swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nagios config

Browse source
This commit is contained in:
Leif Johansson 2018-02-12 22:04:10 +01:00
parent 2a4f99f665
commit 78604c9a6f
3 changed files with 29 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
global/overlay/etc/hiera/data/common.yaml
View file

@ -2,3 +2,9 @@
syslog_servers:
- syslog.nordu.net
nagios_ip_v4: 89.45.233.197
nrpe_clients:
- 127.0.0.1
- 127.0.1.1
- 109.105.111.111
- 2001:948:4:6::111
- 89.45.233.197

4
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -2,6 +2,7 @@
common:
sunetops:
nrpe:
entropyclient:
infra_ca_rp:
mailclient:
domain: sunet.se
@ -12,6 +13,9 @@ jmp.komreg.net:
sunet_iaas_cloud:
autoupdate:
nic.komreg.net:
nagios_monitor:
r1.komreg.net:
sunet_iaas_cloud:
autoupdate:

93
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -178,6 +178,11 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
sunet::misc::ufw_allow {'allow-lighttpd':
from => $allow_clients,
port => 443
} ->
sunet::nagios::nrpe_check_fileage {"metadata_aggregate":
filename => "/var/www/html/entities/index.html", # yes this is correct
warning_age => '600',
critical_age => '86400'
}
}
@ -195,33 +200,6 @@ class md_repo_server($hostname) {
class {'https_server': }
}
class swamid_pyff_signer {
class {'ubuntu_dockerhost': }
class { 'swamid_metadata_repo': hostname => 'git.swamid.se'} ->
cron {'update-swamid-metadata':
command => "cd /opt/swamid-metadata && git pull -q",
user => root,
minute => '*/5'
} ->
sunet::pyff {'swamid':
ssl_dir => '/etc/dehydrated',
dir => '/opt/swamid-metadata',
acme_tool_uri => "http://acme-c.sunet.se/.well-known/acme-challenge/"
}
#sunet::exabgp::config {'swamid':
# local_as => "65433",
# local_address => "${::ipaddress_eth0}",
# remote_as => "1653",
# remote_address => hiera("1653-peer-address"),
# route => "130.242.125.192/32 next-hop self"
#} ->
#sunet::exabgp::monitor::url {'check-for-sp-swamid':
# url => "localhost/metadata/%7Bsha1%7D152713cd66ffc27ec9ef42cc43c85df399f6a85e.json",
# match => "https://sp.swamid.se/shibboleth"
#} ->
sunet::exabgp { 'swamid': }
}
class eidas_connector($version="1.0.6") {
$_version = safe_hiera('eidas_connector_version',$version)
$hostname = safe_hiera('eidas_connector_hostname')
@ -532,50 +510,23 @@ class nrpe {
}
}
node 'monitor.sunet.se' {
class nagios_monitor {
$nrpe_clients = hiera_array('nrpe_clients',[]);
$allowed_hosts = join($nrpe_clients," ");
class { 'ubuntu_dockerhost': }
class { 'webserver': }
class { 'nagioscfg':
hostgroups => $::roles,
config => 'nunoc'
config => 'eid'
}
file { "/var/www/nagios_config":
ensure => directory,
owner => "www-data",
group => "www-data"
} ->
class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } ->
package { 'pynag': ensure => installed } ->
cron { "publish_nagios_config":
command => "/usr/bin/nagios-export.py > /var/www/nagios_config/export.cfg && chown -R www-data:www-data /var/www/nagios_config",
user => root,
minute => "*/5"
} ->
file { "/etc/apache2/conf-available/nagios_config.conf":
content => "Alias /nagios-config /var/www/nagios_config\n<Directory /var/www/nagios_config>\n\tDeny from all\n\tAllow from $allowed_hosts\n</Directory>",
} ->
exec { "enable-nagios-config-publish":
command => "a2enconf nagios_config",
refreshonly => true
}
class {'nagioscfg::passive': enable_notifications => '1'}
nagioscfg::slack::channel {'nagios': } ->
#class {'nagioscfg::passive': enable_notifications => '1'}
nagioscfg::slack::channel {'eln': } ->
nagioscfg::contactgroup {'alerts': } ->
nagioscfg::contact {'slack-alerts':
host_notification_commands => ['notify-host-to-slack-nagios'],
service_notification_commands => ['notify-service-to-slack-nagios'],
contact_groups => ['alerts']
}
nagioscfg::slack::channel {'swamidops': } ->
nagioscfg::contactgroup {'swamid': } ->
nagioscfg::contact {'slack-swamid':
host_notification_commands => ['notify-host-to-slack-swamidops'],
service_notification_commands => ['notify-service-to-slack-swamidops'],
contact_groups => ['swamid']
}
nagioscfg::service {'service_ping':
hostgroup_name => ['all'],
description => 'PING',
@ -672,25 +623,19 @@ node 'monitor.sunet.se' {
description => 'Scriptherder Status',
contact_groups => ['alerts']
}
nagioscfg::service {'etcd_cluster_health':
hostgroup_name => ['webcommon'],
check_command => 'check_nrpe_1arg!etcd_cluster_health',
description => 'etcd cluster health',
contact_groups => ['alerts']
}
nagioscfg::service {'swamid-2.0-2-age':
hostgroup_name => ['swamid_static_signer'],
check_command => 'check_nrpe_1arg!check_fileage_swamid-2.0-2',
description => 'swamid 2.0 2016 metadata age',
nagioscfg::service {'metadata_aggregate_age':
hostgroup_name => ['md_publisher'],
check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate',
description => 'metadata aggregate age',
contact_groups => ['alerts']
}
nagioscfg::command {'check_ssl_cert_3':
command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
}
nagioscfg::service {'check_ssl_cert':
hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'],
check_command => 'check_ssl_cert_3!30!14!443',
description => 'check https certificate validity on port 443',
contact_groups => ['alerts']
}
#nagioscfg::service {'check_ssl_cert':
# hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'],
# check_command => 'check_ssl_cert_3!30!14!443',
# description => 'check https certificate validity on port 443',
# contact_groups => ['alerts']
#}
}