address: 5.153.231.20
parents: ganeti-bytemark
hostgroups: computers, general, kvmdomains, stretch, nfs-client, autofs, systemd-timesyncd
- moszumanska:
- address: 5.153.231.21
- parents: ganeti-bytemark
- hostgroups: secondary-IPs
dillon:
address: 5.153.231.22
parents: ganeti-bytemark
address: 217.196.149.235
parents: gw-conova
hostgroups: notacomputer
- mirror-conova:
- address: 217.196.149.229
- parents: gw-conova
- hostgroups: computers, stretch, service, apache2-hosts
- mirror-conova-debian:
- address: 217.196.149.232
- hostgroups: secondary-IPs
- parents: mirror-conova
- mirror-conova-security:
- address: 217.196.149.233
- hostgroups: secondary-IPs, rsyncd-hosts, security_mirror
- parents: mirror-conova
- mirror-conova-archive:
- address: 217.196.149.234
- hostgroups: secondary-IPs, rsyncd-hosts
- parents: mirror-conova
- mirror-conova-syncproxy4-eu:
- address: 217.196.149.237
- hostgroups: secondary-IPs, rsyncd-hosts, https-service
- parents: mirror-conova
arm-conova-01:
address: 217.196.149.230
address: 217.196.149.236
parents: ganeti-conova
hostgroups: computers, hassrvfs, porterbox, stretch
+
+ schmelzer:
+ address: 185.69.161.161
+ parents: gw-conova
+ hostgroups: computers, service, stretch, r540, manyprocesses, apache2-hosts, apache-https, systemd-timesyncd
+ schmelzer-debian:
+ address: 217.196.149.232
+ hostgroups: secondary-IPs
+ parents: schmelzer
+ schmelzer-security:
+ address: 217.196.149.233
+ hostgroups: secondary-IPs, rsyncd-hosts, security_mirror
+ parents: schmelzer
+ schmelzer-archive:
+ address: 217.196.149.234
+ hostgroups: secondary-IPs, rsyncd-hosts
+ parents: schmelzer
+ schmelzer-syncproxy4-eu:
+ address: 217.196.149.237
+ hostgroups: secondary-IPs, rsyncd-hosts, https-service
+ parents: schmelzer
# }}}
# {{{ gw-csail
csail-node01:
x86-csail-01:
address: 128.31.0.50
parents: ganeti-csail
- hostgroups: computers, buildd, hassrvfs, kvmdomains, stretch, systemd-timesyncd
+ hostgroups: computers, buildd, hassrvfs, kvmdomains, buster, systemd-timesyncd
x86-csail-02:
address: 128.31.0.68
parents: ganeti-csail
czerny:
address: 82.195.75.109
parents: gw-manda
- hostgroups: computers, service, dl380, acpid-hosts, stretch, drbd-hosts, manyprocesses
+ hostgroups: computers, service, dl380, acpid-hosts, stretch, manyprocesses
clementi:
address: 82.195.75.103
parents: gw-manda
- hostgroups: computers, service, dl380, acpid-hosts, stretch, drbd-hosts, manyprocesses
+ hostgroups: computers, service, dl380, acpid-hosts, stretch, manyprocesses
+ manda-node03:
+ address: 82.195.75.69
+ parents: gw-manda
+ hostgroups: computers, service, stretch, r540, drbd-hosts, manyprocesses
+ manda-node04:
+ address: 82.195.75.70
+ parents: gw-manda
+ hostgroups: computers, service, stretch, r540, drbd-hosts, manyprocesses
bendel:
address: 82.195.75.100
parents: ganeti3
address: 82.195.75.98
parents: ganeti3
hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, heavy-exim
- lully:
- address: 82.195.75.99
- parents: ganeti3
- hostgroups: computers, service, hasbootfs, kvmdomains, stretch, hasvarlogfs
draghi:
address: 82.195.75.106
parents: ganeti3
- hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, stretch
+ hostgroups: computers, service, hassrvfs, apache2-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, stretch
geo1:
address: 82.195.75.105
parents: ganeti3
handel:
address: 82.195.75.104
parents: ganeti3
- hostgroups: computers, service, kvmdomains, apache2-hosts, stretch, postgres96-hosts
+ hostgroups: computers, service, kvmdomains, apache2-hosts, stretch, postgres96-hosts, hassrvfs
kaufmann:
address: 82.195.75.107
parents: ganeti3
parents: byrd
hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, hassrvfs, rsyncd-hosts, apache-https
+ pijper:
+ address: 140.211.166.194
+ parents: gw-osuosl
+ hostgroups: computers, stretch, service, manyprocesses
+ loghost-osuosl-01:
+ address: 140.211.166.202
+ parents: pijper
+ hostgroups: computers, service, kvmdomains, stretch, hassrvfs, systemd-timesyncd
+
pieta:
address: 140.211.166.195
parents: gw-osuosl
hostgroups: computers, stretch, service, manyprocesses
ppc64el-osuosl-01:
address: 140.211.166.196
- parents: pieta
- hostgroups: computers, hassrvfs, buildd, stretch
+ parents: pijper
+ hostgroups: computers, hassrvfs, buildd, buster
# }}}
# {{{ gw-sanger
sallinen:
sibelius:
address: 193.62.202.28
parents: gw-sanger
- hostgroups: computers, postgres94-hosts, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server, varnish-hosts
+ hostgroups: computers, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server, varnish-hosts
contacts: tjrc1, dave
# }}}
# {{{ gw-scanplus
address: 209.87.16.46
parents: ubc-gateway
hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https, broken_https_default_vhost
- kantuser:
- address: 209.87.16.47
- parents: ubc-gateway
- hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts
grabbe:
address: 209.87.16.48
parents: ubc-gateway
hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https
+ trabaci:
+ address: 209.87.16.49
+ parents: ubc-gateway
+ hostgroups: computers, service, kvmdomains, stretch, hassrvfs, systemd-timesyncd
# }}}
# {{{ gw-umn
#saens:
address: 130.89.148.14
parents: klecker
hostgroups: secondary-IPs
+ smit:
+ address: 130.89.148.78
+ parents: gw-utwente
+ hostgroups: computers, service, stretch, r540, manyprocesses, incomingmailrelayed2025
# }}}
# {{{ gw-ynic
henze:
pe1950:
alias: Dell PowerEdge 1950 hosts
private: 1
+ r540:
+ alias: Dell PowerEdge R540 hosts
+ private: 1
jessie:
alias: Hosts running jessie
stretch:
alias: Hosts running stretch
+ buster:
+ alias: Hosts running buster
kvmdomains:
alias: Hosts that are KVM domains
xinetd-hosts:
alias: hosts providing services via xinetd
private: 1
- postgres94-hosts:
- alias: hosts running postgres94
- private: 1
postgres96-hosts:
alias: hosts running postgres96
private: 1
high-RTT:
alias: machines with high round trip times
private: 1
- alioth:
- alias: machines that just are just awkward
- private: 1
#openstack-compute:
# alias: nodes that run OpenStack compute
# private: 1
nrpe: "/usr/lib/nagios/plugins/dsa-check-ipv6-default-gw"
hostgroups: computers
check_interval: 60
- excludehostgroups: alioth
# }}}
# {{{ ### disk usage
-
nrpe: "/usr/lib/nagios/plugins/dsa-check-config"
hostgroups: computers
check_interval: 60
- excludehostgroups: alioth
-
name: setup - local hostname etc-hosts
nrpe: 'if getent ahosts `hostname` | grep -q 127.0; then echo "Warning: local hostname resolves to 127/8 address"; exit 1; else echo "OK: Hostname resolves to non-127/8 address."; exit 0; fi'
servicegroups: backup
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u bacula -C bacula-fd -a '/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf'"
hostgroups: computers
- excludehostgroups: alioth
-
name: network backup status - draghi
remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$"
runfrom: lotti
hostgroups: computers
- excludehostgroups: alioth
-
- name: remote logging on lully
+ name: remote logging on loghost-grnet-01
remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$"
- runfrom: lully
+ runfrom: loghost-grnet-01
hostgroups: computers
- excludehostgroups: alioth
-
- name: remote logging on loghost-grnet-01
+ name: remote logging on loghost-osuosl-01
remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$"
- runfrom: loghost-grnet-01
+ runfrom: loghost-osuosl-01
hostgroups: computers
- excludehostgroups: alioth
# }}}
# {{{ base service
-
name: process - nrpe
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d'"
hostgroups: computers
- excludehostgroups: stretch
+ excludehostgroups: stretch, buster
max_check_attempts: -1
depends: network service - nrpe
-
name: process - nrpe
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -f'"
- hostgroups: stretch
+ hostgroups: stretch, buster
max_check_attempts: -1
depends: network service - nrpe
###
name: process - ud-replicated
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C ud-replicated -a '/usr/bin/python /usr/bin/ud-replicated'"
hostgroups: computers
- excludehostgroups: alioth
###
-
name: MQ connection on rainier
hostgroups: computers
check_interval: 60
retry_interval: 15
- excludehostgroups: alioth, broken_mq
+ excludehostgroups: broken_mq
-
name: MQ connection on rapoport
servicegroups: MQ
hostgroups: computers
check_interval: 60
retry_interval: 15
- excludehostgroups: alioth, broken_mq
+ excludehostgroups: broken_mq
###
-
name: local resolver
name: process - unbound
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u unbound -C unbound -a '/usr/sbin/unbound'"
hostgroups: computers
- excludehostgroups: alioth
+ -
+ name: unbound trust anchors
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-unbound-anchors"
+ hostgroups: computers
+ check_interval: 60
###
-
name: process - uptimed
name: process - stunnel4 - puppet-ekeyd
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/puppet-ekeyd.conf'"
hostgroups: computers
- excludehostgroups: alioth
-
name: process - stunnel4 - puppet-ekeyd is crazy
nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-stunnel-sanity"
hostgroups: computers
- excludehostgroups: alioth
excludehosts: czerny, grnet-node01, storace
# }}}
# {{{ anti-services
-
name: unwanted process - rpc.statd
nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd"
- hostgroups: stretch
+ hostgroups: stretch, buster
excludehosts: storace
-
name: unwanted process - inetd
name: "host SSL cert - debian client"
nrpe: "if [ -e /etc/ssl/debian/certs/thishost.crt ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/debian/certs/thishost.crt; else echo 'No thishost.crt on this host.'; fi"
hostgroups: computers
+ -
+ name: "host SSL cert - CA"
+ nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /srv/puppet.debian.org/ca/ca.crt"
+ hosts: handel
-
name: "sso CRL"
nrpe: "if [ -e /var/lib/dsa/sso/ca.crl ]; then /usr/lib/nagios/plugins/dsa-check-crl-expire -w 129600 -c 86400 /var/lib/dsa/sso/ca.crl; else echo 'No sso/ca.crl on this host.'; fi"
-
name: HW - OpenManage status
nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-openmanage"
- hostgroups: pe1950
+ hostgroups: pe1950, r540
+ excludehosts: wieck, schumann
+ -
+ name: HW - OpenManage status
+ nrpe: "/usr/bin/sudo /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 -b bat_charge=0:0"
+ hosts: wieck, schumann
# }}}
# }}}
# {{{ ### mail stuff
name: mail queue
nrpe: "/usr/lib/nagios/plugins/check_mailq -M exim -w 1000 -c 2000"
hostgroups: heavy-exim
+ -
+ name: process - fail2ban
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -C fail2ban-server"
+ hostgroups: heavy-exim, heavy-postfix
+ -
+ name: unwanted process - fail2ban
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C fail2ban-server"
+ hostgroups: computers
+ excludehostgroups: heavy-exim, heavy-postfix
# }}}
# {{{ clamav
-
-
name: process - weightd - master
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (master)'"
- hostgroups: heavy-postfix, alioth
+ hostgroups: heavy-postfix
-
name: process - weightd - cache
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (cache)'"
- hostgroups: heavy-postfix, alioth
+ hostgroups: heavy-postfix
depends: process - weightd - master
-
name: process - weightd - child
nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -a 'policyd-weight (child)'"
- hostgroups: heavy-postfix, alioth
+ hostgroups: heavy-postfix
depends: process - weightd - master
###
-
name: unwanted process - policyd-weight
nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight"
hostgroups: computers
- excludehostgroups: heavy-postfix, alioth
+ excludehostgroups: heavy-postfix
# }}}
# {{{ postfix
###
name: unwanted process - postgresql
nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres"
hostgroups: computers
- excludehostgroups: postgres94-hosts, postgres96-hosts
+ excludehostgroups: postgres96-hosts
-
name: unwanted process - postgresql 9.0
nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres -a '9.0/bin/postgres'"
hostgroups: computers
- -
- name: process - postgresql94 - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.4/bin/postgres'"
- hostgroups: postgres94-hosts
-
name: process - postgresql96 - master
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.6/bin/postgres'"
name: process - statd
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u statd -C rpc.statd -a '/sbin/rpc.statd'"
hostgroups: nfs-client, nfs-server
- excludehostgroups: stretch
+ excludehostgroups: stretch, buster
-
name: process - nfsd
nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'"
check: "dsa_check_staticsync!miniconf10.debconf.org"
hosts: global
servicegroups: mirror
+ -
+ name: mirror static sync - wiki
+ check: "dsa_check_staticsync!wiki.debconf.org"
+ hosts: global
+ servicegroups: mirror
+ -
+ name: mirror static sync - www
+ check: "dsa_check_staticsync!www.debconf.org"
+ hosts: global
+ servicegroups: mirror
# }}}
# {{{ DNS
-
hostgroups: computers
check_interval: 60
retry_interval: 15
+ ####
+ -
+ name: ping peer on mgmt network
+ nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.184.12 -w 50,10% -c 200,30%"
+ hosts: conova-node01
+ check_interval: 5
+ max_check_attempts: 4
+ retry_interval: 1
+ -
+ name: ping peer on mgmt network
+ nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.184.11 -w 50,10% -c 200,30%"
+ hosts: conova-node02
+ check_interval: 5
+ max_check_attempts: 4
+ retry_interval: 1
+
+ -
+ name: ping peer on mgmt network
+ nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.182.14 -w 50,10% -c 200,30%"
+ hosts: manda-node03
+ check_interval: 5
+ max_check_attempts: 4
+ retry_interval: 1
+ -
+ name: ping peer on mgmt network
+ nrpe: "/usr/lib/nagios/plugins/check_ping -H 172.29.182.13 -w 50,10% -c 200,30%"
+ hosts: manda-node04
+ check_interval: 5
+ max_check_attempts: 4
+ retry_interval: 1
+ # }}}
# }}}
# }}}