add connector nrpe checks

eidas-connector-common/overlay/etc/nagios/nrpe.d/eidas-connector.cfg

@@ -1,2 +0,0 @@
-# check_baas2-restore-status
-command[check_connector_health]=/usr/local/sbin/check-connector-health.sh

eidas-test-connector/overlay/etc/nagios/nrpe.d/eidas-connector.cfg

@@ -1,2 +0,0 @@
-# check_baas2-restore-status
-command[check_connector_health]=/usr/local/sbin/check-connector-health.sh

global/overlay/etc/puppet/modules/eid/files/connector/check-connector-credential-health.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+# Query the health endpoint
+response=$(curl -sk https://localhost:444/actuator/health)
+
+# Filter out the prid section
+credential_result=$(echo "$response" | jq -r '.components.["credential-monitor"]')
+
+# Find out if the status is UP
+echo "$credential_result" | jq -r '.status' | grep -q "UP"
+
+if [ $? -ne 0 ]; then
+   echo "CRITICAL - Service FAIL"
+   echo $credential_result
+   exit $STATE_CRITICAL
+else
+   echo "OK - Service healthy"
+   echo $credential_result
+   exit $STATE_OK
+fi

global/overlay/etc/puppet/modules/eid/files/connector/check-connector-metadata-health.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+# Query the health endpoint
+response=$(curl -sk https://localhost:444/actuator/health)
+
+# Filter out the prid section
+metadata_result=$(echo "$response" | jq -r '.components.["saml-metadata"]')
+
+# Find out if the status is UP
+echo "$metadata_result" | jq -r '.status' | grep -q "UP"
+
+if [ $? -ne 0 ]; then
+   echo "CRITICAL - Service FAIL"
+   echo $metadata_result
+   exit $STATE_CRITICAL
+else
+   echo "OK - Service healthy"
+   echo $metadata_result
+   exit $STATE_OK
+fi

global/overlay/etc/puppet/modules/eid/files/connector/check-connector-prid-health.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+# Query the health endpoint
+response=$(curl -sk https://localhost:444/actuator/health)
+
+# Filter out the prid section
+prid_result=$(echo $response | jq -r '.components.prid')
+
+# Find out if the status is UP
+echo $prid_result | jq -r '.status' | grep -q "UP"
+
+if [ $? -ne 0 ]; then
+   echo "CRITICAL - Service FAIL"
+   echo $prid_result
+   exit $STATE_CRITICAL
+else
+   echo "OK - Service healthy"
+   echo $prid_result
+   exit $STATE_OK
+fi

global/overlay/etc/puppet/modules/eid/files/connector/nrpe-eidas-connector.cfg

@@ -0,0 +1,10 @@
+# This file is managed by puppet
+
+# check_connector_health
+command[check_connector_health]=/usr/local/sbin/check-connector-health.sh
+# check_connector_metadata_health
+command[check_connector_metadata_health]=/usr/local/sbin/check-connector-metadata-health.sh
+# check_connector_prid_health
+command[check_connector_prid_health]=/usr/local/sbin/check-connector-prid-health.sh
+# check_connector_credential_health
+command[check_connector_credential_health]=/usr/local/sbin/check-connector-credential-health.sh

global/overlay/etc/puppet/modules/eid/manifests/connector.pp

@@ -71,13 +71,40 @@ class eid::connector (
       description      => 'eidas connector'
     }
 
-    # Monitoring
+    ## Monitoring
+
+    # nrpe commands file
+    file { '/etc/nagios/nrpe.d/nrpe-eidas-connector.cfg':
+      ensure  => 'file',
+      mode    => '0755',
+      owner   => 'root',
+      content => file('eid/connector/nrpe-eidas-connector.cfg')
+    }
+    # Custom monitoring scripts
     file { '/usr/local/sbin/check-connector-health.sh':
       ensure  => 'file',
       mode    => '0755',
       owner   => 'root',
       content => file('eid/connector/check-connector-health.sh')
     }
+    file { '/usr/local/sbin/check-connector-metadata-health.sh':
+      ensure  => 'file',
+      mode    => '0755',
+      owner   => 'root',
+      content => file('eid/connector/check-connector-metadata-health.sh')
+    }
+    file { '/usr/local/sbin/check-connector-prid-health.sh':
+      ensure  => 'file',
+      mode    => '0755',
+      owner   => 'root',
+      content => file('eid/connector/check-connector-prid-health.sh')
+    }
+    file { '/usr/local/sbin/check-connector-credential-health.sh':
+      ensure  => 'file',
+      mode    => '0755',
+      owner   => 'root',
+      content => file('eid/connector/check-connector-credential-health.sh')
+    }
 
   }
 }

global/overlay/etc/puppet/modules/eid/manifests/naemon_monitor_config.pp

@@ -8,5 +8,23 @@ class eid::naemon_monitor_config {
       description    => 'check_connector_health',
       contact_groups => ['alerts']
   }
+  nagioscfg::service {'check_connector_metadata_health':
+      hostgroup_name => ['eid::connector'],
+      check_command  => 'check_nrpe!check_connector_metadata_health',
+      description    => 'check_connector_metadata_health',
+      contact_groups => ['alerts']
+  }
+  nagioscfg::service {'check_connector_prid_health':
+      hostgroup_name => ['eid::connector'],
+      check_command  => 'check_nrpe!check_connector_prid_health',
+      description    => 'check_connector_prid_health',
+      contact_groups => ['alerts']
+  }
+  nagioscfg::service {'check_connector_credential_health':
+      hostgroup_name => ['eid::connector'],
+      check_command  => 'check_nrpe!check_connector_credential_health',
+      description    => 'check_connector_credential_health',
+      contact_groups => ['alerts']
+  }
 
 }