swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

A new nagios check for eIDAS hosts to check if services/processes need to be restarted

Browse source 
Others:

1. Mikael Ottosson's ssh key is removed
2. rng-tools installation from sunet_iaas_cloud is removed as it has
been added under sunet::tools that all hosts get after being
bootstrapped
This commit is contained in:
Maria Haider 2019-02-22 13:18:05 +01:00
parent b8a734c7f1
commit be1b67e549
Signed by: mariah
GPG key ID: 7414A760CA747E57
1 changed files with 15 additions and 16 deletions

31
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -39,6 +39,7 @@ class common {
include apt include apt
include apparmor include apparmor
package {'jq': ensure => 'latest'} package {'jq': ensure => 'latest'}
package { 'needrestart': ensure => installed}
if $::is_virtual == true { if $::is_virtual == true {
file { '/usr/local/bin/sunet-reinstall': file { '/usr/local/bin/sunet-reinstall':
@ -86,13 +87,6 @@ class sunet_iaas_cloud {
sunet::cloud_init::config { 'keep_root_enabled': sunet::cloud_init::config { 'keep_root_enabled':
config => { disable_root => 'false' } config => { disable_root => 'false' }
} }
# rdrand is exposed to VMs and can therefore be used.
package {'rng-tools': } ->
service {'rng-tools':
ensure => 'running'
}
} }
class webserver { class webserver {
@ -700,14 +694,6 @@ class sunetops {
user => 'root' user => 'root'
} }
ssh_authorized_key {'mikott+BEBCB9C0':
ensure => present,
name => 'mikott+BEBCB9C0@nordu.net',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC36l/Qxb+sByKKZwBOPLiqScqWg6Q9elraB4vj13MjkoGsNoCmzWDEcAE9hUVwnlprYnWNyaJZ3OliEawFJlRDF8MxgVN+jHYUCUhPoHCE4ChS9Y0EayLb+AQ2JbfI1KAADga161P+/P1ofALMnZHW2NpK1p+2eiE891c1sc+NfLCNySX/hcvkkP6zNrCmZxgFcqIBbYNNxDjU33G3StypFe/7YgmVvd/ZfY22fhWb4gm1fX/3HelxCU6FirDJHujhDm79btjR221emlqTMH3WQvgGBKhLGOoQTKTHEadBmPa16nxv01mTtHVH6tnqGrWXhSrn6WEw3qQSzKrBnHIV',
type => 'ssh-rsa',
user => 'root'
}
ssh_authorized_key {'john+B3337B77': ssh_authorized_key {'john+B3337B77':
ensure => present, ensure => present,
name => 'john+B3337B77@nordu.net', name => 'john+B3337B77@nordu.net',
@ -833,6 +819,14 @@ class nrpe {
sunet::nagios::nrpe_command {'check_eidas_health': sunet::nagios::nrpe_command {'check_eidas_health':
command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost' command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost'
} }
sunet::sudoer {'nagios_run_needrestart_command':
user_name => 'nagios',
collection => 'nagios',
command_line => "/usr/sbin/needrestart -p -l"
}
sunet::nagios::nrpe_command {'check_needrestart':
command_line => "sudo /usr/sbin/needrestart -p -l"
}
} }
class nagios_monitor { class nagios_monitor {
@ -862,7 +856,6 @@ class nagios_monitor {
mode => '0600', mode => '0600',
; ;
} }
nagioscfg::slack::channel {'eln': } -> nagioscfg::slack::channel {'eln': } ->
nagioscfg::contactgroup {'alerts': } -> nagioscfg::contactgroup {'alerts': } ->
nagioscfg::contact {'slack-alerts': nagioscfg::contact {'slack-alerts':
@ -996,6 +989,12 @@ class nagios_monitor {
description => 'eidas component healthcheck', description => 'eidas component healthcheck',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_needrestart':
hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_needrestart',
description => 'Processes need restart',
contact_groups => ['alerts']
}
nagioscfg::command {'check_ssl_cert_3': nagioscfg::command {'check_ssl_cert_3':
command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
} }