diff options
| author | Micah <micah@riseup.net> | 2015-12-09 19:32:51 +0000 |
|---|---|---|
| committer | Micah <micah@riseup.net> | 2015-12-09 19:32:51 +0000 |
| commit | d1321c39001ebd445b37fd551fbfd324b6ab6ae0 (patch) | |
| tree | 6c3a56aac66bf1cdce128d89550151a11cdb21c2 /manifests/service/gpgkey.pp | |
| parent | 993b624bd14dc5ef88847b11abc06d2b708c23b6 (diff) | |
| parent | 6cd3270ccfd806bcc8097be4f6982c6dccc6a4aa (diff) | |
Merge branch 'immerda_changes' into 'master'
Merge in immerda changes - purging of resources and lots of nice additional checks
Sorry for the big amount of changes, but I think I merged everything nicely with what we have been working. Ok, so what do you get here:
* Purging of unmanaged resources, for that I had to move everything to the default paths of the puppet types, BUT now as soon as a node won't export anymore a resource it will get purged from nagios. No more cleaning up of decomissioned nodes, just remove them from puppet (puppet node clean oldnode.example.com) and they will also disappear from nagios.
* slight changes to the http checks.
** naming the checks consistently, so it's easier to change what they are looking for.
** Also accept 301 & 302 as a good value per default.
** make it possible to define accepted return codes per http & https
* add gpgkey checks, so you won't miss any expiring gpg keys anymore
* add imap login checks, so you can check whether ppl can actually login to your mailserver
* add horde login checks, so you can check whether login to horde still works
* linting wherever I touched something.
See merge request !15
Diffstat (limited to 'manifests/service/gpgkey.pp')
| -rw-r--r-- | manifests/service/gpgkey.pp | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp new file mode 100644 index 0000000..df13ca8 --- /dev/null +++ b/manifests/service/gpgkey.pp @@ -0,0 +1,49 @@ +# define a gpgkey to be watched +define nagios::service::gpgkey( + $ensure = 'present', + $warning = '14', + $key_info = undef, + $check_interval = 60, +){ + validate_slength($name,40,40) + require ::nagios::plugins::gpg + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_cmd = "gpg --homedir ${gpg_home}" + + exec{"manage_key_${name}": + user => nagios, + group => nagios, + } + nagios::service{ + "check_gpg_${name}": + ensure => $ensure; + } + + if $ensure == 'present' { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}", + unless => "${gpg_cmd} --list-keys ${name}", + before => Nagios::Service["check_gpg_${name}"], + } + + Nagios::Service["check_gpg_${name}"]{ + check_command => "check_gpg!${warning}!${name}", + check_interval => $check_interval, + } + if $key_info { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name} - Info: ${key_info}", + } + } else { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name}", + } + } + } else { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --batch --delete-key ${name}", + onlyif => "${gpg_cmd} --list-keys ${name}", + require => Nagios::Service["check_gpg_${name}"], + } + } +} |