From 7b9c1068754269046a2dab0015ae0d2935c71817 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 21 Jun 2015 10:12:55 +0100 Subject: use hashicorp atlas for Vagrantbox download Change-Id: Ie7263c9442eb9bf8572d301f88bd38dbcce16846 --- Vagrantfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 4a91c459..18590a8f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,8 +5,7 @@ Vagrant.configure("2") do |config| # see https://leap.se/en/docs/platform/details/development#Verify.vagrantbox.download # for details - config.vm.box = "leap-wheezy" - config.vm.box_url = "https://downloads.leap.se/platform/vagrant/virtualbox/leap-wheezy.box" + config.vm.box = "LEAP/wheezy" #config.vm.network :private_network, ip: "10.5.5.102" config.vm.provider "virtualbox" do |v| v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] -- cgit v1.2.3 From 73f83d847540a0f679d23f5dc86660b55959710a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 6 Jul 2015 14:48:10 +0200 Subject: Don't monitor disabled nodes (#7235) Change-Id: I51ce8a9e8773d267c270a1725a497f9a43f2e9ff Sidenote: $nagios_hosts was never used --- puppet/modules/site_check_mk/manifests/server.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp index 171f1576..67519513 100644 --- a/puppet/modules/site_check_mk/manifests/server.pp +++ b/puppet/modules/site_check_mk/manifests/server.pp @@ -1,3 +1,4 @@ +# setup check_mk on the monitoring server class site_check_mk::server { $ssh_hash = hiera('ssh') @@ -6,10 +7,9 @@ class site_check_mk::server { $seckey = $ssh_hash['monitor']['private_key'] $nagios_hiera = hiera_hash('nagios') - $nagios_hosts = $nagios_hiera['hosts'] + $hosts = $nagios_hiera['hosts'] - $hosts = hiera_hash('hosts') - $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%>"<%= @hosts[key]["domain_internal"] %>", <% end -%>') + $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%><% if @hosts[key]["environment"] != "disabled" %>"<%= @hosts[key]["domain_internal"] %>", <% end -%><% end -%>') $domains_internal = $nagios_hiera['domains_internal'] $environments = $nagios_hiera['environments'] -- cgit v1.2.3 From 4986f2ba34bbed7748b80f02ab965dd5968217bc Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 14:39:34 +0200 Subject: remove leap_couch_stats.sh TMPFILE so /tmp/ won't fill with tmp files (#7217) Change-Id: I7b778e1e1af2784bd79840f20453ca8718927e25 --- .../site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 95474ccb..285a80f0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,6 +97,7 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) +rm "$TMPFILE" for db in $dbs do -- cgit v1.2.3 From 07e949ad3d3baa132c88e529ab5121c4016eb0be Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 15:15:32 +0200 Subject: moved removal of leap_couch_stats.sh TMPFILE to end of script (#7217) Change-Id: If844b95c44e697f480df8ee2ae6607709b9942f7 --- .../files/agent/local_checks/couchdb/leap_couch_stats.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 285a80f0..83b407e0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,7 +97,6 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) -rm "$TMPFILE" for db in $dbs do @@ -118,3 +117,6 @@ end_time=$(date +%s.%N) duration=$( echo "scale = 2; $end_time - $start_time" | bc -l ) printf "${exitcode} ${PREFIX}global_stats ${global_stats_perf}|script_duration=%02.2fs ${STATE[exitcode]}: global couchdb status\n" "$duration" + +rm "$TMPFILE" + -- cgit v1.2.3 From 3cb5ae59d51d85cde704214dcea7c65da2bf6e94 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:04:40 +0200 Subject: Ignore openvpn logwatch warnings (#6867) These are warnings that might have different origins, each of them we don't want to alarm the admin: - A bitmask client bug (user will poke the client devs if things break, and they will go after it) - A simple network failure, packets might get cut of - Malicious user tries to temper with TLS handshakes - this gets more interesting, but still (like ssh bruteforce attacs) an admin would not want to get annoyed by this by default, but they still have the option to use log analysers of their choice if they want to investigate this. Change-Id: I23ca3b700e41f22f34ad3346ed4e647b86000bb2 --- puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg index ed50f420..d99dcde9 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg @@ -8,6 +8,11 @@ I ovpn-.*TLS Error: TLS object -> incoming plaintext read error I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate + I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate + I ovpn-.*TLS Error: unknown opcode received from + I ovpn-.*Authenticate/Decrypt packet error: packet HMAC authentication failed + I ovpn-.*TLS Error: reading acknowledgement record from packet + I ovpn-.*TLS Error: session-id not found in packet from I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired -- cgit v1.2.3 From 7e6b3939a69f11d23ed1c876060025fbe694704d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:30:42 +0200 Subject: check_mk should not falsely report multiple instances running (#6866) Change-Id: Ie7943c9a541c3cd2feac7686ed1092aadc5a7c7a --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index 4a5ec68e..ad9962d4 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -1,3 +1,4 @@ +# sets up tapicero monitoring class site_check_mk::agent::tapicero { include ::site_nagios::plugins @@ -14,7 +15,7 @@ class site_check_mk::agent::tapicero { lens => 'Spacevars.lns', changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ], + "set Tapicero_Procs \"/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array='^tapicero$'\"" ], require => File['/etc/check_mk/mrpe.cfg']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', -- cgit v1.2.3 From ec24733308676d6822aaeaae6c17b042f7e2bf14 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 7 Jul 2015 16:22:36 -0400 Subject: Clean up left-over files from old way of leap-mx logging, this should stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760 --- puppet/modules/site_config/manifests/remove_files.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 3f46659c..b339e6af 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -27,6 +27,10 @@ class site_config::remove_files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; + 'leap_mx_rotate': + path => '/var/log/leap/', + recurse => true, + matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3