def start(ctx):
ctx.logger.info('Enabling and starting nagios and httpd services')
services = ['nagios', 'incrond']
if ctx.node.properties['start_nagiosrest']:
services.extend(NAGIOSREST_SERVICES)
if ctx.node.properties['trap_community']:
services.append('snmptrapd')
for service in services:
enable_service(service)
start_service(service)
def start_nagiosrest(ctx):
ctx.logger.info('Enabling and starting nagios and httpd services')
services = ['httpd', 'nagiosrest-gunicorn']
for service in services:
enable_service(service)
start_service(service)
def configure(ctx):
props = ctx.node.properties
ctx.logger.info('Configuring nagios web user')
username = props['nagios_web_username']
password = props['nagios_web_password']
tmpdir = tempfile.mkdtemp()
tmp_htpass = os.path.join(tmpdir, 'passwd')
run(['htpasswd', '-bc', tmp_htpass, username, password])
run(['mv', tmp_htpass, '/etc/nagios/passwd'], sudo=True)
run(['rm', '-rf', tmpdir])
run(['chown', 'root.apache', '/etc/nagios/passwd'], sudo=True)
run(['chmod', '640', '/etc/nagios/passwd'], sudo=True)
run(['usermod', '-G', 'nagios', 'apache'], sudo=True)
ctx.logger.info('Deploying automated reaction configuration')
# We're using username+password because current token implementation is
# unsuitable for this.
reaction_configuration = {
'username': props['cloudify_manager_username'],
'password': props['cloudify_manager_password'],
}
deploy_file(
data=json.dumps(reaction_configuration),
destination='/etc/nagios/cloudify_manager.json',
ownership='nagios.{group}'.format(
# Must have the group of the agent user for reconcile operation to
# work correctly
group=grp.getgrgid(os.getgid()).gr_name, ),
permissions='440',
sudo=True,
)
notification_plugin_storage_dir = '/var/spool/nagios/cloudifyreaction'
run(['mkdir', '-p', notification_plugin_storage_dir], sudo=True)
run(['restorecon', notification_plugin_storage_dir], sudo=True)
run(['chown', 'nagios.nagios', notification_plugin_storage_dir], sudo=True)
run(['chmod', '750', notification_plugin_storage_dir], sudo=True)
ctx.logger.info('Preparing object paths')
run(['rm', '-rf', BASE_OBJECTS_DIR], sudo=True)
object_subdirs = [
'checks',
'commands',
'contacts',
'groups/group_instances',
'groups/tenants',
'groups/types',
'templates',
'timeperiods',
'deployments',
'snmp_traps',
'targets',
'target_types',
'tenants',
]
for subdir in object_subdirs:
subdir = os.path.join(BASE_OBJECTS_DIR, subdir)
run(['mkdir', '-p', subdir], sudo=True)
run(['chown', '-R', OBJECT_OWNERSHIP, BASE_OBJECTS_DIR], sudo=True)
run(['chmod', '-R', OBJECT_DIR_PERMISSIONS, BASE_OBJECTS_DIR], sudo=True)
ctx.logger.info('Deploying nagios object configuration')
config_source_dest_params = (
# Fully qualified paths because these two go outside the objects dir
('cgi.cfg', '/etc/nagios/cgi.cfg', {
'user': username
}),
('nagios.cfg', '/etc/nagios/nagios.cfg', {}),
# The rest are 'normal' configuration files
('base_system.cfg', 'base_system.cfg', {}),
('command_host_icmp.cfg', 'commands/check_host_icmp.cfg', {}),
('command_no_check.cfg', 'commands/no_check.cfg', {}),
('command_local_load.cfg', 'commands/check_local_load.cfg', {}),
('command_local_disk.cfg', 'commands/check_local_disk.cfg', {}),
('command_snmp_value.cfg', 'commands/check_snmp_value.cfg', {}),
('command_check_nagios_command_file.cfg',
'commands/check_nagios_command_file.cfg', {}),
('command_snmp_aggregate.cfg', 'commands/check_snmp_aggregate.cfg',
{}),
('command_group_aggregate.cfg', 'commands/check_group_aggregate.cfg',
{}),
('command_group_meta_aggregate.cfg',
'commands/check_group_meta_aggregate.cfg', {}),
('command_snmptrap_checks.cfg', 'commands/check_snmptrap_checks.cfg',
{}),
('notification.cfg', 'commands/notify_automation.cfg', {}),
('contact.cfg', 'contacts/automation.cfg', {}),
('template_generic_service.cfg', 'templates/generic_service.cfg', {}),
('template_generic_host.cfg', 'templates/generic_host.cfg', {}),
('template_pseudo_host.cfg', 'templates/pseudo_host.cfg', {}),
('timeperiod_24x7.cfg', 'timeperiods/24x7.cfg', {}),
)
for source, dest, params in config_source_dest_params:
deploy_configuration_file(
ctx.logger,
source=os.path.join('resources/base_configuration', source),
destination=dest,
template_params=params,
# We can't validate before we've put all of the configuration in
# place as it will be invalid until it's finished
validate=False,
# We can't reload, it's not running yet
reload_service=False,
sudo=True,
)
ctx.logger.info('Configuring httpd for ssl')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/httpd.conf',
),
destination='/etc/httpd/conf/httpd.conf',
ownership='root.apache',
permissions='440',
sudo=True,
)
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/ssl.conf',
),
destination='/etc/httpd/conf.d/ssl.conf',
ownership='root.apache',
permissions='440',
sudo=True,
)
ctx.logger.info('Configuring httpd for nagiosrest')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/httpd_nagiosrest.conf',
),
destination='/etc/httpd/conf.d/nagiosrest.conf',
ownership='root.apache',
permissions='440',
sudo=True,
)
ctx.logger.info('Allowing nagiosrest to restart nagios')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/sudoers-nagiosrest',
),
destination='/etc/sudoers.d/nagios-service-restart',
ownership='root.root',
permissions='440',
sudo=True,
)
ctx.logger.info('Deploying base SNMP configuration')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/snmp',
),
destination='/etc/snmp/snmp.conf',
ownership='root.root',
permissions='440',
sudo=True,
)
trap_community = ctx.node.properties['trap_community']
if trap_community:
ctx.logger.info('Configuring SNMP traps to use handler')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/snmptrapd',
),
destination='/etc/snmp/snmptrapd.conf',
ownership='root.root',
permissions='440',
sudo=True,
template_params={
'trap_community': trap_community,
},
)
ctx.logger.info('Configuring notification script')
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/incron.allow',
),
destination='/etc/incron.allow',
ownership='root.root',
permissions='440',
sudo=True,
)
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/incron_root_spool',
),
destination='/var/spool/incron/root',
ownership='root.root',
permissions='400',
template_params={
'homedir': os.path.expanduser('~'),
},
sudo=True,
)
agent_config_dir = os.path.join(
os.path.expanduser('~'),
'.cfy-agent',
)
agent_configs = [
os.path.join(agent_config_dir, filename)
for filename in os.listdir(agent_config_dir)
]
# We'll use the most recently updated agent config
current_agent_config = max(agent_configs, key=os.path.getmtime)
run(
[
'/usr/local/bin/update_notify_cloudify_configuration',
current_agent_config,
],
sudo=True,
)
ctx.logger.info('Deploying logging configuration')
level = props['component_log_level'].upper()
validate_level = logging.getLevelName(level)
if not isinstance(validate_level, int):
raise NonRecoverableError(
'{level} is not a valid logging level. '
'It is recommended that component_log_level be set to one of '
'DEBUG, INFO, WARNING, ERROR'.format(level=level))
component_logging_config = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'default': {
'format': '%(name)s(%(process)s) [%(levelname)s]: %(message)s',
},
},
'handlers': {
'syslog': {
'formatter': 'default',
'level': level,
'class': 'logging.handlers.SysLogHandler',
'address': '/dev/log',
},
},
'loggers': {
'': {
'handlers': ['syslog'],
'level': level,
'propagate': True,
},
},
}
deploy_file(
data=json.dumps(component_logging_config),
destination='/etc/nagios/cloudify_components_logging.cfg',
ownership='root.nagios',
permissions='440',
sudo=True,
)
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/logrotate_config',
),
destination='/etc/logrotate.d/managed_nagios',
ownership='root.root',
permissions='444',
sudo=True,
)
deploy_file(
data=pkgutil.get_data(
'managed_nagios_plugin',
'resources/base_configuration/rsyslog_config',
),
destination='/etc/rsyslog.d/managed_nagios_logging.conf',
ownership='root.root',
permissions='444',
sudo=True,
)
stop_service('rsyslog')
start_service('rsyslog')