exim needs to listen on 2025 for even more stupid firewalls

[mirror/dsa-nagios.git] / config / nagios-master.cfg

diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg
index 6307604..b46e373 100644 (file)
--- a/config/nagios-master.cfg
+++ b/config/nagios-master.cfg
@@ -29,7 +29,7 @@ servers:
     contacts: joerg, bzed
   gw-HP-ftc:
     address: 192.25.206.1
-    parents: samosa
+    parents: spohr
     hostgroups: routing-infrastructure
   gw-brainfood:
     address: 70.103.162.1
@@ -72,10 +72,6 @@ servers:
     address: 62.104.23.249
     parents: gw-HP-ftc
     hostgroups: routing-infrastructure
-  gw-topalis:
-    address: 195.243.109.254
-    parents: gw-HP-ftc
-    hostgroups: routing-infrastructure
   gw-sanger:
     address: 193.62.202.18
     parents: gw-HP-ftc
@@ -160,6 +156,14 @@ servers:
     address: 130.239.18.97
     parents: gw-HP-ftc
     hostgroups: routing-infrastructure
+  gw-esiee:
+    address: 147.215.2.249
+    parents: gw-HP-ftc
+    hostgroups: routing-infrastructure
+  gw-ghent:
+    address: 193.191.17.50
+    parents: gw-HP-ftc
+    hostgroups: routing-infrastructure
 
   global:
     hostgroups: notacomputer
@@ -168,44 +172,48 @@ servers:
 
   samosa:
     address: 192.25.206.57
+    parents: spohr
     hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, heavy-exim, lenny, puppet
   raff:
     address: 192.25.206.59
-    parents: samosa
+    parents: spohr
     hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, rsyncd-hosts, heavy-exim, ulogd-hosts, nfs-client, lenny, puppet
   gluck:
     address: 192.25.206.10
-    parents: samosa
+    parents: spohr
     hostgroups: computers, no-udev, general, dl380, apache2-hosts, bind9-hosts, heavy-exim, highload, nfs-client, ulogd-hosts, lenny, puppet
   merkel:
     address: 192.25.206.16
-    parents: samosa
+    parents: spohr
     hostgroups: computers, general, apache1-hosts, apache2-hosts, rsyncd-hosts, sw-raid, postgres81-hosts, heavy-exim, nfs-client, ulogd-hosts, lenny, puppet
   spohr:
     address: 192.25.206.33
-    parents: samosa
     hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, ulogd-hosts, nfs-server, lenny, puppet
+  spohr2:
+    address: 192.25.206.38
+    parents: rietz
+    hostgroups: secondary-IPs
   peri:
     address: 192.25.206.15
-    parents: samosa
+    parents: spohr
     hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet
     contacts: dannf
   penalosa:
     address: 192.25.206.68
-    parents: samosa
+    parents: spohr
     hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet
     contacts: dannf
   mundy:
     address: 192.25.206.62
-    parents: samosa
+    parents: spohr
     hostgroups: computers, buildd, lenny, puppet
   paer:
     address: 192.25.206.11
-    parents: samosa
+    parents: spohr
     hostgroups: computers, porterbox, lenny, hasbootfs, puppet
   merulo:
     address: 192.25.206.58
-    parents: samosa
+    parents: spohr
     hostgroups: computers, porterbox, lenny, puppet
 
   bartok:
@@ -216,7 +224,7 @@ servers:
   morales:
     address: 82.195.75.97
     parents: gw-man-da
-    hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs
+    hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs, hassrvfs
     contacts: bzed
   sperger:
     address: 82.195.75.98
@@ -226,12 +234,12 @@ servers:
   agricola:
     address: 82.195.75.86
     parents: gw-man-da
-    hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet
+    hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet, hassrvfs
     contacts: bzed
   arcadelt:
     address: 82.195.75.87
     parents: gw-man-da
-    hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
+    hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet, hassrvfs
     contacts: bzed
   liszt:
     address: 82.195.75.100
@@ -309,6 +317,14 @@ servers:
     address: 128.31.0.46
     parents: gw-mit-csail
     hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts, puppet
+  rore:
+    address: 128.31.0.49
+    parents: gw-mit-csail
+    hostgroups: computers, service, rsyslog-hosts, lenny, puppet, dl360, acpid-hosts
+  carver:
+    address: 128.31.0.50
+    parents: gw-mit-csail
+    hostgroups: computers, service, rsyslog-hosts, lenny, puppet, dl380, acpid-hosts, hassrvfs, ulogd-hosts
 
   klecker:
     address: 194.109.137.218
@@ -323,7 +339,7 @@ servers:
   argento:
     address: 93.94.130.160
     parents: gw-dg-i.net
-    hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
+    hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet, hassrvfs
     contacts: bzed
 
   widor:
@@ -337,11 +353,6 @@ servers:
     parents: gw-freenet
     hostgroups: computers, porterbox, sw-raid, lenny, puppet
 
-  raptor:
-    address: 195.243.109.162
-    parents: gw-topalis
-    hostgroups: computers, porterbox, postfix-hosts, lenny
-
   albeniz:
     address: 193.62.202.27
     parents: gw-sanger
@@ -374,12 +385,12 @@ servers:
   puccini:
     address: 87.106.4.56
     parents: gw-1und1
-    hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet
+    hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet, hassrvfs
     contacts: joerg
   powell:
     address: 87.106.64.223
     parents: gw-1und1
-    hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet
+    hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet, hassrvfs
     contacts: joerg
 
   schumann:
@@ -393,7 +404,11 @@ servers:
   chopin:
     address: 195.20.242.124
     parents: schumann
-    hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts
+    hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts, hassrvfs
+  geo3:
+    address: 195.20.242.125
+    parents: schumann
+    hostgroups: computers, service, lenny, hasbootfs, puppet, rsyslog-hosts, single-cpu
 
   caballero:
     address: 193.201.200.200
@@ -409,16 +424,6 @@ servers:
     parents: gw-xandros
     hostgroups: deadslow
 
-  kullervo:
-    address: 217.114.76.82
-    parents: gw-nmmn
-    hostgroups: deadslow
-    contacts: luk
-  crest:
-    address: 217.114.76.83
-    parents: gw-nmmn
-    hostgroups: deadslow
-    contacts: luk
   pescetti:
     address: 217.114.76.85
     parents: gw-nmmn
@@ -443,8 +448,13 @@ servers:
 
   allegri:
     address: 157.193.39.233
-    parents: gw-HP-ftc
-    hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet
+    parents: gw-ghent
+    hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet, hassrvfs
+    contacts: luk
+  ancina:
+    address: 157.193.39.13
+    parents: gw-ghent
+    hostgroups: computers, buildd, single-cpu, lenny, puppet, hassrvfs, hasbootfs, incomingmailrelayed2025
     contacts: luk
 
   agnesi:
@@ -465,6 +475,14 @@ servers:
     address: 137.82.84.70
     parents: gw-ubc
     hostgroups: computers, bl460, rsyslog-hosts, acpid-hosts, lenny, puppet
+  brahms:
+    address: 137.82.84.74
+    parents: dijkstra
+    hostgroups: computers, lenny, puppet, buildd, hasbootfs, hassrvfs
+  geo2:
+    address: 137.82.84.71
+    parents: dijkstra
+    hostgroups: computers, service, lenny, hasbootfs, puppet, rsyslog-hosts, single-cpu
 
   lebrun:
     address: 193.198.184.10
@@ -478,7 +496,7 @@ servers:
   tartini:
     address: 82.94.249.158
     parents: gw-telegraaf
-    hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs
+    hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs, hassrvfs
 
   piatti:
     address: 193.167.161.225
@@ -499,7 +517,7 @@ servers:
   zelenka:
     address: 80.245.147.40
     parents: gw-HP-ftc
-    hostgroups: computers, porterbox, lenny, puppet
+    hostgroups: computers, porterbox, lenny, puppet, hassrvfs
 
   escher:
     address: 213.188.99.215
@@ -513,13 +531,18 @@ servers:
   schein:
     address: 149.20.20.6
     parents: gw-isc
-    hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360
+    hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360, bind9-hosts
 
   praetorius:
     address: 130.239.18.121
     parents: gw-aca
     hostgroups: computers, buildd, rsyslog-hosts, lenny, puppet
 
+  lafayette:
+    address: 147.215.7.160
+    parents: gw-esiee
+    hostgroups: computers, buildd, lenny, puppet, sw-raid, hassrvfs, hasbootfs, incomingmailrelayed
+
 #############################
 # host groups
 #
@@ -671,7 +694,18 @@ hostgroups:
   hasbootfs:
     alias: hosts with a /boot
     private: 1
+  hassrvfs:
+    alias: hosts with a /srv
+    private: 1
 
+  incomingmailrelayed:
+    alias: incoming mail needs to go through a mail relay
+    # i.e. no port 25
+    private: 1
+  incomingmailrelayed2025:
+    alias: incoming mail needs to go through a mail relay
+    # i.e. no port 25
+    private: 1
 
 #############################
 # servicegroups
@@ -760,7 +794,7 @@ services:
     name: disk usage on /srv
     servicegroups: diskspace
     nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv"
-    hosts: agricola, arcadelt, argento, allegri, tartini, morales, powell, puccini, zelenka, chopin
+    hostgroups: hassrvfs
   -
     name: disk usage on /org/scratch
     servicegroups: diskspace
@@ -780,17 +814,12 @@ services:
     name: disk usage on /home
     servicegroups: diskspace
     nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home"
-    hosts: raptor, voltaire, rem, ball, paer, escher
+    hosts: voltaire, rem, ball, paer, escher
   -
     name: disk usage on /home
     servicegroups: diskspace
     nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /home"
     hosts: gluck
-  -
-    name: disk usage on /chroot
-    servicegroups: diskspace
-    nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /chroot"
-    hosts: raptor
   -
     name: disk usage on /mnt/hdc
     servicegroups: diskspace
@@ -949,15 +978,8 @@ services:
     check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3"
     depends: network service - sshd
     hostgroups: computers, deadslow
-    excludehosts: crest, kullervo
     excludehostgroups: lenny
     normal_check_interval:  60
-  -
-    name: "network service - sshd - version"
-    check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1"
-    depends: network service - sshd
-    hosts: crest, kullervo
-    normal_check_interval:  60
   -
     name: "network service - sshd - version"
     check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-5"
@@ -1008,18 +1030,18 @@ services:
     # etch: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ntp -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
     nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
     hostgroups: computers
-    excludehosts: raptor, zelenka
+    excludehosts: zelenka
   -
     name: network service - ntp
-    check: check_ntp
+    check: dsa_check_ntp
     hostgroups: computers
     depends: process - ntpd
-    excludehosts: raptor, allegri, zelenka
+    excludehosts: allegri, zelenka
   #
   -
     name: network service - time
     check: dsa_check_time
-    hosts: raptor, allegri, zelenka
+    hosts: allegri, zelenka
     depends: process - xinetd
 
  ###
@@ -1287,15 +1309,25 @@ services:
     name: network service - smtp
     check: dsa_check_smtp
     hostgroups: computers
-    excludehostgroups: postfix-hosts
+    excludehostgroups: postfix-hosts, incomingmailrelayed, incomingmailrelayed2025
     depends: process - exim
 
   -
     name: network service - smtp
     check: dsa_check_smtp
     hostgroups: postfix-hosts
-    excludehosts: verdi, kassia, allegri, raptor, piatti
+    excludehosts: verdi, kassia, allegri, piatti
     depends: process - postfix - master
+  -
+    name: network service - submission
+    check: dsa_check_smtp_port!587
+    hostgroups: incomingmailrelayed
+    depends: process - exim
+  -
+    name: network service - smtp 2025
+    check: dsa_check_smtp_port!2025
+    hostgroups: incomingmailrelayed2025
+    depends: process - exim
   -
     name: network service - smtp - port 2025
     check: dsa_check_smtp_port!2025
@@ -1306,13 +1338,6 @@ services:
     check: dsa_check_smtp_port!8080
     hosts: murphy
     depends: process - postfix - master
-  -
-    name: network service - smtp - port 2025
-    remotecheck: /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p 2025
-    runfrom: murphy
-    hosts: raptor
-    depends: process - postfix - master
-
   -
     name: network service local - smtps cert
     nrpe: "/usr/lib/nagios/plugins/check_http -H localhost -p 465 -S -C 14 -t 45"
@@ -1399,6 +1424,12 @@ services:
     nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw"
     hostgroups: sw-raid
 
+ ###
+  -
+    name: process - monit
+    nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C monit -a '/usr/sbin/monit -d 300 -c /etc/monit/monitrc -s /var/lib/monit/monit.state'"
+    hostgroups: lenny
+    excludehosts: agnesi
  ###
   -
     name: process - cpqarrayd
@@ -1481,13 +1512,13 @@ services:
   -
     name: process - xinetd
     nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive'"
-    hosts: samosa, raptor, allegri, gluck, zelenka
+    hosts: samosa, allegri, gluck, zelenka
     hostgroups: rsyncd-hosts
   -
     name: unwanted process - xinetd
     nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd"
     hostgroups: computers
-    excludehosts: samosa, raptor, allegri, gluck, zelenka
+    excludehosts: samosa, allegri, gluck, zelenka
     excludehostgroups: rsyncd-hosts
  ###
   -
@@ -1519,7 +1550,7 @@ services:
     name: process - nagios3
     # there is always one extra process per check currently running..
     nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C nagios3 -a '/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg'"
-    hosts: samosa
+    hosts: spohr
 
  ###
   -
@@ -1574,9 +1605,22 @@ services:
   -
     name: network service - https cert
     check: dsa_check_cert!443
-    hosts: samosa, ries, klecker
+    hosts: samosa, ries, klecker, spohr2
     depends: network service - https
     normal_check_interval: 60
+
+  # spohr
+  -
+    name: network service - https
+    check: check_https
+    hosts: spohr2
+    depends: "spohr:process - apache2 - master"
+    normal_check_interval: 120
+  -
+    name: network service - http
+    check: check_http
+    hosts: spohr2
+    depends: "spohr:process - apache2 - master"
  ####
   -
     name: process - named
@@ -1709,12 +1753,6 @@ services:
     hostgroups: buildd
     contacts: luk
 
- ###
-  -
-    name: process - iscsid
-    nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 1: -u root -C iscsid '/usr/sbin/iscsid'"
-    hosts: raptor
-
  ###
   #-
   #  name: process - tftpd