smart_proxy_monitoring 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 149d84b0fdd553512bd5ebd9570a688e96918579
-  data.tar.gz: b542c10c34d67dd7e0ebeea7fbf60b803be96a9f
+SHA256:
+  metadata.gz: e366cc37c357a3178a8d28262e1b177a384296778987df9b7107fb400a22dfae
+  data.tar.gz: 6f38e4e49c70adc11feee5bf495c00650dbe5aaf7f5187a5dca31e1c80edbc3e
 SHA512:
-  metadata.gz: 3b44ef5c7e691aea3a4dfd544cd9a686dc50731c1dfabdd6f0b1a3d78693a7ba03bf37faa283f2252434511ee73705e5073f2df115a2aef539011e83201f0b7c
-  data.tar.gz: 38ad6cb5b79d4e49bc8d9916c082aa83252060e5c241e60a5638c00e87529978fec9011d5923ee36390dc9a8f53f6f5b1e983252d8ea5360a6e97bcfb2c9a16a
+  metadata.gz: bbfbf8d19457f374c487630507cfd867aed6726bc3d84396e31596b648c26e047bc8ccf084d801edba5ea9667e3c17fb609f2cce47d6e033cf7c036c0c3df286
+  data.tar.gz: 846663a2a6aaee48323920970a3199326d888f45918ac575808699267f6b1af11181d3bd2d4f71db8bc5efb79aab13bc11a0798b02a540a014df04776cf1b13f

data/README.md

@@ -1,24 +1,24 @@
 # Smart Proxy - Monitoring
 
 This plug-in adds support for Monitoring to Foreman's Smart Proxy.
-It requires also the Foreman Monitoring plug-in.
+It also requires the Foreman Monitoring plug-in.
 
 # Installation
 
 Please see the Foreman manual for appropriate instructions:
 
-* [Foreman: How to Install a Plugin](http://theforeman.org/manuals/latest/index.html#6.Plugins)
+* [Foreman: How to Install a Proxy Plugin](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Smart-Proxy_Plugin)
 
 The gem name is `smart_proxy_monitoring`.
 
 RPM users can install the `rubygem-smart_proxy_monitoring` packages.
 
-This plug-in has not been packaged for Debian, yet.
+Deb users can install the `ruby-smart-proxy-monitoring` packages.
 
 # Configuration
 
 The plug-in requires some configuration on the Monitoring server and the Smart Proxy.
-For now the only supported Monitoring solution is Icinga 2 and the combination of Icinga 2
+For now, the only supported Monitoring solution is Icinga 2 and the combination of Icinga 2
 and the Icinga Web 2 Module Director.
 
 ## Icinga 2
@@ -31,7 +31,7 @@ The required steps for connecting the Smart Proxy and Icinga 2 will be found bel
 
 ### Monitoring Server
 
-On the Monitoring Server you have to enable the API and create API User.
+On the Monitoring Server, you have to enable the API and create API User.
 
 For testing the fastest way to setup this will be the following commands.
 
@@ -40,12 +40,12 @@ For testing the fastest way to setup this will be the following commands.
 # systemctl restart icinga2.service
 ```
 
-This will create the certficates, enable the API feature and create and API User `root` with
+This will create the certificates, enable the API feature and create and API User `root` with
 a random password. The configuration of the API User will be located in `/etc/icinga2/conf.d/api-users.conf`.
 
 More detailed instructions:
 
-To enable the API follow the next steps, if the API is already enabled skip this steps
+To enable the API, follow the next steps if the API is already enabled skip this steps
 and start by creating an API User. The API will already be enabled if you use the Icingaweb 2
 Module Director for configuration, Icinga 2 as Agents or in a distributed or high-available
 setup.
@@ -60,9 +60,12 @@ To create Icinga 2's own CA run:
 # icinga2 pki new-ca
 ```
 
-Afterwards copy the CA certificate to Icinga 2's pki directory:
+Afterwards copy the CA certificate to Icinga 2's PKI directory (depending on installation
+source and platform you have to create the PKI directory first with write permissions for the
+user Icinga 2 is running with, typically `icinga` or `nagios`):
 
 ```
+# install -o icinga -g icinga -m 0775 -d /etc/icinga2/pki
 # cp /var/lib/icinga2/ca/ca.crt /etc/icinga2/pki/
 ```
 
@@ -78,7 +81,7 @@ And then sign the certficate request to get a certificate by executing:
 # icinga2 pki sign-csr --csr /etc/icinga2/pki/$(hostname -f).csr --cert /etc/icinga2/pki/$(hostname -f).crt
 ```
 
-With the certificates created and placed in Icinga 2's pki directory you can enable the API feature.
+With the certificates created and placed in Icinga 2's PKI directory, you can enable the API feature.
 
 ```
 # icinga2 feature enable api
@@ -86,7 +89,7 @@ With the certificates created and placed in Icinga 2's pki directory you can ena
 ```
 
 To allow API connections you have to create an API User. You should name him according to the use case,
-so instructions will create an user named `foreman`. 
+so instructions will create a user named `foreman`.
 
 Password authentication is easier to setup, but certificate-based authentication is more secure.
 
@@ -115,8 +118,8 @@ object ApiUser "foreman" {
 # icinga2 pki sign-csr --csr /etc/icinga2/pki/foreman.csr --cert /etc/icinga2/pki/foreman.crt
 ```
 
-In addition to the authentication a Host template is required. By default it uses "foreman-host" if none
-is provided from the Foreman WebUI. This template should define defaults for the host check and intervals.
+In addition to the authentication, a Host template is required. By default, it uses "foreman-host" if none
+is provided at the Foreman WebUI. This template should define defaults for the host check and intervals.
 
 ```
 # vi /etc/icinga2/conf.d/templates.conf
@@ -138,13 +141,13 @@ template Host "foreman-host" {
 
 Ensure that the Monitoring module is enabled and uses the provider monitoring_icinga2.
 It is the default provider so also no setting for use_provider is fine.
-If you configured hosts in Icinga2 only with hostname instead of FQDN, you can add `:strip_domain` with
+If you configured hosts in Icinga2 only with the hostname instead of the FQDN, you can add `:strip_domain` with
 all the parts to strip, e.g. `.localdomain`.
 By default, SmartProxy will collect monitoring statuses from your monitoring solution and upload them to
 Foreman. This can be disabled by setting `collect_status` to `false`.
 
 ```
-# vi /etc/foreman-proxy/settings.d/monitoring.yaml
+# vi /etc/foreman-proxy/settings.d/monitoring.yml
 ---
 :enabled: true
 :use_provider: monitoring_icinga2
@@ -157,7 +160,7 @@ in /etc/icinga2/pki/) and provide the authentication details of the API User. If
 instead of the FQDN of the server, you will have to set verify_ssl to false.
 
 ```
-# vi /etc/foreman-proxy/settings.d/monitoring_icinga2.yaml
+# vi /etc/foreman-proxy/settings.d/monitoring_icinga2.yml
 ---
 :enabled: true
 :server: icinga2.localdomain
@@ -170,26 +173,36 @@ instead of the FQDN of the server, you will have to set verify_ssl to false.
 :verify_ssl: true
 ```
 
+Afterwards, restart the service.
+
+```
+# systemctl restart foreman-proxy.service
+```
+
 ## Icinga 2 and Icinga Web 2 Module Director
 
 This requires you to do the configuration steps above so
-Downtimes could be send to and Status information could be
+Downtimes can be sent to Foreman and Status information can be
 read from Icinga 2.
 
-In addition you have to configure the provider Icingadirector
-for managing hosts in the Icinga Web 2 Module Director.
+In addition, you have to configure the provider Icingadirector
+for managing hosts in the Icinga Web 2 Module Director. This
+graphical configuration frontend for Icinga 2 will allow you
+to customize the host, e.g.  adding additional required objects
+for using Icinga 2 as a monitoring agent or assign more attributes
+and services. By default, it requires a template named `foreman-host`.
 
 ### Icinga Web 2 Module Director
 
 Using the API of the Icinga Web 2 Module Director requires
-Authentication and Authorisation like it is described in its
+Authentication and Authorisation as it is described in the
 [documentation](https://github.com/Icinga/icingaweb2-module-director/blob/master/doc/70-REST-API.md).
 
-For the basic authentication of the webserver there are two
+For the basic authentication of the webserver, there are two
 possible ways of configuration. If you already use basic auth
 simply add a user and password to the authentication source.
 If you do not want to add basic authentication you can configure
-the webserver to auto login as a user depending on your source ip.
+the webserver to auto login as a user depending on your source IP.
 ```
 # vi /etc/httpd/conf.d/icingaweb2.conf
 ...
@@ -200,16 +213,16 @@ RewriteRule ^(.*)$ - [E=REMOTE_USER:foreman]
 ```
 
 In Icinga Web 2 you also have to add an authentication backend
-"external".
+`external`.
 ```
 # vi /etc/icingaweb2/authentication.ini
 [External]
 backend = "external"
 ```
 
-Furthermore a role is required assigning permissions to your user.
+Furthermore, a role is required assigning permissions to your user.
 ```
-# vi /etc/icingaweb2/roles.ini 
+# vi /etc/icingaweb2/roles.ini
 [Foreman]
 users = "foreman"
 permissions = "module/director, director/api, director/*"
@@ -217,13 +230,13 @@ permissions = "module/director, director/api, director/*"
 
 ### Smart Proxy
 
-Ensure that the Monitoring module is enabled and uses the provider monitoring_icinga2
-and monitoring_icingadirector.
+Ensure that the Monitoring module is enabled and uses the provider `monitoring_icinga2`
+and `monitoring_icingadirector`.
 ```
-# vi /etc/foreman-proxy/settings.d/monitoring.yaml
+# vi /etc/foreman-proxy/settings.d/monitoring.yml
 ---
 :enabled: true
-:use_provider: 
+:use_provider:
  - monitoring_icinga2
  - monitoring_icingadirector
 ```
@@ -242,6 +255,25 @@ but not required.
 :verify_ssl: true
 ```
 
+Afterwards, restart the service.
+
+```
+# systemctl restart foreman-proxy.service
+```
+
+# Troubleshooting
+
+The plug-in uses the configuration of the Smart Proxy to write its logs and does
+not provide a separate log for now. So have a look into `/var/log/foreman-proxy/proxy.log`
+for default installations.
+
+Also look into the logs of the monitoring solution and when opening issues attach relevant entries
+for both logs. For Icinga 2 it is typically `/var/log/icinga2/icinga2.log` or if enabled
+`/var/log/icinga2/debug.log`. Icinga Web 2 Director uses Icinga Web 2's configuration
+which is typically logging to syslog with facility `user` and application prefix `icingaweb2`
+which will result in a logging entry in `/var/log/message` for osfamily Red Hat and `/var/log/syslog`
+for osfamily Debian.
+
 # TODO
 
 Provider Icinga2:

data/lib/smart_proxy_monitoring/monitoring_api.rb

@@ -13,67 +13,43 @@ module Proxy::Monitoring
     authorize_with_ssl_client
 
     get '/host/:host' do |host|
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
 
         server.query_host(host).to_json
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
     put '/host/:host' do |host|
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
         attributes = params[:attributes]
         logger.debug "Creating host #{host} object with attributes #{attributes.inspect}"
 
         server.create_host(host, attributes)
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
     post '/host/:host' do |host|
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
         attributes = params[:attributes]
         logger.debug "Updating host #{host} object with attributes #{attributes.inspect}"
 
         server.update_host(host, attributes)
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
     delete '/host/:host' do |host|
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
         logger.debug "Removing host #{host} object"
 
         server.remove_host(host)
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
@@ -82,18 +58,15 @@ module Proxy::Monitoring
       comment = params[:comment] || 'triggered by foreman'
       start_time = params[:start_time] || Time.now.to_i
       end_time = params[:end_time] || (Time.now.to_i + (24 * 3600))
+      all_services = params[:all_services]
 
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
 
+        server.set_downtime_host(host, author, comment, start_time, end_time, all_services: all_services)
+      rescue ArgumentError
         server.set_downtime_host(host, author, comment, start_time, end_time)
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
@@ -101,20 +74,26 @@ module Proxy::Monitoring
       author = params[:author] || 'foreman'
       comment = params[:comment] || 'triggered by foreman'
 
-      begin
+      log_provider_errors do
         validate_dns_name!(host)
         host = strip_domain(host)
 
         server.remove_downtime_host(host, author, comment)
-      rescue Proxy::Monitoring::NotFound => e
-        log_halt 404, e
-      rescue Proxy::Monitoring::ConnectionError => e
-        log_halt 503, e
-      rescue Exception => e
-        log_halt 400, e
       end
     end
 
+    def log_provider_errors
+      yield
+    rescue Proxy::Monitoring::NotFound => e
+      log_halt 404, e
+    rescue Proxy::Monitoring::ConnectionError => e
+      log_halt 503, e
+    rescue Proxy::Monitoring::AuthenticationError => e
+      log_halt 500, e
+    rescue Exception => e
+      log_halt 400, e
+    end
+
     def validate_dns_name!(name)
       raise Proxy::Monitoring::Error.new("Invalid DNS name #{name}") unless name =~ /^([a-zA-Z0-9]([-a-zA-Z0-9]+)?\.?)+$/
     end

data/lib/smart_proxy_monitoring/monitoring_plugin.rb

@@ -11,6 +11,8 @@ module Proxy::Monitoring
     uses_provider
     default_settings use_provider: 'monitoring_icinga2'
     default_settings collect_status: true
+    expose_setting :collect_status
+    expose_setting :strip_domain
 
     http_rackup_path File.expand_path('monitoring_http_config.ru', File.expand_path('../', __FILE__))
     https_rackup_path File.expand_path('monitoring_http_config.ru', File.expand_path('../', __FILE__))

data/lib/smart_proxy_monitoring/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module Monitoring
-    VERSION = '0.1.0'.freeze
+    VERSION = '0.2.0'.freeze
   end
 end

data/lib/smart_proxy_monitoring_common/monitoring_common.rb

@@ -1,6 +1,7 @@
 module Proxy::Monitoring
   class Error < RuntimeError; end
   class NotFound < RuntimeError; end
+  class AuthenticationError < RuntimeError; end
 
   class Provider; end
 end

data/lib/smart_proxy_monitoring_icinga2/icinga2_result_uploader.rb

@@ -3,7 +3,7 @@ require 'thread'
 module ::Proxy::Monitoring::Icinga2
   class MonitoringResult < Proxy::HttpRequest::ForemanRequest
     def push_result(result)
-      send_request(request_factory.create_post('api/monitoring_results', result))
+      send_request(request_factory.create_post('api/v2/monitoring_results', result))
     end
   end
 
@@ -39,7 +39,7 @@ module ::Proxy::Monitoring::Icinga2
             transformed = { result: change[:check_result][:state] }
           when 'AcknowledgementSet'
             transformed = { acknowledged: true }
-          when 'AchnowledgementCleared'
+          when 'AcknowledgementCleared'
             transformed = { acknowledged: false }
           when 'DowntimeTriggered'
             transformed = { downtime: true }

data/lib/smart_proxy_monitoring_icinga2/monitoring_icinga2_main.rb

@@ -49,7 +49,7 @@ module Proxy::Monitoring::Icinga2
     end
 
     def remove_downtime_host(host, author, comment)
-      request_url = "/actions/remove-downtime?type=Host&filter=host.name==\"#{host}\"\&\&author==\"#{author}\"\&\&comment=\"#{comment}\""
+      request_url = "/actions/remove-downtime?type=Host&filter=#{uri_encode_filter("host.name==\"#{host}\"\&\&author==\"#{author}\"\&\&comment=\"#{comment}\"")}"
       data = {}
 
       result = with_errorhandling("Remove downtime from #{host}") do
@@ -58,8 +58,8 @@ module Proxy::Monitoring::Icinga2
       result.to_json
     end
 
-    def set_downtime_host(host, author, comment, start_time, end_time)
-      request_url = "/actions/schedule-downtime?type=Host&filter=host.name==\"#{host}\""
+    def set_downtime_host(host, author, comment, start_time, end_time, all_services: nil, **)
+      request_url = "/actions/schedule-downtime?type=Host&filter=#{uri_encode_filter("host.name==\"#{host}\"")}"
       data = {
         'author' => author,
         'comment' => comment,
@@ -67,6 +67,7 @@ module Proxy::Monitoring::Icinga2
         'end_time' => end_time,
         'duration' => 1000
       }
+      data['all_services'] = all_services unless all_services.nil?
 
       result = with_errorhandling("Set downtime on #{host}") do
         Icinga2Client.post(request_url, data.to_json)
@@ -76,6 +77,10 @@ module Proxy::Monitoring::Icinga2
 
     private
 
+    def uri_encode_filter(filter)
+      URI.encode(filter)
+    end
+
     def host_attributes(host, data)
       attributes = {}
 
@@ -130,7 +135,9 @@ module Proxy::Monitoring::Icinga2
       result
     rescue JSON::ParserError => e
       raise Proxy::Monitoring::Error.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned invalid JSON: '#{e.message}'")
-    rescue RestClient::NotFound => e
+    rescue RestClient::Unauthorized => e
+      raise Proxy::Monitoring::AuthenticationError.new("Error authenicating to Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server}: #{e.message}.")
+    rescue RestClient::ResourceNotFound => e
       raise Proxy::Monitoring::NotFound.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned: #{e.message}.")
     rescue RestClient::Exception => e
       raise Proxy::Monitoring::Error.new("Icinga server at #{::Proxy::Monitoring::Icinga2::Plugin.settings.server} returned an error: '#{e.response}'")

data/lib/smart_proxy_monitoring_icinga2/monitoring_icinga2_plugin.rb

@@ -5,6 +5,11 @@ module ::Proxy::Monitoring::Icinga2
     default_settings server: 'localhost'
     default_settings api_port: '5665'
     default_settings verify_ssl: true
+    expose_setting :server
+    expose_setting :api_user
+    capability("config")
+    capability("downtime")
+    capability("status") unless Proxy::Monitoring::Plugin.settings.collect_status
 
     requires :monitoring, ::Proxy::Monitoring::VERSION
 

data/lib/smart_proxy_monitoring_icingadirector/director_client.rb

@@ -23,25 +23,29 @@ module ::Proxy::Monitoring::IcingaDirector
     def get(url)
       logger.debug "IcingaDirector: GET request to #{url}"
       client(url).get.body
-    rescue RestClient::NotFound
-      raise Proxy::Monitoring::NotFound.new("Icinga Director returned not found for #{url}.")
+    rescue StandardError => e
+      raise handle_http_exception(e, url)
     end
 
     def post(url, payload)
       logger.debug "IcingaDirector: POST request to #{url} with payload: #{payload}"
       client(url).post(payload).body
+    rescue StandardError => e
+      raise handle_http_exception(e, url)
     end
 
     def put(url, payload)
       logger.debug "IcingaDirector: PUT request to #{url} with payload: #{payload}"
       client(url).put(payload).body
+    rescue StandardError => e
+      raise handle_http_exception(e, url)
     end
 
     def delete(url)
       logger.debug "IcingaDirector: DELETE request to #{url}"
       client(url).delete.body
-    rescue RestClient::NotFound
-      raise Proxy::Monitoring::NotFound.new("Icinga Director returned not found for #{url}.")
+    rescue StandardError => e
+      raise handle_http_exception(e, url)
     end
 
     private
@@ -72,6 +76,19 @@ module ::Proxy::Monitoring::IcingaDirector
       }
     end
 
+    def handle_http_exception(e, url)
+      case e
+      when RestClient::ResourceNotFound
+        Proxy::Monitoring::NotFound.new("Icinga Director returned not found for #{request_url(url)}.")
+      when RestClient::Unauthorized
+        Proxy::Monitoring::AuthenticationError.new("Error authenicating to Icinga Director at #{request_url(url)}: #{e.message}")
+      when RestClient::NotModified
+        raise
+      else
+        Proxy::Monitoring::Error.new("Error connecting to Icinga Director at #{request_url(url)}: #{e.message}")
+      end
+    end
+
     def baseurl
       Proxy::Monitoring::IcingaDirector::Plugin.settings.director_url + '/'
     end

data/lib/smart_proxy_monitoring_icingadirector/monitoring_icingadirector_plugin.rb

@@ -3,6 +3,9 @@ module ::Proxy::Monitoring::IcingaDirector
     plugin :monitoring_icingadirector, ::Proxy::Monitoring::VERSION
 
     default_settings verify_ssl: true
+    expose_setting :director_url
+    expose_setting :director_user
+    capability("config")
 
     requires :monitoring, ::Proxy::Monitoring::VERSION
     requires :monitoring_icinga2, ::Proxy::Monitoring::VERSION

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_monitoring
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Timo Goebel
 - Dirk Goetz
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-04-13 00:00:00.000000000 Z
+date: 2022-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -121,11 +121,11 @@ files:
 - settings.d/monitoring.yml.example
 - settings.d/monitoring_icinga2.yml.example
 - settings.d/monitoring_icingadirector.yml.example
-homepage: http://github.com/theforeman/smart_proxy_monitoring
+homepage: https://github.com/theforeman/smart_proxy_monitoring
 licenses:
-- GPLv3
+- GPL-3.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -140,9 +140,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Monitoring plug-in for Foreman's smart proxy
 test_files: []