summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Vagrantfile9
-rw-r--r--puppet/modules/leap_mx/manifests/init.pp22
-rwxr-xr-xpuppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh3
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg5
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/tapicero.pp5
-rw-r--r--puppet/modules/site_check_mk/manifests/server.pp6
-rw-r--r--puppet/modules/site_config/manifests/remove_files.pp4
-rw-r--r--puppet/modules/site_static/manifests/init.pp2
8 files changed, 37 insertions, 19 deletions
diff --git a/Vagrantfile b/Vagrantfile
index 18590a8f..c9c68284 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,5 +1,7 @@
-Vagrant.configure("2") do |config|
- config.vm.define :node1 do |config|
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+Vagrant.configure("2") do |vagrant_config|
+ vagrant_config.vm.define :node1 do |config|
# Please verify the sha512 sum of the downloaded box before importing it into vagrant !
# see https://leap.se/en/docs/platform/details/development#Verify.vagrantbox.download
@@ -8,13 +10,14 @@ Vagrant.configure("2") do |config|
config.vm.box = "LEAP/wheezy"
#config.vm.network :private_network, ip: "10.5.5.102"
config.vm.provider "virtualbox" do |v|
+ v.memory = 1024
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.name = "node1"
end
config.vm.provision "puppet" do |puppet|
puppet.manifests_path = "./vagrant"
- puppet.module_path = "./puppet/modules"
+ puppet.module_path = "./puppet/modules"
puppet.manifest_file = "install-platform.pp"
puppet.options = "--verbose"
end
diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
index 6bcdd19a..284662d2 100644
--- a/puppet/modules/leap_mx/manifests/init.pp
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -77,16 +77,18 @@ class leap_mx {
}
augeas {
- "logrotate_mx":
- context => "/files/etc/logrotate.d/leap-mx/rule",
+ 'logrotate_mx':
+ context => '/files/etc/logrotate.d/leap-mx/rule',
changes => [
- "set file /var/log/leap/mx.log",
- 'set rotate 5',
- 'set schedule daily',
- 'set compress compress',
- 'set missingok missingok',
- 'set ifempty notifempty',
- 'set copytruncate copytruncate'
- ]
+ 'set file /var/log/leap/mx.log',
+ 'set rotate 5',
+ 'set schedule daily',
+ 'clear nocreate',
+ 'rm create',
+ 'rm ifempty',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate'
+ ]
}
}
diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
index 95474ccb..83b407e0 100755
--- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
+++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
@@ -117,3 +117,6 @@ end_time=$(date +%s.%N)
duration=$( echo "scale = 2; $end_time - $start_time" | bc -l )
printf "${exitcode} ${PREFIX}global_stats ${global_stats_perf}|script_duration=%02.2fs ${STATE[exitcode]}: global couchdb status\n" "$duration"
+
+rm "$TMPFILE"
+
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
index ed50f420..d99dcde9 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
@@ -8,6 +8,11 @@
I ovpn-.*TLS Error: TLS object -> incoming plaintext read error
I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting
I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
+ I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
+ I ovpn-.*TLS Error: unknown opcode received from
+ I ovpn-.*Authenticate/Decrypt packet error: packet HMAC authentication failed
+ I ovpn-.*TLS Error: reading acknowledgement record from packet
+ I ovpn-.*TLS Error: session-id not found in packet from
I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting
I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired
diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
index 4a5ec68e..8505b34a 100644
--- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
@@ -1,3 +1,4 @@
+# sets up tapicero monitoring
class site_check_mk::agent::tapicero {
include ::site_nagios::plugins
@@ -14,12 +15,12 @@ class site_check_mk::agent::tapicero {
lens => 'Spacevars.lns',
changes => [
'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs',
- 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ],
+ "set Tapicero_Procs \"/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array='^tapicero$'\"" ],
require => File['/etc/check_mk/mrpe.cfg'];
'Tapicero_Heartbeat':
incl => '/etc/check_mk/mrpe.cfg',
lens => 'Spacevars.lns',
- changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'',
+ changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 1200 -c 2400\'',
require => File['/etc/check_mk/mrpe.cfg'];
}
}
diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp
index 171f1576..67519513 100644
--- a/puppet/modules/site_check_mk/manifests/server.pp
+++ b/puppet/modules/site_check_mk/manifests/server.pp
@@ -1,3 +1,4 @@
+# setup check_mk on the monitoring server
class site_check_mk::server {
$ssh_hash = hiera('ssh')
@@ -6,10 +7,9 @@ class site_check_mk::server {
$seckey = $ssh_hash['monitor']['private_key']
$nagios_hiera = hiera_hash('nagios')
- $nagios_hosts = $nagios_hiera['hosts']
+ $hosts = $nagios_hiera['hosts']
- $hosts = hiera_hash('hosts')
- $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%>"<%= @hosts[key]["domain_internal"] %>", <% end -%>')
+ $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%><% if @hosts[key]["environment"] != "disabled" %>"<%= @hosts[key]["domain_internal"] %>", <% end -%><% end -%>')
$domains_internal = $nagios_hiera['domains_internal']
$environments = $nagios_hiera['environments']
diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp
index 3f46659c..b339e6af 100644
--- a/puppet/modules/site_config/manifests/remove_files.pp
+++ b/puppet/modules/site_config/manifests/remove_files.pp
@@ -27,6 +27,10 @@ class site_config::remove_files {
path => '/var/log/',
recurse => true,
matches => 'leap_mx*';
+ 'leap_mx_rotate':
+ path => '/var/log/leap/',
+ recurse => true,
+ matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz'];
'/srv/leap/webapp/public/provider.json':;
'/srv/leap/couchdb/designs/tmp_users':
recurse => true,
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index a3fd9c1e..1efc510b 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -60,4 +60,4 @@ class site_static {
include site_shorewall::defaults
include site_shorewall::service::http
include site_shorewall::service::https
-} \ No newline at end of file
+}