diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index d258d62f..72d486b1 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -883,292 +883,304 @@ class sunetops { } class nrpe { - require apt - class {'sunet::nagios': } - if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04') { - class {'apt::backports': } - } - package {'nagios-plugins-contrib': ensure => latest} - if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease < '18.04') { - package {'nagios-plugins-extra': ensure => latest} - } - sunet::nagios::nrpe_command {'check_memory': - command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' - } - sunet::nagios::nrpe_command {'check_mem': - command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' - } - sunet::nagios::nrpe_command {'check_boot_15_5': - command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot' - } - sunet::nagios::nrpe_command {'check_entropy': - command_line => '/usr/lib/nagios/plugins/check_entropy' - } - sunet::nagios::nrpe_command {'check_ntp_time': - command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' - } - sunet::nagios::nrpe_command {'check_scriptherder': - command_line => '/usr/local/bin/scriptherder --mode check' - } - sunet::nagios::nrpe_command {'check_apt': - command_line => '/usr/lib/nagios/plugins/check_apt' - } - sunet::nagios::nrpe_command {'check_eidas_health': - command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost' - } - sunet::sudoer {'nagios_run_needrestart_command': - user_name => 'nagios', - collection => 'nagios', - command_line => "/usr/sbin/needrestart -p -l" - } - sunet::nagios::nrpe_command {'check_needrestart': - command_line => "sudo /usr/sbin/needrestart -p -l" - } + require apt + class {'sunet::nagios': } + if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04') { + class {'apt::backports': } + } + package {'nagios-plugins-contrib': ensure => latest} + if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease < '18.04') { + package {'nagios-plugins-extra': ensure => latest} + } + sunet::nagios::nrpe_command {'check_memory': + command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' + } + sunet::nagios::nrpe_command {'check_mem': + command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' + } + sunet::nagios::nrpe_command {'check_boot_15_5': + command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot' + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::nagios::nrpe_command {'check_apt': + command_line => '/usr/lib/nagios/plugins/check_apt' + } + sunet::nagios::nrpe_command {'check_eidas_health': + command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost' + } + sunet::sudoer {'nagios_run_needrestart_command': + user_name => 'nagios', + collection => 'nagios', + command_line => "/usr/sbin/needrestart -p -l" + } + sunet::nagios::nrpe_command {'check_needrestart': + command_line => "sudo /usr/sbin/needrestart -p -l" + } } class nagios_monitor { - $nrpe_clients = hiera_array('nrpe_clients',[]); - $allowed_hosts = join($nrpe_clients," "); - $web_admin_pw = safe_hiera('nagios_nagiosadmin_password'); - $web_admin_user = 'nagiosadmin'; + $nrpe_clients = hiera_array('nrpe_clients',[]); + $allowed_hosts = join($nrpe_clients," "); + $web_admin_pw = safe_hiera('nagios_nagiosadmin_password'); + $web_admin_user = 'nagiosadmin'; - package { 'xsltproc': ensure => installed} + package { 'xsltproc': ensure => installed} - class { 'webserver': } - class { 'nagioscfg': + class { 'webserver': } + class { 'nagioscfg': hostgroups => $::roles, config => 'eid' - } - class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> - class {'nagioscfg::passive': enable_notifications => '0', obsess_over_services => '0', obsess_over_hosts => '0'} + } + class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> + class {'nagioscfg::passive': enable_notifications => '0', obsess_over_services => '0', obsess_over_hosts => '0'} - sunet::misc::htpasswd_user { $web_admin_user : + sunet::misc::htpasswd_user { $web_admin_user : filename => "/etc/nagios3/htpasswd.users", password => $web_admin_pw, group => 'www-data', - } + } - file { + file { '/root/MONITOR_WEB_PASSWORD': content => sprintf("%s\n%s\n", $web_admin_user, $web_admin_pw), group => 'root', mode => '0600', ; - } - nagioscfg::slack::channel {'eln': } -> - nagioscfg::contactgroup {'alerts': } -> - nagioscfg::contact {'slack-alerts': + } + nagioscfg::slack::channel {'eln': } -> + nagioscfg::contactgroup {'alerts': } -> + nagioscfg::contact {'slack-alerts': host_notification_commands => ['notify-host-to-slack-eln'], service_notification_commands => ['notify-service-to-slack-eln'], contact_groups => ['alerts'] - } - nagioscfg::service {'service_ping': + } + nagioscfg::service {'service_ping': hostgroup_name => ['all'], description => 'PING', check_command => 'check_ping!400.0,1%!500.0,2%', contact_groups => ['alerts'] - } - nagioscfg::service {'service_ssh': + } + nagioscfg::service {'service_ssh': hostgroup_name => ['jumphosts'], description => 'SSH', check_command => 'check_ssh_4_hostname', contact_groups => ['alerts'] - } - nagioscfg::service {'check_load': + } + nagioscfg::service {'check_load': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_load', description => 'System Load', contact_groups => ['alerts'] - } - nagioscfg::service {'check_users': + } + nagioscfg::service {'check_users': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_users', description => 'Active Users', contact_groups => ['alerts'] - } - nagioscfg::service {'check_zombie_procs': + } + nagioscfg::service {'check_zombie_procs': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_zombie_procs', description => 'Zombie Processes', contact_groups => ['alerts'] - } - nagioscfg::service {'check_total_procs': + } + nagioscfg::service {'check_total_procs': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_total_procs_lax', description => 'Total Processes', contact_groups => ['alerts'] - } - nagioscfg::service {'check_root': + } + nagioscfg::service {'check_root': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_root', description => 'Root Disk', contact_groups => ['alerts'] - } - nagioscfg::service {'check_boot': + } + nagioscfg::service {'check_boot': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_boot_15_5', description => 'Boot Disk', contact_groups => ['alerts'] - } - nagioscfg::service {'check_var': + } + nagioscfg::service {'check_var': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_var', description => 'Var Disk', contact_groups => ['alerts'] - } - nagioscfg::service {'check_uptime': + } + nagioscfg::service {'check_uptime': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_uptime', description => 'Uptime', contact_groups => ['alerts'] - } - nagioscfg::service {'check_reboot': + } + nagioscfg::service {'check_reboot': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_reboot', description => 'Reboot Needed', contact_groups => ['alerts'] - } - nagioscfg::service {'check_memory': + } + nagioscfg::service {'check_memory': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_memory', description => 'System Memory', contact_groups => ['alerts'] - } - nagioscfg::service {'check_entropy': + } + nagioscfg::service {'check_entropy': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_entropy', description => 'System Entropy', contact_groups => ['alerts'] - } - nagioscfg::service {'check_ntp_time': + } + nagioscfg::service {'check_ntp_time': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_ntp_time', description => 'System NTP Time', contact_groups => ['alerts'] - } - nagioscfg::service {'check_process_haveged': + } + nagioscfg::service {'check_process_haveged': hostgroup_name => ['entropyclient'], check_command => 'check_nrpe_1arg!check_process_haveged', description => 'haveged running', contact_groups => ['alerts'] - } - nagioscfg::service {'check_scriptherder': + } + nagioscfg::service {'check_scriptherder': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_scriptherder', description => 'Scriptherder Status', contact_groups => ['alerts'] - } - nagioscfg::service {'check_apt': + } + nagioscfg::service {'check_apt': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_apt', description => 'Packages available for upgrade', contact_groups => ['alerts'] - } - nagioscfg::service {'metadata_aggregate_age': + } + nagioscfg::service {'metadata_aggregate_age': hostgroup_name => ['md_publisher'], check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate', description => 'metadata aggregate age', contact_groups => ['alerts'] - } - nagioscfg::service {'mdsl_aggregate_age': + } + nagioscfg::service {'mdsl_aggregate_age': hostgroup_name => ['mdsl_publisher'], check_command => 'check_nrpe_1arg!check_fileage_mdsl_aggregate', description => 'mdsl aggregate age', contact_groups => ['alerts'] - } - nagioscfg::service {'mdsl_se_age': + } + nagioscfg::service {'mdsl_se_age': hostgroup_name => ['mdsl_publisher'], check_command => 'check_nrpe_1arg!check_fileage_mdsl_se', description => 'mdsl se age', contact_groups => ['alerts'] - } - nagioscfg::service {'check_eidas_health': + } + nagioscfg::service {'check_eidas_health': hostgroup_name => ['servicemonitor'], check_command => 'check_nrpe_1arg!check_eidas_health', description => 'eidas component healthcheck', contact_groups => ['alerts'] - } - nagioscfg::service {'check_needrestart': + } + nagioscfg::service {'check_needrestart': hostgroup_name => ['nrpe'], check_command => 'check_nrpe_1arg!check_needrestart', description => 'Processes need restart', contact_groups => ['alerts'] - } - nagioscfg::command {'check_ssl_cert_3': + } + nagioscfg::command {'check_ssl_cert_3': command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" - } - $public_hosts = ['demw.eidas.swedenconnect.se','swedenconnect.se','qa.test.swedenconnect.se','qa.md.swedenconnect.se','md.swedenconnect.se','md.eidas.swedenconnect.se','qa.md.eidas.swedenconnect.se','qa.connector.eidas.swedenconnect.se','qa.proxy.eidas.swedenconnect.se','connector.eidas.swedenconnect.se'] - nagioscfg::host {$public_hosts: } - nagioscfg::service {'check_public_ssl_cert': + } + $public_hosts = ['demw.eidas.swedenconnect.se','swedenconnect.se','qa.test.swedenconnect.se','qa.md.swedenconnect.se','md.swedenconnect.se','md.eidas.swedenconnect.se','qa.md.eidas.swedenconnect.se','qa.connector.eidas.swedenconnect.se','qa.proxy.eidas.swedenconnect.se','connector.eidas.swedenconnect.se'] + nagioscfg::host {$public_hosts: } + nagioscfg::service {'check_public_ssl_cert': host_name => $public_hosts, check_command => 'check_ssl_cert_3!30!14!443', description => 'check https certificate validity on port 443', contact_groups => ['alerts'] - } - nagioscfg::command {'check_website': + } + nagioscfg::command {'check_website': command_line => "/usr/lib/nagios/plugins/check_http -H '\$HOSTNAME\$' -S -u '\$ARG1\$'" - } - nagioscfg::service {'check_metadata_eIDAS': + } + nagioscfg::service {'check_metadata_eIDAS': host_name => ['md.eidas.swedenconnect.se'], check_command => 'check_website!https://md.eidas.swedenconnect.se/', description => 'check metadata for eIDAS', contact_groups => ['alerts'], - } - nagioscfg::service {'check_metadata_swedenconnect': + } + nagioscfg::service {'check_metadata_swedenconnect': host_name => ['md.swedenconnect.se'], check_command => 'check_website!https://md.swedenconnect.se/', description => 'check metadata for Sweden Connect', contact_groups => ['alerts'], - } - nagioscfg::service {'check_connector': + } + nagioscfg::service {'check_connector': host_name => ['connector.eidas.swedenconnect.se'], check_command => 'check_website!https://connector.eidas.swedenconnect.se/idp/metadata/sp', description => 'check metadata for Sweden Connect', contact_groups => ['alerts'], - } - nagioscfg::service {'check_metadata_DE_middleware': + } + nagioscfg::service {'check_metadata_DE_middleware': host_name => ['demw.eidas.swedenconnect.se'], check_command => 'check_website!https://demw.eidas.swedenconnect.se/eidas-middleware/Metadata', description => 'check metadata for DE middleware', contact_groups => ['alerts'], - } - nagioscfg::command {'check_country_count': + } + nagioscfg::command {'check_country_count': command_line => "/usr/lib/nagios/plugins/check_eidas_country_count.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$' '\$ARG4\$'" - } - nagioscfg::service {'check_country_eIDAS_QA': + } + nagioscfg::service {'check_country_eIDAS_QA': host_name => ['qa.md.eidas.swedenconnect.se'], check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE IS XB CY PL SK XC LT NO DK CZ SE GR XA MT SI!1!3', description => 'check number of countries in eIDAS QA', contact_groups => ['alerts'], - } - nagioscfg::service {'check_country_eIDAS': + } + nagioscfg::service {'check_country_eIDAS': host_name => ['md.eidas.swedenconnect.se'], check_command => 'check_country_count!md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE!1!3', description => 'check number of countries in eIDAS', contact_groups => ['alerts'], - } + } + nagioscfg::command {'check_metadata_age': + command_line => "/usr/lib/nagios/plugins/check_eidas_metadata_age.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$'" + } + $hosts = ['qa.md.swedenconnect.se', 'md.swedenconnect.se', 'md.eidas.swedenconnect.se', 'qa.md.eidas.swedenconnect.se'] + $hosts.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/entities!691200!172800", + description => "check metadata for ${host}", + contact_groups => ['alerts'], + } + } } class redis_cluster_node { - file { '/opt/redis': ensure => directory } - sysctl { 'vm.overcommit_memory': value => '1' } - sunet::redis::server {'redis-master': + file { '/opt/redis': ensure => directory } + sysctl { 'vm.overcommit_memory': value => '1' } + sunet::redis::server {'redis-master': allow_clients => hiera_array('redis_client_ips', []), cluster_nodes => hiera_array('redis_sentinel_ips', []), - } - sunet::redis::server {'redis-sentinel': + } + sunet::redis::server {'redis-sentinel': port => 26379, sentinel_config => 'yes', allow_clients => hiera_array('redis_client_ips', []), cluster_nodes => hiera_array('redis_sentinel_ips', []), - } + } } class redis_frontend_node ($hostname=undef,$ca="infra") { - file { '/opt/redis': ensure => directory } - sunet::redis::haproxy {'redis-haproxy': + file { '/opt/redis': ensure => directory } + sunet::redis::haproxy {'redis-haproxy': cluster_nodes => hiera_array('redis_sentinel_ips', []), client_ca => "/etc/ssl/certs/${ca}.crt", certificate => "/etc/ssl/private/${::fqdn}_${ca}.pem" - } -} + } +} \ No newline at end of file diff --git a/global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh b/global/overlay/usr/lib/nagios/plugins/check_eidas_metadata_age.sh similarity index 100% rename from global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh rename to global/overlay/usr/lib/nagios/plugins/check_eidas_metadata_age.sh