swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added new check in nagios

Browse source
This commit is contained in:
Maria Haider 2020-07-07 18:07:18 +02:00
parent 3abc518ec9
commit c1c646c927
Signed by: mariah
GPG key ID: 7414A760CA747E57
2 changed files with 147 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

280
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -883,292 +883,304 @@ class sunetops {
} }
class nrpe { class nrpe {
require apt require apt
class {'sunet::nagios': } class {'sunet::nagios': }
if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04') { if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04') {
class {'apt::backports': } class {'apt::backports': }
} }
package {'nagios-plugins-contrib': ensure => latest} package {'nagios-plugins-contrib': ensure => latest}
if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease < '18.04') { if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease < '18.04') {
package {'nagios-plugins-extra': ensure => latest} package {'nagios-plugins-extra': ensure => latest}
} }
sunet::nagios::nrpe_command {'check_memory': sunet::nagios::nrpe_command {'check_memory':
command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%'
} }
sunet::nagios::nrpe_command {'check_mem': sunet::nagios::nrpe_command {'check_mem':
command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%'
} }
sunet::nagios::nrpe_command {'check_boot_15_5': sunet::nagios::nrpe_command {'check_boot_15_5':
command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot' command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot'
} }
sunet::nagios::nrpe_command {'check_entropy': sunet::nagios::nrpe_command {'check_entropy':
command_line => '/usr/lib/nagios/plugins/check_entropy' command_line => '/usr/lib/nagios/plugins/check_entropy'
} }
sunet::nagios::nrpe_command {'check_ntp_time': sunet::nagios::nrpe_command {'check_ntp_time':
command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost'
} }
sunet::nagios::nrpe_command {'check_scriptherder': sunet::nagios::nrpe_command {'check_scriptherder':
command_line => '/usr/local/bin/scriptherder --mode check' command_line => '/usr/local/bin/scriptherder --mode check'
} }
sunet::nagios::nrpe_command {'check_apt': sunet::nagios::nrpe_command {'check_apt':
command_line => '/usr/lib/nagios/plugins/check_apt' command_line => '/usr/lib/nagios/plugins/check_apt'
} }
sunet::nagios::nrpe_command {'check_eidas_health': sunet::nagios::nrpe_command {'check_eidas_health':
command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost' command_line => '/usr/lib/nagios/plugins/check_eidas_health.sh localhost'
} }
sunet::sudoer {'nagios_run_needrestart_command': sunet::sudoer {'nagios_run_needrestart_command':
user_name => 'nagios', user_name => 'nagios',
collection => 'nagios', collection => 'nagios',
command_line => "/usr/sbin/needrestart -p -l" command_line => "/usr/sbin/needrestart -p -l"
} }
sunet::nagios::nrpe_command {'check_needrestart': sunet::nagios::nrpe_command {'check_needrestart':
command_line => "sudo /usr/sbin/needrestart -p -l" command_line => "sudo /usr/sbin/needrestart -p -l"
} }
} }
class nagios_monitor { class nagios_monitor {
$nrpe_clients = hiera_array('nrpe_clients',[]); $nrpe_clients = hiera_array('nrpe_clients',[]);
$allowed_hosts = join($nrpe_clients," "); $allowed_hosts = join($nrpe_clients," ");
$web_admin_pw = safe_hiera('nagios_nagiosadmin_password'); $web_admin_pw = safe_hiera('nagios_nagiosadmin_password');
$web_admin_user = 'nagiosadmin'; $web_admin_user = 'nagiosadmin';
package { 'xsltproc': ensure => installed} package { 'xsltproc': ensure => installed}
class { 'webserver': } class { 'webserver': }
class { 'nagioscfg': class { 'nagioscfg':
hostgroups => $::roles, hostgroups => $::roles,
config => 'eid' config => 'eid'
} }
class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } -> class {'nagioscfg::slack': domain => 'sunet.slack.com', token => safe_hiera('slack_token','') } ->
class {'nagioscfg::passive': enable_notifications => '0', obsess_over_services => '0', obsess_over_hosts => '0'} class {'nagioscfg::passive': enable_notifications => '0', obsess_over_services => '0', obsess_over_hosts => '0'}
sunet::misc::htpasswd_user { $web_admin_user : sunet::misc::htpasswd_user { $web_admin_user :
filename => "/etc/nagios3/htpasswd.users", filename => "/etc/nagios3/htpasswd.users",
password => $web_admin_pw, password => $web_admin_pw,
group => 'www-data', group => 'www-data',
} }
file { file {
'/root/MONITOR_WEB_PASSWORD': '/root/MONITOR_WEB_PASSWORD':
content => sprintf("%s\n%s\n", $web_admin_user, $web_admin_pw), content => sprintf("%s\n%s\n", $web_admin_user, $web_admin_pw),
group => 'root', group => 'root',
mode => '0600', mode => '0600',
; ;
} }
nagioscfg::slack::channel {'eln': } -> nagioscfg::slack::channel {'eln': } ->
nagioscfg::contactgroup {'alerts': } -> nagioscfg::contactgroup {'alerts': } ->
nagioscfg::contact {'slack-alerts': nagioscfg::contact {'slack-alerts':
host_notification_commands => ['notify-host-to-slack-eln'], host_notification_commands => ['notify-host-to-slack-eln'],
service_notification_commands => ['notify-service-to-slack-eln'], service_notification_commands => ['notify-service-to-slack-eln'],
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'service_ping': nagioscfg::service {'service_ping':
hostgroup_name => ['all'], hostgroup_name => ['all'],
description => 'PING', description => 'PING',
check_command => 'check_ping!400.0,1%!500.0,2%', check_command => 'check_ping!400.0,1%!500.0,2%',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'service_ssh': nagioscfg::service {'service_ssh':
hostgroup_name => ['jumphosts'], hostgroup_name => ['jumphosts'],
description => 'SSH', description => 'SSH',
check_command => 'check_ssh_4_hostname', check_command => 'check_ssh_4_hostname',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_load': nagioscfg::service {'check_load':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_load', check_command => 'check_nrpe_1arg!check_load',
description => 'System Load', description => 'System Load',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_users': nagioscfg::service {'check_users':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_users', check_command => 'check_nrpe_1arg!check_users',
description => 'Active Users', description => 'Active Users',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_zombie_procs': nagioscfg::service {'check_zombie_procs':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_zombie_procs', check_command => 'check_nrpe_1arg!check_zombie_procs',
description => 'Zombie Processes', description => 'Zombie Processes',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_total_procs': nagioscfg::service {'check_total_procs':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_total_procs_lax', check_command => 'check_nrpe_1arg!check_total_procs_lax',
description => 'Total Processes', description => 'Total Processes',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_root': nagioscfg::service {'check_root':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_root', check_command => 'check_nrpe_1arg!check_root',
description => 'Root Disk', description => 'Root Disk',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_boot': nagioscfg::service {'check_boot':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_boot_15_5', check_command => 'check_nrpe_1arg!check_boot_15_5',
description => 'Boot Disk', description => 'Boot Disk',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_var': nagioscfg::service {'check_var':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_var', check_command => 'check_nrpe_1arg!check_var',
description => 'Var Disk', description => 'Var Disk',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_uptime': nagioscfg::service {'check_uptime':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_uptime', check_command => 'check_nrpe_1arg!check_uptime',
description => 'Uptime', description => 'Uptime',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_reboot': nagioscfg::service {'check_reboot':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_reboot', check_command => 'check_nrpe_1arg!check_reboot',
description => 'Reboot Needed', description => 'Reboot Needed',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_memory': nagioscfg::service {'check_memory':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_memory', check_command => 'check_nrpe_1arg!check_memory',
description => 'System Memory', description => 'System Memory',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_entropy': nagioscfg::service {'check_entropy':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_entropy', check_command => 'check_nrpe_1arg!check_entropy',
description => 'System Entropy', description => 'System Entropy',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_ntp_time': nagioscfg::service {'check_ntp_time':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_ntp_time', check_command => 'check_nrpe_1arg!check_ntp_time',
description => 'System NTP Time', description => 'System NTP Time',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_process_haveged': nagioscfg::service {'check_process_haveged':
hostgroup_name => ['entropyclient'], hostgroup_name => ['entropyclient'],
check_command => 'check_nrpe_1arg!check_process_haveged', check_command => 'check_nrpe_1arg!check_process_haveged',
description => 'haveged running', description => 'haveged running',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_scriptherder': nagioscfg::service {'check_scriptherder':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_scriptherder', check_command => 'check_nrpe_1arg!check_scriptherder',
description => 'Scriptherder Status', description => 'Scriptherder Status',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_apt': nagioscfg::service {'check_apt':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_apt', check_command => 'check_nrpe_1arg!check_apt',
description => 'Packages available for upgrade', description => 'Packages available for upgrade',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'metadata_aggregate_age': nagioscfg::service {'metadata_aggregate_age':
hostgroup_name => ['md_publisher'], hostgroup_name => ['md_publisher'],
check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate', check_command => 'check_nrpe_1arg!check_fileage_metadata_aggregate',
description => 'metadata aggregate age', description => 'metadata aggregate age',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'mdsl_aggregate_age': nagioscfg::service {'mdsl_aggregate_age':
hostgroup_name => ['mdsl_publisher'], hostgroup_name => ['mdsl_publisher'],
check_command => 'check_nrpe_1arg!check_fileage_mdsl_aggregate', check_command => 'check_nrpe_1arg!check_fileage_mdsl_aggregate',
description => 'mdsl aggregate age', description => 'mdsl aggregate age',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'mdsl_se_age': nagioscfg::service {'mdsl_se_age':
hostgroup_name => ['mdsl_publisher'], hostgroup_name => ['mdsl_publisher'],
check_command => 'check_nrpe_1arg!check_fileage_mdsl_se', check_command => 'check_nrpe_1arg!check_fileage_mdsl_se',
description => 'mdsl se age', description => 'mdsl se age',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_eidas_health': nagioscfg::service {'check_eidas_health':
hostgroup_name => ['servicemonitor'], hostgroup_name => ['servicemonitor'],
check_command => 'check_nrpe_1arg!check_eidas_health', check_command => 'check_nrpe_1arg!check_eidas_health',
description => 'eidas component healthcheck', description => 'eidas component healthcheck',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::service {'check_needrestart': nagioscfg::service {'check_needrestart':
hostgroup_name => ['nrpe'], hostgroup_name => ['nrpe'],
check_command => 'check_nrpe_1arg!check_needrestart', check_command => 'check_nrpe_1arg!check_needrestart',
description => 'Processes need restart', description => 'Processes need restart',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::command {'check_ssl_cert_3': nagioscfg::command {'check_ssl_cert_3':
command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'" command_line => "/usr/lib/nagios/plugins/check_ssl_cert -A -H '\$HOSTADDRESS\$' -c '\$ARG2\$' -w '\$ARG1\$' -p '\$ARG3\$'"
} }
$public_hosts = ['demw.eidas.swedenconnect.se','swedenconnect.se','qa.test.swedenconnect.se','qa.md.swedenconnect.se','md.swedenconnect.se','md.eidas.swedenconnect.se','qa.md.eidas.swedenconnect.se','qa.connector.eidas.swedenconnect.se','qa.proxy.eidas.swedenconnect.se','connector.eidas.swedenconnect.se'] $public_hosts = ['demw.eidas.swedenconnect.se','swedenconnect.se','qa.test.swedenconnect.se','qa.md.swedenconnect.se','md.swedenconnect.se','md.eidas.swedenconnect.se','qa.md.eidas.swedenconnect.se','qa.connector.eidas.swedenconnect.se','qa.proxy.eidas.swedenconnect.se','connector.eidas.swedenconnect.se']
nagioscfg::host {$public_hosts: } nagioscfg::host {$public_hosts: }
nagioscfg::service {'check_public_ssl_cert': nagioscfg::service {'check_public_ssl_cert':
host_name => $public_hosts, host_name => $public_hosts,
check_command => 'check_ssl_cert_3!30!14!443', check_command => 'check_ssl_cert_3!30!14!443',
description => 'check https certificate validity on port 443', description => 'check https certificate validity on port 443',
contact_groups => ['alerts'] contact_groups => ['alerts']
} }
nagioscfg::command {'check_website': nagioscfg::command {'check_website':
command_line => "/usr/lib/nagios/plugins/check_http -H '\$HOSTNAME\$' -S -u '\$ARG1\$'" command_line => "/usr/lib/nagios/plugins/check_http -H '\$HOSTNAME\$' -S -u '\$ARG1\$'"
} }
nagioscfg::service {'check_metadata_eIDAS': nagioscfg::service {'check_metadata_eIDAS':
host_name => ['md.eidas.swedenconnect.se'], host_name => ['md.eidas.swedenconnect.se'],
check_command => 'check_website!https://md.eidas.swedenconnect.se/', check_command => 'check_website!https://md.eidas.swedenconnect.se/',
description => 'check metadata for eIDAS', description => 'check metadata for eIDAS',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::service {'check_metadata_swedenconnect': nagioscfg::service {'check_metadata_swedenconnect':
host_name => ['md.swedenconnect.se'], host_name => ['md.swedenconnect.se'],
check_command => 'check_website!https://md.swedenconnect.se/', check_command => 'check_website!https://md.swedenconnect.se/',
description => 'check metadata for Sweden Connect', description => 'check metadata for Sweden Connect',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::service {'check_connector': nagioscfg::service {'check_connector':
host_name => ['connector.eidas.swedenconnect.se'], host_name => ['connector.eidas.swedenconnect.se'],
check_command => 'check_website!https://connector.eidas.swedenconnect.se/idp/metadata/sp', check_command => 'check_website!https://connector.eidas.swedenconnect.se/idp/metadata/sp',
description => 'check metadata for Sweden Connect', description => 'check metadata for Sweden Connect',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::service {'check_metadata_DE_middleware': nagioscfg::service {'check_metadata_DE_middleware':
host_name => ['demw.eidas.swedenconnect.se'], host_name => ['demw.eidas.swedenconnect.se'],
check_command => 'check_website!https://demw.eidas.swedenconnect.se/eidas-middleware/Metadata', check_command => 'check_website!https://demw.eidas.swedenconnect.se/eidas-middleware/Metadata',
description => 'check metadata for DE middleware', description => 'check metadata for DE middleware',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::command {'check_country_count': nagioscfg::command {'check_country_count':
command_line => "/usr/lib/nagios/plugins/check_eidas_country_count.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$' '\$ARG4\$'" command_line => "/usr/lib/nagios/plugins/check_eidas_country_count.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$' '\$ARG4\$'"
} }
nagioscfg::service {'check_country_eIDAS_QA': nagioscfg::service {'check_country_eIDAS_QA':
host_name => ['qa.md.eidas.swedenconnect.se'], host_name => ['qa.md.eidas.swedenconnect.se'],
check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE IS XB CY PL SK XC LT NO DK CZ SE GR XA MT SI!1!3', check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE IS XB CY PL SK XC LT NO DK CZ SE GR XA MT SI!1!3',
description => 'check number of countries in eIDAS QA', description => 'check number of countries in eIDAS QA',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::service {'check_country_eIDAS': nagioscfg::service {'check_country_eIDAS':
host_name => ['md.eidas.swedenconnect.se'], host_name => ['md.eidas.swedenconnect.se'],
check_command => 'check_country_count!md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE!1!3', check_command => 'check_country_count!md.eidas.swedenconnect.se!GB LU IT ES HR DE EE BE!1!3',
description => 'check number of countries in eIDAS', description => 'check number of countries in eIDAS',
contact_groups => ['alerts'], contact_groups => ['alerts'],
} }
nagioscfg::command {'check_metadata_age':
command_line => "/usr/lib/nagios/plugins/check_eidas_metadata_age.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$'"
}
$hosts = ['qa.md.swedenconnect.se', 'md.swedenconnect.se', 'md.eidas.swedenconnect.se', 'qa.md.eidas.swedenconnect.se']
$hosts.each |$host|{
nagioscfg::service {"check_metadata_age_${host}":
host_name => ["${host}"],
check_command => "check_metadata_age!https://${host}/entities!691200!172800",
description => "check metadata for ${host}",
contact_groups => ['alerts'],
}
}
} }
class redis_cluster_node { class redis_cluster_node {
file { '/opt/redis': ensure => directory } file { '/opt/redis': ensure => directory }
sysctl { 'vm.overcommit_memory': value => '1' } sysctl { 'vm.overcommit_memory': value => '1' }
sunet::redis::server {'redis-master': sunet::redis::server {'redis-master':
allow_clients => hiera_array('redis_client_ips', []), allow_clients => hiera_array('redis_client_ips', []),
cluster_nodes => hiera_array('redis_sentinel_ips', []), cluster_nodes => hiera_array('redis_sentinel_ips', []),
} }
sunet::redis::server {'redis-sentinel': sunet::redis::server {'redis-sentinel':
port => 26379, port => 26379,
sentinel_config => 'yes', sentinel_config => 'yes',
allow_clients => hiera_array('redis_client_ips', []), allow_clients => hiera_array('redis_client_ips', []),
cluster_nodes => hiera_array('redis_sentinel_ips', []), cluster_nodes => hiera_array('redis_sentinel_ips', []),
} }
} }
class redis_frontend_node ($hostname=undef,$ca="infra") { class redis_frontend_node ($hostname=undef,$ca="infra") {
file { '/opt/redis': ensure => directory } file { '/opt/redis': ensure => directory }
sunet::redis::haproxy {'redis-haproxy': sunet::redis::haproxy {'redis-haproxy':
cluster_nodes => hiera_array('redis_sentinel_ips', []), cluster_nodes => hiera_array('redis_sentinel_ips', []),
client_ca => "/etc/ssl/certs/${ca}.crt", client_ca => "/etc/ssl/certs/${ca}.crt",
certificate => "/etc/ssl/private/${::fqdn}_${ca}.pem" certificate => "/etc/ssl/private/${::fqdn}_${ca}.pem"
} }
} }

0
global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh → global/overlay/usr/lib/nagios/plugins/check_eidas_metadata_age.sh
View file