diff --git a/common/docker/templates/daemon.json b/common/docker/templates/daemon.json
index 369577e8ca5f368494a5c6beab8193e509dcd6d7..6dd98eadb606b48e7e2609a17393950ae9fa1890 100644
--- a/common/docker/templates/daemon.json
+++ b/common/docker/templates/daemon.json
@@ -4,7 +4,9 @@
"log-opts": {
"max-size": "128m",
"max-file": "5"
- }
+ },
+ "metrics-addr": "{{int_ip4}}:9323",
+ "experimental": true
}
diff --git a/common/docker_dockerstats/tasks/main.yml b/common/docker_dockerstats/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..134a66c48250c2e711884783b239839ff58404cd
--- /dev/null
+++ b/common/docker_dockerstats/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+
+
+- name: create folder struct for {{ servicename }}
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+
+
+- name: Konfig-Dateien erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - Dockerfile
+ - docker-compose.yml
+
+
+- name: start {{ servicename }} docker
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: present
diff --git a/common/docker_dockerstats/templates/Dockerfile b/common/docker_dockerstats/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..21357fe5e847cec29ee38789cfa71003a0ab69db
--- /dev/null
+++ b/common/docker_dockerstats/templates/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:14-alpine
+
+RUN apk update \
+ && apk upgrade \
+ && apk add --no-cache git
+
+RUN mkdir -p /usr/src/app \
+ && cd /usr/src/app \
+ && git clone https://github.com/elberfeld/docker_stats_exporter.git \
+ && cd /usr/src/app/docker_stats_exporter \
+ && git checkout 2020.07.30.1 \
+ && npm install
+
+WORKDIR /usr/src/app/docker_stats_exporter
+
+EXPOSE 9487
+ENV DOCKERSTATS_PORT=9487 DOCKERSTATS_INTERVAL=15 DEBUG=0
+
+ENTRYPOINT [ "npm", "start" ]
diff --git a/common/docker_dockerstats/templates/docker-compose.yml b/common/docker_dockerstats/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..248d813dc7baedae29c85d340edd83749fa77712
--- /dev/null
+++ b/common/docker_dockerstats/templates/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3"
+
+services:
+
+ app:
+
+ build: .
+ restart: always
+ ports:
+ - "{{ int_ip4 }}:9487:9487"
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /usr/bin/docker:/usr/bin/docker
+
diff --git a/common/prometheus-node/tasks/main.yml b/common/prometheus-node/tasks/main.yml
index e0c1a9bf9c9f236e7a02c2ce32750a50d00eac35..f4b0370178dca240e4d3cbb22bb1048eaaf99ecd 100644
--- a/common/prometheus-node/tasks/main.yml
+++ b/common/prometheus-node/tasks/main.yml
@@ -1,15 +1,31 @@
---
-
-
-- name: stop prometheus-node-exporter
- service: name=prometheus-node-exporter state=stopped
-
-# Pakete deinstallieren
-- name: pakete deinstallieren
+# Pakete installieren
+- name: pakete installieren
apt:
pkg: "{{ item }}"
- update_cache: no
- state: absent
+ update_cache: yes
+ state: installed
with_items:
- prometheus-node-exporter
+- name: remove old directories
+ file:
+ path: "{{ item }}"
+ state: "absent"
+ with_items:
+ - /srv/prometheus-node-exporter
+
+- name: Configure Node-Exporter
+ lineinfile:
+ path: /etc/default/prometheus-node-exporter
+ regexp: '^ARGS='
+ line: ARGS="--web.listen-address={{int_ip4}}:9100"
+
+- name: reload systemd and enable service
+ command: systemctl enable prometheus-node-exporter
+
+- name: restart prometheus-node-exporter
+ service:
+ name: prometheus-node-exporter
+ state: restarted
+
diff --git a/group_vars/prod b/group_vars/prod
index 44e4dd54f106bdd865f69f9c8f0091e3a7510bd4..9422cd7cb2939ac23782b40d874b1e06c7d29c8c 100644
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -17,7 +17,8 @@ ldap_domain: warpzone.ms
ldap_base_dn: dc=warpzone,dc=ms
ldap_admin_bind_dn: cn=admin,dc=warpzone,dc=ms
ldap_readonly_bind_dn: cn=readonly,dc=warpzone,dc=ms
-
+ldap_group_dn: ou=groups,dc=warpzone,dc=ms
+ldap_group_active_dn: cn=active,ou=groups,dc=warpzone,dc=ms
# SMTP Settings
smtp_domain: warpzone.ms
@@ -25,6 +26,10 @@ smtp_host: mailserver.warpzone.ms
smtp_port: 587
noreply_email_user: noreply@warpzone.ms
+# Globale Domains
+global_domains:
+ warpzonems:
+ domain: warpzone.ms
# Globale Mail konfiguration
mail_domains:
@@ -32,6 +37,38 @@ mail_domains:
maildomain: warpzone.ms
mxserver: mailserver.warpzone.ms
mxhostname: webserver
+ spf: v=spf1 mx ~all
+ dmarc: v=DMARC1; p=none;
+ dkim:
+ - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ZvoSoa2LwBbzQMD9laVy8hUGbvhe1LkL/6SIk3Ks8GfiT7p+hdlbcvo+noBR4gvbmSWwn3yBxOnGCtSH+iP0q7HHrmeEXJqGkLK25zZh1EO8bZqIHi2NX/LnN7dJTO8C27CRLME+YtWdrDaerIWXsHk7U+qD1ZuM5Q+FgAzsQ5uxQVlD6sO3IU" }
+ member_warpzonems:
+ maildomain: member.warpzone.ms
+ mxserver: mailserver.warpzone.ms
+ mxhostname: webserver
+ spf: v=spf1 mx ~all
+ dmarc: v=DMARC1; p=none;
+ dkim:
+ - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lZDykC3gbxSHMwTNO7QrDytlO9Sg66nEXpIv1/GqQrj3T1i3tTn05XxpJbRXUMuooaP6xZqt2OR3f/Wex6d4WwHH4Z1YuvyKDUWewynGZ3Ge+Vca8T0LBdDw7DZWtkXv94SHPWLyPWuuBXQs2nAgrMn3rtlwKovEsOqg85mFNb1EVm9Rgj9TB2" }
+ lists_warpzonems:
+ maildomain: lists.warpzone.ms
+ mxserver: mailserver.warpzone.ms
+ mxhostname: webserver
+ spf: v=spf1 mx ~all
+ dmarc: v=DMARC1; p=none;
+# chaostreffmuensterde:
+# maildomain: chaostreff-muenster.de
+# mxserver: mailserver.warpzone.ms
+# mxhostname: webserver
+# spf: v=spf1 mx ~all
+# dmarc: v=DMARC1; p=none;
+# dkim:
+# - { selector: "dkim", value: "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/OBnxYygjhKeZVyvhDAO1/O1XwyYEhQx3bW/rO/Wmp8ZzP/eQh3dljDEibj1KsfdUhfgTIU8CnTKLayb8B07MMzhBklpg8WUV2LrDmpndfhixizjaxzwBj/dhtiZE7e4BwhOPOmdBQ0cCIvNhMcQcCa1RgCpX/g5Ii0AtQ2zCPMTSOW5YWn+VY" }
+# lists_chaostreffmuensterde:
+# maildomain: lists.chaostreff-muenster.de
+# mxserver: mailserver.warpzone.ms
+# mxhostname: webserver
+# spf: v=spf1 mx ~all
+# dmarc: v=DMARC1; p=none;
# Zentrale InfluxDb für Systemmonitoring
@@ -53,3 +90,14 @@ matrix:
domain: matrix.warpzone.ms
public_url: https://matrix.warpzone.ms
identity_server: https://matrix.warpzone.ms
+
+# Monitoring
+monitoring:
+ internal_ldap_servers:
+ - webserver
+ - verwaltung
+ - warpsrvint
+ external_dns_servers:
+ - { ip: "8.8.8.8", name: "Google" }
+ - { ip: "9.9.9.9", name: "Quad9" }
+ - { ip: "46.182.19.48", name: "Digitalcourage" }
diff --git a/host_vars/verwaltung b/host_vars/verwaltung
index 92fd89015538f49d160a60872bb9a02beb9630b4..5fe06dbf20cfa19737cc0546a6dbaa44b4887251 100644
--- a/host_vars/verwaltung
+++ b/host_vars/verwaltung
@@ -58,6 +58,31 @@ vorstandteam:
- "h3rb3rn"
- "mowoe"
+# Monitoring aktivieren
+alert:
+ load:
+ warn: 8
+ crit: 16
+ containers:
+ - { name: "dockerstats_app_1" }
+ - { name: "gitea_app_1" }
+ - { name: "gitea_db_1" }
+ - { name: "jameica-vnc_ldap_auth_1" }
+ - { name: "jameica-vnc_nginx_1" }
+ - { name: "jameica-vnc_vnc_1" }
+ - { name: "ldap_openldap_1" }
+ - { name: "ldap_phpldapadmin_1" }
+ - { name: "ldap_syncreplexporter_1" }
+ - { name: "mysql_app_1_aa1ef2868e9c" }
+ - { name: "nextcloud_app_1" }
+ - { name: "nextcloud_elasticsearch_1" }
+ - { name: "nextcloud_mysql_1" }
+ - { name: "nextcloud_redis_1" }
+ - { name: "traefik_app_1" }
+ disks:
+ - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+ - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
+
# Definition von Borgbackup Repositories
borgbackup_repos:
@@ -85,6 +110,13 @@ borgbackup_repos:
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
+ # Monitoring
+ alert: true
+ warning_age: 26
+ critical_age: 50
+ warning_count: 10
+ critical_count: 5
+
borgbase:
# URL des Repos
@@ -108,6 +140,12 @@ borgbackup_repos:
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
+ # Monitoring
+ alert: true
+ warning_age: 26
+ critical_age: 50
+ warning_count: 10
+ critical_count: 5
# Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen
borgbackup_directories:
diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint
index 6a2db01026997dc0a2f673becd3158cb5355099a..8f5f03797f65bbad5a7e2bc8bd17b063b8aadb48 100644
--- a/host_vars/warpsrvint
+++ b/host_vars/warpsrvint
@@ -41,37 +41,40 @@ administratorenteam:
- "dray"
- "sandhome"
+# Monitoring aktivieren
+alert:
+ load:
+ warn: 2
+ crit: 4
+ containers:
+ - { name: "dockerstats_app_1" }
+ - { name: "influx_sysmon_1" }
+ - { name: "grafana_app_1" }
+ - { name: "unifi_app_1" }
+ - { name: "ldap_phpldapadmin_1" }
+ - { name: "matestatdb_db_1" }
+ - { name: "l4z0r_db_1" }
+ - { name: "warpinfratest_app_1" }
+ - { name: "warpinfratest_db_1" }
+ - { name: "nodered-app" }
+ - { name: "prometheus-alert" }
+ - { name: "prometheus-statsd-exporter" }
+ - { name: "prometheus-snmp-exporter" }
+ - { name: "prometheus-blackbox-exporter" }
+ - { name: "mqtt-service" }
+ - { name: "warpinfra-db" }
+ - { name: "warpinfra-app" }
+ disks:
+ - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+
# Definition von Borgbackup Repositories
borgbackup_repos:
- warpsrvext:
-
- # URL des Repos
- repo: "ssh://warpzone@217.79.181.126:22/data/warpzone/warpsrvint"
-
- # Repo-spezifische Optionen zum Aufruf von Borgbackup
- # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
- options: ""
-
- # Compression Options, z,b. "zlib,5, "zstd,5"
- compression: "zlib,5"
-
- # Prune Optionen
- prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
-
- # Backup Schedule
- weekday: "*"
- hour: "*/4"
- minute: "10"
-
- # Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
- # directories:
-
borgbase:
# URL des Repos
- repo: "w3299kpl@w3299kpl.repo.borgbase.com:repo"
+ repo: "u127404b@u127404b.repo.borgbase.com:repo"
# Repo-spezifische Optionen zum Aufruf von Borgbackup
# z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
@@ -91,6 +94,13 @@ borgbackup_repos:
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
+ # Monitoring
+ alert: true
+ warning_age: 10
+ critical_age: 20
+ warning_count: 10
+ critical_count: 5
+
# Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen
borgbackup_directories:
diff --git a/host_vars/webserver b/host_vars/webserver
index 232d68a6a17020de92a362a06813fccbd1ce6d19..37d3d5664b33d96ad0cbe5612609e59505e1db3f 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -21,7 +21,6 @@ ext_ip4: 89.163.231.226
ext_ip6: 2001:4ba0:ffff:7c::2
int_ip4: 10.42.1.1
-
# Art des Hosts: physical, vm, docker
host_type: "vm"
@@ -32,7 +31,7 @@ webserver_ssl: true
webserver_domains:
- "warpzone.ms"
- "api.warpzone.ms"
- - "auth.warpzone.ms"
+# - "auth.warpzone.ms"
- "autodiscover.warpzone.ms"
- "autoconfig.warpzone.ms"
- "gitlab.warpzone.ms"
@@ -42,11 +41,7 @@ webserver_domains:
- "mailserver.warpzone.ms"
- "muc.jabber.warpzone.ms"
- "proxy.jabber.warpzone.ms"
- - "jabber-test.warpzone.ms"
- - "muc.jabber-test.warpzone.ms"
- - "proxy.jabber-test.warpzone.ms"
- "ldap.warpzone.ms"
- - "mattermost.warpzone.ms"
- "md.warpzone.ms"
- "wiki.warpzone.ms"
- "www.warpzone.ms"
@@ -60,6 +55,60 @@ openvpn_server:
administratorenteam:
- "void"
- "sandhome"
+
+
+# Monitoring aktivieren
+alert:
+ load:
+ warn: 8
+ crit: 16
+ containers:
+ - { name: "autodiscover_warpzonems_1" }
+ - { name: "dockerstats_app_1" }
+ - { name: "dokuwiki_app_1" }
+ - { name: "gitlab_app_1" }
+ - { name: "hackmd_app_1" }
+ - { name: "hackmd_db_1" }
+ - { name: "icinga_app_1" }
+ - { name: "icinga_db_1" }
+ - { name: "icinga_graphite_1" }
+ - { name: "jabber_app_1" }
+ - { name: "ldap_openldap_1" }
+ - { name: "ldap_phpldapadmin_1" }
+ - { name: "ldap_syncreplexporter_1" }
+ - { name: "mail_dovecot-mailcow_1" }
+ - { name: "mail_dockerapi-mailcow_1" }
+ - { name: "mail_ipv6nat-mailcow_1" }
+ - { name: "mail_mailman-core" }
+ - { name: "mail_mailman-db" }
+ - { name: "mail_mailman-nginx" }
+ - { name: "mail_mailman-web" }
+ - { name: "mail_memcached-mailcow_1" }
+ - { name: "mail_mysql-mailcow_1" }
+ - { name: "mail_netfilter-mailcow_1" }
+ - { name: "mail_nginx-mailcow_1" }
+ - { name: "mail_olefy-mailcow_1" }
+ - { name: "mail_postfix-mailcow_1" }
+ - { name: "mail_php-fpm-mailcow_1" }
+ - { name: "mail_redis-mailcow_1" }
+ - { name: "mail_rspamd-mailcow_1" }
+ - { name: "mail_traefik-certdumper_1" }
+ - { name: "mail_unbound-mailcow_1" }
+ - { name: "mail_watchdog-mailcow_1" }
+ - { name: "matterbridge_cw_1" }
+ - { name: "matterbridge_wz_1" }
+ - { name: "matrix_ma1sd_1" }
+ - { name: "matrix_db_1" }
+ - { name: "matrix_synapse_1" }
+ - { name: "traefik_app_1" }
+ - { name: "warpapi_app_1" }
+ - { name: "warpinfra_app_1" }
+ - { name: "warpinfra_db_1" }
+ - { name: "wordpress_app_1" }
+ - { name: "wordpress_db_1" }
+ disks:
+ - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+ - { mountpoint: "/var/lib/docker", warn: "1 GB", crit: "500 MB" }
# Definition von Borgbackup Repositories
@@ -88,6 +137,13 @@ borgbackup_repos:
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
+ # Monitoring
+ alert: true
+ warning_age: 26
+ critical_age: 50
+ warning_count: 10
+ critical_count: 5
+
borgbase:
# URL des Repos
@@ -111,6 +167,13 @@ borgbackup_repos:
# Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen
# directories:
+ # Monitoring
+ alert: true
+ warning_age: 26
+ critical_age: 50
+ warning_count: 10
+ critical_count: 5
+
# Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen
borgbackup_directories:
diff --git a/site.yml b/site.yml
index b72a35ac92a31f97a5ea5be0480ee92fd2e1653b..2ca257b7f61fbba811468133cf0bc202e83dca51 100644
--- a/site.yml
+++ b/site.yml
@@ -26,7 +26,12 @@
- { role: common/borgbackup, tags: borgbackup }
- { role: common/borgserver, tags: borgserver }
- { role: common/docker, tags: docker }
- - { role: common/telegraf, tags: telegraf }
+ - { role: common/prometheus-node, tags: prometheus-node }
+ - {
+ role: common/docker_dockerstats, tags: dockerstats,
+ servicename: dockerstats,
+ basedir: /srv/dockerstats
+ }
- { role: common/docker_ldap, tags: ldap }
- { role: common/nginx, tags: nginx }
- { role: warpsrvint/docker_grafana, tags: grafana }
@@ -49,6 +54,12 @@
- { role: common/borgbackup, tags: borgbackup }
- { role: common/docker, tags: docker }
- { role: common/openvpn, tags: openvpn }
+ - { role: common/prometheus-node, tags: prometheus-node }
+ - {
+ role: common/docker_dockerstats, tags: dockerstats,
+ servicename: dockerstats,
+ basedir: /srv/dockerstats
+ }
- {
role: common/docker_ldap, tags: ldap,
servicename: "ldap",
@@ -75,6 +86,14 @@
servicename: "gitlab",
domain: "gitlab.warpzone.ms"
}
+ - {
+ role: webserver/docker_icinga, tags: icinga,
+ servicename: icinga,
+ basedir: /srv/icinga,
+ domain: icinga.warpzone.ms,
+ api_port: 5665,
+ mysql_port: 33306,
+ }
- {
role: webserver/docker_hackmd, tags: hackmd,
servicename: "hackmd",
@@ -89,7 +108,8 @@
role: webserver/docker_mail, tags: mail
}
- {
- role: webserver/docker_matterbridge, tags: matterbridge
+ role: webserver/docker_matterbridge, tags: matterbridge,
+ domain: "www.warpzone.ms"
}
- {
role: webserver/docker_matrix, tags: matrix,
@@ -123,6 +143,12 @@
- { role: common/borgbackup, tags: borgbackup }
- { role: common/docker, tags: docker }
- { role: common/openvpn, tags: openvpn }
+ - { role: common/prometheus-node, tags: prometheus-node }
+ - {
+ role: common/docker_dockerstats, tags: dockerstats,
+ servicename: dockerstats,
+ basedir: /srv/dockerstats
+ }
- {
role: common/docker_ldap, tags: ldap,
servicename: "ldap",
diff --git a/webserver/docker_icinga/handlers/main.yml b/webserver/docker_icinga/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..068770a8c8aaaa0f8455be9761145cf94584a9f9
--- /dev/null
+++ b/webserver/docker_icinga/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart icinga docker
+ docker_compose:
+ project_src: /srv/icinga/
+ state: present
+ restarted: yes
diff --git a/webserver/docker_icinga/tasks/main.yml b/webserver/docker_icinga/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..49eb963b7c2aa893e27b13cde749640726a9aba2
--- /dev/null
+++ b/webserver/docker_icinga/tasks/main.yml
@@ -0,0 +1,121 @@
+---
+
+- include: ../functions/get_secret.yml
+ with_items:
+ - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
+ - { path: "{{ basedir }}/icinga_admin_pass", length: 12 }
+ - { path: "{{ basedir }}/icinga_api_user", length: 8 }
+ - { path: "{{ basedir }}/icinga_api_pass", length: 8 }
+ - { path: "{{ basedir }}/mysql_admin_pass", length: 12 }
+ - { path: "{{ basedir }}/mysql_user_pass", length: 12 }
+
+
+- name: pakete installieren
+ apt:
+ update_cache: no
+ state: present
+ name:
+ - logrotate
+
+- name: icinga LogRotate config erstellen
+ template:
+ src: logrotate
+ dest: /etc/logrotate.d/icinga
+
+
+- name: "create folder struct for {{ servicename }}"
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+ - "{{ basedir }}/data/"
+ - "{{ basedir }}/etc/"
+ - "{{ basedir }}/log/"
+ - "{{ basedir }}/db/"
+ - "{{ basedir }}/graphite-conf/"
+ - "{{ basedir }}/graphite-storage/"
+
+
+- name: Konfig-Dateien erstellen (base,graphite)
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - Dockerfile
+ - docker-compose.yml
+ - check_rbl_helper.sh
+ - notify_by_pushover.sh
+ - etc/locale.gen
+ - graphite-conf/storage-schemas.conf
+ notify: restart icinga docker
+
+
+- stat:
+ path: "{{ basedir }}/etc/icingaweb2/CONFIGURED"
+ register: configured
+
+- name: "start {{ servicename }} docker (init)"
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: present
+ when: configured.stat.exists == False
+
+- name: "wait for {{ servicename }} docker (init)"
+ wait_for:
+ path: "{{ basedir }}/etc/icingaweb2/CONFIGURED"
+ when: configured.stat.exists == False
+
+- name: "stop {{ servicename }} docker (init)"
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: absent
+ when: configured.stat.exists == False
+
+
+- name: Script Helper erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ mode: u+x
+ with_items:
+ - debuglog_enable.sh
+ - debuglog_disable.sh
+
+
+- name: Konfig-Dateien erstellen (icinga,icingaweb2)
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - etc/icinga/conf.d/api-users.conf
+ - etc/icinga/conf.d/commands2.conf
+ - etc/icinga/conf.d/groups.conf
+ - etc/icinga/conf.d/hosts_manual.conf
+ - etc/icinga/conf.d/hosts.conf
+# - etc/icinga/conf.d/notifications_pushover.conf
+ - etc/icinga/conf.d/notifications.conf
+ - etc/icinga/conf.d/services_backup.conf
+ - etc/icinga/conf.d/services_container.conf
+ - etc/icinga/conf.d/services_domains.conf
+ - etc/icinga/conf.d/services_exporters.conf
+# - etc/icinga/conf.d/services_ldap.conf
+ - etc/icinga/conf.d/services_mail.conf
+ - etc/icinga/conf.d/services_manual.conf
+# - etc/icinga/conf.d/services_mqttsensors.conf
+ - etc/icinga/conf.d/services_system.conf
+ - etc/icinga/conf.d/services.conf
+ - etc/icinga/conf.d/templates.conf
+ - etc/icinga/conf.d/users_groups.conf
+ - etc/icinga/conf.d/users_sample.conf
+ - etc/icingaweb2/authentication.ini
+ - etc/icingaweb2/groups.ini
+ - etc/icingaweb2/resources.ini
+ - etc/icingaweb2/roles.ini
+ notify: restart icinga docker
+
+
+- name: "start {{ servicename }} docker"
+ docker_compose:
+ project_src: "{{ basedir }}"
+ state: present
diff --git a/webserver/docker_icinga/templates/Dockerfile b/webserver/docker_icinga/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..5c53c359cc0da25bf1c8f79ee41a083935f0bd07
--- /dev/null
+++ b/webserver/docker_icinga/templates/Dockerfile
@@ -0,0 +1,42 @@
+FROM jordan/icinga2:2.12.1
+
+# Install additional Packages (Backports needed for Golang > 1.13)
+RUN apt-get update \
+ && apt-get install -y -q --no-install-recommends -t buster-backports \
+ curl \
+ dnsutils \
+ git \
+ golang \
+ jq \
+ libdata-validate-domain-perl \
+ libdata-validate-ip-perl \
+ libmonitoring-plugin-perl \
+ libnet-dns-perl \
+ libnet-ip-perl \
+ perl \
+ python-requests \
+ python3 \
+ python3-paho-mqtt \
+ && apt-get autoremove -y \
+ && apt-get clean \
+ && rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/debconf/*-old
+
+# Helper Scripe
+COPY check_rbl_helper.sh /opt
+COPY notify_by_pushover.sh /opt
+RUN chmod +x /opt/*.sh
+
+# check_mqtt
+RUN cd /opt/ && git clone https://github.com/jpmens/check-mqtt.git
+
+# check_rbl
+RUN cd /opt/ && git clone https://github.com/matteocorti/check_rbl.git
+
+# check_json
+RUN cd /opt/ && git clone https://github.com/asymworks/check_json.git
+
+# prom2json (go 1.13 min reqired)
+RUN cd /opt/ && GOPATH=/opt/ go get github.com/prometheus/prom2json/cmd/prom2json
+
+# check_metric_value
+RUN cd /opt/ && git clone https://github.com/elberfeld/check_metric_value.git
diff --git a/webserver/docker_icinga/templates/check_rbl_helper.sh b/webserver/docker_icinga/templates/check_rbl_helper.sh
new file mode 100644
index 0000000000000000000000000000000000000000..09cd70fcd7de53e54fd9a7ec8d2cc420f22ef905
--- /dev/null
+++ b/webserver/docker_icinga/templates/check_rbl_helper.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/perl /opt/check_rbl/check_rbl --extra-opts=rbl@/opt/check_rbl/check_rbl.ini $@
diff --git a/webserver/docker_icinga/templates/debuglog_disable.sh b/webserver/docker_icinga/templates/debuglog_disable.sh
new file mode 100644
index 0000000000000000000000000000000000000000..ce6d4ed18ef9452cd0b04edf7a85607cded9613a
--- /dev/null
+++ b/webserver/docker_icinga/templates/debuglog_disable.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cd /srv/icinga
+docker-compose exec app icinga2 feature disable debuglog
+docker-compose restart
+rm log/icinga2/debug.log
diff --git a/webserver/docker_icinga/templates/debuglog_enable.sh b/webserver/docker_icinga/templates/debuglog_enable.sh
new file mode 100644
index 0000000000000000000000000000000000000000..187440dc5d1d868aad9ac107ee37173e766de84b
--- /dev/null
+++ b/webserver/docker_icinga/templates/debuglog_enable.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cd /srv/icinga
+docker-compose exec app icinga2 feature enable debuglog
+docker-compose restart
+tail -f log/icinga2/debug.log
diff --git a/webserver/docker_icinga/templates/docker-compose.yml b/webserver/docker_icinga/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4261e5c2abaa762032a7f7115713f4dc5c793ba1
--- /dev/null
+++ b/webserver/docker_icinga/templates/docker-compose.yml
@@ -0,0 +1,89 @@
+
+
+version: "2"
+
+services:
+
+ app:
+
+ build: .
+ restart: always
+ mem_limit: 512m
+ hostname: "{{ domain }}"
+ ports:
+ - "0.0.0.0:{{ api_port }}:5665"
+ volumes:
+ - "{{ basedir }}/data:/var/lib/icinga2"
+ - "{{ basedir }}/etc/locale.gen:/etc/locale.gen"
+ - "{{ basedir }}/etc/icinga:/etc/icinga2"
+ - "{{ basedir }}/etc/icingaweb2:/etc/icingaweb2"
+ - "{{ basedir }}/log/apache2:/var/log/apache2"
+ - "{{ basedir }}/log/icinga2:/var/log/icinga2"
+ - "{{ basedir }}/log/icingaweb2:/var/log/icingaweb2"
+ depends_on:
+ - db
+ - graphite
+ environment:
+ TZ: "Europe/Berlin"
+ APACHE2_HTTP: BOTH
+ MYSQL_HOST: db
+ MYSQL_ROOT_USER: "root"
+ MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: icinga
+ MYSQL_USER: icinga
+ DEFAULT_MYSQL_HOST: db
+ DEFAULT_MYSQL_USER: icinga
+ DEFAULT_MYSQL_PASS: "{{ mysql_user_pass }}"
+ ICINGAWEB2_ADMIN_PASS: "{{ icinga_admin_pass }}"
+ ICINGA2_FEATURE_GRAPHITE: 1
+ ICINGA2_FEATURE_GRAPHITE_HOST: graphite
+ ICINGA2_FEATURE_GRAPHITE_PORT: 2003
+ ICINGA2_FEATURE_DIRECTOR: 0
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+ networks:
+ - default
+ - web
+
+ db:
+
+ image: mariadb:10.5.6
+ restart: always
+ mem_limit: 256m
+ ports:
+ - "{{ int_ip4 }}:{{mysql_port}}:3306"
+ volumes:
+ - "{{ basedir }}/db:/var/lib/mysql"
+ environment:
+ MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: icinga
+ MYSQL_USER: icinga
+ networks:
+ - default
+
+ graphite:
+
+ image: graphiteapp/graphite-statsd:1.1.7-6
+ restart: always
+ mem_limit: 256m
+ volumes:
+ - "{{ basedir }}/graphite-conf/storage-schemas.conf:/opt/graphite/conf/storage-schemas.conf"
+ - "{{ basedir }}/graphite-storage:/opt/graphite/storage"
+ environment:
+ GRAPHITE_TIME_ZONE: "Europe/Berlin"
+ GRAPHITE_DATE_FORMAT: "%d.%m.%y"
+ GRAPHITE_LOG_FILE_INFO: "-"
+ GRAPHITE_LOG_FILE_EXCEPTION: "-"
+ GRAPHITE_LOG_FILE_CACHE: "-"
+ GRAPHITE_LOG_FILE_RENDERING: "-"
+ networks:
+ - default
+
+networks:
+ web:
+ external: true
\ No newline at end of file
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7a9e0f23ed7e348c957e4832d4725af47833947d
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf
@@ -0,0 +1,7 @@
+/**
+ * The ApiUser objects are used for authentication against the API.
+ */
+object ApiUser "{{icinga_api_user}}" {
+ password = "{{icinga_api_pass}}"
+ permissions = [ "*" ]
+}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f83a9075f38c73c8d598da367759c590fb9168e6
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf
@@ -0,0 +1,65 @@
+
+object CheckCommand "check_mqtt" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check-mqtt/check-mqtt.py" ]
+
+ arguments = {
+ "-H" = "$mqtt_host$"
+ "-u" = "$mqtt_user$"
+ "-p" = "$mqtt_password$"
+ "-P" = "$mqtt_port$"
+ "-a" = "$mqtt_cafile$"
+ "-C" = "$mqtt_certfile$"
+ "-k" = "$mqtt_keyfile$"
+ "-t" = "$mqtt_topic$"
+ "-m" = {
+ set_if = "$mqtt_max$"
+ value = "$mqtt_max$"
+ }
+
+ "-l" = "$mqtt_payload$"
+ "-v" = "$mqtt_value$"
+ "-o" = "$mqtt_operator$"
+
+ "-r" = {
+ set_if = "$mqtt_readonly$"
+ description = "Don't write."
+ }
+ "-n" = {
+ set_if = "$mqtt_insecure$"
+ description = "suppress TLS hostname check"
+ }
+ }
+}
+
+object CheckCommand "check_mail_blacklist" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check_rbl_helper.sh" ]
+
+ arguments = {
+ "-H" = "$rbl_host$"
+ "-c" = "$rbl_critical$"
+ "-w" = "$rbl_warning$"
+ }
+}
+
+
+object CheckCommand "check_metric_value" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check_metric_value/check_metric_value.py" ]
+
+ arguments = {
+ "-P" = "/opt/bin/prom2json"
+ "-U" = "$metric_url$"
+ "-M" = "$metric_name$"
+ "-n" = "$metric_labelname$"
+ "-v" = "$metric_labelvalue$"
+ "-o" = "$metric_operator$"
+ "-u" = "$metric_unit$"
+ "-w" = "$metric_warn$"
+ "-c" = "$metric_crit$"
+ }
+}
\ No newline at end of file
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf
new file mode 100644
index 0000000000000000000000000000000000000000..1fe91cbfbf533eea877dc7e1a42dd9396c8e74d9
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf
@@ -0,0 +1,81 @@
+/**
+ * Host groups
+ */
+
+object HostGroup "linux-servers" {
+ display_name = "Linux Servers"
+
+ assign where host.vars.os == "Linux"
+}
+
+/*
+object HostGroup "windows-servers" {
+ display_name = "Windows Servers"
+
+ assign where host.vars.os == "Windows"
+}
+*/
+
+object HostGroup "network" {
+ display_name = "Network Devices"
+}
+
+object HostGroup "other" {
+ display_name = "Other Devices"
+}
+
+/**
+ * Service groups by check command
+ */
+
+object ServiceGroup "ping" {
+ display_name = "Ping Checks"
+
+ assign where match("ping*", service.name)
+}
+
+object ServiceGroup "http" {
+ display_name = "HTTP Checks"
+
+ assign where match("http*", service.check_command)
+}
+
+object ServiceGroup "dns" {
+ display_name = "DNS Checks"
+
+ assign where match("dig*", service.check_command)
+}
+
+object ServiceGroup "mqtt" {
+ display_name = "MQTT Checks"
+
+ assign where match("check_mqtt*", service.check_command)
+}
+
+/**
+ * Service Goups assigned in Services
+ */
+
+object ServiceGroup "backup" {
+ display_name = "Backup Checks"
+}
+
+object ServiceGroup "container" {
+ display_name = "Docker Container Checks"
+}
+
+object ServiceGroup "ldap" {
+ display_name = "LDAP Checks"
+}
+
+object ServiceGroup "certificate" {
+ display_name = "Certificate Checks"
+}
+
+object ServiceGroup "mail" {
+ display_name = "Mail Checks"
+}
+
+object ServiceGroup "exporter" {
+ display_name = "Metrics Exporter Checks"
+}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf
new file mode 100644
index 0000000000000000000000000000000000000000..be828f7279a8a9c04cbe7dd6393485b03c5c7b48
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf
@@ -0,0 +1,39 @@
+
+{% for host in groups['all'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+
+object Host "{{ host }}" {
+ import "generic-host"
+
+ address = "{{ hostvars[host].int_ip4 }}"
+
+ {% if hostvars[host].ext_ip4 is defined %}
+ vars.ext_ip4 = "{{ hostvars[host].ext_ip4 }}"
+ {% endif %}
+
+ {% if hostvars[host].ext_ip6 is defined %}
+ vars.ext_ip6 = "{{ hostvars[host].ext_ip6 }}"
+ {% endif %}
+
+ {% if host in monitoring.internal_ldap_servers %}
+ vars.is_ldapserver = "True"
+ {% endif %}
+
+ vars.os = "Linux"
+ vars.prometheus = true
+}
+
+{% endif %}
+{% endfor %}
+
+{% for host in monitoring.external_dns_servers %}
+
+object Host "ext_dns_{{ host.name }}" {
+ import "generic-host"
+
+ address = "{{ host.ip }}"
+ vars.is_dnsserver = "True"
+}
+
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
new file mode 100644
index 0000000000000000000000000000000000000000..1923ab4ed0999c464a7c274fb8ba9cf1c808dca5
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
@@ -0,0 +1,17 @@
+
+object Host "warpfire" {
+ import "generic-host"
+
+ address = "192.168.0.1"
+
+ groups = [ "network" ]
+}
+
+object Host "switch-sw01-hp" {
+ import "generic-host"
+
+ address = "192.168.0.100"
+
+ groups = [ "network" ]
+}
+
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf
new file mode 100644
index 0000000000000000000000000000000000000000..db34c6b70f923b925bde22a70e2ec7701b562df7
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf
@@ -0,0 +1,67 @@
+
+object NotificationCommand "pushover-host-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/notify_by_pushover.sh" ]
+
+ env = {
+ PUSHOVERUSER = "$user.vars.pushover_user$"
+ PUSHOVERTOKEN = "$user.vars.pushover_token$"
+ PUSHOVERTITLE = "Icinga @ {{ inventory_hostname }}"
+ PUSHOVERMESSAGE = "$notification.type$ $host.display_name$ $host.state$ $icinga.long_date_time$"
+ }
+}
+
+object NotificationCommand "pushover-service-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/notify_by_pushover.sh" ]
+
+ env = {
+ PUSHOVERUSER = "$user.vars.pushover_user$"
+ PUSHOVERTOKEN = "$user.vars.pushover_token$"
+ PUSHOVERTITLE = "Icinga @ {{ inventory_hostname }}"
+ PUSHOVERMESSAGE = "$notification.type$ $host.display_name$ $service.display_name$ $service.state$ $icinga.long_date_time$"
+ }
+}
+
+template Notification "pushover-host-notification" {
+ command = "pushover-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, FlappingStart ]
+
+ period = "24x7"
+}
+
+template Notification "pushover-service-notification" {
+ command = "pushover-service-notification"
+
+ states = [ OK, Critical, Unknown ]
+ types = [ Problem, FlappingStart ]
+
+ period = "24x7"
+}
+
+apply Notification "pushover-icingaadmins" to Host {
+ import "pushover-host-notification"
+
+ user_groups = ["icingaadmins"]
+
+ interval = 4h
+ times.begin = 15m
+
+ assign where host.address
+}
+
+apply Notification "pushover-icingaadmins" to Service {
+ import "pushover-service-notification"
+
+ user_groups = ["icingaadmins"]
+
+ interval = 4h
+ times.begin = 15m
+
+ assign where service.name
+}
+
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f16e0d33f6ba30cf58327d9098ebcd702c2850bd
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services.conf
@@ -0,0 +1,53 @@
+
+apply Service "ping" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_wrta = "200"
+ vars.ping_crta = "500"
+ vars.ping_wpl = "60"
+ vars.ping_cpl = "90"
+
+ assign where host.address
+}
+
+apply Service "ping_ext_ip4" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_address = "$host.vars.ext_ip4$"
+
+ vars.ping_wrta = "100"
+ vars.ping_crta = "300"
+ vars.ping_wpl = "20"
+ vars.ping_cpl = "50"
+
+ assign where host.vars.ext_ip4
+}
+
+#apply Service "ping_ext_ip6" {
+# import "generic-service"
+#
+# check_command = "ping6"
+#
+# vars.ping_address = "$host.vars.ext_ip6$"
+#
+# vars.ping_wrta = "100"
+# vars.ping_crta = "300"
+# vars.ping_wpl = "20"
+# vars.ping_cpl = "50"
+#
+# assign where host.vars.ext_ip6
+#}
+
+apply Service "ssh" {
+ import "generic-service"
+
+ check_command = "ssh"
+
+ assign where host.address && host.vars.os == "Linux"
+}
+
+
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf
new file mode 100644
index 0000000000000000000000000000000000000000..2e3d4d573be7ec5dc5ed88c19a4e793b4d327861
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf
@@ -0,0 +1,51 @@
+
+{% for host in groups['all'] %}
+
+ {% if hostvars[host].borgbackup_repos is defined %}
+ {% for repo in hostvars[host].borgbackup_repos %}
+ {% if hostvars[host].borgbackup_repos[repo].alert is defined and hostvars[host].borgbackup_repos[repo].alert %}
+
+apply Service "borgbackup_age - {{repo}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "borgbackup_lastbackup"
+ vars.metric_labelname = "repo"
+ vars.metric_labelvalue = "{{repo}}"
+ vars.metric_operator = "lt-date"
+ vars.metric_unit = "hours"
+ vars.metric_warn = "{{hostvars[host].borgbackup_repos[repo].warning_age}}"
+ vars.metric_crit = "{{hostvars[host].borgbackup_repos[repo].critical_age}}"
+
+ groups = [ "backup" ]
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "borgbackup_count - {{repo}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "borgbackup_count"
+ vars.metric_labelname = "repo"
+ vars.metric_labelvalue = "{{repo}}"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{hostvars[host].borgbackup_repos[repo].warning_count}}"
+ vars.metric_crit = "{{hostvars[host].borgbackup_repos[repo].critical_count}}"
+
+ groups = [ "backup" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf
new file mode 100644
index 0000000000000000000000000000000000000000..abac49262a0270323f9a1863cec876711413a7be
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf
@@ -0,0 +1,118 @@
+
+{% for host in groups['all'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+ {% if hostvars[host].alert.containers is defined %}
+
+apply Service "docker_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9323
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+apply Service "docker_container_count_low" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9323/metrics"
+ vars.metric_name = "engine_daemon_container_states_containers"
+ vars.metric_labelname = "state"
+ vars.metric_labelvalue = "running"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{ hostvars[host].alert.containers|length }}"
+ vars.metric_crit = "{{ hostvars[host].alert.containers|length }}"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "docker_container_count_high" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9323/metrics"
+ vars.metric_name = "engine_daemon_container_states_containers"
+ vars.metric_labelname = "state"
+ vars.metric_labelvalue = "running"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.containers|length }}"
+ vars.metric_crit = "9999"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "dockerstats_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9487
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+
+ {% for container in hostvars[host].alert.containers %}
+
+
+apply Service "{{ container.name }} CPU" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9487/metrics"
+ vars.metric_name = "dockerstats_cpu_usage_ratio"
+ vars.metric_labelname = "name"
+ vars.metric_labelvalue = "{{container.name}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "80"
+ vars.metric_crit = "95"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "{{ container.name }} MEM" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9487/metrics"
+ vars.metric_name = "dockerstats_memory_usage_ratio"
+ vars.metric_labelname = "name"
+ vars.metric_labelvalue = "{{container.name}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "80"
+ vars.metric_crit = "95"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% endfor %}
+
+ {% endif %}
+
+{% endif %}
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
new file mode 100644
index 0000000000000000000000000000000000000000..48542184056cc51960ddfa80a787baedc7b8f45e
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
@@ -0,0 +1,193 @@
+
+{% for host in groups['all'] %}
+
+ {% if hostvars[host].ext_ip4 is defined and hostvars[host].ext_ip6 is defined and hostvars[host].webserver_domains is defined %}
+ {% for domain in hostvars[host].webserver_domains %}
+
+apply Service "http_ok - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 80
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "http_301 - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 80
+ vars.http_expect = "301 Moved Permanently"
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "https_ok - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 443
+ vars.http_ssl = true
+ vars.http_sni = true
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "https_cert - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 443
+ vars.http_ssl = true
+ vars.http_sni = true
+ vars.http_certificate = "10,5"
+
+ groups = [ "certificate" ]
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "dig(4) - {{domain}}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{domain}}"
+ vars.dig_record_type = "A"
+ vars.dig_expected_address = "{{ hostvars[host].ext_ip4 }}"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+apply Service "dig(6) - {{domain}}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{domain}}"
+ vars.dig_record_type = "AAAA"
+ vars.dig_expected_address = "{{ hostvars[host].ext_ip6 }}"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
+
+
+{% for domain in global_domains %}
+
+apply Service "CAA record - {{ global_domains[domain].domain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ global_domains[domain].domain }}"
+ vars.dig_record_type = "CAA"
+ vars.dig_expected_address = "letsencrypt.org"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+{% endfor %}
+
+
+{% for maildomain in mail_domains %}
+
+apply Service "mx record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "MX"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].spf }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "_dmarc.{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].dmarc }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+
+ {% if mail_domains[maildomain].dkim is defined %}
+ {% for entry in mail_domains[maildomain].dkim %}
+
+apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ entry.value }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf
new file mode 100644
index 0000000000000000000000000000000000000000..6898e7620c89bc17aec7f19ee634abedcdf7480c
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf
@@ -0,0 +1,97 @@
+
+{% for host in groups['all'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+apply Service "node-exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9100
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% if hostvars[host].docker.prometheus_metrics is defined %}
+
+apply Service "docker_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9323
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if hostvars[host].docker.prometheus_stats is defined %}
+
+apply Service "dockerstats_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9487
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if hostvars[host].ldap_local.prometheus_metrics is defined %}
+
+apply Service "ldap_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9328
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter","ldap" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if host == "webserver2" %}
+
+apply Service "postfix_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9154
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter","mail" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+{% endif %}
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf
new file mode 100644
index 0000000000000000000000000000000000000000..6464630e07d87f0258cf192bdf6bf46cab042fda
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf
@@ -0,0 +1,167 @@
+
+{% for host in groups['all'] %}
+
+
+apply Service "ldap_ok" {
+ import "generic-service"
+
+ check_command = "ldap"
+
+ vars.ldap_port = "389"
+ vars.ldap_v3 = "true"
+ vars.ldap_base = "{{ ldap_global.search_base }}"
+ vars.ldap_bind = "{{ ldap_global.readonly_dn }}"
+ vars.ldap_pass = "{{ ldap_readonly_pass }}"
+
+ groups = [ "ldap" ]
+
+ assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
+}
+
+apply Service "ldap_metrics_up" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = false
+
+ vars.QUERY = "openldap_up{job=\"{{host}}_ldap\"}"
+ vars.NAME = "LDAP metrics up"
+ vars.TYPE = "vector"
+ vars.METHOD = "ne"
+ vars.WARNING = "1"
+ vars.CRITICAL = "1"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
+}
+
+apply Service "ldap_syncrepl_lag" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "openldap_syncrepl_lag{job=\"{{host}}_ldap\"}"
+ vars.NAME = "SyncRepl Lag (seconds)"
+ vars.TYPE = "vector"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "120"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
+}
+
+
+{% endfor %}
+
+
+apply Service "ldap_syncrepl_webserver1_webserver2" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "webserver1"
+}
+
+apply Service "ldap_syncrepl_webserver1_intserver" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "webserver1"
+}
+
+apply Service "ldap_syncrepl_webserver2_webserver1" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "webserver2"
+}
+
+apply Service "ldap_syncrepl_webserver2_intserver" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "webserver2"
+}
+
+apply Service "ldap_syncrepl_intserver_webserver1" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "intsserver"
+}
+
+apply Service "ldap_syncrepl_intserver_webserver2" {
+ import "generic-service"
+
+ check_command = "check_prometheus"
+ enable_perfdata = true
+
+ vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
+ vars.NAME = "ContextCSN diff"
+ vars.TYPE = "scalar"
+ vars.METHOD = "gt"
+ vars.WARNING = "5"
+ vars.CRITICAL = "110"
+
+ groups = [ "ldap","prometheus" ]
+
+ assign where host.name == "intserver"
+}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf
new file mode 100644
index 0000000000000000000000000000000000000000..32b6820702816c16e8cccae2a17bed5b913414ad
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf
@@ -0,0 +1,89 @@
+
+{% for maildomain in mail_domains %}
+
+apply Service "mail-smtp - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 25
+
+ groups = [ "mail" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-smtp-starttls - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 25
+ vars.smtp_starttls = true
+ vars.smtp_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "global-smtps - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "tcp"
+
+ vars.tcp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.tcp_port = 465
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-submission - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 587
+ vars.smtp_starttls = true
+ vars.smtp_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-imaps - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "imap"
+
+ vars.imap_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-blacklist - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "check_mail_blacklist"
+
+ vars.rbl_host = "{{ mail_domains[maildomain].mxserver }}"
+ vars.rbl_warning = 1
+ vars.rbl_critical = 3
+
+ groups = [ "mail" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
new file mode 100644
index 0000000000000000000000000000000000000000..25e83bd2ff7a3a89ebb53d2e5e4e93d700c37693
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
@@ -0,0 +1,12 @@
+
+apply Service "warpfire-admin" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "$host.address$"
+ vars.http_port = 80
+
+ assign where host.name == "warpfire"
+}
\ No newline at end of file
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
new file mode 100644
index 0000000000000000000000000000000000000000..3114a6fae9850bcc3c30c508b0855886f7fdb1a9
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
@@ -0,0 +1,18 @@
+
+{% for device in mqtt_sensors %}
+
+apply Service "mqttsensor-{{ device.id }}-status" {
+ import "generic-service"
+
+ check_command = "check_mqtt"
+
+ vars.mqtt_host = "{{ mqtt.ip }}"
+ vars.mqtt_topic = "{{ device.id }}/status"
+ vars.mqtt_value = "online"
+ vars.mqtt_operator = "equal"
+ vars.mqtt_readonly = true
+
+ assign where host.name == "intserver"
+}
+
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf
new file mode 100644
index 0000000000000000000000000000000000000000..5c54759f6f48aac02b498238d8ecd6a637c28f65
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf
@@ -0,0 +1,133 @@
+
+{% for host in groups['all'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+apply Service "node_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9100
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+apply Service "node_load1" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load1"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_load5" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load5"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_load15" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load15"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_reboot_required" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_reboot_required"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "0"
+ vars.metric_crit = "1"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "apt_upgrades_pending" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "apt_upgrades_pending"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "1"
+ vars.metric_crit = "25"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% for disk in hostvars[host].alert.disks %}
+
+apply Service "node_filesystem_free_bytes - {{disk.mountpoint}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_filesystem_free_bytes"
+ vars.metric_labelname = "mountpoint"
+ vars.metric_labelvalue = "{{disk.mountpoint}}"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{disk.warn | human_to_bytes }}"
+ vars.metric_crit = "{{disk.crit | human_to_bytes }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_filesystem_device_error - {{disk.mountpoint}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_filesystem_device_error"
+ vars.metric_labelname = "mountpoint"
+ vars.metric_labelvalue = "{{disk.mountpoint}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "0"
+ vars.metric_crit = "0"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% endfor %}
+
+
+{% endif %}
+{% endfor %}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf
new file mode 100644
index 0000000000000000000000000000000000000000..5655e3f2d4b7c3dadbdadbada85bc8c7d8957946
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf
@@ -0,0 +1,83 @@
+/*
+ * Generic template examples.
+ */
+
+
+/**
+ * Provides default settings for hosts. By convention
+ * all hosts should import this template.
+ *
+ * The CheckCommand object `hostalive` is provided by
+ * the plugin check command templates.
+ * Check the documentation for details.
+ */
+template Host "generic-host" {
+ max_check_attempts = 3
+ check_interval = 1m
+ retry_interval = 30s
+
+ check_command = "hostalive"
+}
+
+/**
+ * Provides default settings for services. By convention
+ * all services should import this template.
+ */
+template Service "generic-service" {
+ max_check_attempts = 5
+ check_interval = 1m
+ retry_interval = 30s
+}
+
+/**
+ * Provides default settings for users. By convention
+ * all users should inherit from this template.
+ */
+
+template User "generic-user" {
+
+}
+
+/**
+ * Provides default settings for host notifications.
+ * By convention all host notifications should import
+ * this template.
+ */
+template Notification "mail-host-notification" {
+ command = "mail-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
+
+/**
+ * Provides default settings for service notifications.
+ * By convention all service notifications should import
+ * this template.
+ */
+template Notification "mail-service-notification" {
+ command = "mail-service-notification"
+
+ states = [ OK, Warning, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf
new file mode 100644
index 0000000000000000000000000000000000000000..bd6aee1279ace2904e33b7652d55c9710849d400
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf
@@ -0,0 +1,5 @@
+
+object UserGroup "icingaadmins" {
+ display_name = "Icinga 2 Admin Group"
+}
+
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f093dafe8f39c0004ea1a9d5176b9836da6e2d89
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf
@@ -0,0 +1,17 @@
+/**
+ * Users are created on the Server directly and not managed by Ansible
+ */
+
+/*
+object User "sample-user" {
+ import "generic-user"
+
+ display_name = "Icinga 2 Admin"
+ groups = [ "icingaadmins" ]
+
+ email = "root@localhost"
+
+ vars.pushover_user = "xxxxxxxxxxxxxxxxx"
+ vars.pushover_token = "yyyyyyyyyyyyyyyyyy"
+}
+*/
diff --git a/webserver/docker_icinga/templates/etc/icingaweb2/authentication.ini b/webserver/docker_icinga/templates/etc/icingaweb2/authentication.ini
new file mode 100644
index 0000000000000000000000000000000000000000..f2b8ec57694962efd7f54eaa87573a157b2b77fd
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icingaweb2/authentication.ini
@@ -0,0 +1,12 @@
+
+
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+[ldap-users]
+backend = "ldap"
+resource = "icingaweb_ldap"
+user_class = inetOrgPerson
+user_name_attribute = uid
+filter = "memberOf={{ ldap_group_active_dn }}"
diff --git a/webserver/docker_icinga/templates/etc/icingaweb2/groups.ini b/webserver/docker_icinga/templates/etc/icingaweb2/groups.ini
new file mode 100644
index 0000000000000000000000000000000000000000..cc78bdddc7d5feb470c33809098e8455fd2695d5
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icingaweb2/groups.ini
@@ -0,0 +1,15 @@
+
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
+[ldap-groups]
+backend = "ldap"
+user_backend = "ldap-users"
+resource = "icingaweb_ldap"
+group_class = groupOfUniqueNames
+group_member_attribute = uniqueMember
+group_name_attribute = cn
+base_dn = "{{ ldap_group_dn }}"
+
+
diff --git a/webserver/docker_icinga/templates/etc/icingaweb2/resources.ini b/webserver/docker_icinga/templates/etc/icingaweb2/resources.ini
new file mode 100644
index 0000000000000000000000000000000000000000..4da1e50dff2499020510c7fc1279536e502d69a9
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icingaweb2/resources.ini
@@ -0,0 +1,31 @@
+[icingaweb_db]
+type = "db"
+db = "mysql"
+host = db
+port = 3306
+dbname = icingaweb2
+username = icinga
+password = {{ mysql_user_pass }}
+prefix = "icingaweb_"
+charset = "utf8"
+persistent = "0"
+
+[icinga_ido]
+type = "db"
+db = "mysql"
+host = db
+port = 3306
+dbname = icinga2idomysql
+username = icinga
+password = {{ mysql_user_pass }}
+charset = "utf8"
+persistent = "0"
+
+[icingaweb_ldap]
+type = ldap
+hostname = "{{ int_ip4 }}"
+port = 389
+root_dn = "{{ ldap_base_dn }}"
+bind_dn = "{{ ldap_readonly_bind_dn}}"
+bind_pw = "{{ ldap_readonly_pass }}"
+
diff --git a/webserver/docker_icinga/templates/etc/icingaweb2/roles.ini b/webserver/docker_icinga/templates/etc/icingaweb2/roles.ini
new file mode 100644
index 0000000000000000000000000000000000000000..56df6207760a4c5414271d499e144cd9e01065e8
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/icingaweb2/roles.ini
@@ -0,0 +1,9 @@
+[Administrators]
+users = icingaadmin
+permissions = "*"
+groups = "Administrators"
+
+[ldap-active]
+groups = active
+permissions = "application/*, module/*, monitoring/*"
+
diff --git a/webserver/docker_icinga/templates/etc/locale.gen b/webserver/docker_icinga/templates/etc/locale.gen
new file mode 100644
index 0000000000000000000000000000000000000000..906268dc040b6b1fe14ce28105576e02bf555eca
--- /dev/null
+++ b/webserver/docker_icinga/templates/etc/locale.gen
@@ -0,0 +1,7 @@
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+de_DE.UTF-8 UTF-8
+en_US.UTF-8 UTF-8
diff --git a/webserver/docker_icinga/templates/graphite-conf/storage-schemas.conf b/webserver/docker_icinga/templates/graphite-conf/storage-schemas.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0c6cb27c5242564cc27d8c6f844b87bd2188dc82
--- /dev/null
+++ b/webserver/docker_icinga/templates/graphite-conf/storage-schemas.conf
@@ -0,0 +1,33 @@
+
+# Schema definitions for Whisper files. Entries are scanned in order,
+# and first match wins. This file is scanned for changes every 60 seconds.
+#
+# Definition Syntax:
+#
+# [name]
+# pattern = regex
+# retentions = timePerPoint:timeToStore, timePerPoint:timeToStore, ...
+#
+# Remember: To support accurate aggregation from higher to lower resolution
+# archives, the precision of a longer retention archive must be
+# cleanly divisible by precision of next lower retention archive.
+#
+# Valid: 60s:7d,300s:30d (300/60 = 5)
+# Invalid: 180s:7d,300s:30d (300/180 = 3.333)
+#
+
+# Carbon's internal metrics. This entry should match what is specified in
+# CARBON_METRIC_PREFIX and CARBON_METRIC_INTERVAL settings
+[carbon]
+pattern = ^carbon\.
+retentions = 10s:6h,1m:90d
+
+[default]
+pattern = .*
+retentions = 10s:6h,1m:90d
+
+[icinga2_default]
+pattern = .*
+retentions = 1m:2d,5m:10d,30m:90d,60m:1y
+
+
diff --git a/webserver/docker_icinga/templates/logrotate b/webserver/docker_icinga/templates/logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..391bc41e223aad56556f0c64ed1edb2762218521
--- /dev/null
+++ b/webserver/docker_icinga/templates/logrotate
@@ -0,0 +1,28 @@
+/srv/icinga/log/apache2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/log/icinga2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/log/icingaweb2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/graphite-log/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
\ No newline at end of file
diff --git a/webserver/docker_icinga/templates/notify_by_pushover.sh b/webserver/docker_icinga/templates/notify_by_pushover.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9a4ccf8f0bddf9749320b8c050d1d42765e6b8e9
--- /dev/null
+++ b/webserver/docker_icinga/templates/notify_by_pushover.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+response=$(curl --write-out %{http_code} --silent \
+-F "token=$PUSHOVERTOKEN" \
+-F "user=$PUSHOVERUSER" \
+-F "title=$PUSHOVERTITLE" \
+-F "message=$PUSHOVERMESSAGE" \
+https://api.pushover.net/1/messages)
+if [[ "$response" == *200 ]]
+then
+ echo Pushover message sent succesfully
+ exit 0
+else
+ echo Activation of Pushover service failed. This is the response from Pushover: $response
+ exit 1
+fi
\ No newline at end of file
diff --git a/webserver/docker_mail/templates/mailcow-dockerized/docker-compose.override.yml b/webserver/docker_mail/templates/mailcow-dockerized/docker-compose.override.yml
index a316b94139515370b8c485fc561b0e2ff2dac6ac..15ceb471c11f21742cc3a3b0e91481c9554f934c 100644
--- a/webserver/docker_mail/templates/mailcow-dockerized/docker-compose.override.yml
+++ b/webserver/docker_mail/templates/mailcow-dockerized/docker-compose.override.yml
@@ -21,6 +21,19 @@ services:
- DOMAIN=${MAILCOW_HOSTNAME}
+# Prometheus Postfix Exporter
+
+ postfix-exporter:
+ image: unikum/postfix_exporter:latest
+ restart: always
+ depends_on:
+ - postfix-mailcow
+ ports:
+ - "{{ int_ip4 }}:9154:9154"
+ volumes:
+ - "postfix-vol-1:/var/spool/postfix:z"
+
+
# Labels für traefik Konfiguration
# Der Container nginx-mailcow benötigt zusätzlich den Alias sogo, damit der Container wegfallen kann