def start(ctx): ctx.logger.info('Enabling and starting nagios and httpd services') services = ['nagios', 'incrond'] if ctx.node.properties['start_nagiosrest']: services.extend(NAGIOSREST_SERVICES) if ctx.node.properties['trap_community']: services.append('snmptrapd') for service in services: enable_service(service) start_service(service)
def start_nagiosrest(ctx): ctx.logger.info('Enabling and starting nagios and httpd services') services = ['httpd', 'nagiosrest-gunicorn'] for service in services: enable_service(service) start_service(service)
def configure(ctx): props = ctx.node.properties ctx.logger.info('Configuring nagios web user') username = props['nagios_web_username'] password = props['nagios_web_password'] tmpdir = tempfile.mkdtemp() tmp_htpass = os.path.join(tmpdir, 'passwd') run(['htpasswd', '-bc', tmp_htpass, username, password]) run(['mv', tmp_htpass, '/etc/nagios/passwd'], sudo=True) run(['rm', '-rf', tmpdir]) run(['chown', 'root.apache', '/etc/nagios/passwd'], sudo=True) run(['chmod', '640', '/etc/nagios/passwd'], sudo=True) run(['usermod', '-G', 'nagios', 'apache'], sudo=True) ctx.logger.info('Deploying automated reaction configuration') # We're using username+password because current token implementation is # unsuitable for this. reaction_configuration = { 'username': props['cloudify_manager_username'], 'password': props['cloudify_manager_password'], } deploy_file( data=json.dumps(reaction_configuration), destination='/etc/nagios/cloudify_manager.json', ownership='nagios.{group}'.format( # Must have the group of the agent user for reconcile operation to # work correctly group=grp.getgrgid(os.getgid()).gr_name, ), permissions='440', sudo=True, ) notification_plugin_storage_dir = '/var/spool/nagios/cloudifyreaction' run(['mkdir', '-p', notification_plugin_storage_dir], sudo=True) run(['restorecon', notification_plugin_storage_dir], sudo=True) run(['chown', 'nagios.nagios', notification_plugin_storage_dir], sudo=True) run(['chmod', '750', notification_plugin_storage_dir], sudo=True) ctx.logger.info('Preparing object paths') run(['rm', '-rf', BASE_OBJECTS_DIR], sudo=True) object_subdirs = [ 'checks', 'commands', 'contacts', 'groups/group_instances', 'groups/tenants', 'groups/types', 'templates', 'timeperiods', 'deployments', 'snmp_traps', 'targets', 'target_types', 'tenants', ] for subdir in object_subdirs: subdir = os.path.join(BASE_OBJECTS_DIR, subdir) run(['mkdir', '-p', subdir], sudo=True) run(['chown', '-R', OBJECT_OWNERSHIP, BASE_OBJECTS_DIR], sudo=True) run(['chmod', '-R', OBJECT_DIR_PERMISSIONS, BASE_OBJECTS_DIR], sudo=True) ctx.logger.info('Deploying nagios object configuration') config_source_dest_params = ( # Fully qualified paths because these two go outside the objects dir ('cgi.cfg', '/etc/nagios/cgi.cfg', { 'user': username }), ('nagios.cfg', '/etc/nagios/nagios.cfg', {}), # The rest are 'normal' configuration files ('base_system.cfg', 'base_system.cfg', {}), ('command_host_icmp.cfg', 'commands/check_host_icmp.cfg', {}), ('command_no_check.cfg', 'commands/no_check.cfg', {}), ('command_local_load.cfg', 'commands/check_local_load.cfg', {}), ('command_local_disk.cfg', 'commands/check_local_disk.cfg', {}), ('command_snmp_value.cfg', 'commands/check_snmp_value.cfg', {}), ('command_check_nagios_command_file.cfg', 'commands/check_nagios_command_file.cfg', {}), ('command_snmp_aggregate.cfg', 'commands/check_snmp_aggregate.cfg', {}), ('command_group_aggregate.cfg', 'commands/check_group_aggregate.cfg', {}), ('command_group_meta_aggregate.cfg', 'commands/check_group_meta_aggregate.cfg', {}), ('command_snmptrap_checks.cfg', 'commands/check_snmptrap_checks.cfg', {}), ('notification.cfg', 'commands/notify_automation.cfg', {}), ('contact.cfg', 'contacts/automation.cfg', {}), ('template_generic_service.cfg', 'templates/generic_service.cfg', {}), ('template_generic_host.cfg', 'templates/generic_host.cfg', {}), ('template_pseudo_host.cfg', 'templates/pseudo_host.cfg', {}), ('timeperiod_24x7.cfg', 'timeperiods/24x7.cfg', {}), ) for source, dest, params in config_source_dest_params: deploy_configuration_file( ctx.logger, source=os.path.join('resources/base_configuration', source), destination=dest, template_params=params, # We can't validate before we've put all of the configuration in # place as it will be invalid until it's finished validate=False, # We can't reload, it's not running yet reload_service=False, sudo=True, ) ctx.logger.info('Configuring httpd for ssl') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/httpd.conf', ), destination='/etc/httpd/conf/httpd.conf', ownership='root.apache', permissions='440', sudo=True, ) deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/ssl.conf', ), destination='/etc/httpd/conf.d/ssl.conf', ownership='root.apache', permissions='440', sudo=True, ) ctx.logger.info('Configuring httpd for nagiosrest') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/httpd_nagiosrest.conf', ), destination='/etc/httpd/conf.d/nagiosrest.conf', ownership='root.apache', permissions='440', sudo=True, ) ctx.logger.info('Allowing nagiosrest to restart nagios') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/sudoers-nagiosrest', ), destination='/etc/sudoers.d/nagios-service-restart', ownership='root.root', permissions='440', sudo=True, ) ctx.logger.info('Deploying base SNMP configuration') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/snmp', ), destination='/etc/snmp/snmp.conf', ownership='root.root', permissions='440', sudo=True, ) trap_community = ctx.node.properties['trap_community'] if trap_community: ctx.logger.info('Configuring SNMP traps to use handler') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/snmptrapd', ), destination='/etc/snmp/snmptrapd.conf', ownership='root.root', permissions='440', sudo=True, template_params={ 'trap_community': trap_community, }, ) ctx.logger.info('Configuring notification script') deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/incron.allow', ), destination='/etc/incron.allow', ownership='root.root', permissions='440', sudo=True, ) deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/incron_root_spool', ), destination='/var/spool/incron/root', ownership='root.root', permissions='400', template_params={ 'homedir': os.path.expanduser('~'), }, sudo=True, ) agent_config_dir = os.path.join( os.path.expanduser('~'), '.cfy-agent', ) agent_configs = [ os.path.join(agent_config_dir, filename) for filename in os.listdir(agent_config_dir) ] # We'll use the most recently updated agent config current_agent_config = max(agent_configs, key=os.path.getmtime) run( [ '/usr/local/bin/update_notify_cloudify_configuration', current_agent_config, ], sudo=True, ) ctx.logger.info('Deploying logging configuration') level = props['component_log_level'].upper() validate_level = logging.getLevelName(level) if not isinstance(validate_level, int): raise NonRecoverableError( '{level} is not a valid logging level. ' 'It is recommended that component_log_level be set to one of ' 'DEBUG, INFO, WARNING, ERROR'.format(level=level)) component_logging_config = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'default': { 'format': '%(name)s(%(process)s) [%(levelname)s]: %(message)s', }, }, 'handlers': { 'syslog': { 'formatter': 'default', 'level': level, 'class': 'logging.handlers.SysLogHandler', 'address': '/dev/log', }, }, 'loggers': { '': { 'handlers': ['syslog'], 'level': level, 'propagate': True, }, }, } deploy_file( data=json.dumps(component_logging_config), destination='/etc/nagios/cloudify_components_logging.cfg', ownership='root.nagios', permissions='440', sudo=True, ) deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/logrotate_config', ), destination='/etc/logrotate.d/managed_nagios', ownership='root.root', permissions='444', sudo=True, ) deploy_file( data=pkgutil.get_data( 'managed_nagios_plugin', 'resources/base_configuration/rsyslog_config', ), destination='/etc/rsyslog.d/managed_nagios_logging.conf', ownership='root.root', permissions='444', sudo=True, ) stop_service('rsyslog') start_service('rsyslog')