swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nagios config

Browse source
This commit is contained in:
Leif Johansson 2018-02-12 22:04:10 +01:00
parent 2a4f99f665
commit 78604c9a6f
3 changed files with 29 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
global/overlay/etc/hiera/data/common.yaml
View file

@ -2,3 +2,9 @@
syslog_servers: syslog_servers:
- syslog.nordu.net - syslog.nordu.net
nagios_ip_v4: 89.45.233.197 nagios_ip_v4: 89.45.233.197
nrpe_clients:
- 127.0.0.1
- 127.0.1.1
- 109.105.111.111
- 2001:948:4:6::111
- 89.45.233.197

4
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -2,6 +2,7 @@
common: common:
sunetops: sunetops:
nrpe: nrpe:
entropyclient:
infra_ca_rp: infra_ca_rp:
mailclient: mailclient:
domain: sunet.se domain: sunet.se
@ -12,6 +13,9 @@ jmp.komreg.net:
sunet_iaas_cloud: sunet_iaas_cloud:
autoupdate: autoupdate:
nic.komreg.net:
nagios_monitor:
r1.komreg.net: r1.komreg.net:
sunet_iaas_cloud: sunet_iaas_cloud:
autoupdate: autoupdate:

93
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -178,6 +178,11 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
sunet::misc::ufw_allow {'allow-lighttpd': sunet::misc::ufw_allow {'allow-lighttpd':
from => $allow_clients, from => $allow_clients,
port => 443 port => 443
} ->
sunet::nagios::nrpe_check_fileage {"metadata_aggregate":
filename => "/var/www/html/entities/index.html", # yes this is correct
warning_age => '600',
critical_age => '86400'
} }
} }
@ -195,33 +200,6 @@ class md_repo_server($hostname) {
class {'https_server': } class {'https_server': }
} }
class swamid_pyff_signer {
class {'ubuntu_dockerhost': }
class { 'swamid_metadata_repo': hostname => 'git.swamid.se'} ->
cron {'update-swamid-metadata':
command => "cd /opt/swamid-metadata && git pull -q",
user => root,
minute => '*/5'
} ->
sunet::pyff {'swamid':
ssl_dir => '/etc/dehydrated',
dir => '/opt/swamid-metadata',
acme_tool_uri => "http://acme-c.sunet.se/.well-known/acme-challenge/"
}
#sunet::exabgp::config {'swamid':
# local_as => "65433",
# local_address => "${::ipaddress_eth0}",
# remote_as => "1653",
# remote_address => hiera("1653-peer-address"),
# route => "130.242.125.192/32 next-hop self"
#} ->
#sunet::exabgp::monitor::url {'check-for-sp-swamid':
# url => "localhost/metadata/%7Bsha1%7D152713cd66ffc27ec9ef42cc43c85df399f6a85e.json",
# match => "https://sp.swamid.se/shibboleth"
#} ->
sunet::exabgp { 'swamid': }
}
class eidas_connector($version="1.0.6") { class eidas_connector($version="1.0.6") {
$_version = safe_hiera('eidas_connector_version',$version) $_version = safe_hiera('eidas_connector_version',$version)
$hostname = safe_hiera('eidas_connector_hostname') $hostname = safe_hiera('eidas_connector_hostname')
@ -532,50 +510,23 @@ class nrpe {
} }
} }
node 'monitor.sunet.se' { class nagios_monitor {
$nrpe_clients = hiera_array('nrpe_clients',[]); $nrpe_clients = hiera_array('nrpe_clients',[]);
$allowed_hosts = join($nrpe_clients," "); $allowed_hosts = join($nrpe_clients," ");
class { 'ubuntu_dockerhost': }
class { 'webserver': } class { 'webserver': }
class { 'nagioscfg': class { 'nagioscfg':
hostgroups => $::roles, hostgroups => $::roles,
config => 'nunoc' config => 'eid'
} }
file { "/var/www/nagios_config":
ensure => directory,
owner => "www-data",
group => "www-data"
} ->
class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } ->
package { 'pynag': ensure => installed } -> #class {'nagioscfg::passive': enable_notifications => '1'}
cron { "publish_nagios_config": nagioscfg::slack::channel {'eln': } ->
command => "/usr/bin/nagios-export.py > /var/www/nagios_config/export.cfg && chown -R www-data:www-data /var/www/nagios_config",
user => root,
minute => "*/5"
} ->
file { "/etc/apache2/conf-available/nagios_config.conf":
content => "Alias /nagios-config /var/www/nagios_config\n<Directory /var/www/nagios_config>\n\tDeny from all\n\tAllow from $allowed_hosts\n</Directory>",
} ->
exec { "enable-nagios-config-publish":
command => "a2enconf nagios_config",
refreshonly => true
}
class {'nagioscfg::passive': enable_notifications => '1'}
nagioscfg::slack::channel {'nagios': } ->
nagioscfg::contactgroup {'alerts': } -> nagioscfg::contactgroup {'alerts': } ->
nagioscfg::contact {'slack-alerts': nagioscfg::contact {'slack-alerts':
host_notification_commands => ['notify-host-to-slack-nagios'], host_notification_commands => ['notify-host-to-slack-nagios'],
service_notification_commands => ['notify-service-to-slack-nagios'], service_notification_commands => ['notify-service-to-slack-nagios'],
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::slack::channel {'swamidops': } ->
nagioscfg::contactgroup {'swamid': } ->
nagioscfg::contact {'slack-swamid':
host_notification_commands => ['notify-host-to-slack-swamidops'],
service_notification_commands => ['notify-service-to-slack-swamidops'],
contact_groups => ['swamid']
}
nagioscfg::service {'service_ping': nagioscfg::service {'service_ping':
hostgroup_name => ['all'], hostgroup_name => ['all'],
description => 'PING', description => 'PING',
@ -672,25 +623,19 @@ node 'monitor.sunet.se' {
description => 'Scriptherder Status', description => 'Scriptherder Status',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'etcd_cluster_health': nagioscfg::service {'metadata_aggregate_age':
hostgroup_name => ['webcommon'], hostgroup_name => ['md_publisher'],
check_command => 'check_nrpe_1arg!etcd_cluster_health', check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate',
description => 'etcd cluster health', description => 'metadata aggregate age',
contact_groups => ['alerts']
}
nagioscfg::service {'swamid-2.0-2-age':
hostgroup_name => ['swamid_static_signer'],
check_command => 'check_nrpe_1arg!check_fileage_swamid-2.0-2',
description => 'swamid 2.0 2016 metadata age',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::command {'check_ssl_cert_3': nagioscfg::command {'check_ssl_cert_3':
command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
} }
nagioscfg::service {'check_ssl_cert': #nagioscfg::service {'check_ssl_cert':
hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'], # hostgroup_name => ['swamid_static_signer','swamid_pyff_signer','ds_legacy','swamid_sp_test','webfrontend','entropyserver','https_server'],
check_command => 'check_ssl_cert_3!30!14!443', # check_command => 'check_ssl_cert_3!30!14!443',
description => 'check https certificate validity on port 443', # description => 'check https certificate validity on port 443',
contact_groups => ['alerts'] # contact_groups => ['alerts']
} #}
} }