diff --git a/global/overlay/etc/puppet/cosmos-modules/sunet b/global/overlay/etc/puppet/cosmos-modules/sunet new file mode 120000 index 00000000..1e9cf8fa --- /dev/null +++ b/global/overlay/etc/puppet/cosmos-modules/sunet @@ -0,0 +1 @@ +/Users/mariahaider/Git Repositories/puppet-sunet/ \ No newline at end of file diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 975f53c0..922a1456 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -704,7 +704,7 @@ nic.komreg.net: sunet_iaas_cloud: autoupdate: konsulter: - nagios_monitor: + eid::nagios_monitor: eid::dockerhost: version: '5:23.0.6-1~ubuntu.20.04~focal' sunet::nagiosapi: diff --git a/global/overlay/etc/puppet/modules/eid/manifests/nagios_monitor.pp b/global/overlay/etc/puppet/modules/eid/manifests/nagios_monitor.pp new file mode 100644 index 00000000..ef41fcd0 --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/manifests/nagios_monitor.pp @@ -0,0 +1,447 @@ +class eid::nagios_monitor { + $nrpe_clients = hiera_array('nrpe_clients',[]); + $allowed_hosts = join($nrpe_clients," "); + $web_admin_pw = safe_hiera('nagios_nagiosadmin_password'); + $web_admin_user = 'nagiosadmin'; + + package { 'xsltproc': ensure => installed} + + class { 'webserver': } + + class { 'nagioscfg': + hostgroups => $::roles, + config => 'sunetdrive', + manage_package => false, + cfgdir => '/etc/nagios4/conf.d', + host_template => 'monitor-host', + service => 'nagios4', + } + + require stdlib + ensure_resource('package','nagios4', { ensure => present }) + ensure_resource('package','nagios-nrpe-plugin', { ensure => present }) + + #class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> + class {'nagioscfg::passive': enable_notifications => '1', obsess_over_services => '0', obsess_over_hosts => '0', nagios_config_file => '/etc/nagios4/nagios.cfg'} + + sunet::misc::htpasswd_user { $web_admin_user : + filename => "/etc/nagios4/htpasswd.users", + password => $web_admin_pw, + group => 'www-data', + } + + package {'apache2': ensure => 'latest'} + service { 'apache2': + ensure => running, + enable => true, + } + + file { + '/root/MONITOR_WEB_PASSWORD': + content => sprintf("%s\n%s\n", $web_admin_user, $web_admin_pw), + group => 'root', + mode => '0600', + ; + } + #definition for check_nrpe_1arg + file { '/etc/nagios-plugins/config/check_nrpe.cfg': + ensure => file, + mode => '0644', + content => template('eid/monitor/check_nrpe.cfg.erb'), + } + + #definition for standard hostgroups + file { '/etc/nagios4/conf.d/hostgroups_nagios4.cfg': + ensure => file, + mode => '0644', + content => template('eid/monitor/hostgroups_nagios4.cfg.erb'), + } + file { '/etc/nagios4/conf.d/monitor-host_nagios4.cfg': + ensure => file, + mode => '0644', + content => template('eid/monitor/monitor-host_nagios4.cfg.erb'), + } + file_line { 'change_auth_user_value': + ensure => 'present', + line => 'use_authentication=1', + path => '/etc/nagios4/cgi.cfg', + match => 'use_authentication=0', + notify => Service['nagios4'], + } + + #nagioscfg::slack::channel {'eln': } -> + nagioscfg::contactgroup {'alerts': } -> + #nagioscfg::contact {'slack-alerts': + # host_notification_commands => ['notify-host-to-slack-eln'], + # service_notification_commands => ['notify-service-to-slack-eln'], + # contact_groups => ['alerts'] + #} + nagioscfg::service {'service_ping': + hostgroup_name => ['all'], + description => 'PING', + check_command => 'check_ping!400.0,1%!500.0,2%', + contact_groups => ['alerts'] + } + nagioscfg::service {'service_ssh': + hostgroup_name => ['jumphosts'], + description => 'SSH', + check_command => 'check_ssh_4_hostname', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_load': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_load', + description => 'System Load', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_users': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_users', + description => 'Active Users', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_zombie_procs': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_zombie_procs', + description => 'Zombie Processes', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_total_procs': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_total_procs_lax', + description => 'Total Processes', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_root': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_root', + description => 'Root Disk', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_boot': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_boot_15_5', + description => 'Boot Disk', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_var': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_var', + description => 'Var Disk', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_uptime': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_uptime', + description => 'Uptime', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_reboot': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_reboot', + description => 'Reboot Needed', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_memory': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_memory', + description => 'System Memory', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_entropy': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_entropy', + description => 'System Entropy', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_ntp_time': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_ntp_time', + description => 'System NTP Time', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_process_haveged': + hostgroup_name => ['entropyclient'], + check_command => 'check_nrpe_1arg!check_process_haveged', + description => 'haveged running', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_scriptherder': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_scriptherder', + description => 'Scriptherder Status', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_apt': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_apt', + description => 'Packages available for upgrade', + contact_groups => ['alerts'] + } + nagioscfg::service {'metadata_aggregate_age': + hostgroup_name => ['md_publisher'], + check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate', + description => 'metadata aggregate age', + contact_groups => ['alerts'] + } + nagioscfg::service {'mdsl_aggregate_age': + hostgroup_name => ['mdsl_publisher'], + check_command => 'check_nrpe_1arg!check_fileage_mdsl_aggregate', + description => 'mdsl aggregate age', + contact_groups => ['alerts'] + } + nagioscfg::service {'mdsl_se_age': + hostgroup_name => ['mdsl_publisher'], + check_command => 'check_nrpe_1arg!check_fileage_mdsl_se', + description => 'mdsl se age', + contact_groups => ['alerts'] + } + nagioscfg::service {'proxy_eidas_metadata_age': + hostgroup_name => ['proxy_eidas_metadata'], + check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata', + description => 'proxy eidas metadata age', + contact_groups => ['alerts'] + } + nagioscfg::service {'proxy_eidas_metadata_list_age': + hostgroup_name => ['proxy_eidas_metadata'], + check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata_list', + description => 'proxy eidas metadata list age', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_eidas_health': + hostgroup_name => ['servicemonitor'], + check_command => 'check_nrpe_1arg!check_eidas_health', + description => 'eidas component healthcheck', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_needrestart': + hostgroup_name => ['nrpe'], + check_command => 'check_nrpe_1arg!check_needrestart', + description => 'Processes need restart', + contact_groups => ['alerts'] + } + nagioscfg::service {'check_docker_containers': + hostgroup_name => ['fe_servers'], + check_command => 'check_nrpe_1arg!check_docker_containers', + description => 'Check Docker Containers', + contact_groups => ['alerts'] + } + nagioscfg::command {'check_ssl_cert_3': + command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTNAME\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" + } + nagioscfg::command {'check_ssl_cert_3_without_ocsp': + command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTNAME\$' --ignore-ocsp -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" + } + $public_hosts = ['proxy.eidas.swedenconnect.se','validator.swedenconnect.se','qa.demw.eidas.swedenconnect.se','demw.eidas.swedenconnect.se','api.swedenconnect.se','qa.test.swedenconnect.se','test.swedenconnect.se','qa.md.swedenconnect.se','md.swedenconnect.se','md.eidas.swedenconnect.se','qa.md.eidas.swedenconnect.se','qa.connector.eidas.swedenconnect.se','qa.proxy.eidas.swedenconnect.se','connector.eidas.swedenconnect.se','test.connector.eidas.swedenconnect.se','test.test.swedenconnect.se','test.proxy.eidas.swedenconnect.se','test.md.eidas.swedenconnect.se','test.md.swedenconnect.se','test.validator.swedenconnect.se'] + nagioscfg::host {$public_hosts: } + nagioscfg::service {'check_public_ssl_cert': + host_name => $public_hosts, + check_command => 'check_ssl_cert_3!30!14!443', + description => 'check https certificate validity on port 443', + contact_groups => ['alerts'] + } + nagioscfg::command {'check_ssl_cert_altname': + command_line => "/usr/lib/nagios/plugins/check_ssl_cert -n '\$ARG4\$' --altnames -H '\$HOSTNAME\$' --ignore-ocsp -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" + } + nagioscfg::host {'prid.sveidas.se': } + nagioscfg::service {'check_public_ssl_cert_altname': + host_name => ['prid.sveidas.se'], + check_command => 'check_ssl_cert_altname!30!14!443!prid.sveidas.se', + description => 'check https certificate validity on port 443 with SAN', + contact_groups => ['alerts'] + } + $infra_hosts = ['prid-1.qa.sveidas.se','prid-1.sveidas.se,','prid-2.sveidas.se','prid.sveidas.se'] + nagioscfg::service {'check_infra_ssl_cert': + host_name => $infra_hosts, + check_command => 'check_ssl_cert_3_without_ocsp!30!14!443', + description => 'check https infra certificate validity on port 443', + contact_groups => ['alerts'] + } + nagioscfg::command {'check_website': + command_line => "/usr/lib/nagios/plugins/check_http -H '\$HOSTNAME\$' -S -u '\$ARG1\$'" + } + nagioscfg::service {'check_idp_metadata_eIDAS': + host_name => ['md.eidas.swedenconnect.se'], + check_command => 'check_website!https://md.eidas.swedenconnect.se/role/idp.xml', + description => 'check IdP metadata for eIDAS', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_idp_metadata_swedenconnect': + host_name => ['md.swedenconnect.se'], + check_command => 'check_website!https://md.swedenconnect.se/role/idp.xml/', + description => 'check IdP metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_connector': + host_name => ['connector.eidas.swedenconnect.se'], + check_command => 'check_website!https://connector.eidas.swedenconnect.se/idp/metadata/sp', + description => 'check metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_metadata_DE_middleware': + host_name => ['demw.eidas.swedenconnect.se'], + check_command => 'check_website!https://demw.eidas.swedenconnect.se/eidas-middleware/Metadata', + description => 'check metadata for DE middleware', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_metadata_proxy': + host_name => ['proxy.eidas.swedenconnect.se'], + check_command => 'check_website!https://proxy.eidas.swedenconnect.se/eidas-ps/ServiceMetadata', + description => 'check metadata for Proxy', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_api': + host_name => ['api.swedenconnect.se'], + check_command => 'check_website!https://api.swedenconnect.se/testid/', + description => 'check api', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_metadata_DE_middleware_QA': + host_name => ['qa.demw.eidas.swedenconnect.se'], + check_command => 'check_website!https://qa.demw.eidas.swedenconnect.se/eidas-middleware/Metadata', + description => 'check metadata for DE middleware QA', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_ref_idp': + host_name => ['qa.test.swedenconnect.se'], + check_command => 'check_website!https://qa.test.swedenconnect.se/idp/metadata/idp.xml', + description => 'check Reference IdP', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_mdservicelist_metadata_eIDAS_QA': + host_name => ['qa.md.eidas.swedenconnect.se'], + check_command => 'check_website!https://qa.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml/', + description => 'check MDSservicelist metadata for eIDAS', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_sp_metadata_swedenconnect_QA': + host_name => ['qa.md.swedenconnect.se'], + check_command => 'check_website!https://qa.md.swedenconnect.se/role/sp.xml/', + description => 'check SP metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_connector_QA': + host_name => ['qa.connector.eidas.swedenconnect.se'], + check_command => 'check_website!https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp', + description => 'check metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_metadata_proxy_QA': + host_name => ['qa.proxy.eidas.swedenconnect.se'], + check_command => 'check_website!https://qa.proxy.eidas.swedenconnect.se/eidas-ps/ServiceMetadata', + description => 'check metadata for Proxy', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_ref_idp_test': + host_name => ['test.test.swedenconnect.se'], + check_command => 'check_website!https://test.test.swedenconnect.se/idp/metadata/idp.xml', + description => 'check Reference IdP', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_mdservicelist_metadata_eIDAS_Test': + host_name => ['test.md.eidas.swedenconnect.se'], + check_command => 'check_website!https://test.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml/', + description => 'check MDSservicelist metadata for eIDAS', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_sp_metadata_swedenconnect_Test': + host_name => ['test.md.swedenconnect.se'], + check_command => 'check_website!https://test.md.swedenconnect.se/role/sp.xml/', + description => 'check SP metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_connector_Test': + host_name => ['test.connector.eidas.swedenconnect.se'], + check_command => 'check_website!https://test.connector.eidas.swedenconnect.se/idp/metadata/sp', + description => 'check metadata for Sweden Connect', + contact_groups => ['alerts'], + } + nagioscfg::service {'check_metadata_proxy_Test': + host_name => ['test.proxy.eidas.swedenconnect.se'], + check_command => 'check_website!https://test.proxy.eidas.swedenconnect.se/eidas-ps/ServiceMetadata', + description => 'check metadata for Proxy', + contact_groups => ['alerts'], + } + nagioscfg::command {'check_country_count': + command_line => "/usr/lib/nagios/plugins/check_eidas_country_count.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$' '\$ARG4\$'" + } +#Commented out in relation to SC-1468 +# nagioscfg::service {'check_country_eIDAS_QA': +# host_name => ['qa.md.eidas.swedenconnect.se'], +# check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!PT LU IT ES HR LV DE EE BE IS XB CY PL SK LT NO DK CZ SE EL XA MT SI!1!3', +# description => 'check number of countries in eIDAS QA', +# contact_groups => ['alerts'], +# } + nagioscfg::service {'check_country_eIDAS': + host_name => ['md.eidas.swedenconnect.se'], + check_command => 'check_country_count!md.eidas.swedenconnect.se!LU IT ES HR DE EE BE PT SK CZ LV!1!3', + description => 'check number of countries in eIDAS', + contact_groups => ['alerts'], + } + nagioscfg::command {'check_eidastest_qa': + command_line => "/usr/lib/nagios/plugins/check_eidastest_qa.sh" + } + nagioscfg::service {'check_eidastest_qa': + host_name => ['localhost'], + check_command => 'check_eidastest_qa', + description => 'check test countires in QA', + contact_groups => ['alerts'], + } + nagioscfg::command {'check_eidastest_prod': + command_line => "/usr/lib/nagios/plugins/check_eidastest_prod.sh" + } + nagioscfg::service {'check_eidastest_prod': + host_name => ['localhost'], + check_command => 'check_eidastest_prod', + description => 'check test countires in Production', + contact_groups => ['alerts'], + } + nagioscfg::command {'check_metadata_age': + command_line => "/usr/lib/nagios/plugins/check_eidas_metadata_age.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$'" + } + $hosts_md = ['qa.md.swedenconnect.se', 'md.swedenconnect.se', 'test.md.swedenconnect.se'] + $hosts_md.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/entities/!691200!172800", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_md_eidas = ['md.eidas.swedenconnect.se', 'qa.md.eidas.swedenconnect.se', 'test.md.eidas.swedenconnect.se'] + $hosts_md_eidas.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/entities/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_proxy = ['proxy.eidas.swedenconnect.se', 'qa.proxy.eidas.swedenconnect.se', 'test.proxy.eidas.swedenconnect.se'] + $hosts_proxy.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/eidas-ps/ServiceMetadata/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_demw = ['demw.eidas.swedenconnect.se', 'qa.demw.eidas.swedenconnect.se'] + $hosts_demw.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/eidas-middleware/Metadata/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_connector = ['connector.eidas.swedenconnect.se', 'qa.connector.eidas.swedenconnect.se', 'test.connector.eidas.swedenconnect.se'] + $hosts_connector.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/idp/metadata/sp/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } +} \ No newline at end of file diff --git a/global/overlay/etc/puppet/modules/eid/templates/monitor/hostgroups_nagios4.cfg.erb b/global/overlay/etc/puppet/modules/eid/templates/monitor/hostgroups_nagios4.cfg.erb new file mode 100644 index 00000000..11716469 --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/templates/monitor/hostgroups_nagios4.cfg.erb @@ -0,0 +1,8 @@ +# Some generic hostgroup definitions + +# A simple wildcard hostgroup +define hostgroup { + hostgroup_name all + alias All Servers + members * + } \ No newline at end of file diff --git a/global/overlay/etc/puppet/modules/eid/templates/monitor/monitor-host_nagios4.cfg.erb b/global/overlay/etc/puppet/modules/eid/templates/monitor/monitor-host_nagios4.cfg.erb new file mode 100644 index 00000000..c9bce2ab --- /dev/null +++ b/global/overlay/etc/puppet/modules/eid/templates/monitor/monitor-host_nagios4.cfg.erb @@ -0,0 +1,19 @@ +# Generic host definition template - This is NOT a real host, just a template! + +define host{ + name monitor-host ; The name of this host template + action_url /grafana/dashboard/script/histou.js?host=$HOSTNAME$&theme=light&annotations=true + notifications_enabled 1 ; Host notifications are enabled + event_handler_enabled 1 ; Host event handler is enabled + flap_detection_enabled 1 ; Flap detection is enabled + process_perf_data 1 ; Process performance data + retain_status_information 1 ; Retain status information across program restarts + retain_nonstatus_information 1 ; Retain non-status information across program restarts + check_command check-host-alive + max_check_attempts 10 + notification_interval 0 + notification_period 24x7 + notification_options d,u,r + contact_groups admins + register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! + } \ No newline at end of file