# Non comment lines are YAML # # Strings ought to be in double quotes, but it works in most cases if they aren't :) # # vim:set syntax=yaml: # TODO # - *: check munin stats collection works # - *: check backups are successful # - *: unwanted: network: auth, discard, daytime, time (on some), cvs-pserver, rsync (on some), ftp (on some), http (on some) --- ############################# # hosts ############################# servers: # {{{ gateways global: hostgroups: notacomputer pingable: false check_command: dsa_check_always_ok gw-1und1-sec: parents: ubc-gateway hostgroups: notacomputer pingable: false check_command: dsa_check_always_ok gw-accumu: address: 130.239.18.97 parents: ubc-gateway hostgroups: layer3-infrastructure gw-accumu2: address: 130.242.6.198 parents: ubc-gateway hostgroups: layer3-infrastructure gw-aql: address: 141.170.2.19 parents: ubc-gateway hostgroups: layer3-infrastructure gw-bytemark: address: 89.16.160.116 parents: ubc-gateway hostgroups: layer3-infrastructure gw-c3sl: address: 200.17.202.254 parents: ubc-gateway hostgroups: layer3-infrastructure gw-cecsit: address: 150.203.164.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-arm: address: 213.104.121.213 parents: ubc-gateway hostgroups: layer3-infrastructure gw-brown: address: 138.16.160.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-conova: address: 217.196.149.238 parents: ubc-gateway hostgroups: layer3-infrastructure gw-csail: address: 128.31.0.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-dgi: address: 93.94.130.190 parents: ubc-gateway hostgroups: layer3-infrastructure gw-freenet: address: 62.104.23.249 parents: ubc-gateway hostgroups: layer3-infrastructure gw-gatech: address: 128.61.240.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-grnet: address: 194.177.211.193 parents: ubc-gateway hostgroups: layer3-infrastructure gw-isc: # really henet, because of something weird address: 72.52.94.70 parents: ubc-gateway hostgroups: layer3-infrastructure gw-leaseweb: address: 185.17.185.190 parents: ubc-gateway hostgroups: layer3-infrastructure gw-manda: address: 82.195.78.118 parents: ubc-gateway hostgroups: layer3-infrastructure gw-marist: address: 148.100.88.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-osuosl: address: 140.211.166.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-sakura: address: 133.242.99.65 parents: ubc-gateway hostgroups: layer3-infrastructure gw-sanger: address: 193.62.202.25 parents: ubc-gateway hostgroups: layer3-infrastructure contacts: tjrc1, dave gw-scanplus-lobos: address: 212.211.132.249 parents: ubc-gateway hostgroups: layer3-infrastructure gw-scanplus-villa: address: 212.211.132.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-sil: address: 86.59.118.145 parents: ubc-gateway hostgroups: layer3-infrastructure gw-skroutz1: address: 154.57.0.249 parents: ubc-gateway hostgroups: layer3-infrastructure gw-skroutz2: address: 154.57.0.250 parents: ubc-gateway hostgroups: layer3-infrastructure gw-umn: address: 128.101.240.222 parents: ubc-gateway hostgroups: layer3-infrastructure gw-unicamp: address: 143.106.167.113 parents: ubc-gateway hostgroups: layer3-infrastructure gw-utwente: address: 130.89.149.1 parents: ubc-gateway hostgroups: layer3-infrastructure gw-ynic: # really janet, because ynic is stupid about firewalling address: 144.32.255.227 parents: ubc-gateway hostgroups: layer3-infrastructure gw-zivit: parents: ubc-gateway hostgroups: notacomputer pingable: false check_command: dsa_check_always_ok ubc-gateway: address: 209.87.16.254 hostgroups: layer3-infrastructure # }}} # {{{ servers # {{{ gw-1und1-sec schumann: address: 212.227.126.54 parents: gw-1und1-sec hostgroups: computers, service, apache2-hosts, rsyncd-hosts, buster, security_mirror, hassrvfs, pe1950, physical_x86_intel wieck: address: 195.20.242.89 parents: gw-1und1-sec hostgroups: computers, service, apache2-hosts, rsyncd-hosts, stretch, security_mirror, hasvarlogfs, no-bacula, pe1950, physical_x86_intel # }}} # {{{ gw-accumu pettersson: address: 130.239.18.123 parents: gw-accumu hostgroups: computers, hasbootfs, aacraid, nfs-client, service, buster, autofs, sw-raid, physical_x86_intel contacts: zobel, tfheen, lfilipoz, zumbi, jcristau, pabs, aurel32, dsa-nsa contact_groups: "" mirror-accumu: address: 130.242.6.199 parents: gw-accumu2 hostgroups: computers, service, stretch, apache2-hosts, hassrvfs, rsyncd-hosts, physical_x86_intel # }}} # {{{ gw-aql eller: address: 141.170.6.156 parents: gw-aql hostgroups: computers, porterbox, buster, hassrvfs mips-aql-01: address: 141.170.6.149 parents: gw-aql hostgroups: computers, buildd, buster, nfs-client mips-aql-02: address: 141.170.6.150 parents: gw-aql hostgroups: computers, buildd, buster, nfs-client mips-aql-04: address: 141.170.6.154 parents: gw-aql hostgroups: computers, buildd, buster, nfs-client mips-aql-05: address: 141.170.6.155 parents: gw-aql hostgroups: computers, buildd, buster, nfs-client mips-aql-06: address: 141.170.6.157 parents: gw-aql hostgroups: computers, buildd, buster, hassrvfs minkus: address: 141.170.6.151 parents: gw-aql hostgroups: computers, porterbox, buster, nfs-client mipsel-aql-01: address: 141.170.6.152 parents: gw-aql hostgroups: computers, buildd, buster, hassrvfs, hasbootfs, sw-raid mipsel-aql-02: address: 141.170.6.153 parents: gw-aql hostgroups: computers, buildd, buster, hassrvfs, hasbootfs, sw-raid mipsel-aql-03: address: 141.170.6.158 parents: gw-aql hostgroups: computers, buildd, buster, hassrvfs # }}} # {{{ gw-arm abel: address: 217.140.96.56 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, porterbox, buster, broken_mq arnold: address: 217.140.96.57 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, buildd, buster, broken_mq arm-arm-01: address: 217.140.96.58 parents: gw-arm hostgroups: computers, hassrvfs, buildd, buster, broken_mq, sw-raid arm-arm-03: address: 217.140.96.60 parents: gw-arm hostgroups: computers, hassrvfs, buildd, buster, broken_mq, sw-raid arm-arm-04: address: 217.140.96.61 parents: gw-arm hostgroups: computers, hassrvfs, buildd, buster, broken_mq, sw-raid harris: address: 217.140.96.66 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, buster, armhf, porterbox, broken_mq hartmann: address: 217.140.96.67 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, buster, armhf, buildd, broken_mq hoiby: address: 217.140.96.71 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, armhf, buster, buildd, broken_mq # }}} # {{{ gw-brown fasolo: address: 138.16.160.17 parents: gw-brown hostgroups: computers, service, apache2-hosts, apache-https, dl380, rsyncd-hosts, stretch, hassrvfs, postgres96-hosts, manyprocesses, physical_x86_intel # }}} # {{{ gw-bytemark bm-bl1: address: 5.153.231.241 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl2: address: 5.153.231.242 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl3: address: 5.153.231.243 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl4: address: 5.153.231.244 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl5: address: 5.153.231.245 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl6: address: 5.153.231.246 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl7: address: 5.153.231.247 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl8: address: 5.153.231.248 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl9: address: 5.153.231.249 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl10: address: 5.153.231.250 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl11: address: 5.153.231.251 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl12: address: 5.153.231.252 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl13: address: 5.153.231.253 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses bm-bl14: address: 5.153.231.254 parents: gw-bytemark hostgroups: computers, bm-bl, service, stretch, multipath-hosts, manyprocesses milanollo: address: 5.153.231.2 parents: gw-bytemark hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, apache-https, nfs-server, systemd-timesyncd milanollo2: address: 5.153.231.9 parents: milanollo hostgroups: secondary-IPs, rsyncd-hosts picconi: address: 5.153.231.3 parents: gw-bytemark hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, nfs-client, autofs, heavy-exim, spamd, apache-https, systemd-timesyncd senfter: address: 5.153.231.4 parents: gw-bytemark hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, nfs-server, systemd-timesyncd pejacevic: address: 5.153.231.6 parents: gw-bytemark hostgroups: computers, service, kvmdomains, buster, apache2-hosts, nfs-client, autofs, apache-https, systemd-timesyncd contacts: holger piu-slave-bm-a: address: 5.153.231.7 parents: gw-bytemark hostgroups: computers, service, kvmdomains, buster, nfs-client, autofs, systemd-timesyncd contacts: holger bmdb1: address: 5.153.231.10 parents: gw-bytemark hostgroups: computers, hassrvfs, kvmdomains, stretch, postgres96-hosts, systemd-timesyncd ganeti-bytemark: address: 5.153.231.1 parents: gw-bytemark hostgroups: notacomputer coccia: address: 5.153.231.11 parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, stretch, autofs, nfs-client, uploadqueue, apache-https, apache2-hosts, systemd-timesyncd backuphost: address: 5.153.231.12 parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, buster, systemd-timesyncd delfin: address: 5.153.231.17 parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, buster, apache2-hosts, apache-https, nfs-client, autofs, systemd-timesyncd dillon: address: 5.153.231.22 parents: ganeti-bytemark hostgroups: computers, general, kvmdomains, stretch, nfs-client, autofs, hassrvfs, systemd-timesyncd quantz: address: 5.153.231.28 parents: ganeti-bytemark hostgroups: computers, service, kvmdomains, stretch, hassrvfs, nfs-client, heavy-exim, apache2-hosts, autofs, apache-https, systemd-timesyncd respighi: address: 5.153.231.29 parents: ganeti-bytemark hostgroups: computers, service, kvmdomains, stretch, hassrvfs, nfs-client, autofs, systemd-timesyncd tate: address: 5.153.231.33 parents: ganeti-bytemark hostgroups: computers, service, kvmdomains, stretch, autofs, nfs-client, apache2-hosts, apache-https, systemd-timesyncd sor: address: 5.153.231.38 parents: ganeti-bytemark hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, autofs, nfs-client, systemd-timesyncd casulana: address: 5.153.231.41 parents: gw-bytemark hostgroups: computers, service, buster, hassrvfs, dl380, manyprocesses, apache2-hosts, physical_x86_intel contacts: zobel, tfheen, lfilipoz, zumbi, jcristau, pabs, aurel32, dsa-nsa contact_groups: "" # }}} # {{{ gw-c3sl santoro: address: 200.17.202.197 parents: gw-c3sl hostgroups: computers, service, apache2-hosts, rsyncd-hosts, hassrvfs, stretch, high-RTT, security_mirror, no-bacula, apache-https, physical_x86_intel contacts: faw # }}} # {{{ gw-cecsit mirror-anu: address: 150.203.164.39 parents: gw-cecsit hostgroups: computers, service, apache2-hosts, dl360, hassrvfs, stretch, apache-https, physical_x86_intel mirror-anu2: address: 150.203.164.60 parents: mirror-anu hostgroups: secondary-IPs, rsyncd-hosts mirror-anu3: address: 150.203.164.61 parents: mirror-anu hostgroups: secondary-IPs, security_mirror, rsyncd-hosts mirror-anu4: address: 150.203.164.62 parents: mirror-anu hostgroups: secondary-IPs # }}} # {{{ gw-conova conova-node01: address: 217.196.149.227 parents: gw-conova hostgroups: computers, stretch, service, sw-raid, drbd-hosts conova-node02: address: 217.196.149.228 parents: gw-conova hostgroups: computers, stretch, service, sw-raid, drbd-hosts ganeti-conova: address: 217.196.149.235 parents: gw-conova hostgroups: notacomputer arm-conova-01: address: 217.196.149.230 parents: ganeti-conova hostgroups: computers, hassrvfs, buildd, buster arm-conova-02: address: 217.196.149.231 parents: ganeti-conova hostgroups: computers, hassrvfs, buildd, buster amdahl: address: 217.196.149.236 parents: ganeti-conova hostgroups: computers, hassrvfs, porterbox, buster schmelzer: address: 185.69.161.161 parents: gw-conova hostgroups: computers, service, stretch, r540, manyprocesses, apache2-hosts, apache-https, systemd-timesyncd, physical_x86_intel schmelzer-debian: address: 217.196.149.232 hostgroups: secondary-IPs parents: schmelzer schmelzer-security: address: 217.196.149.233 hostgroups: secondary-IPs, rsyncd-hosts, security_mirror parents: schmelzer schmelzer-archive: address: 217.196.149.234 hostgroups: secondary-IPs, rsyncd-hosts parents: schmelzer schmelzer-syncproxy4-eu: address: 217.196.149.237 hostgroups: secondary-IPs, rsyncd-hosts, https-service parents: schmelzer # }}} # {{{ gw-csail csail-node01: address: 128.31.0.16 parents: gw-csail hostgroups: computers, service, dl360, stretch, drbd-hosts, physical_x86_intel csail-node02: address: 128.31.0.46 parents: gw-csail hostgroups: computers, service, dl360, stretch, drbd-hosts, physical_x86_intel ganeti-csail: address: 128.31.0.49 parents: gw-csail hostgroups: notacomputer mirror-csail: address: 128.31.0.62 parents: ganeti-csail hostgroups: computers, service, hassrvfs, kvmdomains, stretch, apache2-hosts, rsyncd-hosts, apache-https, systemd-timesyncd x86-csail-01: address: 128.31.0.50 parents: ganeti-csail hostgroups: computers, buildd, hassrvfs, kvmdomains, buster, systemd-timesyncd x86-csail-02: address: 128.31.0.68 parents: ganeti-csail hostgroups: computers, buildd, hassrvfs, kvmdomains, buster, systemd-timesyncd soriano: address: 128.31.0.67 parents: ganeti-csail hostgroups: computers, service, kvmdomains, hassrvfs, stretch, apache2-hosts, apache-https, systemd-timesyncd pkgmirror-csail: address: 128.31.0.51 parents: ganeti-csail hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, hassrvfs, systemd-timesyncd, varnish-hosts usper: address: 128.31.0.69 parents: ganeti-csail hostgroups: computers, service, kvmdomains, stretch, hassrvfs, uploadqueue, queued, systemd-timesyncd barriere: address: 128.31.0.66 parents: ganeti-csail hostgroups: computers, service, kvmdomains, buster, hassrvfs, porterbox, systemd-timesyncd olin: address: 128.31.0.65 parents: ganeti-csail hostgroups: computers, kvmdomains, stretch, systemd-timesyncd # }}} # {{{ gw-dgi storace: address: 93.94.130.161 parents: gw-dgi hostgroups: computers, buster, dl380, nfs-client, hassrvfs, physical_x86_intel # }}} # {{{ gw-gatech sechter: address: 128.61.240.73 parents: gw-gatech hostgroups: computers, service, apache2-hosts, rsyncd-hosts, sw-raid, hasbootfs, hassrvfs, stretch, security_mirror, physical_x86_intel # }}} # {{{ gw-grnet ganeti-grnet: address: 194.177.211.194 parents: gw-grnet hostgroups: notacomputer grnet-node01: address: 194.177.211.195 parents: gw-grnet hostgroups: computers, service, dl380, stretch, drbd-hosts, physical_x86_intel grnet-node02: address: 194.177.211.196 parents: gw-grnet hostgroups: computers, service, dl380, stretch, drbd-hosts, physical_x86_intel loghost-grnet-01: address: 194.177.211.200 parents: gw-grnet hostgroups: computers, service, kvmdomains, buster, hassrvfs, systemd-timesyncd geo3: address: 194.177.211.201 parents: gw-grnet hostgroups: computers, service, bind9-hosts, kvmdomains, stretch, systemd-timesyncd cgi-grnet-01: address: 194.177.211.202 parents: gw-grnet hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, xinetd-hosts, systemd-timesyncd x86-grnet-01: address: 194.177.211.203 parents: ganeti-grnet hostgroups: computers, pybuildd, hassrvfs, kvmdomains, buster, systemd-timesyncd x86-grnet-02: address: 194.177.211.204 parents: ganeti-grnet hostgroups: computers, pybuildd, hassrvfs, kvmdomains, buster, systemd-timesyncd vittoria: address: 194.177.211.205 parents: ganeti-grnet hostgroups: computers, service, hassrvfs, kvmdomains, stretch, postgres96-hosts, apache2-hosts, apache-https, systemd-timesyncd boott: address: 194.177.211.206 parents: ganeti-grnet hostgroups: computers, service, hassrvfs, kvmdomains, buster, systemd-timesyncd porta: address: 194.177.211.207 parents: ganeti-grnet hostgroups: computers, service, hassrvfs, kvmdomains, stretch, rsyncd-hosts, systemd-timesyncd melartin: address: 194.177.211.208 parents: ganeti-grnet hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, postgres96-hosts, hassrvfs static-master-grnet-01: address: 194.177.211.209 parents: ganeti-grnet hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, hassrvfs # }}} # {{{ gw-isc mirror-isc: address: 149.20.4.13 parents: gw-isc hostgroups: computers, service, apache2-hosts, apache-https, dl360, hassrvfs, xinetd-hosts, stretch, physical_x86_intel mirror-isc2: address: 149.20.4.14 parents: mirror-isc hostgroups: secondary-IPs, rsyncd-hosts, security_mirror mirror-isc3: address: 149.20.4.15 parents: mirror-isc hostgroups: secondary-IPs mirror-isc-syncproxy: address: 149.20.4.16 parents: mirror-isc hostgroups: secondary-IPs, rsyncd-hosts # }}} # {{{ gw-leaseweb lw01: address: 185.17.185.177 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-server, physical_x86_intel lw02: address: 185.17.185.178 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-server, physical_x86_intel lw03: address: 185.17.185.179 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-server, physical_x86_intel lw04: address: 185.17.185.180 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-server, physical_x86_intel lw07: address: 185.17.185.187 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts, physical_x86_intel lw07-2: address: 185.17.185.185 parents: lw07 hostgroups: secondary-IPs, https-service lw08: address: 185.17.185.189 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, apache2-hosts, physical_x86_intel lw09: address: 185.17.185.181 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, physical_x86_intel lw10: address: 185.17.185.182 parents: gw-leaseweb hostgroups: computers, service, stretch, dl180, physical_x86_intel # }}} # {{{ gw-manda czerny: address: 82.195.75.109 parents: gw-manda hostgroups: computers, service, dl380, acpid-hosts, buster, manyprocesses, physical_x86_intel clementi: address: 82.195.75.103 parents: gw-manda hostgroups: computers, service, dl380, acpid-hosts, stretch, manyprocesses, physical_x86_intel manda-node03: address: 82.195.75.69 parents: gw-manda hostgroups: computers, service, stretch, r540, drbd-hosts, manyprocesses, physical_x86_intel manda-node04: address: 82.195.75.70 parents: gw-manda hostgroups: computers, service, stretch, r540, drbd-hosts, manyprocesses, physical_x86_intel bendel: address: 82.195.75.100 parents: ganeti-manda hostgroups: computers, service, hasbootfs, kvmdomains, hassrvfs, apache2-hosts, stretch, postfix-hosts, heavy-postfix, apache-https, amavis-hosts, hasvarlogfs, systemd-timesyncd master: address: 82.195.75.110 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, hassrvfs, spamd, heavy-exim, highload, systemd-timesyncd vento: address: 82.195.75.98 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, heavy-exim, systemd-timesyncd draghi: address: 82.195.75.106 parents: ganeti-manda hostgroups: computers, service, hassrvfs, apache2-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, stretch, systemd-timesyncd geo1: address: 82.195.75.105 parents: ganeti-manda hostgroups: computers, service, bind9-hosts, kvmdomains, buster, systemd-timesyncd handel: address: 82.195.75.104 parents: ganeti-manda hostgroups: computers, service, kvmdomains, apache2-hosts, buster, postgres11-hosts, hassrvfs, systemd-timesyncd kaufmann: address: 82.195.75.107 parents: ganeti-manda hostgroups: computers, service, apache2-hosts, rsyncd-hosts, kvmdomains, buster, apache-https, systemd-timesyncd, bind9-hosts ganeti-manda: address: 82.195.75.71 parents: gw-manda hostgroups: notacomputer wilder: address: 82.195.75.112 parents: ganeti-manda hostgroups: computers, service, hassrvfs, apache2-hosts, kvmdomains, stretch, apache-https, rsyncd-hosts, systemd-timesyncd mailly: address: 82.195.75.114 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, spamd, heavy-exim, mail-relay, systemd-timesyncd denis: address: 82.195.75.91 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, bind9-hosts, systemd-timesyncd vogler: address: 82.195.75.92 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd wolkenstein: address: 82.195.75.65 parents: ganeti-manda hostgroups: computers, hasbootfs, hassrvfs, kvmdomains, service, xinetd-hosts, apache2-hosts, stretch, apache-https, systemd-timesyncd mips-manda-01: address: 82.195.75.66 parents: gw-manda hostgroups: computers, buildd, buster, hassrvfs mipsel-manda-01: address: 82.195.75.72 parents: gw-manda hostgroups: computers, buildd, buster, hassrvfs, sw-raid, hasbootfs snapshotdb-manda-01: address: 82.195.75.73 parents: gw-manda hostgroups: computers, hassrvfs, kvmdomains, buster, postgres96-hosts, systemd-timesyncd mipsel-manda-02: address: 82.195.75.74 parents: gw-manda hostgroups: computers, buildd, buster, hassrvfs, sw-raid, hasbootfs mipsel-manda-03: address: 82.195.75.67 parents: gw-manda hostgroups: computers, buildd, buster, hassrvfs seger: address: 82.195.75.93 parents: ganeti-manda hostgroups: computers, service, apache2-hosts, hassrvfs, rsyncd-hosts, kvmdomains, apache-https, postgres96-hosts, stretch, systemd-timesyncd suchon: address: 82.195.75.68 parents: ganeti-manda hostgroups: computers, service, kvmdomains, hassrvfs, stretch, uploadqueue, queued, systemd-timesyncd adayevskaya: address: 82.195.75.75 parents: ganeti-manda hostgroups: computers, service, kvmdomains, buster, systemd-timesyncd postgresql-manda-01: address: 82.195.75.76 parents: ganeti-manda hostgroups: computers, service, kvmdomains, hassrvfs, buster, systemd-timesyncd, postgres11-hosts dinis: address: 82.195.75.77 parents: ganeti-manda hostgroups: computers, general, kvmdomains, buster, hassrvfs, systemd-timesyncd gideon: address: 82.195.75.78 parents: ganeti-manda hostgroups: computers, service, kvmdomains, stretch, hassrvfs, systemd-timesyncd rainier: address: 82.195.75.94 parents: ganeti-manda hostgroups: computers, kvmdomains, stretch, systemd-timesyncd rapoport: address: 82.195.75.95 parents: ganeti-manda hostgroups: computers, kvmdomains, stretch, systemd-timesyncd petrova: address: 82.195.75.96 parents: ganeti-manda hostgroups: computers, kvmdomains, stretch, apache2-hosts, apache-https, systemd-timesyncd # }}} # {{{ gw-marist zani: address: 148.100.88.22 parents: gw-marist hostgroups: computers, pybuildd, hassrvfs, buster, incomingmailrelayed587 # }}} # {{{ gw-osuosl byrd: address: 140.211.166.200 parents: gw-osuosl hostgroups: computers, service, dl380, stretch, physical_x86_intel beach: address: 140.211.166.201 parents: byrd hostgroups: computers, service, kvmdomains, buster, apache2-hosts, hassrvfs, rsyncd-hosts, apache-https mipsel-osuosl-01: address: 140.211.166.210 parents: gw-osuosl hostgroups: computers, buildd, buster, hassrvfs mipsel-osuosl-02: address: 140.211.166.211 parents: gw-osuosl hostgroups: computers, buildd, buster, hassrvfs pijper: address: 140.211.166.194 parents: gw-osuosl hostgroups: computers, stretch, service, manyprocesses loghost-osuosl-01: address: 140.211.166.202 parents: pijper hostgroups: computers, service, kvmdomains, buster, hassrvfs, systemd-timesyncd pieta: address: 140.211.166.195 parents: gw-osuosl hostgroups: computers, buster, service, manyprocesses ppc64el-osuosl-01: address: 140.211.166.196 parents: pijper hostgroups: computers, hassrvfs, buildd, buster # }}} # {{{ gw-sanger sallinen: address: 193.62.202.26 parents: gw-sanger hostgroups: computers, service, stretch, dl380, nfs-client, autofs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts, physical_x86_intel sallinen-2: address: 193.62.202.27 parents: sallinen hostgroups: secondary-IPs, https-service sibelius: address: 193.62.202.28 parents: gw-sanger hostgroups: computers, service, apache2-hosts, sw-raid, buster, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server contacts: tjrc1, dave # }}} # {{{ gw-scanplus lobos: address: 212.211.132.250 parents: gw-scanplus-lobos hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hassrvfs, stretch, security_mirror, physical_x86_intel villa: address: 212.211.132.32 parents: gw-scanplus-villa hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl360, hassrvfs, stretch, security_mirror, physical_x86_intel # }}} # {{{ gw-sil eberlin: address: 86.59.118.155 parents: gw-sil hostgroups: computers, buildd, buster, sw-raid mips-sil-01: address: 86.59.118.146 parents: gw-sil hostgroups: computers, buildd, buster, hassrvfs mipsel-sil-01: address: 86.59.118.147 parents: gw-sil hostgroups: computers, buildd, buster, hassrvfs # }}} # {{{ gw-skroutz mirror-skroutz: address: 154.57.0.251 parents: gw-skroutz1, gw-skroutz2 hostgroups: computers, stretch, service, sw-raid, hassrvfs, apache2-hosts, physical_x86_intel # }}} # {{{ ubc-gateway ubc-enc2bl01: address: 209.87.16.1 parents: ubc-gateway hostgroups: computers, bl460g8, service, stretch, multipath-hosts, manyprocesses, physical_x86_intel ubc-enc2bl02: address: 209.87.16.2 parents: ubc-gateway hostgroups: computers, bl460g8, service, stretch, multipath-hosts, manyprocesses, physical_x86_intel ubc-enc2bl09: address: 209.87.16.9 parents: ubc-gateway hostgroups: computers, bl460g8, service, stretch, multipath-hosts, manyprocesses, physical_x86_intel ubc-enc2bl10: address: 209.87.16.10 parents: ubc-gateway hostgroups: computers, bl460g8, service, stretch, multipath-hosts, manyprocesses, physical_x86_intel ganeti2-ubc: address: 209.87.16.17 parents: ubc-gateway hostgroups: notacomputer rachmaninoff: address: 209.87.16.20 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, systemd-timesyncd x86-ubc-01: address: 209.87.16.21 parents: ganeti2-ubc hostgroups: computers, buildd, hassrvfs, kvmdomains, buster, systemd-timesyncd x86-ubc-02: address: 209.87.16.22 parents: ganeti2-ubc hostgroups: computers, buildd, hassrvfs, kvmdomains, buster, systemd-timesyncd manziarly: address: 209.87.16.23 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, autofs, nfs-client, apache2-hosts, apache-https, systemd-timesyncd, hassrvfs elgar: address: 209.87.16.24 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, systemd-timesyncd gombert: address: 209.87.16.25 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, apache2-hosts, apache-https, systemd-timesyncd nono: address: 209.87.16.26 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, heavy-exim, apache2-hosts, apache-https, broken_https_default_vhost, hassrvfs, systemd-timesyncd reger: address: 209.87.16.27 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, apache-https, heavy-exim, systemd-timesyncd diabelli: address: 209.87.16.28 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, apache2-hosts, apache-https, broken_https_default_vhost, systemd-timesyncd menotti: address: 209.87.16.29 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd danzi: address: 209.87.16.30 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, postgres96-hosts, systemd-timesyncd geo2: address: 209.87.16.31 parents: ganeti2-ubc hostgroups: computers, service, bind9-hosts, kvmdomains, stretch, systemd-timesyncd lotti: address: 209.87.16.32 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, systemd-timesyncd muffat: address: 209.87.16.33 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, spamd, heavy-exim, mail-relay, systemd-timesyncd sonntag: address: 209.87.16.34 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, nfs-client, autofs, systemd-timesyncd tchaikovsky: address: 209.87.16.35 parents: ganeti2-ubc hostgroups: computers, general, apache2-hosts, kvmdomains, apache-https, stretch, systemd-timesyncd gretchaninov: address: 209.87.16.36 parents: ganeti2-ubc hostgroups: computers, general, kvmdomains, buster, hassrvfs, nfs-server, apache2-hosts, xinetd-hosts, apache-https, systemd-timesyncd tye: address: 209.87.16.37 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, apache-https, nfs-client, autofs, hassrvfs, systemd-timesyncd ullmann: address: 209.87.16.38 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, postgres96-hosts, nfs-client, apache2-hosts, autofs, apache-https, systemd-timesyncd buxtehude: address: 209.87.16.39 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, apache2-hosts, heavy-exim, postgres11-hosts, hasvarlogfs, apache-https, spamd, nfs-server, systemd-timesyncd piu-slave-ubc-01: address: 209.87.16.42 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, nfs-client, autofs, systemd-timesyncd contacts: holger hier: address: 209.87.16.43 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, apache2-hosts, apache-https, nfs-client, autofs, systemd-timesyncd godard: address: 209.87.16.44 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd, postfix-hosts, postgres96-hosts, crazymanyprocesses godard-pages: address: 209.87.16.45 parents: godard hostgroups: notacomputer debussy: address: 209.87.16.46 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https, broken_https_default_vhost static-master-ubc-01: address: 209.87.16.47 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, systemd-timesyncd, hassrvfs grabbe: address: 209.87.16.48 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, systemd-timesyncd, apache2-hosts, apache-https trabaci: address: 209.87.16.49 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, hassrvfs, systemd-timesyncd wuiet: address: 209.87.16.60 parents: ganeti2-ubc hostgroups: computers, general, kvmdomains, stretch, service, apache-https, apache2-hosts, heavy-exim, systemd-timesyncd philp: address: 209.87.16.61 parents: ganeti2-ubc hostgroups: computers, hassrvfs, kvmdomains, stretch, apache2-hosts, apache-https, systemd-timesyncd, broken_https_default_vhost lindsay: address: 209.87.16.62 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, autofs, nfs-client, systemd-timesyncd pinel: address: 209.87.16.63 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, nfs-client, autofs, heavy-exim, systemd-timesyncd ticharich: address: 209.87.16.64 parents: ganeti2-ubc hostgroups: computers, general, kvmdomains, buster, nfs-client, autofs, apache2-hosts, apache-https, service, broken_https_default_vhost, systemd-timesyncd donizetti: address: 209.87.16.65 parents: ganeti2-ubc hostgroups: computers, general, kvmdomains, stretch, nfs-client, autofs, systemd-timesyncd jerea: address: 209.87.16.66 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd paradis: address: 209.87.16.67 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd paradis2: address: 209.87.16.68 parents: paradis hostgroups: secondary-IPs mekeel: address: 209.87.16.69 parents: ganeti2-ubc hostgroups: computers, service, kvmdomains, buster, hassrvfs, nfs-client, autofs, systemd-timesyncd ganeti3-ubc: address: 209.87.16.50 parents: ubc-gateway hostgroups: notacomputer ubc-node-arm01: address: 209.87.16.51 parents: ubc-gateway hostgroups: computers, buster, service, sw-raid, drbd-hosts ubc-node-arm02: address: 209.87.16.52 parents: ubc-gateway hostgroups: computers, buster, service, sw-raid, drbd-hosts ubc-node-arm03: address: 209.87.16.53 parents: ubc-gateway hostgroups: computers, buster, service, sw-raid, drbd-hosts arm-ubc-01: address: 209.87.16.54 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd arm-ubc-02: address: 209.87.16.55 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd arm-ubc-03: address: 209.87.16.56 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd arm-ubc-04: address: 209.87.16.57 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd arm-ubc-05: address: 209.87.16.58 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd arm-ubc-06: address: 209.87.16.59 parents: ganeti3-ubc hostgroups: computers, hassrvfs, buildd, buster, systemd-timesyncd # }}} # {{{ gw-umn #saens: # address: 128.101.240.212 # parents: gw-umn # hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hasvarfs, hasusrfs, hasorgfs, xinetd-hosts, wheezy, security_mirror, no-bacula mirror-umn: address: 128.101.240.212 parents: gw-umn hostgroups: computers, service, apache2-hosts, apache-https, dl360, hassrvfs, stretch, physical_x86_intel mirror-umn2: address: 128.101.240.215 parents: mirror-umn hostgroups: secondary-IPs, rsyncd-hosts, security_mirror mirror-umn3: address: 128.101.240.216 parents: mirror-umn hostgroups: secondary-IPs, rsyncd-hosts mirror-umn4: address: 128.101.240.217 parents: mirror-umn hostgroups: secondary-IPs # }}} # {{{ gw-unicamp prokofiev: address: 143.106.167.124 parents: gw-unicamp hostgroups: computers, stretch, service, manyprocesses ppc64el-unicamp-01: address: 143.106.167.121 parents: prokofiev hostgroups: computers, hassrvfs, buildd, buster plummer: address: 143.106.167.122 parents: prokofiev hostgroups: computers, porterbox, hassrvfs, buster # }}} # {{{ gw-utwente klecker: address: 130.89.148.10 parents: gw-utwente hostgroups: computers, service, dl380, stretch, incomingmailrelayed2025, hassrvfs, physical_x86_intel klecker-ftp: address: 130.89.148.12 parents: new-klecker hostgroups: secondary-IPs klecker-archive: address: 130.89.148.13 parents: new-klecker hostgroups: secondary-IPs new-klecker: address: 130.89.148.77 parents: gw-utwente hostgroups: computers, service, buster, r540, manyprocesses, incomingmailrelayed2025, physical_x86_intel, hassrvfs, apache2-hosts, apache-https smit: address: 130.89.148.78 parents: gw-utwente hostgroups: computers, service, buster, r540, manyprocesses, incomingmailrelayed2025, physical_x86_intel, apache2-hosts, apache-https, hassrvfs, rsyncd-hosts mikrotik-utwente: address: 130.89.148.79 parents: gw-utwente hostgroups: notacomputer # }}} # {{{ gw-ynic henze: address: 144.32.168.74 parents: gw-ynic hostgroups: computers, hasbootfs, hassrvfs, armhf, buster, buildd hasse: address: 144.32.168.75 parents: gw-ynic hostgroups: computers, hasbootfs, hassrvfs, armhf, buster, buildd antheil: address: 144.32.168.76 parents: gw-ynic hostgroups: computers, hasbootfs, hassrvfs, armhf, buster, buildd # }}} # {{{ gw-zivit zandonai: address: 80.245.147.46 parents: gw-zivit hostgroups: computers, buildd, hassrvfs, buster zelenka: address: 80.245.147.40 parents: gw-zivit hostgroups: computers, porterbox, hassrvfs, buster # }}} # {{{ gw-sakura setoguchi: address: 133.242.99.74 parents: gw-sakura hostgroups: computers, service, stretch, no-bacula, hassrvfs, apache2-hosts, rsyncd-hosts, security_mirror, physical_x86_intel # }}} # {{{ ############################# host groups ############################# hostgroups: computers: alias: computers private: 1 layer3-infrastructure: alias: Layer 3 Devices notacomputer: alias: Systems that are not really systems. Yeah :) private: 1 armhf: alias: armhf private: 1 porterbox: alias: developer accessible porter machines service: alias: machines running services buildd: alias: buildd systems pybuildd: alias: buildd systems running pybuildd general: alias: general purpose developer accessible machines dl380: alias: HP DL380 hosts private: 1 dl360: alias: HP DL360 hosts private: 1 bl460: alias: HP BL460 blades private: 1 bl460g8: alias: HP BL460 Gen8 blades private: 1 bm-bl: alias: HP blades at bytemark private: 1 dl180: alias: HP DL180 private: 1 dl120: alias: HP DL120 private: 1 sw-raid: alias: Hosts with Linux software raid private: 1 aacraid: alias: Hosts with Adaptec AACraid private: 1 pe1950: alias: Dell PowerEdge 1950 hosts private: 1 r540: alias: Dell PowerEdge R540 hosts private: 1 physical_x86_intel: alias: Physical machines with Intel CPUs private: 1 stretch: alias: Hosts running stretch buster: alias: Hosts running buster kvmdomains: alias: Hosts that are KVM domains private: 1 drbd-hosts: alias: hosts running drbd multipath-hosts: alias: hosts running multipathd postfix-hosts: alias: hosts running postfix instead of exim private: 1 heavy-exim: alias: "hosts running the full mail stuff, including clamav and postgrey" private: 1 mail-relay: alias: "relays usually are hosts with more exim processes" private: 1 spamd: alias: "hosts running spamassassin as daemon" private: 1 heavy-postfix: alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight" private: 1 apache2-hosts: alias: hosts running apache2 private: 1 bind9-hosts: alias: hosts running bind9 private: 1 amavis-hosts: alias: hosts running amavis private: 1 rsyncd-hosts: alias: hosts providing rsync services private: 1 xinetd-hosts: alias: hosts providing services via xinetd private: 1 postgres11-hosts: alias: hosts running postgres11 private: 1 postgres96-hosts: alias: hosts running postgres96 private: 1 no-ulogd: alias: hosts not running ulogd private: 1 acpid-hosts: alias: hosts running acpid private: 1 uploadqueue: alias: hosts that are an anonymous ftp uploadqueue private: 1 queued: alias: hosts running queued private: 1 bosserver: alias: hosts running bosserver private: 1 apache-https: alias: hosts with https services private: 1 https-service: alias: https service for secondary addresses private: 1 broken_https_default_vhost: alias: https default vhost does not say 200 OK private: 1 manyprocesses: alias: hosts with lots and lots of (kernel) processes crazymanyprocesses: alias: hosts with stupidly lots of processes varnish-hosts: alias: hosts running varnish private: 1 haproxy-hosts: alias: hosts running haproxy private: 1 haproxy-https-host: alias: "host providing https on the standard port via haproxy" private: 1 no-bacula: alias: hosts which are not being backed up with bacula private: 1 nfs-client: alias: hosts mounting filesystems using NFS private: 1 nfs-server: alias: hosts serving filesystems using NFS private: 1 autofs: alias: hosts running the automounter private: 1 systemd-timesyncd: alias: Vms running systemd-timesyncd private: 1 highload: alias: "hosts on which high load is normal" private: 1 secondary-IPs: alias: secondary IP addresses private: 1 hasbootfs: alias: hosts with a /boot filesystem private: 1 hassrvfs: alias: hosts with a /srv filesystem private: 1 hasvarlogfs: alias: hosts with a /var/log filesystem private: 1 incomingmailrelayed587: alias: incoming mail needs to go through a mail relay # i.e. no port 25 private: 1 incomingmailrelayed2025: alias: incoming mail needs to go through a mail relay # i.e. no port 25 private: 1 brokensamhain: alias: machines that can not run samhain private: 1 high-RTT: alias: machines with high round trip times private: 1 #openstack-compute: # alias: nodes that run OpenStack compute # private: 1 openstack-controller: alias: nodes that run OpenStack controller private: 1 security_mirror: alias: hosts that are security mirrors private: 1 broken_mq: alias: hosts whose MQ is broken private: 1 # }}} # {{{ ############################# servicegroups ############################# servicegroups: diskspace: alias: diskusage checks buildd: alias: buildd checks raid: alias: raid checks backup: alias: backup checks kernel: alias: kernel checks apt: alias: apt upgrade status samhain: alias: samhain integrity status time: alias: time stuff security: alias: security servicegroup_members: apt, kernel, samhain mirror: alias: mirror stuff MQ: alias: rabbitMQ stuff # }}} # {{{ ############################# services ############################# services: # {{{ ### basic networking - name: PING check: "check_ping!350.0,20%!600.0,40%" hostgroups: pingable excludehostgroups: layer3-infrastructure, high-RTT check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: PING check: "check_ping!600.0,20%!900.0,40%" hostgroups: high-RTT check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: PING check: "check_ping!2000.0,60%!3000.0,80%" hostgroups: layer3-infrastructure check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: network - v6 gw nrpe: "/usr/lib/nagios/plugins/dsa-check-ipv6-default-gw" hostgroups: computers check_interval: 60 # }}} # {{{ ### disk usage - name: disk usage - all servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk -w 5% -c 2% -A -X devpts -X proc -X linprocfs -X devfs -X fdescfs -X sysfs -X nfs -X nfs4 --ignore-eregi-path='/home/buildd/build-tr|/var/lib/schroot/mount|/proc/sys/fs/binfmt_misc'" hostgroups: computers excludehosts: sibelius - name: disk usage - all servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc -X linprocfs -X devfs -X fdescfs -X sysfs -X nfs -x nfs4 -x /srv/farm-snapshot/farm-misc 95 98" hosts: sibelius - name: disk usage on / servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /" hostgroups: computers - name: disk usage on /boot servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot" hostgroups: hasbootfs - name: disk usage on /srv servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /srv" hostgroups: hassrvfs - name: disk usage on /var/lib/postgresql servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var/lib/postgresql" hosts: sibelius, buxtehude, lw07, fasolo - name: disk usage on /var/log servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var/log" hostgroups: hasvarlogfs - name: disk usage on /var/spool/postfix servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var/spool/postfix" hosts: bendel - name: disk usage on /srv/mirrors servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 98 /srv/mirrors" hosts: sibelius - name: disk usage on /srv/snapshot.debian.org servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 94 /srv/snapshot.debian.org" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-0 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-0" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-1 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-1" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-2 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-2" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-3 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-3" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-4 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-4" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-5 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-5" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-6 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-6" hosts: sibelius - name: disk usage on /srv/farm-snapshot/farm-2017-7 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /srv/farm-snapshot/farm-2017-7" hosts: sibelius - name: disk usage on /srv/ftp-master.debian.org servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 93 96 /srv/ftp-master.debian.org" hosts: fasolo - name: disk usage on /storage/snapshot-farm-1 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-1" hosts: lw01 - name: disk usage on /storage/snapshot-farm-2 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-2" hosts: lw02 - name: disk usage on /storage/snapshot-farm-3 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-3" hosts: lw03 - name: disk usage on /storage/snapshot-farm-4 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-4" hosts: lw04 - name: disk usage on /storage/snapshot-farm-09 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-09" hosts: lw09 - name: disk usage on /storage/snapshot-farm-10 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-10" hosts: lw10 - name: disk usage on nfs farm 1 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-1" hosts: lw07 - name: disk usage on nfs farm 2 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-2" hosts: lw07 - name: disk usage on nfs farm 3 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-3" hosts: lw07 - name: disk usage on nfs farm 4 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-4" hosts: lw07 - name: disk usage on nfs farm 09 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-09" hosts: lw07 - name: disk usage on nfs farm 10 servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-10" hosts: lw07 - name: disk usage on /srv/morgue.debian.org/ servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /srv/morgue.debian.org" hosts: lw03 - name: disk usage on /srv/QNAP-big/ servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv/QNAP-big" hosts: storace - name: disk usage on /srv/QNAP-tiny servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /srv/QNAP-tiny" hosts: storace # }}} # {{{ ### system # {{{ setup - name: setup - dsa config nrpe: "/usr/lib/nagios/plugins/dsa-check-config" hostgroups: computers check_interval: 60 - name: setup - local hostname etc-hosts nrpe: 'if getent ahosts `hostname` | grep -q 127.0; then echo "Warning: local hostname resolves to 127/8 address"; exit 1; else echo "OK: Hostname resolves to non-127/8 address."; exit 0; fi' hostgroups: computers check_interval: 60 # }}} # {{{ os health #### - name: users nrpe: "/usr/lib/nagios/plugins/check_users 30 35" hostgroups: computers - name: load nrpe: "/usr/lib/nagios/plugins/check_load -w 30,28,26 -c 50,45,50" hostgroups: computers excludehostgroups: highload - name: load nrpe: "/usr/lib/nagios/plugins/check_load -w 140,120,100 -c 240,220,200" hostgroups: highload - name: uptime check nrpe: "/usr/lib/nagios/plugins/dsa-check-uptime" hostgroups: computers - name: processes - total nrpe: "/usr/lib/nagios/plugins/check_procs 620 700" hostgroups: computers excludehostgroups: manyprocesses, crazymanyprocesses - name: processes - total hostgroups: manyprocesses nrpe: "/usr/lib/nagios/plugins/check_procs 1500 1700" - name: processes - total hostgroups: crazymanyprocesses nrpe: "/usr/lib/nagios/plugins/check_procs 15000 25000" - name: free memory - mb nrpe: "/usr/lib/nagios/plugins/dsa-check-memory -m mb" hostgroups: computers - name: free memory - percent nrpe: "/usr/lib/nagios/plugins/dsa-check-memory -m pct" hostgroups: computers - name: process - getty nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C agetty -a /sbin/agetty" hostgroups: computers - name: processes - zombies nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z" hostgroups: computers - name: system - available entropy nrpe: "/usr/lib/nagios/plugins/dsa-check-entropy" event_handler: dsa_event_handler_restart_ekey hostgroups: computers - name: system - filesystem check nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-filesystems" check_interval: 60 retry_interval: 15 hostgroups: computers # }}} # {{{ backup - name: backup servicegroups: backup nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-dabackup" hostgroups: computers excludehosts: backuphost, storace check_interval: 60 max_check_attempts: 2 retry_interval: 5 - name: backup server config servicegroups: backup nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server" hosts: storace check_interval: 60 max_check_attempts: 2 retry_interval: 5 - name: backup - bacula - last backup servicegroups: backup remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula $HOSTNAME$.debian.org" runfrom: dinis hostgroups: computers excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - name: backup - bacula - last full backup servicegroups: backup remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula -w 1080 -c 1560 $HOSTNAME$.debian.org F" runfrom: dinis hostgroups: computers excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - name: process - bacula-dir servicegroups: backup nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u bacula -C bacula-dir -a '/usr/sbin/bacula-dir -fP -c /etc/bacula/bacula-dir.conf'" hosts: dinis - name: process - bacula-fd servicegroups: backup nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u bacula -C bacula-fd -a '/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf'" hostgroups: computers excludehostgroups: buildd, pybuildd, porterbox, no-bacula - name: network backup status - draghi servicegroups: backup nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile -a 2h /home/debbackup/nagios-status" hosts: draghi #### - name: process - acc.umu.se backup nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -a 'dsmc'" hosts: sibelius # }}} # {{{ security - name: running kernel servicegroups: kernel nrpe: "/usr/lib/nagios/plugins/dsa-check-running-kernel" hostgroups: computers check_interval: 60 retry_interval: 5 - name: apt - security updates servicegroups: apt nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt" hostgroups: computers check_interval: 60 retry_interval: 15 - name: unexpected file - apt sources.list servicegroups: apt nrpe: "/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/dsa-check-file -f /etc/apt/sources.list" hostgroups: computers - name: upgraded libraries servicegroups: security nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-libs --ignore-younger=1h" hostgroups: computers check_interval: 60 retry_interval: 15 notification_interval: 10080 - name: installed firewall nrpe: "/usr/lib/nagios/plugins/dsa-check-file -w -f /etc/ferm/ferm.conf" hostgroups: computers - name: puppetized firewall nrpe: "/usr/lib/nagios/plugins/dsa-check-file -w -f /etc/ferm/conf.d/defs.conf" hostgroups: computers - name: process - ulogd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ulog -C ulogd -a '/usr/sbin/ulogd --daemon --uid ulog'" hostgroups: computers #### - name: process - samhain nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'" hostgroups: computers excludehostgroups: brokensamhain - name: samhain servicegroups: samhain nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/samhain" hostgroups: computers depends: process - samhain check_interval: 60 retry_interval: 5 excludehostgroups: brokensamhain - name: processes - samhain zombies nrpe: "/usr/lib/nagios/plugins/check_procs 3 6 -s Z -u root -a samhain" event_handler: dsa_event_handler_restart_samhain hostgroups: computers excludehostgroups: brokensamhain # }}} # {{{ logging - name: process - syslog-ng nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -F'" hostgroups: computers - name: remote logging on lotti remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$" runfrom: lotti hostgroups: computers - name: remote logging on loghost-grnet-01 remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$" runfrom: loghost-grnet-01 hostgroups: computers - name: remote logging on loghost-osuosl-01 remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$" runfrom: loghost-osuosl-01 hostgroups: computers # }}} # {{{ base service - name: process - sshd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1: -u root -C sshd -a '/usr/sbin/sshd'" hostgroups: computers - name: "network service - sshd" check: dsa_check_ssh hostgroups: computers depends: process - sshd check_interval: 60 notification_interval: 1440 #### - name: network service - nrpe check: check_tcp!5666 hostgroups: computers max_check_attempts: -2 notification_interval: 1440 - name: process - nrpe nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f'" hostgroups: stretch, buster max_check_attempts: -1 depends: network service - nrpe ### - name: process - munin-node nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:3 -c 1: -u root -C munin-node -a 'munin-node'" hostgroups: computers - name: network service - munin-node nrpe: "/usr/lib/nagios/plugins/check_tcp -H localhost -p 4949" hostgroups: computers depends: process - munin-node ### - name: process - ntpd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -p 1 -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" hostgroups: computers excludehostgroups: systemd-timesyncd servicegroups: time - name: network service - ntp check: dsa_check_ntp hostgroups: computers excludehostgroups: systemd-timesyncd depends: process - ntpd servicegroups: time - name: system time synced nrpe: "/usr/lib/nagios/plugins/dsa-check-timedatectl -s" hostgroups: computers excludehostgroups: systemd-timesyncd servicegroups: time - name: system time synced nrpe: "/usr/lib/nagios/plugins/dsa-check-timedatectl" hostgroups: systemd-timesyncd servicegroups: time ### - name: process - atd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C atd -a /usr/sbin/atd" hostgroups: computers ### - name: process - irqbalance nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C irqbalance -a '/usr/sbin/irqbalance'" hostgroups: stretch - name: unexpected process - irqbalance nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C irqbalance" hostgroups: computers excludehostgroups: stretch ### - name: process - cron nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:3 -c 1: -u root -C cron -a /usr/sbin/cron" hostgroups: computers ### - name: process - ud-replicated nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C ud-replicated -a '/usr/bin/python /usr/bin/ud-replicated'" hostgroups: computers ### - name: MQ connection on rainier servicegroups: MQ remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa" runfrom: rainier hostgroups: computers check_interval: 60 retry_interval: 15 excludehostgroups: broken_mq - name: MQ connection on rapoport servicegroups: MQ remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa" runfrom: rapoport hostgroups: computers check_interval: 60 retry_interval: 15 excludehostgroups: broken_mq ### - name: local resolver nrpe: "/usr/lib/nagios/plugins/dsa-check-resolver www.debian.org www.google.com" hostgroups: computers check_interval: 60 - name: process - unbound nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u unbound -C unbound -a '/usr/sbin/unbound'" hostgroups: computers - name: unbound trust anchors nrpe: "/usr/lib/nagios/plugins/dsa-check-unbound-anchors" hostgroups: computers check_interval: 60 ### - name: process - uptimed nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C uptimed -a '/usr/sbin/uptimed'" hostgroups: computers - name: process - udevd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -p 1 -C systemd-udevd -a '/lib/systemd/systemd-udevd'" hostgroups: computers ### - name: unexpected process - acpid nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid" hostgroups: computers excludehostgroups: acpid-hosts, kvmdomains ### - name: process - xinetd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd '" hostgroups: xinetd-hosts - name: unwanted process - xinetd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd" hostgroups: computers excludehostgroups: xinetd-hosts ### - name: process - stunnel4 - puppet-ekeyd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/puppet-ekeyd.conf'" hostgroups: computers - name: process - stunnel4 - puppet-ekeyd is crazy nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-stunnel-sanity" hostgroups: computers excludehosts: manda-node04, grnet-node01, storace # }}} # {{{ anti-services - name: ganeti - job watcher paused nrpe: "/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/dsa-check-file -f /var/lib/ganeti/watcher.pause" hostgroups: computers - name: unwanted process - openvpn nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C openvpn" hostgroups: computers check_interval: 120 - name: unwanted process - gkrellmd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C gkrellmd" hostgroups: computers - name: unwanted process - rpc.statd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd" hostgroups: computers excludehostgroups: nfs-client, nfs-server - name: unwanted process - rpc.statd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd" hostgroups: stretch, buster excludehosts: storace - name: unwanted process - inetd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C inetd" hostgroups: computers excludehosts: abel - name: unwanted process - snmpd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C snmpd" hostgroups: computers # }}} # {{{ ssl certs - name: "host SSL cert" nrpe: "if [ -e /etc/ssl/certs/thishost.pem ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/certs/thishost.pem; else echo 'No thishost.pem on this host.'; fi" hostgroups: computers - name: "host SSL cert - debian server" nrpe: "if [ -e /etc/ssl/debian/certs/thishost-server.crt ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/debian/certs/thishost-server.crt; else echo 'No thishost-server.crt on this host.'; fi" hostgroups: computers - name: "host SSL cert - debian client" nrpe: "if [ -e /etc/ssl/debian/certs/thishost.crt ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/debian/certs/thishost.crt; else echo 'No thishost.crt on this host.'; fi" hostgroups: computers - name: "host SSL cert - CA" nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /srv/puppet.debian.org/ca/ca.crt" hosts: handel - name: "sso CRL" nrpe: "if [ -e /var/lib/dsa/sso/ca.crl ]; then /usr/lib/nagios/plugins/dsa-check-crl-expire -w 129600 -c 86400 /var/lib/dsa/sso/ca.crl; else echo 'No sso/ca.crl on this host.'; fi" hostgroups: computers - name: SSL certs - LE hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-cert-expire-dir /srv/puppet.debian.org/from-letsencrypt" runfrom: handel # }}} # {{{ HW health/raid - name: Intel - CPU microcode servicegroups: raid nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-ucode-intel" check_interval: 120 hostgroups: physical_x86_intel ### - name: process - mdadm monitor servicegroups: raid nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C mdadm -a '/sbin/mdadm --monitor --scan'" hostgroups: sw-raid - name: RAID - sw raid servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw" hostgroups: sw-raid - name: RAID - unexpected sw raid servicegroups: raid nrpe: "if [ -e /proc/mdstat ]; then echo 'Found /proc/mdstat'; exit 1; else echo 'No /proc/mdstat on this host.'; fi" hostgroups: computers excludehostgroups: sw-raid ### - name: HW - HP raid status servicegroups: raid nrpe: "if [ -e /var/cache/dsa/nagios/dsa-check-hpssacli ] ; then /usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/dsa-check-hpssacli ; else /usr/lib/nagios/plugins/dsa-check-hpacucli; fi" check_interval: 120 hostgroups: dl380, dl360, bl460, bl460g8, dl180 - name: HW - hpacucli status servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli --no-controller-ok --ignore-controller='P700m'" check_interval: 120 hostgroups: bm-bl ### # - # name: HW - edac status # nrpe: "/usr/lib/nagios/plugins/dsa-check-edac" # check_interval: 120 #hostgroups: computers #excludehosts: villa, lobos - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm" check_interval: 120 hostgroups: dl380, dl360, bl460, bm-bl excludehosts: villa, lobos, storace, mirror-anu, sallinen - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm --ps-no-redundant" check_interval: 120 hosts: villa - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm --ps-no-redundant --ignore-failed='PS2'" check_interval: 120 hosts: lobos - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm --fan-ignore-not-present" check_interval: 120 hosts: storace, sallinen - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm --fan-ignore-not-present --ps-no-redundant --ignore-failed='PS1'" check_interval: 120 hosts: mirror-anu - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm --fan-no-redundant" check_interval: 120 hostgroups: bl460g8 ### - name: RAID - aacraid servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-aacraid" hostgroups: aacraid ### - name: RAID - DRBD servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-drbd -d All" hostgroups: drbd-hosts - name: HW - OpenManage status nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-openmanage" hostgroups: pe1950, r540 excludehosts: wieck, schumann - name: HW - OpenManage status nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 -b bat_charge=0:0" hosts: wieck, schumann # }}} # }}} # {{{ ### mail stuff # {{{ exim processes and mailq - name: process - exim nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'" hostgroups: computers excludehostgroups: postfix-hosts, mail-relay excludehosts: master, quantz, buxtehude - name: process - exim nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'" hostgroups: mail-relay - name: process - exim - total nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1: -C exim4" hostgroups: computers excludehostgroups: postfix-hosts excludehosts: master, quantz, buxtehude - name: process - exim nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:300 -c 1:500 -C exim4 -a '/usr/sbin/exim4'" hosts: master, quantz, buxtehude - name: mail queue nrpe: "/usr/lib/nagios/plugins/check_mailq -M exim -w 1000 -c 2000" hostgroups: heavy-exim - name: process - fail2ban nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -C fail2ban-server" hostgroups: heavy-exim, heavy-postfix - name: unwanted process - fail2ban nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C fail2ban-server" hostgroups: computers excludehostgroups: heavy-exim, heavy-postfix # }}} # {{{ clamav - name: process - clamav - clamd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u clamav -C clamd -a '/usr/sbin/clamd'" hostgroups: heavy-exim, heavy-postfix - name: service - clamav nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl" hostgroups: heavy-exim, heavy-postfix depends: process - clamav - clamd - name: process - clamav - freshclam nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --foreground=true'" hostgroups: heavy-exim, heavy-postfix - name: unwanted process - clamav nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd" hostgroups: computers excludehostgroups: heavy-exim, heavy-postfix - name: unwanted process - freshclam nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam" hostgroups: computers excludehostgroups: heavy-exim, heavy-postfix # }}} # {{{ anti-spam - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir'" hostgroups: spamd excludehosts: picconi - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 20 --min-spare=5 --helper-home-dir'" hosts: picconi - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 10 --helper-home-dir'" hosts: bendel - name: process - spamd - child nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:11 -c 1: -C spamd -a 'spamd child'" hosts: bendel hostgroups: spamd depends: process - spamd - master # - name: unwanted process - spamd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd" hostgroups: computers excludehostgroups: spamd excludehosts: bendel - name: unwanted process - greylistd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C greylistd" hostgroups: computers ### - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" hostgroups: heavy-exim - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'" hostgroups: heavy-postfix # - name: unwanted process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C postgrey" hostgroups: computers excludehostgroups: heavy-postfix, heavy-exim ### - name: process - amavis - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -a 'amavisd-new (master)'" hostgroups: amavis-hosts - name: process - amavis - all nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -a 'amavisd-new '" hostgroups: amavis-hosts depends: process - amavis - master # - name: unwanted process - amavis nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C amavisd-new" hostgroups: computers excludehostgroups: amavis-hosts ### - name: process - weightd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (master)'" hostgroups: heavy-postfix - name: process - weightd - cache nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (cache)'" hostgroups: heavy-postfix depends: process - weightd - master - name: process - weightd - child nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -a 'policyd-weight (child)'" hostgroups: heavy-postfix depends: process - weightd - master ### - name: unwanted process - policyd-weight nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight" hostgroups: computers excludehostgroups: heavy-postfix # }}} # {{{ postfix ### - name: process - postfix - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C master -a '/usr/lib/postfix/sbin/master'" hostgroups: postfix-hosts - name: process - postfix - qmgr nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C qmgr -a 'qmgr -l -t unix -u'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - pickup nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C pickup -a 'pickup -l -t unix -u -c'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - anvil nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:1 -c 0: -u postfix -C anvil -a 'anvil -l -t unix -u'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - trivial-rewrite nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C trivial-rewrite -a 'trivial-rewrite -n rewrite -t unix -u -c'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - proxymap nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C proxymap -a 'proxymap -t unix -u'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - cleanup nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C cleanup -a 'cleanup -z -t unix -u -c'" hostgroups: postfix-hosts depends: process - postfix - master - name: process - postfix - local nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C local -a 'local -t unix'" hostgroups: postfix-hosts depends: process - postfix - master - name: network service local - smtps cert nrpe: "/usr/lib/nagios/plugins/check_smtp -H localhost -S -D 14" hostgroups: postfix-hosts depends: process - postfix - master check_interval: 120 # }}} # {{{ mail - network service - name: network service - smtp check: dsa_check_smtp hostgroups: computers excludehostgroups: postfix-hosts, incomingmailrelayed587, incomingmailrelayed2025 depends: process - exim - name: network service - smtp check: dsa_check_smtp hostgroups: postfix-hosts depends: process - postfix - master - name: network service - submission check: dsa_check_smtp_port!587 hostgroups: incomingmailrelayed587 depends: process - exim - name: network service - smtp 2025 check: dsa_check_smtp_port!2025 hostgroups: incomingmailrelayed2025 depends: process - exim # }}} # }}} # {{{ ### host specific services # {{{ HTTP - name: process - apache2 - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a /usr/sbin/apache2" hostgroups: apache2-hosts - name: process - apache2 - worker nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u www-data -a /usr/sbin/apache2" hostgroups: apache2-hosts depends: process - apache2 - master excludehosts: new-klecker - name: process - apache2 - worker nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:80 -c 1:150 -u www-data -a /usr/sbin/apache2" hosts: new-klecker depends: process - apache2 - master - name: unwanted process - apache2 nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C apache2" hostgroups: computers excludehostgroups: apache2-hosts - name: network service - http check: check_http hostgroups: apache2-hosts excludehosts: casulana depends: process - apache2 - master - name: network service - http check: check_http depends: new-klecker:process - apache2 - master hosts: klecker-archive - name: network service - http check: check_http depends: new-klecker:process - apache2 - master hosts: klecker-ftp # keyserver on kaufmann - name: network service - http keyserver check: dsa_check_http_port!11371 hosts: kaufmann depends: process - apache2 - master # https on various hosts - name: network service - https check: check_https hostgroups: apache-https excludehosts: menotti excludehostgroups: broken_https_default_vhost depends: "process - apache2 - master" check_interval: 120 - name: network service - https check: check_https hostgroups: https-service excludehostgroups: broken_https_default_vhost check_interval: 120 - name: network service - https check: dsa_check_https_want_auth hosts: menotti depends: "process - apache2 - master" check_interval: 120 - name: network service - https check: dsa_check_https_any_status hostgroups: broken_https_default_vhost depends: "process - apache2 - master" check_interval: 120 - name: network service - https cert check: dsa_check_cert!443 hostgroups: apache-https, https-service, haproxy-https-host depends: network service - https check_interval: 60 - name: unwanted network service - https check: dsa_check_port_closed!443 hostgroups: apache2-hosts excludehostgroups: apache-https, haproxy-https-host check_interval: 60 ### - name: process - haproxy - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a '/usr/sbin/haproxy-systemd-wrapper'" hostgroups: haproxy-hosts - name: process - haproxy - worker nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1:15 -u haproxy -a '/usr/sbin/haproxy '" hostgroups: haproxy-hosts depends: process - haproxy - master - name: network service - https check: check_https hostgroups: haproxy-https-host depends: "process - haproxy - master" check_interval: 120 - name: unwanted process - haproxy nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C haproxy" hostgroups: computers excludehostgroups: haproxy-hosts ### - name: process - varnish nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1:15 -u vcache -a '/usr/sbin/varnishd -j unix,user=vcache -F -a '" hostgroups: varnish-hosts - name: unwanted process - varnish nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C varnishd" hostgroups: computers excludehostgroups: varnish-hosts # }}} # {{{ FTP - name: network service - ftp check: check_ftp hostgroups: uploadqueue # }}} # {{{ postgres - name: unwanted process - postgresql nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres" hostgroups: computers excludehostgroups: postgres96-hosts, postgres11-hosts - name: unwanted process - postgresql 9.0 nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres -a '9.0/bin/postgres'" hostgroups: computers - name: process - postgresql11 - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/11/bin/postgres'" hostgroups: postgres11-hosts - name: process - postgresql96 - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.6/bin/postgres'" hostgroups: postgres96-hosts - name: postgresql backups nrpe: "/usr/bin/sudo -u debbackup /usr/lib/nagios/plugins/dsa-check-backuppg" hosts: storace, backuphost # }}} # {{{ buildd - name: process - buildd servicegroups: buildd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:5 -u buildd -C buildd -a '/usr/bin/buildd'" hostgroups: buildd contact_groups: buildd - name: process - buildd servicegroups: buildd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:5 -u buildd -C python3 -a 'buildd.py'" hostgroups: pybuildd contact_groups: buildd - name: processes - zombie schroot nrpe: "(/usr/lib/nagios/plugins/check_procs -a schroot -s Zs -c 0 > /dev/null || /usr/lib/nagios/plugins/check_procs -a schroot -s Zs -c 0) && /usr/lib/nagios/plugins/check_procs -a schroot -s ZNs -c 0" hostgroups: buildd, pybuildd contact_groups: +buildd check_interval: 5 max_check_attempts: 24 retry_interval: 5 # }}} # {{{ NFS Stuff - name: process - nfsd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'" hostgroups: nfs-server - name: process - lockd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C lockd -a '[lockd]'" hostgroups: nfs-server - name: process - mountd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rpc.mountd -a '/sbin/rpc.mountd'" hostgroups: nfs-server # - name: process - automount nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C automount -a '/usr/sbin/automount'" hostgroups: autofs - name: unwanted process - automount nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C automount" hostgroups: computers excludehostgroups: autofs # }}} # {{{ mirroring - name: mirror sync - bugs check: "dsa_check_mirrorsync_skew!bugs.debian.org!project/trace/bugs-master.debian.org!120:600" hosts: global servicegroups: mirror - name: mirror sync - security check: "dsa_check_mirrorsync_skew!security-nagios.debian.org!project/trace/security-master.debian.org!150:3600" hosts: global servicegroups: mirror - name: mirror sync - packages check: "dsa_check_mirrorsync_skew!packages.debian.org!Pics/.trace!3600:57600" hosts: global check_interval: 15 max_check_attempts: 5 retry_interval: 5 servicegroups: mirror - name: mirror sync - snapshot check: "dsa_check_mirrorsync_skew!snapshot.debian.org!project/trace/snapshot-master.debian.org!3600:28800" hosts: global check_interval: 15 max_check_attempts: 5 retry_interval: 5 servicegroups: mirror - name: mirror sync - debian archive backend check: "dsa_check_mirrorsync!debian.backend.mirrors.debian.org!debian/project/trace/master" hosts: global check_interval: 15 max_check_attempts: 5 retry_interval: 5 servicegroups: mirror - name: mirror static sync - bits check: "dsa_check_staticsync!bits.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - network-test check: "dsa_check_staticsync_nossl!network-test.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - appstream check: "dsa_check_staticsync!appstream.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - blends check: "dsa_check_staticsync!blends.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - d-i check: "dsa_check_staticsync!d-i.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - debaday check: "dsa_check_staticsync!debaday.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - debdeltas check: "dsa_check_staticsync_nossl!debdeltas.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - dsa check: "dsa_check_staticsync!dsa.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - lintian check: "dsa_check_staticsync!lintian.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - mozilla check: "dsa_check_staticsync_nossl!mozilla.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - news check: "dsa_check_staticsync!news.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - incoming.ports check: "dsa_check_staticsync_nossl!incoming.ports.debian.org" hosts: global servicegroups: mirror # - # name: mirror static sync - release # check: "dsa_check_staticsync!release.debian.org" # hosts: global # servicegroups: mirror - name: mirror static sync - rtc check: "dsa_check_staticsync!rtc.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - security-team check: "dsa_check_staticsync!security-team.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - wnpp-by-tags check: "dsa_check_staticsync!wnpp-by-tags.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - www.ports check: "dsa_check_staticsync!www.ports.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - timeline check: "dsa_check_staticsync!timeline.debian.net" hosts: global servicegroups: mirror - name: mirror static sync - backports check: "dsa_check_staticsync!backports.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - incoming check: "dsa_check_staticsync_nossl!incoming.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - metadata.ftp-master check: "dsa_check_staticsync_nossl!metadata.ftp-master.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - mirror-master check: "dsa_check_staticsync_nossl!mirror-master.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - deb check: "dsa_check_staticsync_nossl!deb.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - manpages check: "dsa_check_staticsync!manpages.debian.org" hosts: global servicegroups: mirror - name: mirror static sync - 10years check: "dsa_check_staticsync!10years.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf0 check: "dsa_check_staticsync!debconf0.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf1 check: "dsa_check_staticsync!debconf1.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf2 check: "dsa_check_staticsync!debconf2.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf3 check: "dsa_check_staticsync!debconf3.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf4 check: "dsa_check_staticsync!debconf4.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf5 check: "dsa_check_staticsync!debconf5.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf6 check: "dsa_check_staticsync!debconf6.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf7 check: "dsa_check_staticsync!debconf7.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - debconf16 check: "dsa_check_staticsync!debconf16.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - es check: "dsa_check_staticsync!es.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - fr check: "dsa_check_staticsync!fr.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - miniconf10 check: "dsa_check_staticsync!miniconf10.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - wiki check: "dsa_check_staticsync!wiki.debconf.org" hosts: global servicegroups: mirror - name: mirror static sync - www check: "dsa_check_staticsync!www.debconf.org" hosts: global servicegroups: mirror # }}} # {{{ DNS - name: process - named nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u bind -C named -a '/usr/sbin/named '" hostgroups: bind9-hosts - name: network service - dns check: check_dig!www.debian.org! hosts: geo1, geo2, geo3 depends: process - named - name: network service - dns check: check_dig!_openpgpkey.debian.org!-A -t SOA hosts: kaufmann depends: process - named - name: network service - dns check: check_dig!debian.org!-A -t SOA hosts: denis depends: process - named - name: unwanted process - named nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C named" hostgroups: computers excludehostgroups: bind9-hosts ### - name: DNS SOA sync - debian.org check: "dsa_check_soas_add!denis.debian.org!debian.org" hosts: global - name: DNS SOA sync - debian.net check: "dsa_check_soas_add!denis.debian.org!debian.net" hosts: global - name: DNS SOA sync - debian.com check: "dsa_check_soas_add!denis.debian.org!debian.com" hosts: global - name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa check: "dsa_check_soas_add!denis.debian.org!144-28.118.59.86.in-addr.arpa" hosts: global - name: DNS SOA sync - debconf.net check: "dsa_check_soas_add!denis.debian.org!debconf.net" hosts: global - name: DNS SOA sync - debconf.org check: "dsa_check_soas_add!denis.debian.org!debconf.org" hosts: global - name: DNS SOA sync - debianday.org check: "dsa_check_soas_add!denis.debian.org!debianday.org" hosts: global - name: DNS SOA sync - dpkg.org check: "dsa_check_soas_add!denis.debian.org!dpkg.org" hosts: global - name: DNS - delegation and signature expiry hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-rrsig-expiration-many --warn 20d --critical 7d --geozonedir /srv/dns.debian.org/repositories/auto-dns/zones /srv/dns.debian.org/repositories/domains" runfrom: denis - name: DNS - security delegations hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-dnssec-delegation --dir /srv/dns.debian.org/repositories/domains --dir /srv/dns.debian.org/repositories/auto-dns/zones check-header" runfrom: denis - name: DNS - key coverage hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/coverage" runfrom: denis - name: DNS - DS expiry hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/ds" runfrom: denis - name: DNS - zones signed properly hosts: global remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-signature-all" runfrom: denis # }}} # {{{ storage - name: process - multipathd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u root -C multipathd -a '/sbin/multipathd'" hostgroups: multipath-hosts - name: unwanted process - multipathd nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C multipathd" hostgroups: computers excludehostgroups: multipath-hosts # }}} # {{{ porterbox - name: current chroots nrpe: "/usr/lib/nagios/plugins/dsa-check-dchroots-current" hostgroups: porterbox check_interval: 60 retry_interval: 15 # }}} # {{{ openstack # - # name: process - openstack - memcached # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nobody -C memcached -a '/usr/bin/memcached -m 128 -p 11211 -u nobody -l 0.0.0.0'" # hostgroups: openstack-controller # - # name: process - openstack - glance-registry # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u glance -C glance-registry -a '/usr/bin/python /usr/bin/glance-registry'" # hostgroups: openstack-controller # - # name: process - openstack - nova-api # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-api -a '/usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-api.log'" # hostgroups: openstack-controller # - # name: process - openstack - nova-compute # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-compute -a '/usr/bin/python /usr/bin/nova-compute --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-compute.log --config-file=/etc/nova/nova-compute.conf'" # hostgroups: openstack-compute # - # name: process - openstack - nova-cert # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-cert -a '/usr/bin/python /usr/bin/nova-cert --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-cert.log'" # hostgroups: openstack-controller # - # name: process - openstack - nova-conductor # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-conductor -a '/usr/bin/python /usr/bin/nova-conductor --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-conductor.log'" # hostgroups: openstack-controller # - # name: process - openstack - nova-consoleauth # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -a '/usr/bin/python /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-consoleauth.log'" # hostgroups: openstack-controller # - # name: process - openstack - nova-scheduler # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -a '/usr/bin/python /usr/bin/nova-scheduler --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-scheduler.log'" # hostgroups: openstack-controller # - # name: process - openstack - nova-spicehtml5proxy # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -a '/usr/bin/python /usr/bin/nova-spicehtml5proxy --log-file /var/log/nova/nova-consoleproxy.log'" # hostgroups: openstack-controller # - # name: process - openstack - neutron-server # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u neutron -C neutron-server -a '/usr/bin/python2.7 /usr/bin/neutron-server --config-file=/etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file=/var/log/neutron/neutron-server.log'" # hostgroups: openstack-controller # }}} # {{{ misc - name: system - all services running nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-systemd-services" hostgroups: computers ### - name: process - slapd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'" hosts: draghi - name: network service - ldaps cert check: dsa_check_cert!636 depends: process - slapd check_interval: 60 hosts: draghi ### - name: network service - finger check: check_tcp!79 hosts: draghi depends: process - xinetd ### - name: network service - rsync check: check_tcp!873 hostgroups: rsyncd-hosts ### - name: process - icinga nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:90 -c 1: -u nagios -C icinga -a '/usr/sbin/icinga -d /etc/icinga/icinga.cfg'" hosts: tchaikovsky ### - name: process - debianqueued nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:3 -c 1: -u dak-unpriv -C debianqueued" hostgroups: queued #### - name: network service - gobby check: check_tcp!6523 hosts: gombert contact_groups: gobby #### - name: network service - sip-tls cert - 443 check: dsa_check_cert!443 check_interval: 60 hosts: vogler - name: network service - sip-tls cert - 5061 check: dsa_check_cert!5061 check_interval: 60 hosts: vogler - name: freeradius process nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u freerad -C freeradius -a '/usr/sbin/freeradius -xx'" check_interval: 60 hosts: vogler #### - name: puppetmaster cert nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem" hosts: handel check_interval: 60 max_check_attempts: 2 retry_interval: 5 - name: puppet - agent check nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/puppet-agent" hostgroups: computers check_interval: 60 retry_interval: 15 - name: puppet - catalog run remotecheck: "/usr/lib/nagios/plugins/check_puppetdb_nodes -a 4 --node $HOSTNAME$.debian.org -w 720 -c 1440" hostgroups: computers runfrom: handel - name: puppet - all catalog runs nrpe: "/usr/lib/nagios/plugins/check_puppetdb_nodes -a 4 -w 720 -c 1440" hosts: handel #### - name: ping peer on mgmt network nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.184.12 -w 50,10% -c 200,30%" hosts: conova-node01 check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: ping peer on mgmt network nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.184.11 -w 50,10% -c 200,30%" hosts: conova-node02 check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: ping peer on mgmt network nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.182.14 -w 50,10% -c 200,30%" hosts: manda-node03 check_interval: 5 max_check_attempts: 4 retry_interval: 1 - name: ping peer on mgmt network nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.182.13 -w 50,10% -c 200,30%" hosts: manda-node04 check_interval: 5 max_check_attempts: 4 retry_interval: 1 # }}} # }}} # }}} # vim: set ts=2 sw=2 et ai si fdm=marker: