From b87119a1dfcba9682e1eb529bad88853b913791e Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Mon, 6 Jun 2022 20:25:38 +0200
Subject: [PATCH] icinga: icinga-monitor: implement http host check

---
 roles/icinga-monitor/defaults/main.yml          |  4 ++++
 roles/icinga-monitor/handlers/main.yml          |  5 +++++
 roles/icinga-monitor/tasks/http.yml             | 17 +++++++++++++++++
 roles/icinga-monitor/templates/http.j2          | 13 +++++++++++++
 roles/icinga/tasks/main.yml                     | 17 ++++++++++++++---
 .../templates/icinga2/conf.d/hosts.footer.j2    |  2 ++
 .../conf.d/{hosts.conf.j2 => hosts.header.j2}   |  7 ++-----
 7 files changed, 57 insertions(+), 8 deletions(-)
 create mode 100644 roles/icinga-monitor/defaults/main.yml
 create mode 100644 roles/icinga-monitor/handlers/main.yml
 create mode 100644 roles/icinga-monitor/tasks/http.yml
 create mode 100644 roles/icinga-monitor/templates/http.j2
 create mode 100644 roles/icinga/templates/icinga2/conf.d/hosts.footer.j2
 rename roles/icinga/templates/icinga2/conf.d/{hosts.conf.j2 => hosts.header.j2} (72%)

diff --git a/roles/icinga-monitor/defaults/main.yml b/roles/icinga-monitor/defaults/main.yml
new file mode 100644
index 0000000..3fccf20
--- /dev/null
+++ b/roles/icinga-monitor/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+icinga_user: nagios
+icinga_group: nagios
diff --git a/roles/icinga-monitor/handlers/main.yml b/roles/icinga-monitor/handlers/main.yml
new file mode 100644
index 0000000..f98260e
--- /dev/null
+++ b/roles/icinga-monitor/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Restart icinga2
+  service: name=icinga2 state=restarted
+  delegate_to: "{{ icinga_server }}"
diff --git a/roles/icinga-monitor/tasks/http.yml b/roles/icinga-monitor/tasks/http.yml
new file mode 100644
index 0000000..fc12df7
--- /dev/null
+++ b/roles/icinga-monitor/tasks/http.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Configure monitoring for vhost
+  template:
+    src: http.j2
+    dest: /etc/icinga2/conf.d/hosts/{{ inventory_hostname }}.http_{{ vhost }}
+    owner: "{{ icinga_user }}"
+    group: "{{ icinga_group }}"
+  delegate_to: "{{ icinga_server }}"
+
+- name: Regenerate hosts.conf
+  assemble:
+    src: /etc/icinga2/conf.d/hosts
+    dest: /etc/icinga2/conf.d/hosts.conf
+#   validate: /usr/sbin/icinga2 daemon -c %s --validate
+  notify: Restart icinga2
+  delegate_to: "{{ icinga_server }}"
diff --git a/roles/icinga-monitor/templates/http.j2 b/roles/icinga-monitor/templates/http.j2
new file mode 100644
index 0000000..bba8d5c
--- /dev/null
+++ b/roles/icinga-monitor/templates/http.j2
@@ -0,0 +1,13 @@
+
+  vars.http_vhosts["{{ vhost }}"] = {
+    http_sni = "true"
+    http_ssl = "true"
+    http_vhost = "{{ vhost }}"
+  }
+
+  vars.http_vhosts["{{ vhost }} cert"] = {
+    http_certificate = "25,15"
+    http_sni = "true"
+    http_ssl = "true"
+    http_vhost = "{{ vhost }}"
+  }
diff --git a/roles/icinga/tasks/main.yml b/roles/icinga/tasks/main.yml
index 4385fea..58d31fe 100644
--- a/roles/icinga/tasks/main.yml
+++ b/roles/icinga/tasks/main.yml
@@ -62,9 +62,20 @@
   changed_when: "'for these changes to take effect' in features_result.stdout"
   notify: Restart icinga2
 
-- name: Configure known hosts for icinga
-  template: src=icinga2/conf.d/hosts.conf.j2 dest=/etc/icinga2/conf.d/hosts.conf owner={{ icinga_user }} group={{ icinga_group }}
-  notify: Restart icinga2
+- name: Ensure directory for host snippets exists
+  file:
+    path: /etc/icinga2/conf.d/hosts
+    state: directory
+    owner: "{{ icinga_user }}"
+    group: "{{ icinga_group }}"
+
+- name: Prepare host snippets
+  template: src=icinga2/conf.d/hosts.header.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.00_header owner={{ icinga_user }} group={{ icinga_group }}
+  loop: "{{ groups['all'] }}"
+
+- name: Prepare host snippets
+  template: src=icinga2/conf.d/hosts.footer.j2 dest=/etc/icinga2/conf.d/hosts/{{ item }}.zz_footer owner={{ icinga_user }} group={{ icinga_group }}
+  loop: "{{ groups['all'] }}"
 
 - name: Create group icingaweb2
   group: name=icingaweb2 system=yes
diff --git a/roles/icinga/templates/icinga2/conf.d/hosts.footer.j2 b/roles/icinga/templates/icinga2/conf.d/hosts.footer.j2
new file mode 100644
index 0000000..7e9861c
--- /dev/null
+++ b/roles/icinga/templates/icinga2/conf.d/hosts.footer.j2
@@ -0,0 +1,2 @@
+}
+
diff --git a/roles/icinga/templates/icinga2/conf.d/hosts.conf.j2 b/roles/icinga/templates/icinga2/conf.d/hosts.header.j2
similarity index 72%
rename from roles/icinga/templates/icinga2/conf.d/hosts.conf.j2
rename to roles/icinga/templates/icinga2/conf.d/hosts.header.j2
index 24e550d..743be2b 100644
--- a/roles/icinga/templates/icinga2/conf.d/hosts.conf.j2
+++ b/roles/icinga/templates/icinga2/conf.d/hosts.header.j2
@@ -1,12 +1,9 @@
-{% for host in groups['all'] %}
-object Host "{{ host }}" {
+object Host "{{ item }}" {
   /* Import the default host template defined in `templates.conf`. */
   import "generic-host"
 
   /* Specify the address attributes for checks e.g. `ssh` or `http`. */
-  address = "{{ host }}"
+  address = "{{ item }}"
 
   /* Set custom variable `os` for hostgroup assignment in `groups.conf`. */
   vars.os = "Linux"
-}
-{% endfor %}