From f4aff1ff1109d3dbdc0761961075b0055efbc9ec Mon Sep 17 00:00:00 2001 From: Johan Wassberg Date: Fri, 31 May 2024 15:01:23 +0200 Subject: [PATCH 1/6] Shared configuration --- .../overlay/etc/hiera/data/local.yaml | 12 ------------ .../overlay/etc/hiera/data/local.yaml | 13 ------------- relay-common/etc/hiera/data/group.yaml | 13 +++++++++++++ 3 files changed, 13 insertions(+), 25 deletions(-) create mode 100644 relay-common/etc/hiera/data/group.yaml diff --git a/relay-1.swedenconnect.se/overlay/etc/hiera/data/local.yaml b/relay-1.swedenconnect.se/overlay/etc/hiera/data/local.yaml index 233261d9..ed97d539 100644 --- a/relay-1.swedenconnect.se/overlay/etc/hiera/data/local.yaml +++ b/relay-1.swedenconnect.se/overlay/etc/hiera/data/local.yaml @@ -1,13 +1 @@ --- -submission_ip: - - 193.10.93.2 # sunet test ip - - 2001:6b0:7:c::/64 # sunet test ip - - 109.105.111.111 # nagiosxi.nordu.net - - 2001:948:4:6::111 # nagiosxi.nordu.net - - 85.235.7.170 # idm - - 94.176.224.229 # monitor-fre-3 - - 2001:6b0:64:4::229 # monitor-fre-3 - - 94.176.224.101 # monitor-tug-3 - - 2001:6b0:63:4::101 # monitor-tug-3 - - 89.47.184.215 # nic - - 2001:6b0:5a:4020::330 # nic diff --git a/relay-2.swedenconnect.se/overlay/etc/hiera/data/local.yaml b/relay-2.swedenconnect.se/overlay/etc/hiera/data/local.yaml index 6a435ce8..09331336 100644 --- a/relay-2.swedenconnect.se/overlay/etc/hiera/data/local.yaml +++ b/relay-2.swedenconnect.se/overlay/etc/hiera/data/local.yaml @@ -1,17 +1,4 @@ --- -submission_ip: - - 193.10.93.2 # sunet test ip - - 2001:6b0:7:c::/64 # sunet test ip - - 109.105.111.111 # nagiosxi.nordu.net - - 2001:948:4:6::111 # nagiosxi.nordu.net - - 85.235.7.170 # idm - - 94.176.224.229 # monitor-fre-3 - - 2001:6b0:64:4::229 # monitor-fre-3 - - 94.176.224.101 # monitor-tug-3 - - 2001:6b0:63:4::101 # monitor-tug-3 - - 89.47.184.215 # nic - - 2001:6b0:5a:4020::330 # nic - relay_ip: - 89.47.185.206 - 2001:6b0:5a:4020::225 diff --git a/relay-common/etc/hiera/data/group.yaml b/relay-common/etc/hiera/data/group.yaml new file mode 100644 index 00000000..233261d9 --- /dev/null +++ b/relay-common/etc/hiera/data/group.yaml @@ -0,0 +1,13 @@ +--- +submission_ip: + - 193.10.93.2 # sunet test ip + - 2001:6b0:7:c::/64 # sunet test ip + - 109.105.111.111 # nagiosxi.nordu.net + - 2001:948:4:6::111 # nagiosxi.nordu.net + - 85.235.7.170 # idm + - 94.176.224.229 # monitor-fre-3 + - 2001:6b0:64:4::229 # monitor-fre-3 + - 94.176.224.101 # monitor-tug-3 + - 2001:6b0:63:4::101 # monitor-tug-3 + - 89.47.184.215 # nic + - 2001:6b0:5a:4020::330 # nic From d354b04c21f026b8cfd3f22c84d1bac3d1455948 Mon Sep 17 00:00:00 2001 From: Johan Wassberg Date: Fri, 31 May 2024 15:05:11 +0200 Subject: [PATCH 2/6] Use correct path --- relay-common/{ => overlay}/etc/hiera/data/group.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename relay-common/{ => overlay}/etc/hiera/data/group.yaml (100%) diff --git a/relay-common/etc/hiera/data/group.yaml b/relay-common/overlay/etc/hiera/data/group.yaml similarity index 100% rename from relay-common/etc/hiera/data/group.yaml rename to relay-common/overlay/etc/hiera/data/group.yaml From d33aa5cd033402a325287d8fee717bb4a8cca642 Mon Sep 17 00:00:00 2001 From: Johan Wassberg Date: Fri, 31 May 2024 15:09:57 +0200 Subject: [PATCH 3/6] App servers need to notify users --- relay-common/overlay/etc/hiera/data/group.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/relay-common/overlay/etc/hiera/data/group.yaml b/relay-common/overlay/etc/hiera/data/group.yaml index 233261d9..6b94fbb3 100644 --- a/relay-common/overlay/etc/hiera/data/group.yaml +++ b/relay-common/overlay/etc/hiera/data/group.yaml @@ -11,3 +11,8 @@ submission_ip: - 2001:6b0:63:4::101 # monitor-tug-3 - 89.47.184.215 # nic - 2001:6b0:5a:4020::330 # nic + - 89.45.236.223 # idm-sto3-qa-app-2.komreg.net + - 89.45.237.180 # idm-sto3-test-app-3.komreg.net + - 89.47.184.15 # idm-sto1-qa-app-1.komreg.net + - 89.47.184.233 # idm-sto1-qa-app-3.komreg.net + - 89.47.185.124 # idm-sto1-test-app-1.komreg.net From df750ff6a3bb046d6bb32b6d4ca0ce4d2feee11f Mon Sep 17 00:00:00 2001 From: Johan Wassberg Date: Fri, 31 May 2024 15:31:43 +0200 Subject: [PATCH 4/6] IPv6 is the future --- relay-common/overlay/etc/hiera/data/group.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/relay-common/overlay/etc/hiera/data/group.yaml b/relay-common/overlay/etc/hiera/data/group.yaml index 6b94fbb3..3ad20606 100644 --- a/relay-common/overlay/etc/hiera/data/group.yaml +++ b/relay-common/overlay/etc/hiera/data/group.yaml @@ -16,3 +16,8 @@ submission_ip: - 89.47.184.15 # idm-sto1-qa-app-1.komreg.net - 89.47.184.233 # idm-sto1-qa-app-3.komreg.net - 89.47.185.124 # idm-sto1-test-app-1.komreg.net + - 2001:6b0:5a:4020::328 # idm-sto1-qa-app-1.komreg.net + - 2001:6b0:5a:4020::c2 # idm-sto1-qa-app-3.komreg.net + - 2001:6b0:5a:4020::2fe # idm-sto1-test-app-1.komreg.net + - 2001:6b0:40::3c # idm-sto3-qa-app-2.komreg.net + - 2001:6b0:40::22f # idm-sto3-test-app-3.komreg.net From 5f738270e4fadd30d720c4d95e9e268c368660ef Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 31 May 2024 17:39:33 +0200 Subject: [PATCH 5/6] Some NRPE checks will get fishy results when using a PrivateTmp. E.g check_apt: https://askubuntu.com/questions/1415415/check-apt-issue-with-nagios --- .../etc/puppet/manifests/cosmos-site.pp | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 12f4df24..61a714ba 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -913,6 +913,28 @@ class nrpe { sunet::nagios::nrpe_command {'check_needrestart': command_line => "sudo /usr/sbin/needrestart -p -l" } + exec { "create_${name}_service_dir": + command => '/bin/mkdir -p /etc/systemd/system/nagios-nrpe-server.service.d/', + unless => '/usr/bin/test -d /etc/systemd/system/nagios-nrpe-server.service.d/', + } + exec { "${name}_daemon_reload": + command => 'systemctl daemon-reload', + refreshonly => true, + } + + $str = "# Some NRPE checks will get fishy results when using a PrivateTmp. +# E.g check_apt: https://askubuntu.com/questions/1415415/check-apt-issue-with-nagios +[Service] +PrivateTmp=false" + + file { + '/etc/systemd/system/nagios-nrpe-server.service.d/privatetmp.conf': + ensure => file, + mode => '0444', + content => $str, + require => [Exec["create_${name}_service_dir"], Package[$nrpe_service]], + notify => [Exec["${name}_daemon_reload"],Service[$nrpe_service]], + } } class redis_cluster_node { From 510003043b8689fc82959885afa0c3ed6340a172 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 31 May 2024 18:30:06 +0200 Subject: [PATCH 6/6] had to specifiy package name --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 61a714ba..9db00888 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -932,8 +932,8 @@ PrivateTmp=false" ensure => file, mode => '0444', content => $str, - require => [Exec["create_${name}_service_dir"], Package[$nrpe_service]], - notify => [Exec["${name}_daemon_reload"],Service[$nrpe_service]], + require => [Exec["create_${name}_service_dir"], Package[nagios-nrpe-server]], + notify => [Exec["${name}_daemon_reload"],Service[nagios-nrpe-server]], } }