From be1b67e5491ea69331f257ffd8c66bcd8af33c5d Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Fri, 22 Feb 2019 13:18:05 +0100
Subject: [PATCH] A new nagios check for eIDAS hosts to check if
 services/processes need to be restarted

Others:

1. Mikael Ottosson's ssh key is removed
2. rng-tools installation from sunet_iaas_cloud is removed as it has
been added under sunet::tools that all hosts get after being
bootstrapped
---
 .../etc/puppet/manifests/cosmos-site.pp       | 31 +++++++++----------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 0baa55f8..cdc5ba0f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -39,6 +39,7 @@ class common {
   include apt
   include apparmor
   package {'jq': ensure => 'latest'}
+  package { 'needrestart': ensure => installed}
 
   if $::is_virtual == true {
     file { '/usr/local/bin/sunet-reinstall':
@@ -86,13 +87,6 @@ class sunet_iaas_cloud {
    sunet::cloud_init::config { 'keep_root_enabled':
       config => { disable_root => 'false' }
    }
-
-   # rdrand is exposed to VMs and can therefore be used.
-   package {'rng-tools': } ->
-   service {'rng-tools':
-     ensure => 'running'
-   }
-
 }
 
 class webserver {
@@ -700,14 +694,6 @@ class sunetops {
      user   => 'root'
   }
 
-  ssh_authorized_key {'mikott+BEBCB9C0':
-     ensure => present,
-     name   => 'mikott+BEBCB9C0@nordu.net',
-     key    => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC36l/Qxb+sByKKZwBOPLiqScqWg6Q9elraB4vj13MjkoGsNoCmzWDEcAE9hUVwnlprYnWNyaJZ3OliEawFJlRDF8MxgVN+jHYUCUhPoHCE4ChS9Y0EayLb+AQ2JbfI1KAADga161P+/P1ofALMnZHW2NpK1p+2eiE891c1sc+NfLCNySX/hcvkkP6zNrCmZxgFcqIBbYNNxDjU33G3StypFe/7YgmVvd/ZfY22fhWb4gm1fX/3HelxCU6FirDJHujhDm79btjR221emlqTMH3WQvgGBKhLGOoQTKTHEadBmPa16nxv01mTtHVH6tnqGrWXhSrn6WEw3qQSzKrBnHIV',
-     type   => 'ssh-rsa',
-     user   => 'root'
-  }
-
   ssh_authorized_key {'john+B3337B77':
     ensure  => present,
     name    => 'john+B3337B77@nordu.net',
@@ -833,6 +819,14 @@ class nrpe {
    sunet::nagios::nrpe_command {'check_eidas_health':
       command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost'
    }
+   sunet::sudoer {'nagios_run_needrestart_command':
+       user_name    => 'nagios',
+       collection   => 'nagios',
+       command_line => "/usr/sbin/needrestart -p -l"
+   }
+   sunet::nagios::nrpe_command {'check_needrestart':
+       command_line => "sudo /usr/sbin/needrestart -p -l"
+   }
 }
 
 class nagios_monitor {
@@ -862,7 +856,6 @@ class nagios_monitor {
         mode    => '0600',
         ;
    }
-
    nagioscfg::slack::channel {'eln': } ->
    nagioscfg::contactgroup {'alerts': } ->
    nagioscfg::contact {'slack-alerts':
@@ -996,6 +989,12 @@ class nagios_monitor {
       description    => 'eidas component healthcheck',
       contact_groups => ['alerts']
    }
+   nagioscfg::service {'check_needrestart':
+      hostgroup_name => ['nrpe'],
+      check_command  => 'check_nrpe_1arg!check_needrestart',
+      description    => 'Processes need restart',
+      contact_groups => ['alerts']
+   }
    nagioscfg::command {'check_ssl_cert_3':
       command_line   => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
    }