422 lines
14 KiB
Puppet
422 lines
14 KiB
Puppet
# Copyright 2015 Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
notice('fuel-plugin-lma-infrastructure-alerting: nagios.pp')
|
|
|
|
$cluster_ip = hiera('lma::infrastructure_alerting::cluster_ip')
|
|
$env_id = hiera('deployment_id')
|
|
$fuel_version = 0 + hiera('fuel_version')
|
|
|
|
$plugin = hiera('lma_infrastructure_alerting')
|
|
$nagios_authnz = hiera('lma::infrastructure_alerting::authnz')
|
|
$password = $nagios_authnz['password']
|
|
if $notify_warning == false and
|
|
$notify_critical == false and
|
|
$notify_unknown == false and
|
|
$notify_recovery == false {
|
|
|
|
$send_to = undef
|
|
$send_from = undef
|
|
$smtp_host = undef
|
|
$smtp_auth = undef
|
|
$smtp_password = undef
|
|
} else {
|
|
$send_to = $plugin['send_to']
|
|
$send_from = $plugin['send_from']
|
|
$smtp_host = $plugin['smtp_host']
|
|
$smtp_auth = $plugin['smtp_auth']
|
|
$smtp_user = $plugin['smtp_user']
|
|
$smtp_password = $plugin['smtp_password']
|
|
|
|
$notify_warning = $plugin['notify_warning']
|
|
$notify_critical = $plugin['notify_critical']
|
|
$notify_unknown = $plugin['notify_unknown']
|
|
$notify_recovery = $plugin['notify_recovery']
|
|
}
|
|
|
|
$apache_config_dir = hiera('lma::infrastructure_alerting::apache_dir')
|
|
$nagios_vip = hiera('lma::infrastructure_alerting::vip')
|
|
|
|
$nagios_ui = hiera_hash('lma::infrastructure_alerting::nagios_ui')
|
|
$nagios_ui_vip = $nagios_ui['vip']
|
|
$apache_port = $nagios_ui['apache_port']
|
|
|
|
$tls_enabled = $nagios_ui['tls_enabled']
|
|
|
|
$lma_collector = hiera_hash('lma_collector', {})
|
|
|
|
if $lma_collector['gse_cluster_global'] {
|
|
$service_clusters = keys($lma_collector['gse_cluster_global']['clusters'])
|
|
}else{
|
|
$service_clusters = []
|
|
}
|
|
|
|
if $lma_collector['gse_cluster_node'] {
|
|
$node_clusters = keys($lma_collector['gse_cluster_node']['clusters'])
|
|
}else{
|
|
$node_clusters = []
|
|
}
|
|
|
|
# Install and configure nagios server for StackLight
|
|
class { 'lma_infra_alerting::nagios':
|
|
# Service must be named as the Pacemaker resource
|
|
httpd_service_name => 'apache2-nagios',
|
|
httpd_dir => $apache_config_dir,
|
|
http_password => $password,
|
|
http_port => $apache_port,
|
|
nagios_ui_address => $nagios_ui_vip,
|
|
nagios_address => $nagios_vip,
|
|
ui_tls_enabled => $tls_enabled,
|
|
ui_certificate_filename => $nagios_ui['ssl_cert_path'],
|
|
ui_certificate_hostname => $nagios_ui['hostname'],
|
|
ldap_enabled => $nagios_authnz['ldap_enabled'],
|
|
ldap_protocol => $nagios_authnz['ldap_protocol'],
|
|
ldap_servers => $nagios_authnz['ldap_servers'],
|
|
ldap_port => $nagios_authnz['ldap_port'],
|
|
ldap_bind_dn => $nagios_authnz['ldap_bind_dn'],
|
|
ldap_bind_password => $nagios_authnz['ldap_bind_password'],
|
|
ldap_user_search_base_dns => $nagios_authnz['ldap_user_search_base_dns'],
|
|
ldap_user_search_filter => $nagios_authnz['ldap_user_search_filter'],
|
|
ldap_user_attribute => $nagios_authnz['ldap_user_attribute'],
|
|
ldap_authorization_enabled => $nagios_authnz['ldap_authorization_enabled'],
|
|
ldap_group_attribute => $nagios_authnz['ldap_group_attribute'],
|
|
ldap_admin_group_dn => $nagios_authnz['ldap_admin_group_dn'],
|
|
notify => Service['apache2-nagios'],
|
|
}
|
|
|
|
class { 'lma_infra_alerting::nagios::vhost':
|
|
openstack_deployment_name => $env_id,
|
|
openstack_management_vip => $cluster_ip,
|
|
global_clusters => $service_clusters,
|
|
node_clusters => $node_clusters,
|
|
require => Class['lma_infra_alerting::nagios'],
|
|
}
|
|
|
|
$configure_arp_filter_for_vip = '/usr/local/bin/configure_arp_filter_for_vip'
|
|
file { $configure_arp_filter_for_vip:
|
|
ensure => present,
|
|
source => 'puppet:///modules/lma_infra_alerting/configure_arp_filter_for_vip',
|
|
mode => '0755',
|
|
owner => 'root',
|
|
group => 'root',
|
|
}
|
|
|
|
file { 'ocf-ns_apache':
|
|
ensure => present,
|
|
path => '/usr/lib/ocf/resource.d/fuel/ocf-ns_apache',
|
|
source => 'puppet:///modules/lma_infra_alerting/ocf-ns_apache',
|
|
mode => '0755',
|
|
owner => 'root',
|
|
group => 'root',
|
|
require => File[$configure_arp_filter_for_vip],
|
|
}
|
|
|
|
file { 'ocf-ns_nagios':
|
|
ensure => present,
|
|
path => '/usr/lib/ocf/resource.d/fuel/ocf-ns_nagios',
|
|
source => 'puppet:///modules/lma_infra_alerting/ocf-ns_nagios',
|
|
mode => '0755',
|
|
owner => 'root',
|
|
group => 'root',
|
|
}
|
|
|
|
# This is required so Apache and Nagios can bind to the VIP addresses
|
|
exec { 'net.ipv4.ip_nonlocal_bind':
|
|
command => '/sbin/sysctl -w net.ipv4.ip_nonlocal_bind=1',
|
|
unless => '/sbin/sysctl -n net.ipv4.ip_nonlocal_bind | /bin/grep 1',
|
|
}
|
|
|
|
$apache_parameters = {
|
|
'ns' => 'infrastructure_alerting',
|
|
'status_url' => "http://${nagios_vip}/server-status",
|
|
'config' => "${apache_config_dir}/apache2.conf",
|
|
'ns_gateway' => hiera('lma::infrastructure_alerting::apache_ns_gateway')
|
|
}
|
|
|
|
if $fuel_version < 9.0 {
|
|
# Apache2 resources for Pacemaker
|
|
pacemaker_wrappers::service { 'apache2-nagios':
|
|
primitive_type => 'ocf-ns_apache',
|
|
parameters => $apache_parameters,
|
|
metadata => {
|
|
'migration-threshold' => '3',
|
|
'failure-timeout' => '120',
|
|
},
|
|
operations => {
|
|
'monitor' => {
|
|
'interval' => '30',
|
|
'timeout' => '60'
|
|
},
|
|
'start' => {
|
|
'timeout' => '60'
|
|
},
|
|
'stop' => {
|
|
'timeout' => '60'
|
|
},
|
|
},
|
|
prefix => false,
|
|
use_handler => false,
|
|
require => [File['ocf-ns_apache'], Exec['net.ipv4.ip_nonlocal_bind'], Class['lma_infra_alerting::nagios']],
|
|
}
|
|
|
|
# Apache needs to start after the VIP interfaces are up and running
|
|
cs_rsc_order { 'apache2-nagios-after-mgmt-vip':
|
|
ensure => present,
|
|
first => 'vip__infrastructure_alerting_mgmt_vip',
|
|
second => 'apache2-nagios',
|
|
require => Cs_resource['apache2-nagios'],
|
|
}
|
|
|
|
cs_rsc_order { 'apache2-nagios-after-ui-vip':
|
|
ensure => present,
|
|
first => 'vip__infrastructure_alerting_ui',
|
|
second => 'apache2-nagios',
|
|
require => Cs_resource['apache2-nagios'],
|
|
}
|
|
|
|
cs_rsc_colocation { 'infrastructure_alerting_vip-with-apache2-nagios':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
primitives => [
|
|
'apache2-nagios',
|
|
'vip__infrastructure_alerting_mgmt_vip',
|
|
],
|
|
require => Cs_resource['apache2-nagios'],
|
|
}
|
|
|
|
# Nagios resources for Pacemaker
|
|
pacemaker_wrappers::service { 'nagios3':
|
|
primitive_type => 'ocf-ns_nagios',
|
|
metadata => {
|
|
'migration-threshold' => '3',
|
|
'failure-timeout' => '120',
|
|
},
|
|
operations => {
|
|
'monitor' => {
|
|
'interval' => '30',
|
|
'timeout' => '60'
|
|
},
|
|
'start' => {
|
|
'timeout' => '60'
|
|
},
|
|
'stop' => {
|
|
'timeout' => '60'
|
|
},
|
|
},
|
|
prefix => false,
|
|
use_handler => false,
|
|
require => [File['ocf-ns_nagios'], Exec['net.ipv4.ip_nonlocal_bind'], Class['lma_infra_alerting::nagios']],
|
|
}
|
|
|
|
cs_rsc_colocation { 'infrastructure_alerting_vip-with-nagios':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
primitives => [
|
|
'nagios3',
|
|
'vip__infrastructure_alerting_mgmt_vip',
|
|
],
|
|
require => Cs_resource['nagios3'],
|
|
}
|
|
|
|
# The two VIPs must be colocated
|
|
# It assumes that the VIPs have already been created at a previous stage
|
|
cs_rsc_colocation { 'ui_vip-with-wsgi_vip':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
primitives => [
|
|
'vip__infrastructure_alerting_mgmt_vip',
|
|
'vip__infrastructure_alerting_ui'
|
|
],
|
|
}
|
|
} else {
|
|
# Apache2 resources for Pacemaker
|
|
pacemaker::service { 'apache2-nagios':
|
|
primitive_type => 'ocf-ns_apache',
|
|
parameters => $apache_parameters,
|
|
metadata => {
|
|
'migration-threshold' => '3',
|
|
'failure-timeout' => '120',
|
|
},
|
|
operations => {
|
|
'monitor' => {
|
|
'interval' => '30',
|
|
'timeout' => '60'
|
|
},
|
|
'start' => {
|
|
'timeout' => '60'
|
|
},
|
|
'stop' => {
|
|
'timeout' => '60'
|
|
},
|
|
},
|
|
prefix => false,
|
|
use_handler => false,
|
|
require => [File['ocf-ns_apache'], Exec['net.ipv4.ip_nonlocal_bind'], Class['lma_infra_alerting::nagios']],
|
|
}
|
|
|
|
pcmk_colocation { 'infrastructure_alerting_vip-with-apache2-nagios':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
first => 'vip__infrastructure_alerting_mgmt_vip',
|
|
second => 'apache2-nagios',
|
|
require => Pacemaker::Service['apache2-nagios'],
|
|
}
|
|
|
|
# Apache needs to start after the VIP interfaces are up and running
|
|
pcmk_order { 'apache2-nagios-after-mgmt-vip':
|
|
ensure => present,
|
|
first => 'vip__infrastructure_alerting_mgmt_vip',
|
|
second => 'apache2-nagios',
|
|
require => Pacemaker::Service['apache2-nagios'],
|
|
}
|
|
|
|
pcmk_order { 'apache2-nagios-after-ui-vip':
|
|
ensure => present,
|
|
first => 'vip__infrastructure_alerting_ui',
|
|
second => 'apache2-nagios',
|
|
require => Pacemaker::Service['apache2-nagios'],
|
|
}
|
|
|
|
# Nagios resources for Pacemaker
|
|
pacemaker::service { 'nagios3':
|
|
primitive_type => 'ocf-ns_nagios',
|
|
metadata => {
|
|
'migration-threshold' => '3',
|
|
'failure-timeout' => '120',
|
|
},
|
|
operations => {
|
|
'monitor' => {
|
|
'interval' => '30',
|
|
'timeout' => '60'
|
|
},
|
|
'start' => {
|
|
'timeout' => '60'
|
|
},
|
|
'stop' => {
|
|
'timeout' => '60'
|
|
},
|
|
},
|
|
prefix => false,
|
|
use_handler => false,
|
|
require => [File['ocf-ns_nagios'], Exec['net.ipv4.ip_nonlocal_bind'], Class['lma_infra_alerting::nagios']],
|
|
}
|
|
|
|
pcmk_colocation { 'infrastructure_alerting_vip-with-nagios':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
first => 'vip__infrastructure_alerting_mgmt_vip',
|
|
second => 'nagios3',
|
|
require => Pacemaker::Service['nagios3'],
|
|
}
|
|
|
|
# The two VIPs must be colocated
|
|
# It assumes that the VIPs have already been created at a previous stage
|
|
pcmk_colocation { 'ui_vip-with-wsgi_vip':
|
|
ensure => present,
|
|
score => 'INFINITY',
|
|
first => 'vip__infrastructure_alerting_mgmt_vip',
|
|
second => 'vip__infrastructure_alerting_ui',
|
|
}
|
|
}
|
|
|
|
class { 'lma_infra_alerting::nagios::contact':
|
|
send_to => $send_to,
|
|
send_from => $send_from,
|
|
smtp_host => $smtp_host,
|
|
smtp_auth => $smtp_auth,
|
|
smtp_user => $smtp_user,
|
|
smtp_password => $smtp_password,
|
|
notify_warning => $notify_warning,
|
|
notify_critical => $notify_critical,
|
|
notify_recovery => $notify_recovery,
|
|
notify_unknown => $notify_unknown,
|
|
require => Class['lma_infra_alerting::nagios'],
|
|
}
|
|
|
|
if $lma_collector['node_cluster_roles'] {
|
|
$node_cluster_roles = $lma_collector['node_cluster_roles']
|
|
} else {
|
|
$node_cluster_roles = {}
|
|
}
|
|
if $lma_collector['node_cluster_alarms'] {
|
|
$node_cluster_alarms = $lma_collector['node_cluster_alarms']
|
|
} else {
|
|
$node_cluster_alarms = {}
|
|
}
|
|
|
|
$network_metadata = hiera_hash('network_metadata')
|
|
class { 'lma_infra_alerting::nagios::hosts':
|
|
hosts => values($network_metadata['nodes']),
|
|
host_name_key => 'name',
|
|
network_role_key => 'infrastructure_alerting',
|
|
role_key => 'node_roles',
|
|
host_display_name_keys => ['name', 'user_node_name'],
|
|
host_custom_vars_keys => ['fqdn', 'node_roles'],
|
|
node_cluster_roles => $node_cluster_roles,
|
|
node_cluster_alarms => $node_cluster_alarms,
|
|
require => Class['lma_infra_alerting::nagios'],
|
|
}
|
|
|
|
$influxdb_nodes = get_nodes_hash_by_roles($network_metadata, ['influxdb_grafana', 'primary-influxdb_grafana'])
|
|
$es_kibana_nodes = get_nodes_hash_by_roles($network_metadata, ['elasticsearch_kibana', 'primary-elasticsearch_kibana'])
|
|
|
|
# Configure Grafana and InfluxDB checks
|
|
if ! empty($influxdb_nodes){
|
|
$grafana_nodes_params = get_check_http_params($influxdb_nodes, 'influxdb_vip', 'Grafana')
|
|
$grafana_defaults = {
|
|
port => hiera('lma::infrastructure_alerting::grafana_port'),
|
|
url => '/login',
|
|
string_expected_in_content => 'grafana',
|
|
service_description => 'Grafana',
|
|
require => Class['lma_infra_alerting::nagios::hosts'],
|
|
}
|
|
create_resources(lma_infra_alerting::nagios::check_http, $grafana_nodes_params, $grafana_defaults)
|
|
|
|
$influxdb_nodes_params = get_check_http_params($influxdb_nodes, 'influxdb_vip', 'InfluxDB')
|
|
$influxdb_defaults = {
|
|
port => hiera('lma::infrastructure_alerting::influxdb_port'),
|
|
url => '/ping',
|
|
string_expected_in_status => '204 No Content',
|
|
string_expected_in_headers => 'X-Influxdb-Version',
|
|
service_description => 'InfluxDB',
|
|
require => Class['lma_infra_alerting::nagios::hosts'],
|
|
}
|
|
create_resources(lma_infra_alerting::nagios::check_http, $influxdb_nodes_params, $influxdb_defaults)
|
|
}
|
|
|
|
# Configure Elasticsearch and Kibana checks
|
|
if ! empty($es_kibana_nodes){
|
|
$kibana_nodes_params = get_check_http_params($es_kibana_nodes, 'elasticsearch', 'Kibana')
|
|
$kibana_defaults = {
|
|
port => hiera('lma::infrastructure_alerting::kibana_port'),
|
|
url => '/',
|
|
username => hiera('lma::infrastructure_alerting::kibana_username'),
|
|
password => hiera('lma::infrastructure_alerting::kibana_password'),
|
|
string_expected_in_content => 'kibana',
|
|
service_description => 'Kibana',
|
|
require => Class[lma_infra_alerting::nagios::hosts],
|
|
}
|
|
create_resources(lma_infra_alerting::nagios::check_http, $kibana_nodes_params, $kibana_defaults)
|
|
|
|
$es_nodes_params = get_check_http_params($es_kibana_nodes, 'elasticsearch', 'Elasticsearch')
|
|
$es_defaults = {
|
|
port => hiera('lma::infrastructure_alerting::es_port'),
|
|
url => '/',
|
|
string_expected_in_content => '"lucene_version"',
|
|
service_description => 'Elasticsearch',
|
|
require => Class[lma_infra_alerting::nagios::hosts],
|
|
}
|
|
create_resources(lma_infra_alerting::nagios::check_http, $es_nodes_params, $es_defaults)
|
|
}
|