From 8f46050df4caf0696f09254947455d4ef57733e9 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 17 Mar 2015 19:08:52 +0300 Subject: [PATCH] chef/nagios3 install --- nagios.cloudscript | 398 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 398 insertions(+) create mode 100644 nagios.cloudscript diff --git a/nagios.cloudscript b/nagios.cloudscript new file mode 100644 index 0000000..ba21e19 --- /dev/null +++ b/nagios.cloudscript @@ -0,0 +1,398 @@ +cloudscript nagios_chef_client + version = _latest + result_template = nagios_server_result_template + +globals + nagios_server_hostname = 'nagios-server' + nagios_instance_type = 'CS1-SSD' # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps + nagios_image_type = 'Ubuntu Server 14.04 LTS' + #latest version always here: https://www.chef.io/download-chef-client/ + system = 'ubuntu' + sys_server_version = 'trusty' + sys_client_version = '13.04' + chef_version = '12.0.6-1_amd64' + server_pass = lib::random_password() + console_pass = lib::random_password() + chef_slice_user = 'chef' + organization_short = 'companyname' + organization_full = 'Company Name' + admin_user = 'admin' + admin_user_full = 'Chef Administrator' #Format is two separated words + admin_mail = 'admin@companyname.com' + chef_client_version = '12.1.2-1_amd64' + + server_password = lib::random_password() + admin_password = lib::random_password() + console_password = lib::random_password() + nagios_slice_user = 'nagios' + +thread chef_setup + tasks = [nagios_server_setup] + +task nagios_server_setup + #------------------------------- + # create keys + #------------------------------- + + # create nagios admin password key + /key/password nagios_admin_password_key read_or_create + key_group = _SERVER + password = admin_password + + # create nagios server root password key + /key/password nagios_server_password_key read_or_create + key_group = _SERVER + password = server_password + + # create nagios server console key + /key/password nagios_server_console_key read_or_create + key_group = _CONSOLE + password = console_password + + # create storage slice keys + /key/token nagios_slice_key read_or_create + username = nagios_slice_user + + #------------------------------- + # create slice and container + #------------------------------- + + # create slice to store script in cloudstorage + /storage/slice nagios_slice read_or_create + keys = [nagios_slice_key] + + # create slice container to store script in cloudstorage + /storage/container nagios_container => [nagios_slice] read_or_create + slice = nagios_slice + + #------------------------------- + # create nagios bootstrap + # script and recipe + #------------------------------- + + # place script data in cloudstorage + /storage/object nagios_server_bootstrap_object => [nagios_slice, nagios_container] read_or_create + container_name = 'nagios_container' + file_name = 'bootstrap_nagios_server.sh' + slice = nagios_slice + content_data = nagios_server_script_template + + # associate the cloudstorage object with the haproxy script + /orchestration/script nagios_server_bootstrap_script => [nagios_slice, nagios_container, nagios_server_bootstrap_object] read_or_create + data_uri = 'cloudstorage://nagios_slice/nagios_container/bootstrap_nagios_server.sh' + script_type = _SHELL + encoding = _STORAGE + + # create the recipe and associate the script + /orchestration/recipe nagios_server_bootstrap_recipe read_or_create + scripts = [nagios_server_bootstrap_script] + + #------------------------------- + # create the nagios server + #------------------------------- + + /server/cloud nagios_server read_or_create + hostname = '{{ nagios_server_hostname }}' + image = '{{ nagios_image_type }}' + service_type = '{{ nagios_instance_type }}' + keys = [nagios_server_password_key, nagios_server_console_key] + recipes = [nagios_server_bootstrap_recipe] + recipe_timeout = 600 + +text_template nagios_server_script_template +#!/bin/bash + +#Update repo +apt-get update + +#Install git +apt-get install git -y + +# Download latest version of chef-server for Ubuntu 14.04 +wget https://web-dl.packagecloud.io/chef/stable/packages/{{ system }}/{{ sys_server_version }}/chef-server-core_{{ chef_version }}.deb + +# Install chef-server +dpkg -i chef-server-core_{{ chef_version }}.deb +sleep 20s +export HOME="/root" + +# Initial reconfiguring chef-server +chef-server-ctl reconfigure + +# Install opscode-manage +#chef-server-ctl install opscode-manage +#opscode-manage-ctl reconfigure + +# Reconfiguring chef-server with opscode-manage +#chef-server-ctl reconfigure + +# Create admin user and organization +chef-server-ctl user-create {{ admin_user }} {{ admin_user_full }} {{ admin_mail }} {{ nagios_admin_password_key.password }} --filename /etc/chef/{{ admin_user }}.pem +chef-server-ctl org-create {{ organization_short }} {{ organization_full }} --association_user {{ admin_user }} --filename /etc/chef/{{ organization_short }}-validator.pem + +#Download latest version of chef-client +wget https://opscode-omnibus-packages.s3.amazonaws.com/{{ system }}/{{ sys_client_version }}/x86_64/chef_{{ chef_client_version }}.deb + +#Install it +dpkg -i chef_{{ chef_client_version }}.deb + +#Create chef-client config +cat <<\EOF> /etc/chef/client.rb +log_level :info +log_location STDOUT +chef_server_url 'https://{{ nagios_server_hostname }}:443/organizations/{{ organization_short }}' +validation_key "/etc/chef/{{ organization_short }}-validator.pem" +validation_client_name '{{ organization_short }}-validator' +trusted_certs_dir "/etc/chef/trusted_certs" +EOF + +#Create dirs +mkdir /etc/chef/trusted_certs +mkdir /etc/chef/cookbooks +mkdir /etc/chef/syntax_check_cache + +#Create knife config +cat <<\EOF> /etc/chef/knife.rb +log_level :info +log_location STDOUT +node_name '{{ admin_user }}' +client_key '/etc/chef/{{ admin_user }}.pem' +validation_client_name '{{ organization_short }}-validator' +validation_key '/etc/chef/{{ organization_short }}-validator.pem' +chef_server_url 'https://{{ nagios_server_hostname }}/organizations/{{ organization_short }}' +syntax_check_cache_path '/etc/chef/syntax_check_cache' +cookbook_path [ '/etc/chef/cookbooks' ] +knife[:editor] = "vim" +EOF + +#Copy SSL certificate +cd /etc/chef +knife ssl fetch + +#Create github key +mkdir -p /tmp/private_code/.ssh +cat <<\EOF> /tmp/private_code/.ssh/github +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA0WAjWtkShNC/Hde4pblsTS1xlGrBNUjgAyj09SZl509xPwBT +9mYm1uwWWMcrD8Rpg/m07ARrYJrr87g8U4SL57olaZ6WmP0KLByzyT8++MFk9y7Y +s7rE3gyDpS4jiasqcpXlcyE1U0/peeU9nEn+PvDtalMLaV0asZkVM/JFclFWTBgC +FVVrfkIjsmvuwRgYFxREBw076tDh0fzWCNDgv819Ef4lOujHOEbHaszM4tqVgAP4 +owwNdYcZM5ojILowyFBhaSa3WvkVdolz2weLvjIk06gxueRhkTua0H4/5XJvSJJ1 +7CFEbzZ8SpZxe9bWErzuHd/WZhF7xQy4MaUSpwIDAQABAoIBADLLKuiQPtDfv22i +9tWljSOQAbzqxSKDIm1B02NhxFkASc3p63ScRZHgRm+VKdoyYRK2UnDrhY0zKEjB +CkmMn1BBNXBRG+HTiVM4R1lsMX+xkyfwQnwftEDWMl2xOsfcMXkI6lgq1z/15ANB +XNf8j2R/mGkx6lPOVXp+U8l9XeGkby3gyreusA2b8oNpFsfgE0MU/2CP7TC1LlZ2 +A7SkfjajliLHZe+99/GvOLIQW/2QDYnIELawUvpiU9+GHhpxnxecs2Zh5oFTTOez +izNuVBtZRGaDCtYqGg0cvF4nGG2dGX7uGDIGc5u9bRT8uBWGaIqkdUewy+iGZoJM +2hgLa/kCgYEA+dGawwESzbuCUzXd06pJLUXWPqZP48coOD4LmSZBpecJ5diIiV1b +/gEkifcJt0KEop6j1WrNeqlXCoFEy88/tdrq5Vo+Wlkh7AJhHS4XqX/EGhCQi58S +7dmIcqHFMADxxbcMxeTn5D/xZhrRUbF0Nj0h/XPQmzNVyHqrE5+cxcUCgYEA1o5b +8ElCovkPYwF25ngxfUJeQ+Q8obrMiUBmvrOzVQKAsSiHKgppIDv2KeqTPuFF4LAs +4MnNexnG0BynFDrT7qmD5oE9l1Ld+B5HwSPW0incrjKCNDLLZPLs00fFBCi/uxIJ +OEtjV64Nu2o8//AF4LkjNaQuYNaw9cNQpjbnqXsCgYA9hwcz0fbcnrr5XYH12LHP +Ka0bnwB8HBfmyjk3DfoLLzz70/nEwy6d/5ANPr+w1/wsxR+at4RGGqDqYG4eODv7 +wSArPq+uttco9mkOs8R2JZaZyMyg5pvV4sa9XORg70qcpHnL35XRXIJK4H3/PdJe +bW4Kq1SMdPdCuhuaaKxG9QKBgFJ20uVu8vq6qWxPMsjwJ21SZfLINXmf119lblgb +r3CcDqSIxDKnX7Jw+XMw4rlHUllCvW0Eg0KuLJjuelUvKyfO5ZBh2i9gPUpRMRkN +0lJinpwhc6PmZgB90gJ+0j1///lBvGNzrlIT5tlCwwFH2qp93geO+/hibA95q3TH +I5EjAoGACgi6h0xXcDh24GKBtbSpeHiGfaKXdsslDHS0q8nE4e3gPyQ+D6XMkHs7 +E0GjMcSYdmYAc9NOLI0BYXXJY5Y0wrkHfhVicYuyh3gv6Wz7jS8brKtJGAb9LLL6 +xxSqObPyp0/rA3w4k1kAQGvcw93qnCqWsUCSmZYgS6ONyR81P98= +-----END RSA PRIVATE KEY----- +EOF +chmod 0600 /tmp/private_code/.ssh/github + +#Copy chef-repo cookbook from github +mv /etc/ssh/ssh_config /etc/ssh/ssh_config.tmp +sed -e 's/^.*StrictHostKeyChecking.*/StrictHostKeyChecking no/g' /etc/ssh/ssh_config.tmp > /etc/ssh/ssh_config +eval `ssh-agent -s` +ssh-add /tmp/private_code/.ssh/github +cd /etc/chef +git clone git@github.com:nephoscale/chef-repo.git -b hds cookbooks/chef-repo + +#Copy nagios cookbook from github +wget https://github.com/tas50/nagios/archive/v5.0.2.zip +apt-get install unzip -y +unzip -qq v5.0.2.zip -d cookbooks/ +mv cookbooks/nagios-5.0.2 cookbooks/nagios + + +#Download dependencies +knife cookbook site download apache2 +knife cookbook site download build-essential +knife cookbook site download nginx +knife cookbook site download nginx_simplecgi +knife cookbook site download php +knife cookbook site download yum +knife cookbook site download iptables +knife cookbook site download logrotate +knife cookbook site download apt +knife cookbook site download ohai +knife cookbook site download runit +knife cookbook site download yum-epel +knife cookbook site download bluepill +knife cookbook site download rsyslog +knife cookbook site download perl +knife cookbook site download xml +knife cookbook site download mysql +knife cookbook site download windows +knife cookbook site download iis +knife cookbook site download chef-sugar +knife cookbook site download yum-mysql-community +knife cookbook site download smf +knife cookbook site download rbac +knife cookbook site download chef_handler +knife cookbook site download nrpe + +#Extract dependencies +ls *.tar.gz | xargs -i tar -zxf {} -C cookbooks/ +rm *.tar.gz + +#Install dependencies +knife cookbook upload build-essential +knife cookbook upload yum +knife cookbook upload logrotate +knife cookbook upload iptables +knife cookbook upload apache2 +knife cookbook upload apt +knife cookbook upload ohai +knife cookbook upload yum-epel +knife cookbook upload rsyslog +knife cookbook upload bluepill +knife cookbook upload runit +knife cookbook upload nginx +knife cookbook upload perl +knife cookbook upload nginx_simplecgi +knife cookbook upload chef-sugar +knife cookbook upload xml +knife cookbook upload yum-mysql-community +knife cookbook upload rbac +knife cookbook upload smf +knife cookbook upload mysql +knife cookbook upload chef_handler +knife cookbook upload windows +knife cookbook upload iis +knife cookbook upload php +knife cookbook upload nrpe +knife cookbook upload nagios + +#Create role on server +cat <<\EOF> /etc/chef/role_nagios.json +{ + "name": "nagios-server", + "description": "nasios server cookbook", + "json_class": "Chef::Role", + "default_attributes": { + + }, + "override_attributes": { + "nagios": { + "server": { + "web_server": "apache", + "stop_apache": "false" + }, + "server_auth_method": "htpasswd" + } + }, + "chef_type": "role", + "run_list": [ + "recipe[nagios]" + ], + "env_run_lists": { + + } +} +EOF + +#Add role to server +knife role from file role_nagios.json + +#Create role and run-list for node +cat <<\EOF> /etc/chef/nagios-server.json +{ + "run_list": [ + "role[nagios-server]" + ] +} +EOF + +#Change default nagios admin password +####This is for test mode +#apt-get install apache2-utils -y +#mkdir /etc/nagios3/ +#htpasswd -cb /etc/nagios3/htpasswd.users nagiosadmin {{ nagios_admin_password_key.password }} +#PASSWORD=`htpasswd -nbs nagiosadmin {{ nagios_admin_password_key.password }} | sed -r 's/nagiosadmin://g'`# +# +##Create databag "Users" +#cat <<\EOF> /etc/chef/users.json +#{ +# "id": "nagiosadmin", +# "groups": "sysadmin", +# "htpasswd": "PASSWORD", +# "nagios": { +# "pager": "nagiosadmin_pager@example.com", +# "email": "nagiosadmin@example.com" +# } +#} +#EOF +#sed -r "s/PASSWORD/$PASSWORD/g" /etc/chef/users.json > /etc/chef/users_new.json +#mv /etc/chef/users_new.json /etc/chef/users.json +#knife data bag create users +#knife data bag from file users /etc/chef/users.json +#### This works only with "nagios_users" data bag +knife data bag create users +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_users/ -type f`; do knife data bag from file users $ff; done + +#Create empty databags +knife data bag create nagios_services +knife data bag create nagios_servicegroups +knife data bag create nagios_templates +knife data bag create nagios_hosttemplates +knife data bag create nagios_eventhandlers +knife data bag create nagios_unmanagedhosts +knife data bag create nagios_serviceescalations +knife data bag create nagios_hostescalations +knife data bag create nagios_contacts +knife data bag create nagios_contactgroups +knife data bag create nagios_servicedependencies +knife data bag create nagios_timeperiods + +#Upload databags +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_services/ -type f`; do knife data bag from file nagios_services $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_servicegroups/ -type f`; do knife data bag from file nagios_servicegroups $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_templates/ -type f`; do knife data bag from file nagios_templates nagios_hosttemplates $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_eventhandlers/ -type f`; do knife data bag from file nagios_eventhandlers $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_unmanagedhosts/ -type f`; do knife data bag from file nagios_unmanagedhosts $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_serviceescalations/ -type f`; do knife data bag from file nagios_serviceescalations $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_hostescalations/ -type f`; do knife data bag from file nagios_hostescalations $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_contacts/ -type f`; do knife data bag from file nagios_contacts $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_contactgroups/ -type f`; do knife data bag from file nagios_contactgroups $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_servicedependencies/ -type f`; do knife data bag from file nagios_servicedependencies $ff; done +for ff in `find /etc/chef/cookbooks/chef-repo/data_bag/nagios_timeperiods/ -type f`; do knife data bag from file nagios_timeperiods $ff; done + +#Change nginx listen port and restart nginx +cp /var/opt/opscode/nginx/etc/nginx.conf /var/opt/opscode/nginx/etc/nginx.conf.bak +sed -r "s/listen 80;/listen 81;/g" /var/opt/opscode/nginx/etc/nginx.conf.bak > /var/opt/opscode/nginx/etc/nginx.conf + +#Restart nginx +/opt/opscode/embedded/sbin/nginx -s quit + +#Register node with chef-server +/usr/bin/chef-client --json-attributes /etc/chef/nagios-server.json + +_eof + +text_template nagios_server_result_template + +Thank you for provisioning a nagios server setup. + +Your server is available now here: + +http://{{ nagios_server.ipaddress_public }}/nagios3/ + +Please login using your credentials. + +If test mode for users active, then use +Login: nagiosadmin +Password: {{ nagios_admin_password_key.password }} +_eof \ No newline at end of file