smart_proxy_monitoring 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +42 -10
- data/lib/smart_proxy_monitoring/monitoring_api.rb +18 -42
- data/lib/smart_proxy_monitoring/version.rb +1 -1
- data/lib/smart_proxy_monitoring_common/monitoring_common.rb +1 -0
- data/lib/smart_proxy_monitoring_icinga2/monitoring_icinga2_main.rb +9 -3
- data/lib/smart_proxy_monitoring_icingadirector/director_client.rb +19 -4
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4c84f67dc01b938a7c46a3d9ced307ce4c5a174
|
4
|
+
data.tar.gz: 9ca50c34f031129593cb1648d5537a7cd16fdde3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5d2ec7d14dc0b2685e5751afed84724a79377c42f1828214afcf8d93bf52f3103ca8a1b97259b9c50f902a862d46ab06ffc2f5ac57292e8c83838b4e533c991f
|
7
|
+
data.tar.gz: 7b18b55cf47f76b12e290d615c4c1f66e6c55fdabccd6c273bbd2613b7076e771c00ca86b2c9ce0047aa970842c4b71a20cf70c56cdee8779278a3dc5a48e589
|
data/README.md
CHANGED
@@ -7,13 +7,13 @@ It requires also the Foreman Monitoring plug-in.
|
|
7
7
|
|
8
8
|
Please see the Foreman manual for appropriate instructions:
|
9
9
|
|
10
|
-
* [Foreman: How to Install a Plugin](http://theforeman.org/
|
10
|
+
* [Foreman: How to Install a Proxy Plugin](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Smart-Proxy_Plugin)
|
11
11
|
|
12
12
|
The gem name is `smart_proxy_monitoring`.
|
13
13
|
|
14
14
|
RPM users can install the `rubygem-smart_proxy_monitoring` packages.
|
15
15
|
|
16
|
-
|
16
|
+
Deb users can install the `ruby-smart-proxy-monitoring` packages.
|
17
17
|
|
18
18
|
# Configuration
|
19
19
|
|
@@ -60,9 +60,12 @@ To create Icinga 2's own CA run:
|
|
60
60
|
# icinga2 pki new-ca
|
61
61
|
```
|
62
62
|
|
63
|
-
Afterwards copy the CA certificate to Icinga 2's pki directory
|
63
|
+
Afterwards copy the CA certificate to Icinga 2's pki directory (depending on installation
|
64
|
+
source and platform you have to create the pki directory first with write permissions for the
|
65
|
+
user Icinga 2 is running with, typically `icinga` or `nagios`):
|
64
66
|
|
65
67
|
```
|
68
|
+
# install -o icinga -g icinga -m 0775 -d /etc/icinga2/pki
|
66
69
|
# cp /var/lib/icinga2/ca/ca.crt /etc/icinga2/pki/
|
67
70
|
```
|
68
71
|
|
@@ -86,7 +89,7 @@ With the certificates created and placed in Icinga 2's pki directory you can ena
|
|
86
89
|
```
|
87
90
|
|
88
91
|
To allow API connections you have to create an API User. You should name him according to the use case,
|
89
|
-
so instructions will create an user named `foreman`.
|
92
|
+
so instructions will create an user named `foreman`.
|
90
93
|
|
91
94
|
Password authentication is easier to setup, but certificate-based authentication is more secure.
|
92
95
|
|
@@ -144,7 +147,7 @@ By default, SmartProxy will collect monitoring statuses from your monitoring sol
|
|
144
147
|
Foreman. This can be disabled by setting `collect_status` to `false`.
|
145
148
|
|
146
149
|
```
|
147
|
-
# vi /etc/foreman-proxy/settings.d/monitoring.
|
150
|
+
# vi /etc/foreman-proxy/settings.d/monitoring.yml
|
148
151
|
---
|
149
152
|
:enabled: true
|
150
153
|
:use_provider: monitoring_icinga2
|
@@ -157,7 +160,7 @@ in /etc/icinga2/pki/) and provide the authentication details of the API User. If
|
|
157
160
|
instead of the FQDN of the server, you will have to set verify_ssl to false.
|
158
161
|
|
159
162
|
```
|
160
|
-
# vi /etc/foreman-proxy/settings.d/monitoring_icinga2.
|
163
|
+
# vi /etc/foreman-proxy/settings.d/monitoring_icinga2.yml
|
161
164
|
---
|
162
165
|
:enabled: true
|
163
166
|
:server: icinga2.localdomain
|
@@ -170,6 +173,12 @@ instead of the FQDN of the server, you will have to set verify_ssl to false.
|
|
170
173
|
:verify_ssl: true
|
171
174
|
```
|
172
175
|
|
176
|
+
Afterwards restart the service.
|
177
|
+
|
178
|
+
```
|
179
|
+
# systemctl restart foreman-proxy.service
|
180
|
+
```
|
181
|
+
|
173
182
|
## Icinga 2 and Icinga Web 2 Module Director
|
174
183
|
|
175
184
|
This requires you to do the configuration steps above so
|
@@ -177,7 +186,11 @@ Downtimes could be send to and Status information could be
|
|
177
186
|
read from Icinga 2.
|
178
187
|
|
179
188
|
In addition you have to configure the provider Icingadirector
|
180
|
-
for managing hosts in the Icinga Web 2 Module Director.
|
189
|
+
for managing hosts in the Icinga Web 2 Module Director. This
|
190
|
+
graphical configuration frontend for Icinga 2 will allow you
|
191
|
+
to customize the host, e.g. adding additional required objects
|
192
|
+
for using Icinga 2 as a monitoring agent or assign more attributes
|
193
|
+
and services. By default it requires a template named `foreman-host`.
|
181
194
|
|
182
195
|
### Icinga Web 2 Module Director
|
183
196
|
|
@@ -209,7 +222,7 @@ backend = "external"
|
|
209
222
|
|
210
223
|
Furthermore a role is required assigning permissions to your user.
|
211
224
|
```
|
212
|
-
# vi /etc/icingaweb2/roles.ini
|
225
|
+
# vi /etc/icingaweb2/roles.ini
|
213
226
|
[Foreman]
|
214
227
|
users = "foreman"
|
215
228
|
permissions = "module/director, director/api, director/*"
|
@@ -220,10 +233,10 @@ permissions = "module/director, director/api, director/*"
|
|
220
233
|
Ensure that the Monitoring module is enabled and uses the provider monitoring_icinga2
|
221
234
|
and monitoring_icingadirector.
|
222
235
|
```
|
223
|
-
# vi /etc/foreman-proxy/settings.d/monitoring.
|
236
|
+
# vi /etc/foreman-proxy/settings.d/monitoring.yml
|
224
237
|
---
|
225
238
|
:enabled: true
|
226
|
-
:use_provider:
|
239
|
+
:use_provider:
|
227
240
|
- monitoring_icinga2
|
228
241
|
- monitoring_icingadirector
|
229
242
|
```
|
@@ -242,6 +255,25 @@ but not required.
|
|
242
255
|
:verify_ssl: true
|
243
256
|
```
|
244
257
|
|
258
|
+
Afterwards restart the service.
|
259
|
+
|
260
|
+
```
|
261
|
+
# systemctl restart foreman-proxy.service
|
262
|
+
```
|
263
|
+
|
264
|
+
# Troubleshooting
|
265
|
+
|
266
|
+
The plug-in uses the configuration of the Smart Proxy to write its logs and does
|
267
|
+
not provide a seperate log for now. So have a look into `/var/log/foreman-proxy/proxy.log`
|
268
|
+
for default installations.
|
269
|
+
|
270
|
+
Also look into the logs of the monitoring solution and when opening issues attach relevant entries
|
271
|
+
for both logs. For Icinga 2 it is typically `/var/log/icinga2/icinga2.log` or if enabled
|
272
|
+
`/var/log/icinga2/debug.log`. Icinga Web 2 Director uses Icinga Web 2's configuration
|
273
|
+
which is typically logging to syslog with faciltiy `user` and application prefix `icingaweb2`
|
274
|
+
which will result in logging entry in `/var/log/message` for osfamily Red Hat and `/var/log/syslog`
|
275
|
+
for osfamily Debian.
|
276
|
+
|
245
277
|
# TODO
|
246
278
|
|
247
279
|
Provider Icinga2:
|
@@ -13,67 +13,43 @@ module Proxy::Monitoring
|
|
13
13
|
authorize_with_ssl_client
|
14
14
|
|
15
15
|
get '/host/:host' do |host|
|
16
|
-
|
16
|
+
log_provider_errors do
|
17
17
|
validate_dns_name!(host)
|
18
18
|
host = strip_domain(host)
|
19
19
|
|
20
20
|
server.query_host(host).to_json
|
21
|
-
rescue Proxy::Monitoring::NotFound => e
|
22
|
-
log_halt 404, e
|
23
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
24
|
-
log_halt 503, e
|
25
|
-
rescue Exception => e
|
26
|
-
log_halt 400, e
|
27
21
|
end
|
28
22
|
end
|
29
23
|
|
30
24
|
put '/host/:host' do |host|
|
31
|
-
|
25
|
+
log_provider_errors do
|
32
26
|
validate_dns_name!(host)
|
33
27
|
host = strip_domain(host)
|
34
28
|
attributes = params[:attributes]
|
35
29
|
logger.debug "Creating host #{host} object with attributes #{attributes.inspect}"
|
36
30
|
|
37
31
|
server.create_host(host, attributes)
|
38
|
-
rescue Proxy::Monitoring::NotFound => e
|
39
|
-
log_halt 404, e
|
40
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
41
|
-
log_halt 503, e
|
42
|
-
rescue Exception => e
|
43
|
-
log_halt 400, e
|
44
32
|
end
|
45
33
|
end
|
46
34
|
|
47
35
|
post '/host/:host' do |host|
|
48
|
-
|
36
|
+
log_provider_errors do
|
49
37
|
validate_dns_name!(host)
|
50
38
|
host = strip_domain(host)
|
51
39
|
attributes = params[:attributes]
|
52
40
|
logger.debug "Updating host #{host} object with attributes #{attributes.inspect}"
|
53
41
|
|
54
42
|
server.update_host(host, attributes)
|
55
|
-
rescue Proxy::Monitoring::NotFound => e
|
56
|
-
log_halt 404, e
|
57
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
58
|
-
log_halt 503, e
|
59
|
-
rescue Exception => e
|
60
|
-
log_halt 400, e
|
61
43
|
end
|
62
44
|
end
|
63
45
|
|
64
46
|
delete '/host/:host' do |host|
|
65
|
-
|
47
|
+
log_provider_errors do
|
66
48
|
validate_dns_name!(host)
|
67
49
|
host = strip_domain(host)
|
68
50
|
logger.debug "Removing host #{host} object"
|
69
51
|
|
70
52
|
server.remove_host(host)
|
71
|
-
rescue Proxy::Monitoring::NotFound => e
|
72
|
-
log_halt 404, e
|
73
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
74
|
-
log_halt 503, e
|
75
|
-
rescue Exception => e
|
76
|
-
log_halt 400, e
|
77
53
|
end
|
78
54
|
end
|
79
55
|
|
@@ -83,17 +59,11 @@ module Proxy::Monitoring
|
|
83
59
|
start_time = params[:start_time] || Time.now.to_i
|
84
60
|
end_time = params[:end_time] || (Time.now.to_i + (24 * 3600))
|
85
61
|
|
86
|
-
|
62
|
+
log_provider_errors do
|
87
63
|
validate_dns_name!(host)
|
88
64
|
host = strip_domain(host)
|
89
65
|
|
90
66
|
server.set_downtime_host(host, author, comment, start_time, end_time)
|
91
|
-
rescue Proxy::Monitoring::NotFound => e
|
92
|
-
log_halt 404, e
|
93
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
94
|
-
log_halt 503, e
|
95
|
-
rescue Exception => e
|
96
|
-
log_halt 400, e
|
97
67
|
end
|
98
68
|
end
|
99
69
|
|
@@ -101,20 +71,26 @@ module Proxy::Monitoring
|
|
101
71
|
author = params[:author] || 'foreman'
|
102
72
|
comment = params[:comment] || 'triggered by foreman'
|
103
73
|
|
104
|
-
|
74
|
+
log_provider_errors do
|
105
75
|
validate_dns_name!(host)
|
106
76
|
host = strip_domain(host)
|
107
77
|
|
108
78
|
server.remove_downtime_host(host, author, comment)
|
109
|
-
rescue Proxy::Monitoring::NotFound => e
|
110
|
-
log_halt 404, e
|
111
|
-
rescue Proxy::Monitoring::ConnectionError => e
|
112
|
-
log_halt 503, e
|
113
|
-
rescue Exception => e
|
114
|
-
log_halt 400, e
|
115
79
|
end
|
116
80
|
end
|
117
81
|
|
82
|
+
def log_provider_errors
|
83
|
+
yield
|
84
|
+
rescue Proxy::Monitoring::NotFound => e
|
85
|
+
log_halt 404, e
|
86
|
+
rescue Proxy::Monitoring::ConnectionError => e
|
87
|
+
log_halt 503, e
|
88
|
+
rescue Proxy::Monitoring::AuthenticationError => e
|
89
|
+
log_halt 500, e
|
90
|
+
rescue Exception => e
|
91
|
+
log_halt 400, e
|
92
|
+
end
|
93
|
+
|
118
94
|
def validate_dns_name!(name)
|
119
95
|
raise Proxy::Monitoring::Error.new("Invalid DNS name #{name}") unless name =~ /^([a-zA-Z0-9]([-a-zA-Z0-9]+)?\.?)+$/
|
120
96
|
end
|
@@ -49,7 +49,7 @@ module Proxy::Monitoring::Icinga2
|
|
49
49
|
end
|
50
50
|
|
51
51
|
def remove_downtime_host(host, author, comment)
|
52
|
-
request_url = "/actions/remove-downtime?type=Host&filter
|
52
|
+
request_url = "/actions/remove-downtime?type=Host&filter=#{uri_encode_filter("host.name==\"#{host}\"\&\&author==\"#{author}\"\&\&comment=\"#{comment}\"")}"
|
53
53
|
data = {}
|
54
54
|
|
55
55
|
result = with_errorhandling("Remove downtime from #{host}") do
|
@@ -59,7 +59,7 @@ module Proxy::Monitoring::Icinga2
|
|
59
59
|
end
|
60
60
|
|
61
61
|
def set_downtime_host(host, author, comment, start_time, end_time)
|
62
|
-
request_url = "/actions/schedule-downtime?type=Host&filter
|
62
|
+
request_url = "/actions/schedule-downtime?type=Host&filter=#{uri_encode_filter("host.name==\"#{host}\"")}"
|
63
63
|
data = {
|
64
64
|
'author' => author,
|
65
65
|
'comment' => comment,
|
@@ -76,6 +76,10 @@ module Proxy::Monitoring::Icinga2
|
|
76
76
|
|
77
77
|
private
|
78
78
|
|
79
|
+
def uri_encode_filter(filter)
|
80
|
+
URI.encode(filter)
|
81
|
+
end
|
82
|
+
|
79
83
|
def host_attributes(host, data)
|
80
84
|
attributes = {}
|
81
85
|
|
@@ -130,7 +134,9 @@ module Proxy::Monitoring::Icinga2
|
|
130
134
|
result
|
131
135
|
rescue JSON::ParserError => e
|
132
136
|
raise Proxy::Monitoring::Error.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned invalid JSON: '#{e.message}'")
|
133
|
-
rescue RestClient::
|
137
|
+
rescue RestClient::Unauthorized => e
|
138
|
+
raise Proxy::Monitoring::AuthenticationError.new("Error authenicating to Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server}: #{e.message}.")
|
139
|
+
rescue RestClient::ResourceNotFound => e
|
134
140
|
raise Proxy::Monitoring::NotFound.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned: #{e.message}.")
|
135
141
|
rescue RestClient::Exception => e
|
136
142
|
raise Proxy::Monitoring::Error.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned an error: '#{e.response}'")
|
@@ -23,25 +23,29 @@ module ::Proxy::Monitoring::IcingaDirector
|
|
23
23
|
def get(url)
|
24
24
|
logger.debug "IcingaDirector: GET request to #{url}"
|
25
25
|
client(url).get.body
|
26
|
-
rescue
|
27
|
-
raise
|
26
|
+
rescue StandardError => e
|
27
|
+
raise handle_http_exception(e, url)
|
28
28
|
end
|
29
29
|
|
30
30
|
def post(url, payload)
|
31
31
|
logger.debug "IcingaDirector: POST request to #{url} with payload: #{payload}"
|
32
32
|
client(url).post(payload).body
|
33
|
+
rescue StandardError => e
|
34
|
+
raise handle_http_exception(e, url)
|
33
35
|
end
|
34
36
|
|
35
37
|
def put(url, payload)
|
36
38
|
logger.debug "IcingaDirector: PUT request to #{url} with payload: #{payload}"
|
37
39
|
client(url).put(payload).body
|
40
|
+
rescue StandardError => e
|
41
|
+
raise handle_http_exception(e, url)
|
38
42
|
end
|
39
43
|
|
40
44
|
def delete(url)
|
41
45
|
logger.debug "IcingaDirector: DELETE request to #{url}"
|
42
46
|
client(url).delete.body
|
43
|
-
rescue
|
44
|
-
raise
|
47
|
+
rescue StandardError => e
|
48
|
+
raise handle_http_exception(e, url)
|
45
49
|
end
|
46
50
|
|
47
51
|
private
|
@@ -72,6 +76,17 @@ module ::Proxy::Monitoring::IcingaDirector
|
|
72
76
|
}
|
73
77
|
end
|
74
78
|
|
79
|
+
def handle_http_exception(e, url)
|
80
|
+
case e
|
81
|
+
when RestClient::ResourceNotFound
|
82
|
+
Proxy::Monitoring::NotFound.new("Icinga Director returned not found for #{request_url(url)}.")
|
83
|
+
when RestClient::Unauthorized
|
84
|
+
Proxy::Monitoring::AuthenticationError.new("Error authenicating to Icinga Director at #{request_url(url)}: #{e.message}")
|
85
|
+
else
|
86
|
+
Proxy::Monitoring::Error.new("Error connecting to Icinga Director at #{request_url(url)}: #{e.message}")
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
75
90
|
def baseurl
|
76
91
|
Proxy::Monitoring::IcingaDirector::Plugin.settings.director_url + '/'
|
77
92
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_monitoring
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Timo Goebel
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-10-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rest-client
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
143
|
rubyforge_project:
|
144
|
-
rubygems_version: 2.6.
|
144
|
+
rubygems_version: 2.6.12
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: Monitoring plug-in for Foreman's smart proxy
|