
|
||||
additional_services => keys($services),
|
||||
# UI password
|
||||
password => $password,
|
||||
}
|
||||
|
||||
class { 'lma_infra_alerting::nagios::contact':
|
||||
send_to => $send_to,
|
||||
send_from => $send_from,
|
||||
smtp_host => $smtp_host,
|
||||
smtp_auth => $smtp_auth,
|
||||
smtp_user => $smtp_user,
|
||||
smtp_password => $smtp_password,
|
||||
notify_warning => $notify_warning,
|
||||
notify_critical => $notify_critical,
|
||||
notify_recovery => $notify_recovery,
|
||||
notify_unknown => $notify_unknown,
|
||||
require => Class['lma_infra_alerting'],
|
||||
}
|
||||
class { 'lma_infra_alerting::nagios::contact':
|
||||
send_to => $send_to,
|
||||
send_from => $send_from,
|
||||
smtp_host => $smtp_host,
|
||||
smtp_auth => $smtp_auth,
|
||||
smtp_user => $smtp_user,
|
||||
smtp_password => $smtp_password,
|
||||
notify_warning => $notify_warning,
|
||||
notify_critical => $notify_critical,
|
||||
notify_recovery => $notify_recovery,
|
||||
notify_unknown => $notify_unknown,
|
||||
require => Class['lma_infra_alerting'],
|
||||
}
|
||||
|
||||
$nodes_hash = hiera('nodes', {})
|
||||
$primary_controller_nodes = filter_nodes($nodes_hash,'role','primary-controller')
|
||||
$controller_nodes = filter_nodes($nodes_hash,'role','controller')
|
||||
$all_controller_nodes = concat($primary_controller_nodes, $controller_nodes)
|
||||
$nodes_hash = hiera('nodes', {})
|
||||
$primary_controller_nodes = filter_nodes($nodes_hash,'role','primary-controller')
|
||||
$controller_nodes = filter_nodes($nodes_hash,'role','controller')
|
||||
$all_controller_nodes = concat($primary_controller_nodes, $controller_nodes)
|
||||
|
||||
$compute_nodes = filter_nodes($nodes_hash,'role','compute')
|
||||
$cinder_nodes = filter_nodes($nodes_hash,'role','cinder')
|
||||
$base_os_nodes = filter_nodes($nodes_hash,'role','base-os')
|
||||
$osd_nodes = filter_nodes($nodes_hash, 'role', 'ceph-osd')
|
||||
$compute_nodes = filter_nodes($nodes_hash,'role','compute')
|
||||
$cinder_nodes = filter_nodes($nodes_hash,'role','cinder')
|
||||
$base_os_nodes = filter_nodes($nodes_hash,'role','base-os')
|
||||
$osd_nodes = filter_nodes($nodes_hash, 'role', 'ceph-osd')
|
||||
|
||||
$all_nodes = {}
|
||||
if !empty($all_controller_nodes){
|
||||
$all_nodes['controller'] = $all_controller_nodes
|
||||
}
|
||||
$all_nodes = {}
|
||||
if !empty($all_controller_nodes){
|
||||
$all_nodes['controller'] = $all_controller_nodes
|
||||
}
|
||||
|
||||
if !empty($compute_nodes){
|
||||
$all_nodes['compute'] = $compute_nodes
|
||||
}
|
||||
if !empty($cinder_nodes){
|
||||
$all_nodes['cinder'] = $cinder_nodes
|
||||
}
|
||||
if !empty($base_os_nodes){
|
||||
$all_nodes['base-os'] = $base_os_nodes
|
||||
}
|
||||
if !empty($osd_nodes){
|
||||
$all_nodes['ceph-osd'] = $osd_nodes
|
||||
}
|
||||
if !empty($compute_nodes){
|
||||
$all_nodes['compute'] = $compute_nodes
|
||||
}
|
||||
if !empty($cinder_nodes){
|
||||
$all_nodes['cinder'] = $cinder_nodes
|
||||
}
|
||||
if !empty($base_os_nodes){
|
||||
$all_nodes['base-os'] = $base_os_nodes
|
||||
}
|
||||
if !empty($osd_nodes){
|
||||
$all_nodes['ceph-osd'] = $osd_nodes
|
||||
}
|
||||
|
||||
class { 'lma_infra_alerting::nagios::hosts':
|
||||
hosts => $all_nodes,
|
||||
host_name_key => 'name',
|
||||
host_address_key => 'internal_address',
|
||||
host_display_name_keys => ['name', 'user_node_name'],
|
||||
host_custom_vars_keys => ['internal_address', 'private_address',
|
||||
'public_address', 'storage_address',
|
||||
'fqdn', 'role'],
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
class { 'lma_infra_alerting::nagios::hosts':
|
||||
hosts => $all_nodes,
|
||||
host_name_key => 'name',
|
||||
host_address_key => 'internal_address',
|
||||
host_display_name_keys => ['name', 'user_node_name'],
|
||||
host_custom_vars_keys => ['internal_address', 'private_address',
|
||||
'public_address', 'storage_address',
|
||||
'fqdn', 'role'],
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
|
||||
|
||||
# Nodes have private IPs only with GRE segmentation
|
||||
$network_config = hiera('quantum_settings')
|
||||
$segmentation_type = $network_config['L2']['segmentation_type']
|
||||
if $segmentation_type == 'gre' {
|
||||
$private_network = true
|
||||
} else {
|
||||
$private_network = false
|
||||
}
|
||||
# Nodes have private IPs only with GRE segmentation
|
||||
$network_config = hiera('quantum_settings')
|
||||
$segmentation_type = $network_config['L2']['segmentation_type']
|
||||
if $segmentation_type == 'gre' {
|
||||
$private_network = true
|
||||
} else {
|
||||
$private_network = false
|
||||
}
|
||||
|
||||
# Configure SSH checks
|
||||
lma_infra_alerting::nagios::check_ssh { 'management':
|
||||
hostgroups => keys($all_nodes),
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
# Configure SSH checks
|
||||
lma_infra_alerting::nagios::check_ssh { 'management':
|
||||
hostgroups => keys($all_nodes),
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
|
||||
lma_infra_alerting::nagios::check_ssh { 'storage':
|
||||
lma_infra_alerting::nagios::check_ssh { 'storage':
|
||||
hostgroups => keys($all_nodes),
|
||||
custom_var_address => 'storage_address',
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
|
||||
if $private_network {
|
||||
lma_infra_alerting::nagios::check_ssh { 'private':
|
||||
hostgroups => keys($all_nodes),
|
||||
custom_var_address => 'storage_address',
|
||||
custom_var_address => 'private_address',
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
}
|
||||
|
||||
if $private_network {
|
||||
lma_infra_alerting::nagios::check_ssh { 'private':
|
||||
hostgroups => keys($all_nodes),
|
||||
custom_var_address => 'private_address',
|
||||
require => Class[lma_infra_alerting],
|
||||
}
|
||||
# Configure Grafana and InfluxDB checks
|
||||
$influxdb_grafana = hiera('influxdb_grafana', {})
|
||||
$influxdb_node_name = $influxdb_grafana['node_name']
|
||||
$influxdb_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $influxdb_node_name)
|
||||
if ! empty($influxdb_nodes){
|
||||
lma_infra_alerting::nagios::check_http { 'Grafana':
|
||||
host_name => $influxdb_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::grafana_port,
|
||||
url => '/login',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => 'grafana',
|
||||
}
|
||||
|
||||
# Configure Grafana and InfluxDB checks
|
||||
$influxdb_grafana = hiera('influxdb_grafana', {})
|
||||
$influxdb_node_name = $influxdb_grafana['node_name']
|
||||
$influxdb_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $influxdb_node_name)
|
||||
if ! empty($influxdb_nodes){
|
||||
lma_infra_alerting::nagios::check_http { 'Grafana':
|
||||
host_name => $influxdb_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::grafana_port,
|
||||
url => '/login',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => 'grafana',
|
||||
}
|
||||
lma_infra_alerting::nagios::check_http { 'InfluxDB':
|
||||
host_name => $influxdb_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::influxdb_port,
|
||||
url => '/ping',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_status => '204 No Content',
|
||||
string_expected_in_headers => 'X-Influxdb-Version',
|
||||
}
|
||||
}
|
||||
|
||||
# Configure Elasticsearch and Kibana checks
|
||||
$es_kibana = hiera('elasticsearch_kibana', {})
|
||||
$es_node_name = $es_kibana['node_name']
|
||||
$es_kibana_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $es_node_name)
|
||||
if ! empty($es_kibana_nodes){
|
||||
lma_infra_alerting::nagios::check_http { 'Kibana':
|
||||
host_name => $es_kibana_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::kibana_port,
|
||||
url => '/',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => 'Kibana 3',
|
||||
}
|
||||
|
||||
lma_infra_alerting::nagios::check_http { 'Elasticsearch':
|
||||
host_name => $es_kibana_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::elasticserach_port,
|
||||
url => '/',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => '"status" : 200',
|
||||
}
|
||||
lma_infra_alerting::nagios::check_http { 'InfluxDB':
|
||||
host_name => $influxdb_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::influxdb_port,
|
||||
url => '/ping',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_status => '204 No Content',
|
||||
string_expected_in_headers => 'X-Influxdb-Version',
|
||||
}
|
||||
}
|
||||
|
||||
# Configure Elasticsearch and Kibana checks
|
||||
$es_kibana = hiera('elasticsearch_kibana', {})
|
||||
$es_node_name = $es_kibana['node_name']
|
||||
$es_kibana_nodes = filter_nodes(hiera('nodes'), 'user_node_name', $es_node_name)
|
||||
if ! empty($es_kibana_nodes){
|
||||
lma_infra_alerting::nagios::check_http { 'Kibana':
|
||||
host_name => $es_kibana_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::kibana_port,
|
||||
url => '/',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => 'Kibana 3',
|
||||
}
|
||||
|
||||
lma_infra_alerting::nagios::check_http { 'Elasticsearch':
|
||||
host_name => $es_kibana_nodes[0]['name'],
|
||||
port => $lma_infra_alerting::params::elasticserach_port,
|
||||
url => '/',
|
||||
custom_var_address => 'internal_address',
|
||||
string_expected_in_content => '"status" : 200',
|
||||
}
|
||||
}
|
||||
|
||||
|
13
deployment_tasks.yaml
Normal file
13
deployment_tasks.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
- id: infrastructure_alerting
|
||||
type: group
|
||||
role: [infrastructure_alerting]
|
||||
tasks:
|
||||
- hiera
|
||||
- globals
|
||||
- logging
|
||||
- netconfig
|
||||
required_for: [deploy_end]
|
||||
requires: [deploy_start]
|
||||
parameters:
|
||||
strategy:
|
||||
type: parallel
|
@ -1,21 +1,13 @@
|
||||
attributes:
|
||||
node_name:
|
||||
value: 'alerting'
|
||||
label: "Node name"
|
||||
description: 'The name of the node where the plugin will be deployed.'
|
||||
weight: 30
|
||||
type: "text"
|
||||
regex: ¬_empty
|
||||
source: '\S'
|
||||
error: "Invalid value"
|
||||
|
||||
nagios_password:
|
||||
value: 'r00tme'
|
||||
label: 'Nagios HTTP password'
|
||||
description: 'The password to access the Nagios Web Interface (username: "nagiosadmin")'
|
||||
weight: 42
|
||||
type: "password"
|
||||
regex: *not_empty
|
||||
regex:
|
||||
source: '\S'
|
||||
error: "Invalid value"
|
||||
|
||||
send_to:
|
||||
value: ''
|
||||
|
13
node_roles.yaml
Normal file
13
node_roles.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
infrastructure_alerting:
|
||||
name: 'LMA Infrastructure Alerting'
|
||||
description: 'Install services for the infrastructure alerting'
|
||||
has_primary: false
|
||||
public_ip_required: false
|
||||
weight: 100
|
||||
limits:
|
||||
max: 1
|
||||
conflicts:
|
||||
- controller
|
||||
- compute
|
||||
- cinder
|
||||
- ceph-osd
|
20
tasks.yaml
20
tasks.yaml
@ -1,24 +1,16 @@
|
||||
# TODO: check environment coherence
|
||||
# The following tasks are executed in the order they are declared
|
||||
- role: ['base-os']
|
||||
stage: post_deployment/8100
|
||||
type: puppet
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/netconfig/netconfig.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 720
|
||||
|
||||
# The following tasks are executed in the order they are declared
|
||||
- role: ['base-os']
|
||||
stage: post_deployment/8100
|
||||
# Priorities are important, this ensure that this plugin is deployed after
|
||||
# LMA Collector, InfluxDB and Elasticsearch.
|
||||
- role: [infrastructure_alerting]
|
||||
stage: post_deployment/8101
|
||||
type: puppet
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/firewall.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 600
|
||||
|
||||
- role: ['base-os']
|
||||
stage: post_deployment/8100
|
||||
- role: [infrastructure_alerting]
|
||||
stage: post_deployment/8101
|
||||
type: puppet
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/nagios.pp
|
||||
|
Loading…
Reference in New Issue
Block a user