Age | Commit message (Collapse) | Author |
|
Change-Id: I1d8cedfeb1153312c13f7f182c7ac3b031647dd4
|
|
In order to assure tapicero is still working, we need to monitor
/var/log/syslog for the last tapicero log msg, which should not be older
than the last check_mk_agent run (every 2 mins atm).
|
|
Conflicts:
puppet/modules/site_check_mk/files/agent/logwatch/bigcouch.cfg
Change-Id: I1646e49ffa5437a861b402b755bc15943c42ec4f
|
|
Change-Id: I73defd7964501e4eabe7dd05c02887e7aeb2f063
|
|
|
|
Bug/6545
See merge request !16
|
|
Change-Id: I0abeb88f7b6548e5742bd3d99b2f4e5d9c6cf421
|
|
Change-Id: Ie51fb485bcae9a9467c465bdd1b4a5785023db04
|
|
caught (#6540)
Change-Id: I1fe8d4cf60532dfe01cfb3a014c4cbeb4acdc479
|
|
|
|
|
|
tapicero[921]: Checking security of user-1b3b1fb78db851190fa72dac01207b8d failed (trying again soon): RestClient::ResourceNotFound: 404 Resource Not Found: {"error":"not_found","reason":"Database does not exist."}")
tapicero recovers from this error
Change-Id: Ic105823ddc282512000e6d7445539428581eb997
|
|
Change-Id: I10ec569821f329e3bd10ac87242db102e9c82246
|
|
6539 increase time between check mk agent runs
https://leap.se/code/issues/6539
See merge request !11
|
|
right now, check_mk_agent is run every minute on each host.
The soledad sync test depends on tapicero, and in between finishing the
soledad test and removing the testuser db, and the start of another test
there's only 13s
Change-Id: I5b22ba02470cce799a12043d21091c0c9b8e0b5f
|
|
Change-Id: I198c5245c7e73d6dd7a7d9725fac1eb9a8f425a5
|
|
Bug/6511
Update tapicero logwatch ignore error to be before the Critical line. Additionally, enhance it to also capture the "Creating database", "Writing security to" entries.
See merge request !9
|
|
leap_platform was modified so the nagios.internal_domains contain the
domain name (with the tld replaced by an "i" for internal), see
https://leap.se/code/issues/6477#note-11.
in order to achieve this the easy way, each host got added a
domain_internal_suffix value, which can be iterated over to get all
nagios.internal_domains.
Because we use `create_resources ( site_nagios::add_host_services,
$nagios_hosts )` in site_nagios::server to deploy the services, the
site_nagios::add_host_services define needs to have a
domain_internal_suffix parameter added.
Change-Id: I6b83b3f291a1a611b5b92d5ba3ed82597a42bba7
|
|
requirement in logwatch, remove extended regexp character class and also
ignore "Writing security" lines
Change-Id: I7d33725db06a40361a3b04f9591adeb6a025bf77
|
|
Bug/6512
See merge request !5
|
|
Change-Id: I0939070482fad4f99f03e41094a3df42ff5063e4
|
|
Change-Id: I03842b65329aabb012cc2c7514007e174cbd8fc0
|
|
Change-Id: I8a6c27434f548f24d9dba1a969699200ab307477
|
|
the service has been started (#6495)
Change-Id: Id48fedb5731117b68b7386c4ce22516333d94081
|
|
check_mk_objects.cfg (Feature #5142)
Change-Id: Ib0283806b5485a9d15f0aa7e09142989367dae20
|
|
|
|
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094
|
|
Change-Id: I0b1eec11a3b3da39d65572b6bee8b3ce892e08ac
|
|
now (Bug #6489)
Change-Id: Iaec748a173b6e11bb3ab3c11ca152809817644f9
|
|
environment's contact email (Bug #6466)" into develop
|
|
contact email (Bug #6466)
Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
|
|
users (Feature #6481)
There are potentially many tapicero daemons running, and they all try
to do the same thing at the same time. It is basically designed to
create race conditions. All tapicero daemons try to create the user db
at the same time. Only one of them wins the race and actually creates
it.
We need to fix this later (see https://leap.se/code/issues/6480) but
for now, we ignore them because conflict errors should be handled by the
applictation anyway.
Change-Id: I91095b1901d238e3d199954ba3716023d3fd49c1
|
|
Change-Id: I2fa85918af8199fbc41bb4e58dae6c78911ab626
|
|
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
|
|
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
|
|
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935
|
|
Change-Id: I2549d781427fffc865c2bdcd1e950d60dad509fd
|
|
sent out on first failed check_mk check (Bug #6461)
Change-Id: I1bd47b3c3d17508488a4db90d74118006d85a03a
|
|
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116
|
|
|
|
might communicate with. this includes port and host key algorithm. closes #6432
|
|
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
|
|
|
|
Let check_mk put all hosts into the same "admin" contactgroup,
which is defined as default contactgroup by nagios.
Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94
|
|
descriptor limits to account for bigcouch sync spikes (#4935)
Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b
|
|
I reformatted the section below for consistency.
Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
|
|
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
|
|
(#6388)
Previously the DNAT rule would redirect the incoming port 443 requests
to openvpn, which was the wrong thing to do on the primary IP (but the
right thing to do on the openvpn gateway IPs). This manifested in the
webapp not being available when it was also configured as a service on
the node.
Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
|
|
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19
|
|
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.
If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").
Finally, if it is set to port 80, we don't include the
tor::daemon::directory
Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
|