diff options
Diffstat (limited to 'puppet')
13 files changed, 57 insertions, 29 deletions
diff --git a/puppet/modules/check_mk b/puppet/modules/check_mk -Subproject f9e494265f6c7b83ab9ef418e40cc7aac558956 +Subproject 5c11597a055858b5ddc1ce8f7f8db249f5f1b33 diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/mx/check_leap_mx.sh b/puppet/modules/site_check_mk/files/agent/local_checks/mx/check_leap_mx.sh index 2958d2ed..b8687c9a 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/mx/check_leap_mx.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/mx/check_leap_mx.sh @@ -29,5 +29,5 @@ else fi fi -echo "$exitcode $CHECKNAME stale_files=$total ${STATUS[exitcode]}: $total stale files (>=$MAXAGE min) in $WATCHDIR." +echo "${exitcode} ${CHECKNAME} stale_files=${total} ${STATUS[exitcode]}: ${total} stale files (>=${MAXAGE} min) in ${WATCHDIR}." diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/bigcouch.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/bigcouch.cfg index 3f6cc413..28f333b0 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/bigcouch.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/bigcouch.cfg @@ -4,13 +4,17 @@ I undefined - -.*201$ I 127.0.0.1 undefined.* ok I 127.0.0.1 localhost:5984 .* ok - C Uncaught error in HTTP request: {exit, - C Uncaught error in HTTP request: {exit,normal} + # https://leap.se/code/issues/5246 + I Shutting down group server + # ignore "Uncaught error in HTTP request: {exit, normal}" error + # it's suppressed in later versions of bigcouch anhow + # see https://leap.se/code/issues/5226 + I Uncaught error in HTTP request: {exit,normal} + I Uncaught error in HTTP request: {exit, C Uncaught error in HTTP request: {error, C Response abnormally terminated: {nodedown, C rexi_DOWN,noproc C rexi_DOWN,noconnection C error C Connection attempt from disallowed node - W Shutting down group server W Apache CouchDB has started diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/logwatch.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/logwatch.cfg index c4acae40..4f16d1bd 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/logwatch.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/logwatch.cfg @@ -8,7 +8,7 @@ /var/log/messages # Patterns are indented with one space are prefixed with: # C: Critical messages -# W: Warning messages +# W: Warning messages # I: ignore these lines (OK) # The first match decided. Lines that do not match any pattern # are ignored diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/couchdb.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/couchdb.cfg index c92b5af7..f546135a 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/couchdb.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/couchdb.cfg @@ -1,4 +1,7 @@ C /usr/local/bin/couch-doc-update.*failed C /usr/local/bin/couch-doc-update.*ERROR - W epmd: got partial packet only on file descriptor +# on one-node bigcouch setups, we'll get this msg +# a lot, so we ignore it here until we fix +# https://leap.se/code/issues/5244 + I epmd: got partial packet only on file descriptor diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg index a4e428b4..eb3131f2 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg @@ -1,6 +1,9 @@ # check for stunnel failures - C stunnel:.*Connection refused -# this is a temporary failure and happens very often, so we -# ignore it +# +# these are temporary failures and happen very often, so we +# ignore them until we tuned stunnel timeouts/logging, +# see https://leap.se/code/issues/5218 I stunnel:.*Connection reset by peer I stunnel:.*Peer suddenly disconnected + I stunnel:.*Connection refused + diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg index 9983d27c..7f43a18c 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg @@ -3,5 +3,11 @@ # instances, so we ignore it # see https://leap.se/code/issues/5168 I tapicero.*RestClient::PreconditionFailed: +# until we can analyze multiline patterns with +# check_mk logwatch, we unfortunatly need ignore this +# line too, which shows up in combination with the +# above PreconditionFailed error. +# see https://leap.se/code/issues/4821#note-5 + I tapicero.*Creating database.*failed due to: C tapicero.*failed W tapicero.*Couch stream ended unexpectedly. diff --git a/puppet/modules/site_check_mk/manifests/agent/logwatch.pp b/puppet/modules/site_check_mk/manifests/agent/logwatch.pp index 38514af2..4c249e6f 100644 --- a/puppet/modules/site_check_mk/manifests/agent/logwatch.pp +++ b/puppet/modules/site_check_mk/manifests/agent/logwatch.pp @@ -4,8 +4,9 @@ class site_check_mk::agent::logwatch { # see https://leap.se/code/issues/5135 file { '/usr/lib/check_mk_agent/plugins/mk_logwatch': - source => 'puppet:///modules/site_check_mk/agent/plugins/mk_logwatch.1.2.4', - mode => '0755' + source => 'puppet:///modules/site_check_mk/agent/plugins/mk_logwatch.1.2.4', + mode => '0755', + require => Package['check-mk-agent'] } # only config files that watch a distinct logfile should go in logwatch.d/ @@ -13,6 +14,7 @@ class site_check_mk::agent::logwatch { ensure => directory, recurse => true, purge => true, + require => Package['check-mk-server'] } # service that share a common logfile (i.e. /var/log/syslog) need to get diff --git a/puppet/modules/site_check_mk/manifests/agent/mrpe.pp b/puppet/modules/site_check_mk/manifests/agent/mrpe.pp index 37df7f74..7222e4e1 100644 --- a/puppet/modules/site_check_mk/manifests/agent/mrpe.pp +++ b/puppet/modules/site_check_mk/manifests/agent/mrpe.pp @@ -8,7 +8,8 @@ class site_check_mk::agent::mrpe { } file { '/etc/check_mk/mrpe.cfg': - ensure => present + ensure => present, + require => Package['check-mk-server'] } -> file_line { 'Apt': line => 'APT /usr/lib/nagios/plugins/check_apt', diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp index 0c98cd5a..e544ef0d 100644 --- a/puppet/modules/site_check_mk/manifests/server.pp +++ b/puppet/modules/site_check_mk/manifests/server.pp @@ -17,33 +17,41 @@ class site_check_mk::server { # override paths to use the system check_mk rather than OMD class { 'check_mk::config': - site => '', - etc_dir => '/etc', - nagios_subdir => 'nagios3', - bin_dir => '/usr/bin', - host_groups => undef, - require => Package['check-mk-server'] + site => '', + etc_dir => '/etc', + nagios_subdir => 'nagios3', + bin_dir => '/usr/bin', + host_groups => undef, + use_storedconfigs => false, + require => Package['check-mk-server'] } - Exec['check_mk-reload'] -> Service['nagios'] + Exec['check_mk-reload'] -> + Exec['check_mk-refresh-inventory-daily'] -> + Service['nagios'] file { '/etc/check_mk/conf.d/use_ssh.mk': content => template('site_check_mk/use_ssh.mk'), - notify => Exec['check_mk-refresh']; + notify => Exec['check_mk-refresh'], + require => Package['check-mk-server']; '/etc/check_mk/all_hosts_static': content => $all_hosts, - notify => Exec['check_mk-refresh']; + notify => Exec['check_mk-refresh'], + require => Package['check-mk-server']; '/etc/check_mk/.ssh': - ensure => directory; + ensure => directory, + require => Package['check-mk-server']; '/etc/check_mk/.ssh/id_rsa': content => $seckey, owner => 'nagios', - mode => '0600'; + mode => '0600', + require => Package['check-mk-server']; '/etc/check_mk/.ssh/id_rsa.pub': content => "${type} ${pubkey} monitor", owner => 'nagios', - mode => '0644'; + mode => '0644', + require => Package['check-mk-server']; # check_icmp must be suid root or called by sudo # see https://leap.se/code/issues/5171 '/usr/lib/nagios/plugins/check_icmp': diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 87c35f05..91f1e3aa 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -107,4 +107,6 @@ class site_couchdb::stunnel { } create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults) + + include site_check_mk::agent::stunnel } diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 9aae8ae8..7106c36a 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -1,9 +1,7 @@ class site_nagios::server inherits nagios::base { # First, purge old nagios config (see #1467) - class { 'site_nagios::server::purge': - stage => setup - } + class { 'site_nagios::server::purge': } $nagios_hiera = hiera('nagios') $nagiosadmin_pw = htpasswd_sha1($nagios_hiera['nagiosadmin_pw']) diff --git a/puppet/modules/site_nagios/manifests/server/purge.pp b/puppet/modules/site_nagios/manifests/server/purge.pp index 1c12cfb0..6815a703 100644 --- a/puppet/modules/site_nagios/manifests/server/purge.pp +++ b/puppet/modules/site_nagios/manifests/server/purge.pp @@ -10,9 +10,10 @@ class site_nagios::server::purge inherits nagios::base { purge => false } - # only purge find in the /etc/nagios3/conf.d/ dir, not in any subdir + # only purge files in the /etc/nagios3/conf.d/ dir, not in any subdir exec {'purge_conf.d': command => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f -exec rm {} \;', - onlyif => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"' + onlyif => '/usr/bin/find /etc/nagios3/conf.d/ -maxdepth 1 -type f | grep -q "/etc/nagios3/conf.d"', + require => Package['nagios'] } } |