A new nagios check for eIDAS hosts to check if services/processes need to be restarted

Others: 1. Mikael Ottosson's ssh key is removed 2. rng-tools installation from sunet_iaas_cloud is removed as it has been added under sunet::tools that all hosts get after being bootstrapped
2019-02-22 13:18:05 +01:00 · 2019-02-22 13:18:05 +01:00 · be1b67e549
commit be1b67e549
parent b8a734c7f1
1 changed files with 15 additions and 16 deletions
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@ -39,6 +39,7 @@ class common {
  include apt
  include apparmor
  package {'jq': ensure => 'latest'}
+  package { 'needrestart': ensure => installed}

  if $::is_virtual == true {
    file { '/usr/local/bin/sunet-reinstall':
@ -86,13 +87,6 @@ class sunet_iaas_cloud {
   sunet::cloud_init::config { 'keep_root_enabled':
      config => { disable_root => 'false' }
   }
-
-   # rdrand is exposed to VMs and can therefore be used.
-   package {'rng-tools': } ->
-   service {'rng-tools':
-     ensure => 'running'
-   }
-
 }

 class webserver {
@ -700,14 +694,6 @@ class sunetops {
     user   => 'root'
  }

-  ssh_authorized_key {'mikott+BEBCB9C0':
-     ensure => present,
-     name   => 'mikott+BEBCB9C0@nordu.net',
-     key    => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC36l/Qxb+sByKKZwBOPLiqScqWg6Q9elraB4vj13MjkoGsNoCmzWDEcAE9hUVwnlprYnWNyaJZ3OliEawFJlRDF8MxgVN+jHYUCUhPoHCE4ChS9Y0EayLb+AQ2JbfI1KAADga161P+/P1ofALMnZHW2NpK1p+2eiE891c1sc+NfLCNySX/hcvkkP6zNrCmZxgFcqIBbYNNxDjU33G3StypFe/7YgmVvd/ZfY22fhWb4gm1fX/3HelxCU6FirDJHujhDm79btjR221emlqTMH3WQvgGBKhLGOoQTKTHEadBmPa16nxv01mTtHVH6tnqGrWXhSrn6WEw3qQSzKrBnHIV',
-     type   => 'ssh-rsa',
-     user   => 'root'
-  }
-
  ssh_authorized_key {'john+B3337B77':
    ensure  => present,
    name    => 'john+B3337B77@nordu.net',
@ -833,6 +819,14 @@ class nrpe {
   sunet::nagios::nrpe_command {'check_eidas_health':
      command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost'
   }
+   sunet::sudoer {'nagios_run_needrestart_command':
+       user_name    => 'nagios',
+       collection   => 'nagios',
+       command_line => "/usr/sbin/needrestart -p -l"
+   }
+   sunet::nagios::nrpe_command {'check_needrestart':
+       command_line => "sudo /usr/sbin/needrestart -p -l"
+   }
 }

 class nagios_monitor {
@ -862,7 +856,6 @@ class nagios_monitor {
        mode    => '0600',
        ;
   }
-
   nagioscfg::slack::channel {'eln': } ->
   nagioscfg::contactgroup {'alerts': } ->
   nagioscfg::contact {'slack-alerts':
@ -996,6 +989,12 @@ class nagios_monitor {
      description    => 'eidas component healthcheck',
      contact_groups => ['alerts']
   }
+   nagioscfg::service {'check_needrestart':
+      hostgroup_name => ['nrpe'],
+      check_command  => 'check_nrpe_1arg!check_needrestart',
+      description    => 'Processes need restart',
+      contact_groups => ['alerts']
+   }
   nagioscfg::command {'check_ssl_cert_3':
      command_line   => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
   }