diff --git a/group_vars/test b/group_vars/test
index f57dccc57fa93d1658b93ec1cfcf4e6f10c262dc..fe91cb64888560fc6ba41ed0d4b51e577e8339aa 100644
--- a/group_vars/test
+++ b/group_vars/test
@@ -18,7 +18,7 @@ mail_domains:
spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['test-warpzone-de'].ext_ip4 }} ip6:{{ hostvars['test-warpzone-de'].ext_ip6 }} -all"
dmarc: "v=DMARC1; p=none;"
dkim:
- - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlvNCdae1bHGiuBrbXLwbtlEeQySngzG5wa7rG9O7eFFBnEKsrk9yOexRt1N5rOotRwL+Zy/9So8nylUFggP8nXlCgfUmEDPfNaWfzAeHUaPCTpUpbEZhOWr0vGxAyWeJ2p2eOAFK2PUU+KVqF7L3Zhb3yQxyYPKhKD4uxwgqH/Y2UPNP0SaJ7fOtZpW" "1cGiIVp2aVGiE5w1AbI3kDfLpGuh8g0AzBknVX4z8wb+f5wdZiX/3/iebv8LVxOpu6DRMt48D9PN9hRQywDVLPNko03rSu5MHoz3ilJC7lkFg7DRUssFT4JHeyrxoOu7FhZUc8BKjeQ3W2mrsGd6Y48ffQIDAQAB" }
+ - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlvNCdae1bHGiuBrbXLwbtlEeQySngzG5wa7rG9O7eFFBnEKsrk9yOexRt1N5rOotRwL+Zy/9So8nylUFggP8nXlCgfUmEDPfNaWfzAeHUaPCTpUpbEZhOWr0vGxAyWeJ2p2eOAFK2PUU+KVqF7L3Zhb3yQxyYPKhKD4uxwgqH/Y2UPNP0SaJ7fOtZpW\" \"1cGiIVp2aVGiE5w1AbI3kDfLpGuh8g0AzBknVX4z8wb+f5wdZiX/3/iebv8LVxOpu6DRMt48D9PN9hRQywDVLPNko03rSu5MHoz3ilJC7lkFg7DRUssFT4JHeyrxoOu7FhZUc8BKjeQ3W2mrsGd6Y48ffQIDAQAB" }
# lists_warpzonems:
# maildomain: "lists.test-warpzone.de"
# mxserver: "mailserver.test-warpzone.de"
@@ -33,3 +33,13 @@ monitoring:
- { ip: "1.1.1.1", name: "Cloudflare" }
- { ip: "8.8.8.8", name: "Google" }
- { ip: "9.9.9.9", name: "Quad9" }
+
+
+
+# Globale OAuth Server Settings
+oauth_global:
+ authorize_url: https://uffd.test-warpzone.de/oauth2/authorize
+ token_url: https://uffd.test-warpzone.de/oauth2/token
+ userinfo_url: https://uffd.test-warpzone.de/oauth2/userinfo
+ logout_url: https://uffd.test-warpzone.de/logout
+ metrics_url: https://uffd.test-warpzone.de/metrics
\ No newline at end of file
diff --git a/site.yml b/site.yml
index d42e8a4411e524af3d7d5a9497b4145b80fa9c87..e56f37687fdbd7c4e2f646653ddecf5e33a41b2f 100644
--- a/site.yml
+++ b/site.yml
@@ -51,19 +51,28 @@
# domain: "www.test-warpzone.de"
# }
- {
- role: testserver/docker_mail, tags: mail,
+ role: testserver/docker_mail, tags: test_mail,
servicename: mail,
- basedir: /srv/mail,
+ basedir: "/srv/{{ servicename }}",
domain: "test-warpzone.de",
mailserver: "mailserver.test-warpzone.de",
listserver: "listserver.test-warpzone.de"
}
- {
- role: testserver/docker_uffd, tags: uffd,
+ role: testserver/docker_uffd, tags: test_uffd,
servicename: uffd,
- basedir: /srv/uffd,
+ basedir: "/srv/{{ servicename }}",
domain: "uffd.test-warpzone.de",
}
+ - {
+ role: testserver/docker_icinga, tags: test_icinga,
+ servicename: icinga,
+ basedir: "/srv/{{ servicename }}",
+ domain: "icinga.test-warpzone.de",
+ groupname: test,
+ api_port: 5665,
+ mysql_port: 33306
+ }
@@ -242,6 +251,7 @@
servicename: icinga,
basedir: /srv/icinga,
domain: icinga.warpzone.ms,
+ groupname: prod,
api_port: 5665,
mysql_port: 33306
}
diff --git a/testserver/docker_icinga/handlers/main.yml b/testserver/docker_icinga/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..068770a8c8aaaa0f8455be9761145cf94584a9f9
--- /dev/null
+++ b/testserver/docker_icinga/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart icinga docker
+ docker_compose:
+ project_src: /srv/icinga/
+ state: present
+ restarted: yes
diff --git a/testserver/docker_icinga/tasks/main.yml b/testserver/docker_icinga/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5ff983b5d804a9b5be654866dd890cbe61ed5d66
--- /dev/null
+++ b/testserver/docker_icinga/tasks/main.yml
@@ -0,0 +1,128 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/secrets/forward_auth_secret", length: 64 }
+ - { path: "{{ basedir }}/secrets/oauth_client_secret", length: 64 }
+ - { path: "{{ basedir }}/secrets/icinga_admin_pass", length: 12 }
+ - { path: "{{ basedir }}/secrets/icinga_api_user", length: 8 }
+ - { path: "{{ basedir }}/secrets/icinga_api_pass", length: 8 }
+ - { path: "{{ basedir }}/secrets/mysql_admin_pass", length: 12 }
+ - { path: "{{ basedir }}/secrets/mysql_user_pass", length: 12 }
+
+
+- name: Setup OAuth Client Info
+ ansible.builtin.debug:
+ msg: "Client ID: {{ servicename }} // Client Secret: {{ oauth_client_secret }} // Redirect-URI: https://{{ domain }}/_oauth"
+
+
+- name: pakete installieren
+ apt:
+ update_cache: no
+ state: present
+ name:
+ - logrotate
+
+
+- name: icinga LogRotate config erstellen
+ template:
+ src: logrotate
+ dest: /etc/logrotate.d/icinga
+
+
+- name: "create folder struct for {{ servicename }}"
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}"
+ - "{{ basedir }}/secrets/"
+ - "{{ basedir }}/data/"
+ - "{{ basedir }}/etc/"
+ - "{{ basedir }}/log/"
+ - "{{ basedir }}/db/"
+ - "{{ basedir }}/graphite-conf/"
+ - "{{ basedir }}/graphite-storage/"
+
+
+- name: Konfig-Dateien erstellen (base)
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - Dockerfile
+ - docker-compose.yml
+ - check_rbl_helper.sh
+ - notify_by_pushover.sh
+ - etc/locale.gen
+ - etc/oauth_header.conf
+ notify: restart icinga docker
+ register: dockerconfig
+
+- stat:
+ path: "{{ basedir }}/etc/icingaweb2/CONFIGURED"
+ register: configured
+
+- name: "start {{ servicename }} docker (init)"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: present
+ when: configured.stat.exists == False
+
+- name: "wait for {{ servicename }} docker (init)"
+ wait_for:
+ path: "{{ basedir }}/etc/icingaweb2/CONFIGURED"
+ when: configured.stat.exists == False
+
+- name: "stop {{ servicename }} docker (init)"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: absent
+ when: configured.stat.exists == False
+
+- name: Script Helper erstellen
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ mode: u+x
+ with_items:
+ - debuglog_enable.sh
+ - debuglog_disable.sh
+
+
+- name: Konfig-Dateien erstellen (icinga,icingaweb2,graphite)
+ template:
+ src: "{{ item }}"
+ dest: "{{ basedir }}/{{ item }}"
+ with_items:
+ - etc/icinga/conf.d/api-users.conf
+ - etc/icinga/conf.d/commands2.conf
+ - etc/icinga/conf.d/groups.conf
+ - etc/icinga/conf.d/hosts_manual.conf
+ - etc/icinga/conf.d/hosts.conf
+# - etc/icinga/conf.d/notifications_pushover.conf
+ - etc/icinga/conf.d/notifications.conf
+ - etc/icinga/conf.d/services_backup.conf
+ - etc/icinga/conf.d/services_container.conf
+ - etc/icinga/conf.d/services_domains.conf
+ - etc/icinga/conf.d/services_exporters.conf
+ - etc/icinga/conf.d/services_mail.conf
+ - etc/icinga/conf.d/services_manual.conf
+# - etc/icinga/conf.d/services_mqttsensors.conf
+ - etc/icinga/conf.d/services_system.conf
+ - etc/icinga/conf.d/services.conf
+ - etc/icinga/conf.d/templates.conf
+ - etc/icinga/conf.d/users_groups.conf
+ - etc/icinga/conf.d/users_sample.conf
+ - etc/icingaweb2/authentication.ini
+ - etc/icingaweb2/groups.ini
+ - etc/icingaweb2/resources.ini
+ - etc/icingaweb2/roles.ini
+ notify: restart icinga docker
+
+
+- name: "start {{ servicename }} docker"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: present
+ build: "{{ dockerconfig.changed }}"
diff --git a/testserver/docker_icinga/templates/Dockerfile b/testserver/docker_icinga/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c76b06c1c00db530d81659b8d88698d83c40022c
--- /dev/null
+++ b/testserver/docker_icinga/templates/Dockerfile
@@ -0,0 +1,50 @@
+FROM jordan/icinga2:2.14.0
+
+# Install additional Packages
+RUN apt-get update \
+ && apt-get install -y -q --no-install-recommends \
+ curl \
+ dnsutils \
+ git \
+ jq \
+ libdata-validate-domain-perl \
+ libdata-validate-ip-perl \
+ libmonitoring-plugin-perl \
+ libnet-dns-perl \
+ libnet-ip-perl \
+ perl \
+ python3-requests \
+ python3 \
+ python3-paho-mqtt \
+ && apt-get autoremove -y \
+ && apt-get clean \
+ && rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/debconf/*-old
+
+# Helper Scripe
+COPY check_rbl_helper.sh /opt
+COPY notify_by_pushover.sh /opt
+RUN chmod +x /opt/*.sh
+
+# check_mqtt
+RUN cd /opt/ \
+ && git clone https://github.com/jpmens/check-mqtt.git \
+ && cd /opt/check-mqtt/ \
+ && git checkout v3.0
+
+# check_rbl
+RUN cd /opt/ \
+ && git clone https://github.com/matteocorti/check_rbl.git \
+ && cd /opt/check_rbl/ \
+ && git checkout v1.5.7
+
+# prom2json -- needed for check_metric_value
+RUN cd /opt/ \
+ && wget https://github.com/prometheus/prom2json/releases/download/v1.3.0/prom2json-1.3.0.linux-amd64.tar.gz \
+ && tar --strip-components=1 -xzvf prom2json-1.3.0.linux-amd64.tar.gz \
+ && chmod ugo+x /opt/prom2json
+
+# check_metric_value - commit from 16.12.2020
+RUN cd /opt/ \
+ && git clone https://github.com/elberfeld/check_metric_value.git \
+ && cd /opt/check_metric_value/ \
+ && git checkout b94d3c3e78497a05e3b4520d33421f37e4d77985
\ No newline at end of file
diff --git a/testserver/docker_icinga/templates/check_rbl_helper.sh b/testserver/docker_icinga/templates/check_rbl_helper.sh
new file mode 100644
index 0000000000000000000000000000000000000000..09cd70fcd7de53e54fd9a7ec8d2cc420f22ef905
--- /dev/null
+++ b/testserver/docker_icinga/templates/check_rbl_helper.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/perl /opt/check_rbl/check_rbl --extra-opts=rbl@/opt/check_rbl/check_rbl.ini $@
diff --git a/testserver/docker_icinga/templates/debuglog_disable.sh b/testserver/docker_icinga/templates/debuglog_disable.sh
new file mode 100644
index 0000000000000000000000000000000000000000..ce6d4ed18ef9452cd0b04edf7a85607cded9613a
--- /dev/null
+++ b/testserver/docker_icinga/templates/debuglog_disable.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cd /srv/icinga
+docker-compose exec app icinga2 feature disable debuglog
+docker-compose restart
+rm log/icinga2/debug.log
diff --git a/testserver/docker_icinga/templates/debuglog_enable.sh b/testserver/docker_icinga/templates/debuglog_enable.sh
new file mode 100644
index 0000000000000000000000000000000000000000..187440dc5d1d868aad9ac107ee37173e766de84b
--- /dev/null
+++ b/testserver/docker_icinga/templates/debuglog_enable.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cd /srv/icinga
+docker-compose exec app icinga2 feature enable debuglog
+docker-compose restart
+tail -f log/icinga2/debug.log
diff --git a/testserver/docker_icinga/templates/docker-compose.yml b/testserver/docker_icinga/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1edfcb28d1a74506fa7e4d55c2e8e208c79fe04a
--- /dev/null
+++ b/testserver/docker_icinga/templates/docker-compose.yml
@@ -0,0 +1,119 @@
+
+version: "2.4"
+
+services:
+
+ app:
+
+ build: .
+ restart: always
+ ports:
+ - "{{ api_port }}:5665"
+ volumes:
+ - "{{ basedir }}/data:/var/lib/icinga2"
+ - "{{ basedir }}/etc/locale.gen:/etc/locale.gen"
+ - "{{ basedir }}/etc/oauth_header.conf:/etc/apache2/conf-enabled/oauth_header.conf"
+ - "{{ basedir }}/etc/icinga:/etc/icinga2"
+ - "{{ basedir }}/etc/icingaweb2:/etc/icingaweb2"
+ - "{{ basedir }}/log/apache2:/var/log/apache2"
+ - "{{ basedir }}/log/icinga2:/var/log/icinga2"
+ - "{{ basedir }}/log/icingaweb2:/var/log/icingaweb2"
+ depends_on:
+ - db
+ - graphite
+ environment:
+ APACHE2_HTTP: BOTH
+ MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: icinga
+ MYSQL_USER: icinga
+ DEFAULT_MYSQL_HOST: db
+ DEFAULT_MYSQL_USER: icinga
+ DEFAULT_MYSQL_PASS: "{{ mysql_user_pass }}"
+ ICINGAWEB2_ADMIN_PASS: "{{ icinga_admin_pass }}"
+ ICINGA2_FEATURE_GRAPHITE: 1
+ ICINGA2_FEATURE_GRAPHITE_HOST: graphite
+ ICINGA2_FEATURE_GRAPHITE_PORT: 2003
+ ICINGA2_FEATURE_DIRECTOR: 0
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-auth
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+ networks:
+ - default
+ - web
+
+
+ auth:
+ image: thomseddon/traefik-forward-auth:2.2
+ restart: always
+ environment:
+ LOG_LEVEL: info
+ DEFAULT_ACTION: auth
+ DEFAULT_PROVIDER: generic-oauth
+ SECRET: {{ forward_auth_secret }}
+ PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ oauth_global.authorize_url }}
+ PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ oauth_global.token_url }}
+ PROVIDERS_GENERIC_OAUTH_USER_URL: {{ oauth_global.userinfo_url }}
+ PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ servicename }}
+ PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ oauth_client_secret }}
+ PROVIDERS_GENERIC_OAUTH_SCOPE: profile
+ PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: header
+ labels:
+ - traefik.enable=true
+ - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.address=http://auth:4181
+ - traefik.http.middlewares.{{ servicename }}-auth.forwardauth.authResponseHeaders=X-Forwarded-User
+ - traefik.http.services.{{ servicename }}-auth.loadbalancer.server.port=4181
+ networks:
+ - default
+ - web
+
+
+ db:
+
+ image: mariadb:10.7.1
+ restart: always
+ ports:
+ - "{{ int_ip4 }}:{{mysql_port}}:3306"
+ volumes:
+ - "{{ basedir }}/db:/var/lib/mysql"
+ environment:
+ MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: icinga
+ MYSQL_USER: icinga
+ networks:
+ - default
+
+
+ graphite:
+
+ image: graphiteapp/graphite-statsd:1.1.8-7
+ restart: always
+ volumes:
+ - "{{ basedir }}/graphite-conf:/opt/graphite/conf"
+ - "{{ basedir }}/graphite-storage:/opt/graphite/storage"
+ environment:
+ GRAPHITE_TIME_ZONE: "Europe/Berlin"
+ GRAPHITE_DATE_FORMAT: "%d.%m.%y"
+ GRAPHITE_LOG_FILE_INFO: "-"
+ GRAPHITE_LOG_FILE_EXCEPTION: "-"
+ GRAPHITE_LOG_FILE_CACHE: "-"
+ GRAPHITE_LOG_FILE_RENDERING: "-"
+ networks:
+ - default
+
+
+networks:
+ web:
+ external: true
+ default:
+ driver: bridge
+ enable_ipv6: true
+ ipam:
+ driver: default
+ config:
+ # must be a ULA range
+ - subnet: fd00:dead:beef:{{ api_port }}::/64
\ No newline at end of file
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7a9e0f23ed7e348c957e4832d4725af47833947d
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/api-users.conf
@@ -0,0 +1,7 @@
+/**
+ * The ApiUser objects are used for authentication against the API.
+ */
+object ApiUser "{{icinga_api_user}}" {
+ password = "{{icinga_api_pass}}"
+ permissions = [ "*" ]
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d1c3cbe066aa2f11280dd98939fe3c0362217a08
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/commands2.conf
@@ -0,0 +1,128 @@
+
+/**
+ * Check MQTT values
+ */
+
+object CheckCommand "check_mqtt" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check-mqtt/check-mqtt.py" ]
+
+ arguments = {
+ "-H" = "$mqtt_host$"
+ "-u" = "$mqtt_user$"
+ "-p" = "$mqtt_password$"
+ "-P" = "$mqtt_port$"
+ "-a" = "$mqtt_cafile$"
+ "-C" = "$mqtt_certfile$"
+ "-k" = "$mqtt_keyfile$"
+ "-t" = "$mqtt_topic$"
+ "-m" = {
+ set_if = "$mqtt_max$"
+ value = "$mqtt_max$"
+ }
+
+ "-l" = "$mqtt_payload$"
+ "-v" = "$mqtt_value$"
+ "-o" = "$mqtt_operator$"
+
+ "-r" = {
+ set_if = "$mqtt_readonly$"
+ description = "Don't write."
+ }
+ "-n" = {
+ set_if = "$mqtt_insecure$"
+ description = "suppress TLS hostname check"
+ }
+ }
+}
+
+/**
+ * Check for Mail Blacklisting
+ */
+
+object CheckCommand "check_mail_blacklist" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check_rbl_helper.sh" ]
+
+ arguments = {
+ "-H" = "$rbl_host$"
+ "-c" = "$rbl_critical$"
+ "-w" = "$rbl_warning$"
+ }
+}
+
+/**
+ * Check for Prometheus values
+ */
+
+object CheckCommand "check_metric_value" {
+ import "plugin-check-command"
+
+ command = [ "/opt/check_metric_value/check_metric_value.py" ]
+
+ arguments = {
+ "-P" = "/opt/prom2json"
+ "-U" = "$metric_url$"
+ "-M" = "$metric_name$"
+ "-n" = "$metric_labelname$"
+ "-v" = "$metric_labelvalue$"
+ "-o" = "$metric_operator$"
+ "-u" = "$metric_unit$"
+ "-w" = "$metric_warn$"
+ "-c" = "$metric_crit$"
+ }
+}
+
+/**
+ * Matrix Notification
+ */
+
+object NotificationCommand "matrix-host-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/icinga2-matrix-bot/icinga2/matrix-host-notification.sh" ]
+
+ env = {
+ "NOTIFICATIONTYPE" = "$notification.type$"
+ "HOSTALIAS" = "$host.display_name$",
+ "HOSTADDRESS" = "$address$",
+ "HOSTNAME" = "$host.name$",
+ "HOSTSTATE" = "$host.state$",
+ "LONGDATETIME" = "$icinga.long_date_time$",
+ "HOSTOUTPUT" = "$host.output$",
+ "NOTIFICATIONAUTHORNAME" = "$notification.author$",
+ "NOTIFICATIONCOMMENT" = "$notification.comment$",
+ "HOSTDISPLAYNAME" = "$host.display_name$",
+ "ICINGA_WEBURL" = "$notification_icingaweb2url$",
+ "MATRIX_SERVER" = "$user.vars.matrix.server$",
+ "MATRIX_TOKEN" = "$user.vars.matrix.token$",
+ "MATRIX_CHANNEL" = "$user.vars.matrix.channel$",
+ }
+}
+
+object NotificationCommand "matrix-service-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/icinga2-matrix-bot/icinga2/matrix-service-notification.sh" ]
+
+ env = {
+ "NOTIFICATIONTYPE" = "$notification.type$"
+ "SERVICEDESC" = "$service.name$"
+ "HOSTALIAS" = "$host.display_name$",
+ "HOSTNAME" = "$host.name$",
+ "HOSTADDRESS" = "$address$",
+ "SERVICESTATE" = "$service.state$",
+ "LONGDATETIME" = "$icinga.long_date_time$",
+ "SERVICEOUTPUT" = "$service.output$",
+ "NOTIFICATIONAUTHORNAME" = "$notification.author$",
+ "NOTIFICATIONCOMMENT" = "$notification.comment$",
+ "HOSTDISPLAYNAME" = "$host.display_name$",
+ "SERVICEDISPLAYNAME" = "$service.display_name$",
+ "ICINGA_WEBURL" = "$notification_icingaweb2url$",
+ "MATRIX_SERVER" = "$user.vars.matrix.server$",
+ "MATRIX_TOKEN" = "$user.vars.matrix.token$",
+ "MATRIX_CHANNEL" = "$user.vars.matrix.channel$",
+ }
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf
new file mode 100644
index 0000000000000000000000000000000000000000..1fe91cbfbf533eea877dc7e1a42dd9396c8e74d9
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/groups.conf
@@ -0,0 +1,81 @@
+/**
+ * Host groups
+ */
+
+object HostGroup "linux-servers" {
+ display_name = "Linux Servers"
+
+ assign where host.vars.os == "Linux"
+}
+
+/*
+object HostGroup "windows-servers" {
+ display_name = "Windows Servers"
+
+ assign where host.vars.os == "Windows"
+}
+*/
+
+object HostGroup "network" {
+ display_name = "Network Devices"
+}
+
+object HostGroup "other" {
+ display_name = "Other Devices"
+}
+
+/**
+ * Service groups by check command
+ */
+
+object ServiceGroup "ping" {
+ display_name = "Ping Checks"
+
+ assign where match("ping*", service.name)
+}
+
+object ServiceGroup "http" {
+ display_name = "HTTP Checks"
+
+ assign where match("http*", service.check_command)
+}
+
+object ServiceGroup "dns" {
+ display_name = "DNS Checks"
+
+ assign where match("dig*", service.check_command)
+}
+
+object ServiceGroup "mqtt" {
+ display_name = "MQTT Checks"
+
+ assign where match("check_mqtt*", service.check_command)
+}
+
+/**
+ * Service Goups assigned in Services
+ */
+
+object ServiceGroup "backup" {
+ display_name = "Backup Checks"
+}
+
+object ServiceGroup "container" {
+ display_name = "Docker Container Checks"
+}
+
+object ServiceGroup "ldap" {
+ display_name = "LDAP Checks"
+}
+
+object ServiceGroup "certificate" {
+ display_name = "Certificate Checks"
+}
+
+object ServiceGroup "mail" {
+ display_name = "Mail Checks"
+}
+
+object ServiceGroup "exporter" {
+ display_name = "Metrics Exporter Checks"
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf
new file mode 100644
index 0000000000000000000000000000000000000000..897910a33d3cf581ef9daf8767b86a0161f0b735
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts.conf
@@ -0,0 +1,39 @@
+
+{% for host in groups['{{ groupname }}'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+
+object Host "{{ host }}" {
+ import "generic-host"
+
+ address = "{{ hostvars[host].int_ip4 }}"
+
+ {% if hostvars[host].ext_ip4 is defined %}
+ vars.ext_ip4 = "{{ hostvars[host].ext_ip4 }}"
+ {% endif %}
+
+ {% if hostvars[host].ext_ip6 is defined %}
+ vars.ext_ip6 = "{{ hostvars[host].ext_ip6 }}"
+ {% endif %}
+
+ {% if host in monitoring.internal_ldap_servers %}
+ vars.is_ldapserver = "True"
+ {% endif %}
+
+ vars.os = "Linux"
+ vars.prometheus = true
+}
+
+{% endif %}
+{% endfor %}
+
+{% for host in monitoring.external_dns_servers %}
+
+object Host "ext_dns_{{ host.name }}" {
+ import "generic-host"
+
+ address = "{{ host.ip }}"
+ vars.is_dnsserver = "True"
+}
+
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d1f7c2a8deb2ff0018286d160004e2afc6b88b25
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
@@ -0,0 +1,83 @@
+
+object Host "wz-router" {
+ import "generic-host"
+
+ address = "192.168.0.1"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-sw-core" {
+ import "generic-host"
+
+ address = "192.168.0.2"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-sw-access" {
+ import "generic-host"
+
+ address = "192.168.0.3"
+
+ # Keine Notifications, da der Switch aus ist wenn die Zone geschlossen ist
+ vars.enable_nofitications = false
+
+ groups = [ "network" ]
+}
+
+object Host "wz-sw-dach" {
+ import "generic-host"
+
+ address = "192.168.0.4"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-ap-dach" {
+ import "generic-host"
+
+ address = "192.168.0.13"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-ap-eingang" {
+ import "generic-host"
+
+ address = "192.168.0.14"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-ap-lounge" {
+ import "generic-host"
+
+ address = "192.168.0.10"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-ap-vortrag" {
+ import "generic-host"
+
+ address = "192.168.0.12"
+
+ groups = [ "network" ]
+}
+
+object Host "wz-ap-werkstatt" {
+ import "generic-host"
+
+ address = "192.168.0.11"
+
+ groups = [ "network" ]
+}
+
+object Host "eq3max-cube" {
+ import "generic-host"
+
+ address = "{{ eq3max.cube_host }}"
+
+ groups = [ "network" ]
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
new file mode 100644
index 0000000000000000000000000000000000000000..eadaa8ea3ebe47aeddf8d57b3de97a5c03d27287
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications.conf
@@ -0,0 +1,22 @@
+
+apply Notification "matrix" to Host {
+ import "matrix-host-notification"
+
+ users = [ "matrix" ]
+
+ interval = 4h
+
+ assign where host.address && host.vars.enable_nofitications != false
+}
+
+
+apply Notification "matrix" to Service {
+ import "matrix-service-notification"
+
+ users = [ "matrix" ]
+
+ interval = 4h
+
+ assign where service.name && service.vars.enable_nofitications != false
+}
+
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf
new file mode 100644
index 0000000000000000000000000000000000000000..db34c6b70f923b925bde22a70e2ec7701b562df7
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/notifications_pushover.conf
@@ -0,0 +1,67 @@
+
+object NotificationCommand "pushover-host-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/notify_by_pushover.sh" ]
+
+ env = {
+ PUSHOVERUSER = "$user.vars.pushover_user$"
+ PUSHOVERTOKEN = "$user.vars.pushover_token$"
+ PUSHOVERTITLE = "Icinga @ {{ inventory_hostname }}"
+ PUSHOVERMESSAGE = "$notification.type$ $host.display_name$ $host.state$ $icinga.long_date_time$"
+ }
+}
+
+object NotificationCommand "pushover-service-notification" {
+ import "plugin-notification-command"
+
+ command = [ "/opt/notify_by_pushover.sh" ]
+
+ env = {
+ PUSHOVERUSER = "$user.vars.pushover_user$"
+ PUSHOVERTOKEN = "$user.vars.pushover_token$"
+ PUSHOVERTITLE = "Icinga @ {{ inventory_hostname }}"
+ PUSHOVERMESSAGE = "$notification.type$ $host.display_name$ $service.display_name$ $service.state$ $icinga.long_date_time$"
+ }
+}
+
+template Notification "pushover-host-notification" {
+ command = "pushover-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, FlappingStart ]
+
+ period = "24x7"
+}
+
+template Notification "pushover-service-notification" {
+ command = "pushover-service-notification"
+
+ states = [ OK, Critical, Unknown ]
+ types = [ Problem, FlappingStart ]
+
+ period = "24x7"
+}
+
+apply Notification "pushover-icingaadmins" to Host {
+ import "pushover-host-notification"
+
+ user_groups = ["icingaadmins"]
+
+ interval = 4h
+ times.begin = 15m
+
+ assign where host.address
+}
+
+apply Notification "pushover-icingaadmins" to Service {
+ import "pushover-service-notification"
+
+ user_groups = ["icingaadmins"]
+
+ interval = 4h
+ times.begin = 15m
+
+ assign where service.name
+}
+
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f16e0d33f6ba30cf58327d9098ebcd702c2850bd
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services.conf
@@ -0,0 +1,53 @@
+
+apply Service "ping" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_wrta = "200"
+ vars.ping_crta = "500"
+ vars.ping_wpl = "60"
+ vars.ping_cpl = "90"
+
+ assign where host.address
+}
+
+apply Service "ping_ext_ip4" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_address = "$host.vars.ext_ip4$"
+
+ vars.ping_wrta = "100"
+ vars.ping_crta = "300"
+ vars.ping_wpl = "20"
+ vars.ping_cpl = "50"
+
+ assign where host.vars.ext_ip4
+}
+
+#apply Service "ping_ext_ip6" {
+# import "generic-service"
+#
+# check_command = "ping6"
+#
+# vars.ping_address = "$host.vars.ext_ip6$"
+#
+# vars.ping_wrta = "100"
+# vars.ping_crta = "300"
+# vars.ping_wpl = "20"
+# vars.ping_cpl = "50"
+#
+# assign where host.vars.ext_ip6
+#}
+
+apply Service "ssh" {
+ import "generic-service"
+
+ check_command = "ssh"
+
+ assign where host.address && host.vars.os == "Linux"
+}
+
+
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf
new file mode 100644
index 0000000000000000000000000000000000000000..ebca4c1b97f7beeafd6d6208f59096bbdb812fcd
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_backup.conf
@@ -0,0 +1,51 @@
+
+{% for host in groups['{{ groupname }}'] %}
+
+ {% if hostvars[host].borgbackup_repos is defined %}
+ {% for repo in hostvars[host].borgbackup_repos %}
+ {% if hostvars[host].borgbackup_repos[repo].alert is defined and hostvars[host].borgbackup_repos[repo].alert %}
+
+apply Service "borgbackup_age - {{repo}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "borgbackup_lastbackup"
+ vars.metric_labelname = "repo"
+ vars.metric_labelvalue = "{{repo}}"
+ vars.metric_operator = "lt-date"
+ vars.metric_unit = "hours"
+ vars.metric_warn = "{{hostvars[host].borgbackup_repos[repo].warning_age}}"
+ vars.metric_crit = "{{hostvars[host].borgbackup_repos[repo].critical_age}}"
+
+ groups = [ "backup" ]
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "borgbackup_count - {{repo}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "borgbackup_count"
+ vars.metric_labelname = "repo"
+ vars.metric_labelvalue = "{{repo}}"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{hostvars[host].borgbackup_repos[repo].warning_count}}"
+ vars.metric_crit = "{{hostvars[host].borgbackup_repos[repo].critical_count}}"
+
+ groups = [ "backup" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf
new file mode 100644
index 0000000000000000000000000000000000000000..018b15201d211822c1954aecd08a4fb026dbab0b
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_container.conf
@@ -0,0 +1,118 @@
+
+{% for host in groups['{{ groupname }}'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+ {% if hostvars[host].alert.containers is defined %}
+
+apply Service "docker_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9323
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+apply Service "docker_container_count_low" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9323/metrics"
+ vars.metric_name = "engine_daemon_container_states_containers"
+ vars.metric_labelname = "state"
+ vars.metric_labelvalue = "running"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{ hostvars[host].alert.containers|length }}"
+ vars.metric_crit = "{{ hostvars[host].alert.containers|length }}"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "docker_container_count_high" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9323/metrics"
+ vars.metric_name = "engine_daemon_container_states_containers"
+ vars.metric_labelname = "state"
+ vars.metric_labelvalue = "running"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.containers|length }}"
+ vars.metric_crit = "9999"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "dockerstats_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9487
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+
+ {% for container in hostvars[host].alert.containers %}
+
+
+apply Service "{{ container.name }} CPU" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9487/metrics"
+ vars.metric_name = "dockerstats_cpu_usage_ratio"
+ vars.metric_labelname = "name"
+ vars.metric_labelvalue = "{{container.name}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "80"
+ vars.metric_crit = "95"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "{{ container.name }} MEM" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9487/metrics"
+ vars.metric_name = "dockerstats_memory_usage_ratio"
+ vars.metric_labelname = "name"
+ vars.metric_labelvalue = "{{container.name}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "80"
+ vars.metric_crit = "95"
+
+ groups = [ "container" ]
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% endfor %}
+
+ {% endif %}
+
+{% endif %}
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
new file mode 100644
index 0000000000000000000000000000000000000000..3e93a245c012c5c7c24e81f950dcf6c240be9886
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_domains.conf
@@ -0,0 +1,195 @@
+
+{% for host in groups['{{ groupname }}'] %}
+
+ {% if hostvars[host].ext_ip4 is defined and hostvars[host].ext_ip6 is defined and hostvars[host].webserver_domains is defined %}
+ {% for domain in hostvars[host].webserver_domains %}
+
+apply Service "http_ok - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 80
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "http_301 - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 80
+ vars.http_expect = "301 Moved Permanently"
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "https_ok - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 443
+ vars.http_ssl = true
+ vars.http_sni = true
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "https_cert - {{domain}}" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{domain}}"
+ vars.http_vhost = "{{domain}}"
+ vars.http_port = 443
+ vars.http_ssl = true
+ vars.http_sni = true
+ vars.http_certificate = "10,5"
+
+ groups = [ "certificate" ]
+
+ assign where host.name == "{{host}}"
+}
+
+apply Service "dig(4) - {{domain}}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{domain}}"
+ vars.dig_record_type = "A"
+ vars.dig_expected_address = "{{ hostvars[host].ext_ip4 }}"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+apply Service "dig(6) - {{domain}}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{domain}}"
+ vars.dig_record_type = "AAAA"
+ vars.dig_expected_address = "{{ hostvars[host].ext_ip6 }}"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
+
+
+{% for domain in global_domains %}
+
+apply Service "CAA record - {{ global_domains[domain].domain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ global_domains[domain].domain }}"
+ vars.dig_record_type = "CAA"
+ vars.dig_expected_address = "letsencrypt.org"
+ vars.dig_arguments = "+tcp"
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+{% endfor %}
+
+
+{% for maildomain in mail_domains %}
+
+apply Service "mx record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "MX"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+apply Service "spf record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].spf }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+ {% if mail_domains[maildomain].dmarc is defined %}
+
+apply Service "DMARC record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "_dmarc.{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ mail_domains[maildomain].dmarc }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+ {% endif %}
+
+ {% if mail_domains[maildomain].dkim is defined %}
+ {% for entry in mail_domains[maildomain].dkim %}
+
+apply Service "DKIM {{entry.selector}} record - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "dig"
+ enable_perfdata = false
+
+ vars.dig_lookup = "{{entry.selector}}._domainkey.{{ mail_domains[maildomain].maildomain }}"
+ vars.dig_record_type = "TXT"
+ vars.dig_expected_address = "{{ entry.value | replace("\"","\\\"") }}"
+ vars.dig_arguments = "+tcp"
+
+ groups = [ "mail" ]
+
+ assign where host.address && host.vars.is_dnsserver == "True"
+}
+
+ {% endfor %}
+ {% endif %}
+
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf
new file mode 100644
index 0000000000000000000000000000000000000000..b0de0314c4bb4895897c46a96465bbd665382258
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_exporters.conf
@@ -0,0 +1,97 @@
+
+{% for host in groups['{{ groupname }}'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+apply Service "node-exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9100
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% if hostvars[host].docker.prometheus_metrics is defined %}
+
+apply Service "docker_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9323
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if hostvars[host].docker.prometheus_stats is defined %}
+
+apply Service "dockerstats_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9487
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if hostvars[host].ldap_local.prometheus_metrics is defined %}
+
+apply Service "ldap_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9328
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter","ldap" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+ {% if host == "webserver2" %}
+
+apply Service "postfix_metrics_exporter" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = false
+
+ vars.http_address = "{{ hostvars[host].int_ip4 }}"
+ vars.http_port = 9154
+ vars.http_uri = "/metrics"
+
+ groups = [ "exporter","mail" ]
+
+ assign where host.name == "{{host}}"
+}
+
+ {% endif %}
+
+{% endif %}
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d9854354f6f8f5f9f2b5d6abf6afa134bde179cc
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mail.conf
@@ -0,0 +1,92 @@
+
+{% for maildomain in mail_domains %}
+
+apply Service "mail-smtp - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 25
+
+ groups = [ "mail" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-smtp-starttls - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 25
+ vars.smtp_starttls = true
+ vars.smtp_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "global-smtps - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "tcp"
+
+ vars.tcp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.tcp_port = 465
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-submission - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "smtp"
+
+ vars.smtp_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.smtp_port = 587
+ vars.smtp_starttls = true
+ vars.smtp_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-imaps - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "imap"
+
+ vars.imap_address = "{{ mail_domains[maildomain].mxserver }}"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_certificate_age = 3
+
+ groups = [ "mail","certificate" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+apply Service "mail-blacklist - {{ mail_domains[maildomain].maildomain }}" {
+ import "generic-service"
+
+ check_command = "check_mail_blacklist"
+ check_interval = 5m
+ retry_interval = 3m
+ check_timeout = 1m
+
+ vars.rbl_host = "{{ mail_domains[maildomain].mxserver }}"
+ vars.rbl_warning = 1
+ vars.rbl_critical = 3
+
+ groups = [ "mail" ]
+
+ assign where host.name == "{{ mail_domains[maildomain].mxhostname }}"
+}
+
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
new file mode 100644
index 0000000000000000000000000000000000000000..3b7fd2af884aed800c75d78fbaf4a355e921dc2d
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_manual.conf
@@ -0,0 +1,44 @@
+apply Service "wz-uplink-globe" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_address = "212.124.34.242"
+
+ vars.ping_wrta = "100"
+ vars.ping_crta = "300"
+ vars.ping_wpl = "20"
+ vars.ping_cpl = "50"
+
+ assign where host.name == "wz-router"
+}
+
+apply Service "wz-uplink-webdiscount-1" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_address = "212.3.64.45"
+
+ vars.ping_wrta = "100"
+ vars.ping_crta = "300"
+ vars.ping_wpl = "20"
+ vars.ping_cpl = "50"
+
+ assign where host.name == "wz-router"
+}
+
+apply Service "wz-uplink-webdiscount-2" {
+ import "generic-service"
+
+ check_command = "ping4"
+
+ vars.ping_address = "212.3.80.222"
+
+ vars.ping_wrta = "100"
+ vars.ping_crta = "300"
+ vars.ping_wpl= "20"
+ vars.ping_cpl = "50"
+
+ assign where host.name == "wz-router"
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
new file mode 100644
index 0000000000000000000000000000000000000000..61650544a0c1616588856dcf1d44e44d3d689a90
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
@@ -0,0 +1,18 @@
+
+{% for device in esphome_devices %}
+
+apply Service "esphome-{{ device.id }}-status" {
+ import "generic-service"
+
+ check_command = "check_mqtt"
+
+ vars.mqtt_host = "{{ mqtt.ip }}"
+ vars.mqtt_topic = "ESPHome/esphome_{{ device.id }}/status"
+ vars.mqtt_value = "online"
+ vars.mqtt_operator = "equal"
+ vars.mqtt_readonly = true
+
+ assign where host.name == "intserver"
+}
+
+{% endfor %}
\ No newline at end of file
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0c94052ca8f6848372ee8b15e2a809d18b993b98
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/services_system.conf
@@ -0,0 +1,133 @@
+
+{% for host in groups['{{ groupname }}'] %}
+{% if hostvars[host].alert is defined and hostvars[host].alert %}
+
+apply Service "node_metrics" {
+ import "generic-service"
+
+ check_command = "http"
+ enable_perfdata = true
+
+ vars.http_address = "{{hostvars[host].int_ip4}}"
+ vars.http_port = 9100
+ vars.http_uri = "/metrics"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true
+}
+
+apply Service "node_load1" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load1"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_load5" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load5"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_load15" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_load15"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "{{ hostvars[host].alert.load.warn }}"
+ vars.metric_crit = "{{ hostvars[host].alert.load.crit }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_reboot_required" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_reboot_required"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "0"
+ vars.metric_crit = "1"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "apt_upgrades_pending" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "apt_upgrades_pending"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "1"
+ vars.metric_crit = "25"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% for disk in hostvars[host].alert.disks %}
+
+apply Service "node_filesystem_free_bytes - {{disk.mountpoint}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_filesystem_free_bytes"
+ vars.metric_labelname = "mountpoint"
+ vars.metric_labelvalue = "{{disk.mountpoint}}"
+ vars.metric_operator = "lt"
+ vars.metric_warn = "{{disk.warn | human_to_bytes }}"
+ vars.metric_crit = "{{disk.crit | human_to_bytes }}"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+apply Service "node_filesystem_device_error - {{disk.mountpoint}}" {
+ import "generic-service"
+
+ check_command = "check_metric_value"
+ enable_perfdata = true
+
+ vars.metric_url = "http://{{hostvars[host].int_ip4}}:9100/metrics"
+ vars.metric_name = "node_filesystem_device_error"
+ vars.metric_labelname = "mountpoint"
+ vars.metric_labelvalue = "{{disk.mountpoint}}"
+ vars.metric_operator = "gt"
+ vars.metric_warn = "0"
+ vars.metric_crit = "0"
+
+ assign where host.name == "{{host}}" && host.vars.prometheus == true && host.vars.os == "Linux"
+}
+
+ {% endfor %}
+
+
+{% endif %}
+{% endfor %}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf
new file mode 100644
index 0000000000000000000000000000000000000000..4cc6d9e0f17b510a589252cc4034256a9dd69e1c
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/templates.conf
@@ -0,0 +1,110 @@
+/*
+ * Generic template examples.
+ */
+
+
+/**
+ * Provides default settings for hosts. By convention
+ * all hosts should import this template.
+ *
+ * The CheckCommand object `hostalive` is provided by
+ * the plugin check command templates.
+ * Check the documentation for details.
+ */
+template Host "generic-host" {
+ max_check_attempts = 3
+ check_interval = 1m
+ retry_interval = 30s
+
+ check_command = "hostalive"
+}
+
+/**
+ * Provides default settings for services. By convention
+ * all services should import this template.
+ */
+template Service "generic-service" {
+ max_check_attempts = 5
+ check_interval = 1m
+ retry_interval = 30s
+}
+
+/**
+ * Provides default settings for users. By convention
+ * all users should inherit from this template.
+ */
+
+template User "generic-user" {
+
+}
+
+/**
+ * Provides default settings for host notifications.
+ * By convention all host notifications should import
+ * this template.
+ */
+template Notification "mail-host-notification" {
+ command = "mail-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Host Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
+
+/**
+ * Provides default settings for service notifications.
+ * By convention all service notifications should import
+ * this template.
+ */
+template Notification "mail-service-notification" {
+ command = "mail-service-notification"
+
+ states = [ OK, Warning, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Recovery, Custom,
+ FlappingStart, FlappingEnd,
+ DowntimeStart, DowntimeEnd, DowntimeRemoved ]
+
+ vars += {
+ // notification_icingaweb2url = "https://www.example.com/icingaweb2"
+ // notification_from = "Icinga 2 Service Monitoring <icinga@example.com>"
+ notification_logtosyslog = false
+ }
+
+ period = "24x7"
+}
+
+/**
+ * Provides default settings for Matrix.org service notifications.
+ */
+
+template Notification "matrix-host-notification" {
+ command = "matrix-host-notification"
+
+ states = [ Up, Down ]
+ types = [ Problem, Acknowledgement, Custom, FlappingStart, FlappingEnd ]
+ period = "24x7"
+ vars += {
+ notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
+ }
+}
+
+template Notification "matrix-service-notification" {
+ command = "matrix-service-notification"
+
+ states = [ OK, Critical, Unknown ]
+ types = [ Problem, Acknowledgement, Custom, FlappingStart, FlappingEnd ]
+ period = "24x7"
+ vars += {
+ notification_icingaweb2url = "https://{{ domain }}/icingaweb2"
+ }
+}
+
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c16c7ea70af8c76166a5e24274d178999a02947d
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/users_groups.conf
@@ -0,0 +1,20 @@
+
+object UserGroup "icingaadmins" {
+ display_name = "Icinga 2 Admin Group"
+}
+
+object User "matrix" {
+ import "generic-user"
+
+ display_name = "Matrix User"
+ vars.matrix = {
+ token = "{{ matrix_notification_access_token }}"
+ channel = "{{ matrix.notifications_room_id }}"
+ server = "{{ matrix.public_url }}"
+ }
+}
+
+object UserGroup "matrix" {
+ display_name = "Matrix Group"
+ assign where user.vars.matrix
+}
diff --git a/testserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf b/testserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f093dafe8f39c0004ea1a9d5176b9836da6e2d89
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icinga/conf.d/users_sample.conf
@@ -0,0 +1,17 @@
+/**
+ * Users are created on the Server directly and not managed by Ansible
+ */
+
+/*
+object User "sample-user" {
+ import "generic-user"
+
+ display_name = "Icinga 2 Admin"
+ groups = [ "icingaadmins" ]
+
+ email = "root@localhost"
+
+ vars.pushover_user = "xxxxxxxxxxxxxxxxx"
+ vars.pushover_token = "yyyyyyyyyyyyyyyyyy"
+}
+*/
diff --git a/testserver/docker_icinga/templates/etc/icingaweb2/authentication.ini b/testserver/docker_icinga/templates/etc/icingaweb2/authentication.ini
new file mode 100644
index 0000000000000000000000000000000000000000..3ff4ecf53c6e3d8e48ef1929b43995f2c58a0e4b
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icingaweb2/authentication.ini
@@ -0,0 +1,7 @@
+
+[autologin]
+backend = external
+
+[auth_db]
+backend = db
+resource = icingaweb_db
diff --git a/testserver/docker_icinga/templates/etc/icingaweb2/groups.ini b/testserver/docker_icinga/templates/etc/icingaweb2/groups.ini
new file mode 100644
index 0000000000000000000000000000000000000000..5e5341acfa146364431b2f4e4da6aa6497b5081e
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icingaweb2/groups.ini
@@ -0,0 +1,5 @@
+
+[icingaweb2]
+backend = "db"
+resource = "icingaweb_db"
+
diff --git a/testserver/docker_icinga/templates/etc/icingaweb2/resources.ini b/testserver/docker_icinga/templates/etc/icingaweb2/resources.ini
new file mode 100644
index 0000000000000000000000000000000000000000..324c3c5dfa543007f0a83b70ce3e6a1a29b64902
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icingaweb2/resources.ini
@@ -0,0 +1,23 @@
+[icingaweb_db]
+type = "db"
+db = "mysql"
+host = db
+port = 3306
+dbname = icingaweb2
+username = icinga
+password = "{{ mysql_user_pass }}"
+prefix = "icingaweb_"
+charset = "utf8"
+persistent = "0"
+
+[icinga_ido]
+type = "db"
+db = "mysql"
+host = db
+port = 3306
+dbname = icinga2idomysql
+username = icinga
+password = "{{ mysql_user_pass }}"
+charset = "utf8"
+persistent = "0"
+
diff --git a/testserver/docker_icinga/templates/etc/icingaweb2/roles.ini b/testserver/docker_icinga/templates/etc/icingaweb2/roles.ini
new file mode 100644
index 0000000000000000000000000000000000000000..b01bb3be859322253bc13ce44e4a2b8a7057098d
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/icingaweb2/roles.ini
@@ -0,0 +1,11 @@
+
+[Administrators]
+users = "icingaadmin"
+permissions = "*"
+groups = "Administrators"
+
+[Users]
+users = "*"
+groups = admin
+permissions = "application/*, module/*, monitoring/*"
+
diff --git a/testserver/docker_icinga/templates/etc/locale.gen b/testserver/docker_icinga/templates/etc/locale.gen
new file mode 100644
index 0000000000000000000000000000000000000000..906268dc040b6b1fe14ce28105576e02bf555eca
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/locale.gen
@@ -0,0 +1,7 @@
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+de_DE.UTF-8 UTF-8
+en_US.UTF-8 UTF-8
diff --git a/testserver/docker_icinga/templates/etc/oauth_header.conf b/testserver/docker_icinga/templates/etc/oauth_header.conf
new file mode 100644
index 0000000000000000000000000000000000000000..e640e9934224efaa1c75916974d5a68a245a45af
--- /dev/null
+++ b/testserver/docker_icinga/templates/etc/oauth_header.conf
@@ -0,0 +1,8 @@
+
+# Integratin der vorgeschalteten OAuth Anmeldung
+# Umgebungsvariable REMOTE_USER aus dem Header X-Forwarded-User setzen, damit das Autologin funktioniert
+# Der User wird in der Datenbank automatisch angelegt
+SetEnvIfNoCase X-Forwarded-User "(.*)" REMOTE_USER=$1
+
+# Abmelden Seite auf Abmelden im SSO umbiegen
+Redirect "/icingaweb2/authentication/logout" {{ oauth_global.logout_url }}
diff --git a/testserver/docker_icinga/templates/graphite-conf/storage-schemas.conf b/testserver/docker_icinga/templates/graphite-conf/storage-schemas.conf
new file mode 100644
index 0000000000000000000000000000000000000000..0c6cb27c5242564cc27d8c6f844b87bd2188dc82
--- /dev/null
+++ b/testserver/docker_icinga/templates/graphite-conf/storage-schemas.conf
@@ -0,0 +1,33 @@
+
+# Schema definitions for Whisper files. Entries are scanned in order,
+# and first match wins. This file is scanned for changes every 60 seconds.
+#
+# Definition Syntax:
+#
+# [name]
+# pattern = regex
+# retentions = timePerPoint:timeToStore, timePerPoint:timeToStore, ...
+#
+# Remember: To support accurate aggregation from higher to lower resolution
+# archives, the precision of a longer retention archive must be
+# cleanly divisible by precision of next lower retention archive.
+#
+# Valid: 60s:7d,300s:30d (300/60 = 5)
+# Invalid: 180s:7d,300s:30d (300/180 = 3.333)
+#
+
+# Carbon's internal metrics. This entry should match what is specified in
+# CARBON_METRIC_PREFIX and CARBON_METRIC_INTERVAL settings
+[carbon]
+pattern = ^carbon\.
+retentions = 10s:6h,1m:90d
+
+[default]
+pattern = .*
+retentions = 10s:6h,1m:90d
+
+[icinga2_default]
+pattern = .*
+retentions = 1m:2d,5m:10d,30m:90d,60m:1y
+
+
diff --git a/testserver/docker_icinga/templates/logrotate b/testserver/docker_icinga/templates/logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..391bc41e223aad56556f0c64ed1edb2762218521
--- /dev/null
+++ b/testserver/docker_icinga/templates/logrotate
@@ -0,0 +1,28 @@
+/srv/icinga/log/apache2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/log/icinga2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/log/icingaweb2/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+/srv/icinga/graphite-log/*.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
\ No newline at end of file
diff --git a/testserver/docker_icinga/templates/notify_by_pushover.sh b/testserver/docker_icinga/templates/notify_by_pushover.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9a4ccf8f0bddf9749320b8c050d1d42765e6b8e9
--- /dev/null
+++ b/testserver/docker_icinga/templates/notify_by_pushover.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+response=$(curl --write-out %{http_code} --silent \
+-F "token=$PUSHOVERTOKEN" \
+-F "user=$PUSHOVERUSER" \
+-F "title=$PUSHOVERTITLE" \
+-F "message=$PUSHOVERMESSAGE" \
+https://api.pushover.net/1/messages)
+if [[ "$response" == *200 ]]
+then
+ echo Pushover message sent succesfully
+ exit 0
+else
+ echo Activation of Pushover service failed. This is the response from Pushover: $response
+ exit 1
+fi
\ No newline at end of file
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
index b0a31dd69d9dc6eb742d83781b0feb47a4b5f4fd..61650544a0c1616588856dcf1d44e44d3d689a90 100644
--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_mqttsensors.conf
@@ -15,4 +15,4 @@ apply Service "esphome-{{ device.id }}-status" {
assign where host.name == "intserver"
}
-{% endfor %}
+{% endfor %}
\ No newline at end of file