From: Frank Brehm Date: Fri, 16 Apr 2021 04:25:04 +0000 (+0200) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=53ad5206db81778b706cdd82f5659616e1915922;p=config%2Fhelga-hetzner%2Fetc.git daily autocommit --- diff --git a/.etckeeper b/.etckeeper index 42eb8f9..e1d8343 100755 --- a/.etckeeper +++ b/.etckeeper @@ -14,7 +14,6 @@ mkdir -p './dbus-1/session.d' mkdir -p './dbus-1/system.d' mkdir -p './dpkg/dpkg.cfg.d' mkdir -p './gss/mech.d' -mkdir -p './icinga2/pki' mkdir -p './initramfs-tools/hooks' mkdir -p './initramfs-tools/scripts/init-bottom' mkdir -p './initramfs-tools/scripts/init-premount' @@ -521,8 +520,10 @@ maybe chmod 0644 'icinga2/conf.d/templates.conf' maybe chmod 0644 'icinga2/conf.d/timeperiods.conf' maybe chmod 0644 'icinga2/conf.d/users.conf' maybe chmod 0644 'icinga2/constants.conf' +maybe chmod 0644 'icinga2/constants.conf.orig' maybe chmod 0755 'icinga2/features-available' maybe chmod 0644 'icinga2/features-available/api.conf' +maybe chmod 0644 'icinga2/features-available/api.conf.orig' maybe chmod 0644 'icinga2/features-available/checker.conf' maybe chmod 0644 'icinga2/features-available/command.conf' maybe chmod 0644 'icinga2/features-available/compatlog.conf' @@ -540,6 +541,7 @@ maybe chmod 0644 'icinga2/features-available/statusdata.conf' maybe chmod 0644 'icinga2/features-available/syslog.conf' maybe chmod 0755 'icinga2/features-enabled' maybe chmod 0644 'icinga2/icinga2.conf' +maybe chmod 0644 'icinga2/icinga2.conf.orig' maybe chown 'nagios' 'icinga2/pki' maybe chgrp 'nagios' 'icinga2/pki' maybe chmod 0700 'icinga2/pki' @@ -547,6 +549,7 @@ maybe chmod 0755 'icinga2/scripts' maybe chmod 0755 'icinga2/scripts/mail-host-notification.sh' maybe chmod 0755 'icinga2/scripts/mail-service-notification.sh' maybe chmod 0644 'icinga2/zones.conf' +maybe chmod 0644 'icinga2/zones.conf.orig' maybe chmod 0755 'icinga2/zones.d' maybe chmod 0644 'icinga2/zones.d/README' maybe chmod 0755 'init' diff --git a/icinga2/constants.conf b/icinga2/constants.conf index 29232d6..41a4525 100644 --- a/icinga2/constants.conf +++ b/icinga2/constants.conf @@ -19,10 +19,10 @@ const PluginContribDir = "/usr/lib/nagios/plugins" /* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`. * This should be the common name from the API certificate. */ -//const NodeName = "localhost" +const NodeName = "helga.uhu-banane.de" /* Our local zone name. */ -const ZoneName = NodeName +const ZoneName = "helga.uhu-banane.de" /* Secret key for remote node tickets */ const TicketSalt = "" diff --git a/icinga2/constants.conf.orig b/icinga2/constants.conf.orig new file mode 100644 index 0000000..29232d6 --- /dev/null +++ b/icinga2/constants.conf.orig @@ -0,0 +1,28 @@ +/** + * This file defines global constants which can be used in + * the other configuration files. + */ + +/* The directory which contains the plugins from the Monitoring Plugins project. */ +const PluginDir = "/usr/lib/nagios/plugins" + +/* The directory which contains the Manubulon plugins. + * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details. + */ +const ManubulonPluginDir = "/usr/lib/nagios/plugins" + +/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for. + * Check the documentation, chapter "Plugins Contribution", for details. + */ +const PluginContribDir = "/usr/lib/nagios/plugins" + +/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`. + * This should be the common name from the API certificate. + */ +//const NodeName = "localhost" + +/* Our local zone name. */ +const ZoneName = NodeName + +/* Secret key for remote node tickets */ +const TicketSalt = "" diff --git a/icinga2/features-available/api.conf b/icinga2/features-available/api.conf index b072a44..677a96e 100644 --- a/icinga2/features-available/api.conf +++ b/icinga2/features-available/api.conf @@ -1,10 +1,11 @@ /** * The API listener is used for distributed monitoring setups. */ - object ApiListener "api" { - //accept_config = false - //accept_commands = false + cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt" + key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key" + ca_path = SysconfDir + "/icinga2/pki/ca.crt" - ticket_salt = TicketSalt + accept_config = true + accept_commands = true } diff --git a/icinga2/features-available/api.conf.orig b/icinga2/features-available/api.conf.orig new file mode 100644 index 0000000..588ad54 --- /dev/null +++ b/icinga2/features-available/api.conf.orig @@ -0,0 +1,10 @@ +/** + * The API listener is used for distributed monitoring setups. + */ + +object ApiListener "api" { + accept_config = true + accept_commands = true + + ticket_salt = TicketSalt +} diff --git a/icinga2/features-enabled/api.conf b/icinga2/features-enabled/api.conf new file mode 120000 index 0000000..8cdce62 --- /dev/null +++ b/icinga2/features-enabled/api.conf @@ -0,0 +1 @@ +../features-available/api.conf \ No newline at end of file diff --git a/icinga2/features-enabled/notification.conf b/icinga2/features-enabled/notification.conf deleted file mode 120000 index c31d3b4..0000000 --- a/icinga2/features-enabled/notification.conf +++ /dev/null @@ -1 +0,0 @@ -../features-available/notification.conf \ No newline at end of file diff --git a/icinga2/icinga2.conf b/icinga2/icinga2.conf index 17513a3..187834f 100644 --- a/icinga2/icinga2.conf +++ b/icinga2/icinga2.conf @@ -54,4 +54,5 @@ include "features-enabled/*.conf" * the preferred way is to create separate directories and files in the conf.d * directory. Each of these files must have the file extension ".conf". */ -include_recursive "conf.d" +// Disabled by the node setup CLI command on 2021-04-15 13:33:04 +0200 +// include_recursive "conf.d" diff --git a/icinga2/icinga2.conf.orig b/icinga2/icinga2.conf.orig new file mode 100644 index 0000000..17513a3 --- /dev/null +++ b/icinga2/icinga2.conf.orig @@ -0,0 +1,57 @@ +/** + * Icinga 2 configuration file + * - this is where you define settings for the Icinga application including + * which hosts/services to check. + * + * For an overview of all available configuration options please refer + * to the documentation that is distributed as part of Icinga 2. + */ + +/** + * The constants.conf defines global constants. + */ +include "constants.conf" + +/** + * The zones.conf defines zones for a cluster setup. + * Not required for single instance setups. + */ +include "zones.conf" + +/** + * The Icinga Template Library (ITL) provides a number of useful templates + * and command definitions. + * Common monitoring plugin command definitions are included separately. + */ +include +include +include +include + +/** + * This includes the Icinga 2 Windows plugins. These command definitions + * are required on a master node when a client is used as command endpoint. + */ +include + +/** + * This includes the NSClient++ check commands. These command definitions + * are required on a master node when a client is used as command endpoint. + */ +include + +/** + * The features-available directory contains a number of configuration + * files for features which can be enabled and disabled using the + * icinga2 feature enable / icinga2 feature disable CLI commands. + * These commands work by creating and removing symbolic links in + * the features-enabled directory. + */ +include "features-enabled/*.conf" + +/** + * Although in theory you could define all your objects in this file + * the preferred way is to create separate directories and files in the conf.d + * directory. Each of these files must have the file extension ".conf". + */ +include_recursive "conf.d" diff --git a/icinga2/pki/ca.crt b/icinga2/pki/ca.crt new file mode 120000 index 0000000..697dda9 --- /dev/null +++ b/icinga2/pki/ca.crt @@ -0,0 +1 @@ +/var/lib/icinga2/certs/ca.crt \ No newline at end of file diff --git a/icinga2/pki/helga.uhu-banane.de.crt b/icinga2/pki/helga.uhu-banane.de.crt new file mode 120000 index 0000000..76a6f24 --- /dev/null +++ b/icinga2/pki/helga.uhu-banane.de.crt @@ -0,0 +1 @@ +/var/lib/icinga2/certs/helga.uhu-banane.de.crt \ No newline at end of file diff --git a/icinga2/pki/helga.uhu-banane.de.key b/icinga2/pki/helga.uhu-banane.de.key new file mode 120000 index 0000000..ad053ff --- /dev/null +++ b/icinga2/pki/helga.uhu-banane.de.key @@ -0,0 +1 @@ +/var/lib/icinga2/certs/helga.uhu-banane.de.key \ No newline at end of file diff --git a/icinga2/zones.conf b/icinga2/zones.conf index 70ac766..bfa71ed 100644 --- a/icinga2/zones.conf +++ b/icinga2/zones.conf @@ -1,63 +1,31 @@ /* - * Endpoint and Zone configuration for a cluster setup - * This local example requires `NodeName` defined in - * constants.conf. + * Generated by Icinga 2 node setup commands + * on 2021-04-15 13:33:01 +0200 */ -object Endpoint NodeName { - host = NodeName +object Endpoint "ns1.uhu-banane.de" { + host = "ns1.uhu-banane.de" + port = "5665" } -object Zone ZoneName { - endpoints = [ NodeName ] +object Zone "master" { + endpoints = [ "ns1.uhu-banane.de" ] } -/* - * Defines a global zone for distributed setups with masters, - * satellites and clients. - * This is required to sync configuration commands, - * templates, apply rules, etc. to satellite and clients. - * All nodes require the same configuration and must - * have `accept_config` enabled in the `api` feature. - */ - -object Zone "global-templates" { - global = true +object Endpoint "helga.uhu-banane.de" { } -/* - * Defines a global zone for the Icinga Director. - * This is required to sync configuration commands, - * templates, apply rules, etc. to satellite and clients. - * All nodes require the same configuration and must - * have `accept_config` enabled in the `api` feature. - */ - -object Zone "director-global" { - global = true +object Zone "helga.uhu-banane.de" { + endpoints = [ "helga.uhu-banane.de" ] + parent = "master" } -/* - * Read the documentation on how to configure - * a cluster setup with multiple zones. - */ - -/* -object Endpoint "master.example.org" { - host = "master.example.org" -} - -object Endpoint "satellite.example.org" { - host = "satellite.example.org" +object Zone "global-templates" { + global = true } -object Zone "master" { - endpoints = [ "master.example.org" ] +object Zone "director-global" { + global = true } -object Zone "satellite" { - parent = "master" - endpoints = [ "satellite.example.org" ] -} -*/ diff --git a/icinga2/zones.conf.orig b/icinga2/zones.conf.orig new file mode 100644 index 0000000..70ac766 --- /dev/null +++ b/icinga2/zones.conf.orig @@ -0,0 +1,63 @@ +/* + * Endpoint and Zone configuration for a cluster setup + * This local example requires `NodeName` defined in + * constants.conf. + */ + +object Endpoint NodeName { + host = NodeName +} + +object Zone ZoneName { + endpoints = [ NodeName ] +} + +/* + * Defines a global zone for distributed setups with masters, + * satellites and clients. + * This is required to sync configuration commands, + * templates, apply rules, etc. to satellite and clients. + * All nodes require the same configuration and must + * have `accept_config` enabled in the `api` feature. + */ + +object Zone "global-templates" { + global = true +} + +/* + * Defines a global zone for the Icinga Director. + * This is required to sync configuration commands, + * templates, apply rules, etc. to satellite and clients. + * All nodes require the same configuration and must + * have `accept_config` enabled in the `api` feature. + */ + +object Zone "director-global" { + global = true +} + +/* + * Read the documentation on how to configure + * a cluster setup with multiple zones. + */ + +/* +object Endpoint "master.example.org" { + host = "master.example.org" +} + +object Endpoint "satellite.example.org" { + host = "satellite.example.org" +} + +object Zone "master" { + endpoints = [ "master.example.org" ] +} + +object Zone "satellite" { + parent = "master" + endpoints = [ "satellite.example.org" ] +} +*/ + diff --git a/motd b/motd index 00d67d5..045401a 100644 --- a/motd +++ b/motd @@ -6,9 +6,9 @@ Debian GNU/Linux 10 (buster) |_| |_|\___|_|\__, |\__,_| |___/ -Betrug: die Triebkraft des Geschäfts, die Seele der Religion, der -Köder der Liebeswerbung und die Grundlage politischer Macht. - -- Ambrose Gwinnet Bierce (Des Teufels Wörterbuch) +"Vollkommenheit ist die Norm des Himmels; Vollkommenes wollen, +die Norm des Menschen." + -- Goethe, Maximen und Reflektionen, Nr. 525 -Today is Setting Orange, the 32nd day of Discord in the YOLD 3187 +Today is Sweetmorn, the 33rd day of Discord in the YOLD 3187