hostgroups: notacomputer
pingable: false
check_command: dsa_check_always_ok
+ gw-1und1:
+ parents: gw-ubcece
+ hostgroups: notacomputer
+ pingable: false
+ check_command: dsa_check_always_ok
+ gw-1und1-sec:
+ parents: gw-ubcece
+ hostgroups: notacomputer
+ pingable: false
+ check_command: dsa_check_always_ok
gw-accumu:
address: 130.239.18.97
parents: gw-ubcece
parents: gw-ubcece
hostgroups: layer3-infrastructure
gw-karlsruhe:
- address: 129.143.166.229
+ address: 129.143.57.177
parents: gw-ubcece
hostgroups: layer3-infrastructure
gw-man-da:
parents: gw-ubcece
hostgroups: layer3-infrastructure
gw-marist:
- address: 148.100.96.1
+ address: 148.100.88.1
parents: gw-ubcece
hostgroups: layer3-infrastructure
gw-osuosl:
# {{{ gw-1und1
powell:
address: 87.106.64.223
- parents: gw-ubcece
+ parents: gw-1und1
hostgroups: computers, service, acpid-hosts, wheezy
pkgmirror-1and1:
address: 213.165.95.4
parents: powell
- hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula
+ hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula, apache-https
babin:
address: 213.165.95.6
parents: powell
# {{{ gw-1und1-sec
schumann:
address: 212.227.126.54
- parents: gw-ubcece
- #parents: gw-1und1-sec
+ parents: gw-1und1-sec
hostgroups: computers, acpid-hosts, service, wheezy
chopin:
address: 195.20.242.124
hostgroups: computers, service, hasbootfs, hassrvfs, kvmdomains, apache2-hosts, wheezy, apache-https
wieck:
address: 195.20.242.89
- parents: gw-ubcece
- #parents: gw-1und1-sec
+ parents: gw-1und1-sec
hostgroups: computers, service, apache2-hosts, rsyncd-hosts, acpid-hosts, xinetd-hosts, wheezy, security_mirror, hasvarlogfs, no-bacula
# }}}
# {{{ gw-accumu
picconi:
address: 5.153.231.3
parents: gw-bytemark
- hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs, heavy-exim, spamd
+ hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs, heavy-exim, spamd, apache-https
senfter:
address: 5.153.231.4
parents: gw-bytemark
- hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula
+ hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula, apache-https
adayevskaya:
address: 5.153.231.5
parents: gw-bytemark
address: 5.153.231.10
parents: gw-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy, postgres91-hosts
+ ganeti-bytemark:
+ address: 82.195.75.111
+ parents: gw-bytemark
+ hostgroups: notacomputer
coccia:
address: 5.153.231.11
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy, autofs, nfs-client
backuphost:
address: 5.153.231.12
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy
philp:
address: 5.153.231.13
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts
+ petrova:
+ address: 5.153.231.25
+ parents: ganeti-bytemark
+ hostgroups: computers, kvmdomains, wheezy, apache2-hosts
couper:
address: 5.153.231.14
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs
rainier:
address: 5.153.231.15
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, kvmdomains, wheezy, no-bacula
rapoport:
address: 5.153.231.16
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, kvmdomains, wheezy, no-bacula
delfin:
address: 5.153.231.17
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts
wuiet:
address: 5.153.231.18
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, general, kvmdomains, wheezy, service, apache-https, apache2-hosts, heavy-exim, xinetd-hosts
dinis:
address: 5.153.231.19
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, general, kvmdomains, wheezy
donizetti:
address: 5.153.231.20
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs
dillon:
address: 5.153.231.22
- parents: gw-bytemark
- hostgroups: computers, general, kvmdomains, wheezy
+ parents: ganeti-bytemark
+ hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs, hassrvfs
ticharich:
address: 5.153.231.23
- parents: gw-bytemark
+ parents: ganeti-bytemark
hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs, apache2-hosts, apache-https, service
+ diamond:
+ address: 5.153.231.24
+ parents: ganeti-bytemark
+ hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts, no-bacula
# }}}
# {{{ gw-c3sl
santoro:
address: 200.17.202.197
parents: gw-c3sl
- hostgroups: computers, service, apache2-hosts, rsyncd-hosts, xinetd-hosts, hassrvfs, wheezy, high-RTT, security_mirror, no-bacula
+ hostgroups: computers, service, apache2-hosts, rsyncd-hosts, xinetd-hosts, hassrvfs, wheezy, high-RTT, security_mirror, no-bacula, apache-https
contacts: faw
# }}}
# {{{ gw-carnet
gluck:
address: 150.203.164.38
parents: gw-cecsit
- hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, security_mirror, no-bacula
+ hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, security_mirror, no-bacula, apache-https
# }}}
# {{{ gw-conova
sompek:
senfl:
address: 128.31.0.51
parents: gw-csail
- hostgroups: computers, service, dl360, acpid-hosts, hassrvfs, apache2-hosts, rsyncd-hosts, bind9-hosts, xinetd-hosts, squeeze
+ hostgroups: computers, service, dl360, acpid-hosts, hassrvfs, apache2-hosts, rsyncd-hosts, bind9-hosts, xinetd-hosts, squeeze, apache-https
steffani:
address: 128.31.0.36
parents: gw-csail
hostgroups: computers, sw-raid, hassrvfs, wheezy
# }}}
# {{{ gw-ftcollins
- alkman:
- address: 192.25.206.63
- parents: gw-ftcollins
- hostgroups: computers, buildd, acpid-hosts, wheezy
- merulo:
- address: 192.25.206.58
- parents: gw-ftcollins
- hostgroups: computers, porterbox, hasusrfs, wheezy
- mundy:
- address: 192.25.206.62
- parents: gw-ftcollins
- hostgroups: computers, buildd, hassrvfs, sw-raid, acpid-hosts, wheezy
+ #alkman:
+ # address: 192.25.206.63
+ # parents: gw-ftcollins
+ # hostgroups: computers, buildd, acpid-hosts, wheezy
+ #merulo:
+ # address: 192.25.206.58
+ # parents: gw-ftcollins
+ # hostgroups: computers, porterbox, hasusrfs, wheezy
+ #mundy:
+ # address: 192.25.206.62
+ # parents: gw-ftcollins
+ # hostgroups: computers, buildd, hassrvfs, sw-raid, acpid-hosts, wheezy
spohr:
address: 192.25.206.33
parents: gw-ftcollins
vento:
address: 82.195.75.98
parents: ganeti3
- hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, heavy-exim
+ hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, apache-https, heavy-exim
lully:
address: 82.195.75.99
parents: ganeti3
address: 82.195.75.102
parents: gw-man-da
hostgroups: computers, service, dl360, acpid-hosts, wheezy
- diamond:
- address: 82.195.75.108
- parents: ganeti3
- hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts, no-bacula
draghi:
address: 82.195.75.106
parents: ganeti3
- hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, bind9-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, wheezy
+ hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, wheezy
geo1:
address: 82.195.75.105
parents: ganeti3
address: 82.195.75.107
parents: ganeti3
hostgroups: computers, service, apache2-hosts, rsyncd-hosts, kvmdomains, xinetd-hosts, wheezy
+ stockhausen:
+ address: 82.195.75.108
+ parents: ganeti3
+ hostgroups: computers, service, kvmdomains, wheezy, acpid-hosts, jetty-hosts
ganeti3:
address: 82.195.75.111
parents: gw-man-da
wilder:
address: 82.195.75.112
parents: ganeti3
- hostgroups: computers, service, hassrvfs, apache2-hosts, kvmdomains, wheezy, acpid-hosts, apache2-hosts, apache-https, rsyncd-hosts, xinetd-hosts
+ hostgroups: computers, service, hassrvfs, apache2-hosts, kvmdomains, wheezy, acpid-hosts, apache-https, rsyncd-hosts, xinetd-hosts
vieuxtemps:
address: 82.195.75.113
parents: ganeti3
address: 82.195.75.114
parents: ganeti3
hostgroups: computers, service, kvmdomains, wheezy, spamd, heavy-exim, mail-relay
+ denis:
+ address: 82.195.75.91
+ parents: ganeti3
+ hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts
+ vogler:
+ address: 82.195.75.92
+ parents: ganeti3
+ hostgroups: computers, service, kvmdomains, wheezy
# }}}
# {{{ gw-marist
- zappa:
- address: 148.100.96.103
+ zani:
+ address: 148.100.88.22
parents: gw-marist
- hostgroups: computers, buildd, hassrvfs, squeeze, incomingmailrelayed
+ hostgroups: computers, buildd, hassrvfs, wheezy, incomingmailrelayed
# }}}
# {{{ gw-osuosl
busoni:
address: 140.211.15.34
parents: gw-osuosl
- hostgroups: computers, service, dl360, hassrvfs, acpid-hosts, wheezy, hasvarlogfs, apache2-hosts, no-bacula
+ hostgroups: computers, service, dl360, hassrvfs, acpid-hosts, wheezy, hasvarlogfs, apache2-hosts, no-bacula, apache-https
byrd:
address: 140.211.166.20
parents: gw-osuosl
buxtehude:
address: 140.211.166.26
parents: byrd
- hostgroups: computers, service, hassrvfs, acpid-hosts, apache2-hosts, heavy-exim, postgres91-hosts, wheezy, hasvarlogfs
+ hostgroups: computers, service, hassrvfs, acpid-hosts, apache2-hosts, heavy-exim, postgres91-hosts, wheezy, hasvarlogfs, apache-https
# malo TODO
mayer:
address: 140.211.166.78
rietz:
address: 140.211.166.43
parents: gw-osuosl
- hostgroups: computers, service, rsyncd-hosts, dl385, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, bind9-hosts
+ hostgroups: computers, service, rsyncd-hosts, dl385, hassrvfs, acpid-hosts, xinetd-hosts, wheezy
#, bosserver
rietz2:
address: 140.211.166.44
caballero:
address: 193.201.200.200
parents: gw-rapidswitch
- hostgroups: computers, buildd, sw-raid, squeeze
+ hostgroups: computers, buildd, sw-raid, wheezy, hassrvfs, acpid-hosts
# }}}
# {{{ gw-sanger
sibelius:
address: 86.59.118.152
parents: gw-sil
hostgroups: computers, buildd, wheezy
+ eberlin:
+ address: 86.59.118.155
+ parents: gw-sil
+ hostgroups: computers, buildd, wheezy
# }}}
# {{{ gw-ubcece
sw-ubcece:
address: 206.12.19.13
parents: sw-ubcece-kais
hostgroups: computers, hashomefs, sw-raid, rsyncd-hosts, apache2-hosts, xinetd-hosts, service, nfs-server, squeeze, hassrvfs
- paganini:
- address: 206.12.19.10
- parents: sw-ubcece-kais
- hostgroups: computers, hasbootfs, aacraid, hassrvfs, xinetd-hosts, nfs-client, service, apache2-hosts, squeeze, autofs
respighi:
address: 206.12.19.11
parents: sw-ubcece-kais
nono:
address: 206.12.19.123
parents: traetta
- hostgroups: computers, service, kvmdomains, wheezy, heavy-exim, xinetd-hosts, apache2-hosts, apache-https
+ hostgroups: computers, service, kvmdomains, wheezy, heavy-exim, xinetd-hosts, apache2-hosts, apache-https, broken_https_default_vhost
reger:
address: 206.12.19.124
parents: ganeti2
diabelli:
address: 206.12.19.136
parents: traetta
- hostgroups: computers, service, hasbootfs, kvmdomains, wheezy, apache2-hosts, apache-https
+ hostgroups: computers, service, hasbootfs, kvmdomains, wheezy, apache2-hosts, apache-https, broken_https_default_vhost
bizet:
address: 206.12.19.137
parents: ganeti2
beach:
address: 206.12.19.140
parents: ganeti2
- hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, xinetd-hosts, hassrvfs, nfs-server, rsyncd-hosts, no-bacula
+ hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, xinetd-hosts, hassrvfs, nfs-server, rsyncd-hosts, no-bacula, apache-https
ullmann:
address: 206.12.19.141
parents: ganeti2
- hostgroups: computers, service, kvmdomains, wheezy, postgres91-hosts, nfs-client, apache2-hosts, autofs
+ hostgroups: computers, service, kvmdomains, wheezy, postgres91-hosts, nfs-client, apache2-hosts, autofs, apache-https
sonntag:
address: 206.12.19.142
parents: ganeti2
address: 206.12.19.143
parents: ganeti2
hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, apache-https
- stanley:
- address: 206.12.19.145
- parents: ganeti2
- hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, no-bacula
muffat:
address: 206.12.19.146
parents: ganeti2
address: 130.89.148.12
parents: klecker
hostgroups: secondary-IPs
+ klecker-archive:
+ address: 130.89.148.13
+ parents: klecker
+ hostgroups: secondary-IPs
+ klecker-static:
+ address: 130.89.148.14
+ parents: klecker
+ hostgroups: secondary-IPs
# }}}
# {{{ gw-ynic
hildegard:
apache2-hosts:
alias: hosts running apache2
private: 1
+ jetty-hosts:
+ alias: hosts running jetty
+ private: 1
varnish-hosts:
alias: hosts running varnish
private: 1
apache-https:
alias: hosts with https services
private: 1
+ broken_https_default_vhost:
+ alias: https default vhost does not say 200 OK
+ private: 1
no-bacula:
alias: hosts which are not being backed up with bacula
# i.e. no port 25
private: 1
- ntpsuckers:
- alias: "hosts who's ntp offset is often unknown"
- private: 1
-
brokensamhain:
alias: machines that can not run samhain
private: 1
alias: backup checks
kernel:
alias: kernel checks
- weaksshkeys:
- alias: weak ssh keys
apt:
alias: apt upgrade status
samhain:
alias: time stuff
security:
alias: security
- servicegroup_members: apt, weaksshkeys, kernel, samhain
+ servicegroup_members: apt, kernel, samhain
#############################
# services
############ Disk Usage ############
####
+
-
name: disk usage - all
servicegroups: diskspace
servicegroups: diskspace
nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home"
hostgroups: hashomefs
- -
- name: disk usage on /x
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x"
- hosts: caballero
-
name: disk usage on /var/lib/postgresql
servicegroups: diskspace
-
name: disk usage on /srv/farm-snapshot/farm-misc
servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 95 90 /srv/farm-snapshot/farm-misc"
+ nrpe: "/usr/lib/nagios/plugins/check_disk 97 95 /srv/farm-snapshot/farm-misc"
hosts: sibelius
-
- name: disk usage on /var/lib/postgresql/9.1/dak
+ name: disk usage on /var/lib/postgresql/9.1
servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /var/lib/postgresql/9.1/dak"
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /var/lib/postgresql/9.1"
hosts: franck
-
name: disk usage on /srv/ftp-master.debian.org
normal_check_interval: 60
retry_check_interval: 5
excludehostgroups: brokensamhain
-
+ ####
+ -
+ name: process - acc.umu.se backup
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -a 'dsmc'"
+ hosts: sibelius
####
-
name: users
nrpe: "/usr/lib/nagios/plugins/dsa-check-uptime"
hostgroups: computers
####
+ -
+ name: processes - samhain zombies
+ nrpe: "/usr/lib/nagios/plugins/check_procs 3 6 -s Z -u root -a samhain"
+ event_handler: dsa_event_handler_restart_samhain
+ hostgroups: computers
+ excludehostgroups: brokensamhain
-
name: processes - zombies
nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z"
depends: process - sshd
normal_check_interval: 60
notification_interval: 1440
-
- -
- name: ssh - weak keys
- servicegroups: weaksshkeys
- nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys"
- hostgroups: computers
- normal_check_interval: 60
####
-
name: network service - nrpe
hostgroups: computers
depends: process - ntpd
excludehosts: ancina
- excludehostgroups: ntpsuckers, deadslow
+ excludehostgroups: deadslow
servicegroups: time
#
-
remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$"
runfrom: lully
hostgroups: computers
+ -
+ name: MQ connection on rainier
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa"
+ runfrom: rainier
+ hostgroups: computers
+ normal_check_interval: 60
+ retry_check_interval: 15
+ -
+ name: MQ connection on rapoport
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa"
+ runfrom: rapoport
+ hostgroups: computers
+ normal_check_interval: 60
+ retry_check_interval: 15
### MAIL STUFF
###
-
hostgroups: heavy-exim
-
name: process - postgrey
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'"
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'"
hostgroups: heavy-postfix
#
-
###
-
name: process - amavis - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -C amavisd-new -a 'amavisd-new (master)'"
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -a 'amavisd-new (master)'"
hostgroups: amavis-hosts
-
name: process - amavis - all
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -C amavisd-new -a 'amavisd-new '"
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -a 'amavisd-new '"
hostgroups: amavis-hosts
depends: process - amavis - master
#
nrpe: 'if getent ahosts `hostname` | grep -q 127.0; then echo "Warning: local hostname resolves to 127/8 address"; exit 1; else echo "OK: Hostname resolves to non-127/8 address."; exit 0; fi'
hostgroups: computers
normal_check_interval: 60
- -
- name: setup - ud-ldap freshness
- nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness"
- hostgroups: computers
-
name: system - available entropy
nrpe: "/usr/lib/nagios/plugins/dsa-check-entropy"
name: "host SSL cert"
nrpe: "if [ -e /etc/ssl/certs/thishost.pem ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/certs/thishost.pem; else echo 'No thishost.pem on this host.'; fi"
hostgroups: computers
- -
- name: "pg SSL cert"
- nrpe: "/usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/certs/pg-ubcece.debian.org-chained.pem"
- hosts: danzi
############ Processes/Services that only run on some computers ############
####
hostgroups: sw-raid
###
+ -
+ name: process - ud-replicated
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C ud-replicated -a '/usr/bin/python /usr/bin/ud-replicated'"
+ hostgroups: computers
+ excludehostgroups: squeeze,freebsd
+ -
+ name: process - ud-replicated
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C python2.7 -a '/usr/bin/python /usr/bin/ud-replicated'"
+ hostgroups: freebsd
-
name: process - monit
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C monit -a '/usr/sbin/monit -d 300 -I -c /etc/monit/monitrc -s /var/lib/monit/monit.state'"
- hostgroups: computers
- excludehosts: quantz
- excludehostgroups: armhf
+ hostgroups: squeeze
-
name: process - monit
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C monit -a '/usr/bin/monit -d 300 -I -c /etc/monit/monitrc -s /var/lib/monit/monit.state'"
- hostgroups: wheezy
+ hostgroups: computers
+ excludehostgroups: squeeze
-
name: HW - hpacucli status
servicegroups: raid
# there is always one extra process per check currently running..
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C icinga -a '/usr/sbin/icinga -d /etc/icinga/icinga.cfg'"
hosts: tchaikovsky
+ ###
+ -
+ name: process - jetty - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a 'jsvc.exec'"
+ hostgroups: jetty-hosts
+ -
+ name: process - jetty - worker
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u jetty -a 'jsvc.exec -user jetty'"
+ hostgroups: jetty-hosts
+ depends: process - jetty - master
###
-
check: check_https
hostgroups: apache-https
excludehosts: handel,menotti
+ excludehostgroups: broken_https_default_vhost
depends: "process - apache2 - master"
normal_check_interval: 120
-
hosts: handel,menotti
depends: "process - apache2 - master"
normal_check_interval: 120
+ -
+ name: network service - https
+ check: dsa_check_https_any_status
+ hostgroups: broken_https_default_vhost
+ depends: "process - apache2 - master"
+ normal_check_interval: 120
-
name: network service - https cert
check: dsa_check_cert!443
hostgroups: computers
-
name: process - postgresql91 - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:4 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'"
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'"
hostgroups: postgres91-hosts
-
name: postgresql backups
############ MISC OTHER Stuff ############
#####
+ -
+ name: puppetmaster cert
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem"
+ hosts: handel
+ normal_check_interval: 60
+ max_check_attempts: 2
+ retry_check_interval: 5
-
name: mirror sync - bugs
check: "dsa_check_mirrorsync_skew!bugs.debian.org!project/trace/bugs-master.debian.org!120:600"
retry_check_interval: 5
-
name: DNS SOA sync - debian.org
- check: "dsa_check_soas_add!draghi.debian.org!debian.org"
+ check: "dsa_check_soas_add!denis.debian.org!debian.org"
hosts: global
-
name: DNS SOA sync - debian.net
- check: "dsa_check_soas_add!draghi.debian.org!debian.net"
+ check: "dsa_check_soas_add!denis.debian.org!debian.net"
hosts: global
-
name: DNS SOA sync - debian.com
- check: "dsa_check_soas_add!draghi.debian.org!debian.com"
+ check: "dsa_check_soas_add!denis.debian.org!debian.com"
hosts: global
-
name: DNS SOA sync - mirror.debian.net
- check: "dsa_check_soas_add!draghi.debian.org!mirror.debian.net"
+ check: "dsa_check_soas_add!denis.debian.org!mirror.debian.net"
hosts: global
-
name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa
- check: "dsa_check_soas_add!draghi.debian.org!144-28.118.59.86.in-addr.arpa"
+ check: "dsa_check_soas_add!denis.debian.org!144-28.118.59.86.in-addr.arpa"
hosts: global
-
name: DNS SOA sync - alioth.debian.org
check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org"
hosts: global
-
- name: DNS SEC - signature expiry
+ name: DNS - delegation and signature expiry
+ hosts: global
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-rrsig-expiration-many --warn 20d --critical 7d --geozonedir /srv/dns.debian.org/repositories/auto-dns/zones /srv/dns.debian.org/repositories/domains"
+ runfrom: denis
+ -
+ name: DNS - security delegations
hosts: global
- remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-rrsig-expiration-many --warn 20d --critical 7d --geozonedir /srv/dns.debian.org/geo/zones /srv/dns.debian.org/var/gitdns/domains"
- runfrom: orff
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-dnssec-delegation --dir /srv/dns.debian.org/repositories/domains --dir /srv/dns.debian.org/repositories/auto-dns/zones check-header"
+ runfrom: denis
-
- name: DNS SEC - delegations
+ name: DNS - key coverage
hosts: global
- remotecheck: "/usr/lib/nagios/plugins/dsa-check-dnssec-delegation --dir /srv/dns.debian.org/var/gitdns/domains --dir /srv/dns.debian.org/geo/zones check-header"
- runfrom: orff
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/coverage"
+ runfrom: denis
+ -
+ name: DNS - DS expiry
+ hosts: global
+ remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/ds"
+ runfrom: denis
############
-
remotecheck: "/usr/lib/nagios/plugins/dsa-check-msa-eventlog --start=7778 $HOSTADDRESS$ public"
runfrom: dijkstra
hosts: giustini
+ ############
+ -
+ name: current chroots
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-dchroots-current"
+ hostgroups: porterbox
+ normal_check_interval: 60
+ retry_check_interval: 15
# vim: set ts=2 sw=2 et ai si fdm=marker:
projects / mirror / dsa-nagios.git / blobdiff