diff options
author | Micah <micah@riseup.net> | 2015-12-09 19:32:51 +0000 |
---|---|---|
committer | Micah <micah@riseup.net> | 2015-12-09 19:32:51 +0000 |
commit | d1321c39001ebd445b37fd551fbfd324b6ab6ae0 (patch) | |
tree | 6c3a56aac66bf1cdce128d89550151a11cdb21c2 /manifests/service | |
parent | 993b624bd14dc5ef88847b11abc06d2b708c23b6 (diff) | |
parent | 6cd3270ccfd806bcc8097be4f6982c6dccc6a4aa (diff) |
Merge branch 'immerda_changes' into 'master'
Merge in immerda changes - purging of resources and lots of nice additional checks
Sorry for the big amount of changes, but I think I merged everything nicely with what we have been working. Ok, so what do you get here:
* Purging of unmanaged resources, for that I had to move everything to the default paths of the puppet types, BUT now as soon as a node won't export anymore a resource it will get purged from nagios. No more cleaning up of decomissioned nodes, just remove them from puppet (puppet node clean oldnode.example.com) and they will also disappear from nagios.
* slight changes to the http checks.
** naming the checks consistently, so it's easier to change what they are looking for.
** Also accept 301 & 302 as a good value per default.
** make it possible to define accepted return codes per http & https
* add gpgkey checks, so you won't miss any expiring gpg keys anymore
* add imap login checks, so you can check whether ppl can actually login to your mailserver
* add horde login checks, so you can check whether login to horde still works
* linting wherever I touched something.
See merge request !15
Diffstat (limited to 'manifests/service')
-rw-r--r-- | manifests/service/gpgkey.pp | 49 | ||||
-rw-r--r-- | manifests/service/horde_login.pp | 18 | ||||
-rw-r--r-- | manifests/service/http.pp | 76 | ||||
-rw-r--r-- | manifests/service/imap.pp | 22 | ||||
-rw-r--r-- | manifests/service/imap_login.pp | 22 | ||||
-rw-r--r-- | manifests/service/pop3_login.pp | 22 |
6 files changed, 165 insertions, 44 deletions
diff --git a/manifests/service/gpgkey.pp b/manifests/service/gpgkey.pp new file mode 100644 index 0000000..df13ca8 --- /dev/null +++ b/manifests/service/gpgkey.pp @@ -0,0 +1,49 @@ +# define a gpgkey to be watched +define nagios::service::gpgkey( + $ensure = 'present', + $warning = '14', + $key_info = undef, + $check_interval = 60, +){ + validate_slength($name,40,40) + require ::nagios::plugins::gpg + $gpg_home = $nagios::plugins::gpg::gpg_home + $gpg_cmd = "gpg --homedir ${gpg_home}" + + exec{"manage_key_${name}": + user => nagios, + group => nagios, + } + nagios::service{ + "check_gpg_${name}": + ensure => $ensure; + } + + if $ensure == 'present' { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=${gpg_home}/sks-keyservers.netCA.pem --recv-keys ${name}", + unless => "${gpg_cmd} --list-keys ${name}", + before => Nagios::Service["check_gpg_${name}"], + } + + Nagios::Service["check_gpg_${name}"]{ + check_command => "check_gpg!${warning}!${name}", + check_interval => $check_interval, + } + if $key_info { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name} - Info: ${key_info}", + } + } else { + Nagios::Service["check_gpg_${name}"]{ + service_description => "Keyfingerprint: ${name}", + } + } + } else { + Exec["manage_key_${name}"]{ + command => "${gpg_cmd} --batch --delete-key ${name}", + onlyif => "${gpg_cmd} --list-keys ${name}", + require => Nagios::Service["check_gpg_${name}"], + } + } +} diff --git a/manifests/service/horde_login.pp b/manifests/service/horde_login.pp new file mode 100644 index 0000000..6cab59e --- /dev/null +++ b/manifests/service/horde_login.pp @@ -0,0 +1,18 @@ +# a horde login check +define nagios::service::horde_login( + $password, + $url, + $username = $name, + $ensure = 'present', +){ + nagios::service{ + "horde_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["horde_${name}"]{ + check_command => "check_horde_login!${url}!${username}!${password}", + } + } +} diff --git a/manifests/service/http.pp b/manifests/service/http.pp index ef63abb..b80c140 100644 --- a/manifests/service/http.pp +++ b/manifests/service/http.pp @@ -4,43 +4,51 @@ # - force: http is permanent redirect to https # - only: check only https define nagios::service::http( - $ensure = present, - $check_domain = 'absent', - $port = '80', - $check_url = '/', - $check_code = 'OK', - $use = 'generic-service', - $ssl_mode = false + $ensure = present, + $check_domain = 'absent', + $port = '80', + $check_url = '/', + $check_code = '200,301,302', + $use = 'generic-service', + $ssl_mode = false ){ - $real_check_domain = $check_domain ? { - 'absent' => $name, - default => $check_domain + $real_check_domain = $check_domain ? { + 'absent' => $name, + default => $check_domain + } + if is_hash($check_code) { + $check_code_hash = $check_code + } else { + $check_code_hash = { + http => $check_code, + https => $check_code, } - case $ssl_mode { - 'force',true,'only': { - nagios::service{"https_${name}_${check_code}": - ensure => $ensure, - use => $use, - check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code}'", - } - case $ssl_mode { - 'force': { - nagios::service{"httprd_${name}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", - } - } - } + } + case $ssl_mode { + 'force',true,'only': { + nagios::service{"https_${name}": + ensure => $ensure, + use => $use, + check_command => "check_https_url_regex!${real_check_domain}!${check_url}!'${check_code_hash[https]}'", + } + case $ssl_mode { + 'force': { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'301'", + } } + } } - case $ssl_mode { - false,true: { - nagios::service{"http_${name}_${check_code}": - ensure => $ensure, - use => $use, - check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code}'", - } - } + } + case $ssl_mode { + false,true: { + nagios::service{"http_${name}": + ensure => $ensure, + use => $use, + check_command => "check_http_url_regex!${real_check_domain}!${port}!${check_url}!'${check_code_hash[http]}'", + } } + } } diff --git a/manifests/service/imap.pp b/manifests/service/imap.pp index b703db4..45b667a 100644 --- a/manifests/service/imap.pp +++ b/manifests/service/imap.pp @@ -1,24 +1,26 @@ +# check an imap service define nagios::service::imap( - $ensure = 'present', - $host = 'absent', - $port = '143', - $tls = true, - $tls_port = '993' + $ensure = 'present', + $host = 'absent', + $port = '143', + $tls = true, + $tls_port = '993' ){ $real_host = $host ? { 'absent' => $name, - default => $host + default => $host } + $tls_ensure = $tls ? { + true => $ensure, + default => 'absent' + } nagios::service{ "imap_${name}_${port}": ensure => $ensure; "imaps_${name}_${tls_port}": - ensure => $tls ? { - true => $ensure, - default => 'absent' - }; + ensure => $tls_ensure; } if $ensure != 'absent' { diff --git a/manifests/service/imap_login.pp b/manifests/service/imap_login.pp new file mode 100644 index 0000000..25303a3 --- /dev/null +++ b/manifests/service/imap_login.pp @@ -0,0 +1,22 @@ +# a imap login check +define nagios::service::imap_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "imap_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["imap_login_${name}"]{ + check_command => "check_imap_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} diff --git a/manifests/service/pop3_login.pp b/manifests/service/pop3_login.pp new file mode 100644 index 0000000..7453528 --- /dev/null +++ b/manifests/service/pop3_login.pp @@ -0,0 +1,22 @@ +# a pop3 login check +define nagios::service::pop3_login( + $username, + $password, + $warning = 5, + $critical = 10, + $host = $::fqdn, + $host_name = $::fqdn, + $ensure = 'present', +){ + nagios::service{ + "pop3_login_${name}": + ensure => $ensure; + } + + if $ensure != 'absent' { + Nagios::Service["pop3_login_${name}"]{ + check_command => "check_pop3_login!${host}!${username}!${password}!${warning}!${critical}", + host_name => $host_name, + } + } +} |