Skip to content
This repository has been archived by the owner on Feb 5, 2024. It is now read-only.

Latest commit

 

History

History
135 lines (84 loc) · 3.87 KB

README.rst

File metadata and controls

135 lines (84 loc) · 3.87 KB

icinga2

Icinga2 Formula

Features

This formula can install, configure and run Icinga2. Can implement a single server or a cluster.

In cluster mode it is tested for Local Configuration scenario. So in this case Saltstack manage the changes of the configurations for each Icinga2 Client

Compatibility

Saltstack: 2015.8.8

Icinga2: 2.8.0

Available states

icinga2

  • Configure icinga2 repo
  • Install icinga2 package
  • Run icinga service

icinga2.conf

Configure almost all the options for icinga2 reading information from default values and/or pillar. It uses a wrapper to generate each configuration file programmaticaly reading the data from yaml. The defaults.yaml file has all the values for the default configuration of the basic installation for icinga2

icinga2.pki

  • Install python-m2crypto dependency
  • Create base directory for pki

icinga2.pki.ca

Setup an CA for icinga2 to use. It uses the features of saltstack and the x509 state module. It exports the CA certificate to the saltstack mine for other nodes to use it

icinga2.pki.master

Create the master certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. Then it exports the certificate to the mine for other nodes to use it

icinga2.pki.node

Create the node certificate, send it to the CA server to sign it and retrieve the signed certificate to store it. It also retrieves the master certificate.

icinga2.features

Configure and enable features. For now it only manage the api feature

icinga2.node

  • Run pki node
  • Run config
  • Run features

icinga2.master

  • Run pki master
  • Run config
  • Run features

Running

Standalone

If you want to only install and run icinga with default configs

salt '*' state.sls icinga2

If you want to only install and run icinga with default configs

salt '*' state.sls icinga2.config

Cluster

You must first create an orchestration state to run the steps in the proper way. The formula provides an example on test/salt/orch/icinga2.sls and then run

salt-run state.orch orch.icinga2

The formula make use of saltstack mine functionality to store the certificates of the CA and master servers so you need to configure a couple of mine_functions to use this functionality.

Is also necessary to allow peer communication to allow communication between the minions that will become icinga2 nodes and the CA.

peer:
  .*:
    - x509.sign_remote_certificate

Example pillar files to have the settings necessary for a cluster deployment can be found on the test/cluster folder

Ideas and future development

  • Implement a proper salt module to communicate with Icinga2. Via CLI and/or API
  • Support other modes of Icinga2 clustering manager
  • Add configuration for all the features

Template

This formula was created from a cookiecutter template.

See https://github.com/richerve/saltstack-formula-cookiecutter.