diff --git a/global/overlay/etc/hiera/data/common.yaml b/global/overlay/etc/hiera/data/common.yaml index 9de960ec..8719f18f 100644 --- a/global/overlay/etc/hiera/data/common.yaml +++ b/global/overlay/etc/hiera/data/common.yaml @@ -2,3 +2,9 @@ syslog_servers: - syslog.nordu.net nagios_ip_v4: 89.45.233.197 +nrpe_clients: + - 127.0.0.1 + - 127.0.1.1 + - 109.105.111.111 + - 2001:948:4:6::111 + - 89.45.233.197 diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 8baa99c1..8135eb2f 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -2,6 +2,7 @@ common: sunetops: nrpe: + entropyclient: infra_ca_rp: mailclient: domain: sunet.se @@ -12,6 +13,9 @@ jmp.komreg.net: sunet_iaas_cloud: autoupdate: +nic.komreg.net: + nagios_monitor: + r1.komreg.net: sunet_iaas_cloud: autoupdate: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 90c9b9c9..a99183ac 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -178,6 +178,11 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v sunet::misc::ufw_allow {'allow-lighttpd': from => $allow_clients, port => 443 + } -> + sunet::nagios::nrpe_check_fileage {"metadata_aggregate": + filename => "/var/www/html/entities/index.html", # yes this is correct + warning_age => '600', + critical_age => '86400' } } @@ -195,33 +200,6 @@ class md_repo_server($hostname) { class {'https_server': } } -class swamid_pyff_signer { - class {'ubuntu_dockerhost': } - class { 'swamid_metadata_repo': hostname => 'git.swamid.se'} -> - cron {'update-swamid-metadata': - command => "cd /opt/swamid-metadata && git pull -q", - user => root, - minute => '*/5' - } -> - sunet::pyff {'swamid': - ssl_dir => '/etc/dehydrated', - dir => '/opt/swamid-metadata', - acme_tool_uri => "http://acme-c.sunet.se/.well-known/acme-challenge/" - } - #sunet::exabgp::config {'swamid': - # local_as => "65433", - # local_address => "${::ipaddress_eth0}", - # remote_as => "1653", - # remote_address => hiera("1653-peer-address"), - # route => "130.242.125.192/32 next-hop self" - #} -> - #sunet::exabgp::monitor::url {'check-for-sp-swamid': - # url => "localhost/metadata/%7Bsha1%7D152713cd66ffc27ec9ef42cc43c85df399f6a85e.json", - # match => "https://sp.swamid.se/shibboleth" - #} -> - sunet::exabgp { 'swamid': } -} - class eidas_connector($version="1.0.6") { $_version = safe_hiera('eidas_connector_version',$version) $hostname = safe_hiera('eidas_connector_hostname') @@ -532,50 +510,23 @@ class nrpe { } } -node 'monitor.sunet.se' { +class nagios_monitor { $nrpe_clients = hiera_array('nrpe_clients',[]); $allowed_hosts = join($nrpe_clients," "); - class { 'ubuntu_dockerhost': } class { 'webserver': } class { 'nagioscfg': hostgroups => $::roles, - config => 'nunoc' + config => 'eid' } - file { "/var/www/nagios_config": - ensure => directory, - owner => "www-data", - group => "www-data" - } -> class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> - package { 'pynag': ensure => installed } -> - cron { "publish_nagios_config": - command => "/usr/bin/nagios-export.py > /var/www/nagios_config/export.cfg && chown -R www-data:www-data /var/www/nagios_config", - user => root, - minute => "*/5" - } -> - file { "/etc/apache2/conf-available/nagios_config.conf": - content => "Alias /nagios-config /var/www/nagios_config\n\n\tDeny from all\n\tAllow from $allowed_hosts\n", - } -> - exec { "enable-nagios-config-publish": - command => "a2enconf nagios_config", - refreshonly => true - } - - class {'nagioscfg::passive': enable_notifications => '1'} - nagioscfg::slack::channel {'nagios': } -> + #class {'nagioscfg::passive': enable_notifications => '1'} + nagioscfg::slack::channel {'eln': } -> nagioscfg::contactgroup {'alerts': } -> nagioscfg::contact {'slack-alerts': host_notification_commands => ['notify-host-to-slack-nagios'], service_notification_commands => ['notify-service-to-slack-nagios'], contact_groups => ['alerts'] } - nagioscfg::slack::channel {'swamidops': } -> - nagioscfg::contactgroup {'swamid': } -> - nagioscfg::contact {'slack-swamid': - host_notification_commands => ['notify-host-to-slack-swamidops'], - service_notification_commands => ['notify-service-to-slack-swamidops'], - contact_groups => ['swamid'] - } nagioscfg::service {'service_ping': hostgroup_name => ['all'], description => 'PING', @@ -672,25 +623,19 @@ node 'monitor.sunet.se' { description => 'Scriptherder Status', contact_groups => ['alerts'] } - nagioscfg::service {'etcd_cluster_health': - hostgroup_name => ['webcommon'], - check_command => 'check_nrpe_1arg!etcd_cluster_health', - description => 'etcd cluster health', - contact_groups => ['alerts'] - } - nagioscfg::service {'swamid-2.0-2-age': - hostgroup_name => ['swamid_static_signer'], - check_command => 'check_nrpe_1arg!check_fileage_swamid-2.0-2', - description => 'swamid 2.0 2016 metadata age', + nagioscfg::service {'metadata_aggregate_age': + hostgroup_name => ['md_publisher'], + check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate', + description => 'metadata aggregate age', contact_groups => ['alerts'] } nagioscfg::command {'check_ssl_cert_3': command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" } - nagioscfg::service {'check_ssl_cert': - hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'], - check_command => 'check_ssl_cert_3!30!14!443', - description => 'check https certificate validity on port 443', - contact_groups => ['alerts'] - } + #nagioscfg::service {'check_ssl_cert': + # hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'], + # check_command => 'check_ssl_cert_3!30!14!443', + # description => 'check https certificate validity on port 443', + # contact_groups => ['alerts'] + #} }