From c344d06e638286ed2a4dec04d607edd5845f7cb7 Mon Sep 17 00:00:00 2001
From: David Galloway <dgallowa@redhat.com>
Date: Tue, 21 Feb 2017 17:32:53 -0500
Subject: [PATCH] public_facing: Add status.sepia.ceph.com-specific tasks

Signed-off-by: David Galloway <dgallowa@redhat.com>
---
 roles/public_facing/README.rst                |  8 +++++++
 .../tasks/status.sepia.ceph.com.yml           | 21 +++++++++++++++++
 .../status.sepia.ceph.com/lab-pings.j2        | 23 +++++++++++++++++++
 .../nagios-eventhandler-cachet.config.j2      |  6 +++++
 .../status.sepia.ceph.com/openvpn.j2          | 17 ++++++++++++++
 5 files changed, 75 insertions(+)
 create mode 100644 roles/public_facing/tasks/status.sepia.ceph.com.yml
 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2
 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2
 create mode 100644 roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2

diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst
index 5f24bd4..1edf7ed 100644
--- a/roles/public_facing/README.rst
+++ b/roles/public_facing/README.rst
@@ -81,6 +81,14 @@ fail2ban
 --------
 If ``use_fail2ban`` is set to ``true`` this role will install, configure, and enable fail2ban.
 
+To-Do
++++++
+
+status.sepia.ceph.com
+---------------------
+
+ - Install and update Cachet_?
 
 .. _UFW: https://wiki.ubuntu.com/UncomplicatedFirewall
 .. _fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page
+.. _Cachet: https://cachethq.io
diff --git a/roles/public_facing/tasks/status.sepia.ceph.com.yml b/roles/public_facing/tasks/status.sepia.ceph.com.yml
new file mode 100644
index 0000000..5011e43
--- /dev/null
+++ b/roles/public_facing/tasks/status.sepia.ceph.com.yml
@@ -0,0 +1,21 @@
+---
+- name: Create /root/checks directory for Cachet checks
+  file:
+    path: "{{ cachet_checks_path }}"
+    state: directory
+
+- name: Clone nagios-eventhandler-cachet to /root/checks dir
+  git:
+    repo: https://github.com/djgalloway/nagios-eventhandler-cachet.git
+    dest: "{{ cachet_checks_path }}/nagios-eventhandler-cachet"
+    update: yes
+
+- name: Put templated Cachet checks in place
+  template:
+    dest: "{{ cachet_checks_path }}/{{ item.dest }}"
+    src: "{{ item.src }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: 'templates/status.sepia.ceph.com/lab-pings.j2', dest: 'lab-pings.sh', mode: '0755' }
+    - { src: 'templates/status.sepia.ceph.com/openvpn.j2', dest: 'openvpn.sh', mode: '0755' }
+    - { src: 'templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2', dest: 'nagios-eventhandler-cachet/config.inc.php', mode: '0644' }
diff --git a/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2 b/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2
new file mode 100644
index 0000000..fc1b775
--- /dev/null
+++ b/roles/public_facing/templates/status.sepia.ceph.com/lab-pings.j2
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# {{ ansible_managed }}
+#
+# Pings the Community Cage edge router, measures packet loss, and reports status to cachet using nagios event handler
+#
+# cachet_notify usage: ./cachet_notify $cachet_component $service_name $service_state $service_state_type $service_output
+
+PERCENT=$(ping -c 10 -q {{ community_cage_ip }} | grep -oP '\d+(?=% packet loss)')
+EXEC=/root/checks/nagios-eventhandler-cachet/cachet_notify
+
+if [ "$PERCENT" -eq 0 ] 2> /dev/null
+then
+  $EXEC 'Community Cage Network' 'Packet Loss' OK HARD '0% packet loss' ''
+elif [ "$PERCENT" -ge 1 ] 2> /dev/null && [ "$PERCENT" -le 99 ] 2> /dev/null
+then
+  $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL SOFT "$PERCENT% packet loss" ''
+elif [ "$PERCENT" -eq 100 ] 2> /dev/null
+then
+  $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL HARD "$PERCENT% packet loss" ''
+else
+  $EXEC 'Community Cage Network' 'Packet Loss' CRITICAL HARD "Couldn't measure packet loss.  Unknown error" ''
+fi
diff --git a/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2 b/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2
new file mode 100644
index 0000000..0c1d2ad
--- /dev/null
+++ b/roles/public_facing/templates/status.sepia.ceph.com/nagios-eventhandler-cachet.config.j2
@@ -0,0 +1,6 @@
+<?php
+
+$cachet_url = '{{ cachet_api_url }}';
+$api_key = '{{ cachet_api_key }}'
+
+?>
diff --git a/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2
new file mode 100644
index 0000000..862e5ae
--- /dev/null
+++ b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# {{ ansible_managed }}
+#
+# Checks whether Sepia openvpn server is up and listening on 1194
+
+EXEC=/root/checks/nagios-eventhandler-cachet/cachet_notify
+
+# Returns 0 if string found
+sudo nmap -sU -n -p 1194 gw.sepia.ceph.com | grep -q '1194/udp open|filtered openvpn'
+
+if [ $? -eq 0 ]
+then
+  $EXEC 'OpenVPN Server' 'OpenVPN' OK HARD 'OK' ''
+else
+  $EXEC 'OpenVPN Server' 'OpenVPN' CRITICAL HARD "gw.sepia.ceph.com is unreachable or port 1194 closed" ''
+fi
-- 
2.39.5