tye does https

[mirror/dsa-nagios.git] / config / nagios-master.cfg
diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg

index dbc8e0a..deb3ead 100644 (file)
--- a/config/nagios-master.cfg
+++ b/config/nagios-master.cfg
@@ -327,20 +327,28 @@ servers:
    bm-bl10:
      address: 5.153.231.250
      parents: gw-bytemark
-    hostgroups: computers, bm-bl, acpid-hosts, service, wheezy, openstack-compute, broken_mq
+    hostgroups: computers, bm-bl, service, jessie
    bm-bl11:
      address: 5.153.231.251
      parents: gw-bytemark
-    hostgroups: computers, bm-bl, acpid-hosts, service, wheezy, openstack-compute, broken_mq
+    hostgroups: computers, bm-bl, service, jessie
    bm-bl12:
      address: 5.153.231.252
      parents: gw-bytemark
-    hostgroups: computers, bm-bl, acpid-hosts, service, wheezy, openstack-compute, broken_mq
+    hostgroups: computers, bm-bl, service, jessie
+  bm-bl13:
+    address: 5.153.231.253
+    parents: gw-bytemark
+    hostgroups: computers, bm-bl, service, jessie
+  bm-bl14:
+    address: 5.153.231.254
+    parents: gw-bytemark
+    hostgroups: computers, bm-bl, service, jessie
  
    milanollo:
      address: 5.153.231.2
      parents: gw-bytemark
-    hostgroups: computers, service, kvmdomains, jessie, apache2-hosts, nfs-server, xinetd-hosts
+    hostgroups: computers, service, kvmdomains, jessie, apache2-hosts, apache-https, nfs-server, xinetd-hosts
    milanollo2:
      address: 5.153.231.9
      parents: milanollo
@@ -390,7 +398,7 @@ servers:
    philp:
      address: 5.153.231.13
      parents: ganeti-bytemark
-    hostgroups: computers, hassrvfs, kvmdomains, jessie, apache2-hosts
+    hostgroups: computers, hassrvfs, kvmdomains, jessie, apache2-hosts, apache-https
    rainier:
      address: 5.153.231.16
      parents: ganeti-bytemark
@@ -402,7 +410,7 @@ servers:
    delfin:
      address: 5.153.231.17
      parents: ganeti-bytemark
-    hostgroups: computers, hassrvfs, kvmdomains, jessie, apache2-hosts, nfs-client, autofs
+    hostgroups: computers, hassrvfs, kvmdomains, jessie, apache2-hosts, apache-https, nfs-client, autofs
    wuiet:
      address: 5.153.231.18
      parents: ganeti-bytemark
@@ -432,7 +440,7 @@ servers:
    petrova:
      address: 5.153.231.25
      parents: ganeti-bytemark
-    hostgroups: computers, kvmdomains, jessie, apache2-hosts
+    hostgroups: computers, kvmdomains, jessie, apache2-hosts, apache-https
    oyens:
      address: 5.153.231.26
      parents: ganeti-bytemark
@@ -457,6 +465,10 @@ servers:
      address: 5.153.231.32
      parents: ganeti-bytemark
      hostgroups: computers, kvmdomains, jessie, no-bacula
+  tate:
+    address: 5.153.231.33
+    parents: ganeti-bytemark
+    hostgroups: computers, service, kvmdomains, jessie, autofs, nfs-client, apache2-hosts, apache-https
    gideon:
      address: 5.153.231.34
      parents: ganeti-bytemark
@@ -464,7 +476,7 @@ servers:
    httpredir-bm-01:
      address: 5.153.231.35
      parents: ganeti-bytemark
-    hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts
+    hostgroups: computers, service, kvmdomains, jessie, apache2-hosts
    lindsay:
      address: 5.153.231.36
      parents: ganeti-bytemark
@@ -656,7 +668,7 @@ servers:
    mirror-isc:
      address: 149.20.20.7
      parents: gw-isc
-    hostgroups: computers, service, apache2-hosts, dl360, hpnewraid, hassrvfs, xinetd-hosts, jessie, security_mirror
+    hostgroups: computers, service, apache2-hosts, apache-https, dl360, hpnewraid, hassrvfs, xinetd-hosts, jessie, security_mirror
    mirror-isc2:
      address: 149.20.20.19
      parents: mirror-isc
@@ -721,11 +733,11 @@ servers:
    czerny:
      address: 82.195.75.109
      parents: gw-man-da
-    hostgroups: computers, service, dl380, acpid-hosts, wheezy, drbd-hosts
+    hostgroups: computers, service, dl380, acpid-hosts, jessie, drbd-hosts
    clementi:
      address: 82.195.75.103
      parents: gw-man-da
-    hostgroups: computers, service, dl380, acpid-hosts, wheezy, drbd-hosts
+    hostgroups: computers, service, dl380, acpid-hosts, jessie, drbd-hosts
    bendel:
      address: 82.195.75.100
      parents: ganeti3
@@ -795,7 +807,7 @@ servers:
    wolkenstein:
      address: 82.195.75.65
      parents: ganeti3
-    hostgroups: computers, hasbootfs, hassrvfs, kvmdomains, service, xinetd-hosts, rsyncd-hosts, apache2-hosts, jessie
+    hostgroups: computers, hasbootfs, hassrvfs, kvmdomains, service, xinetd-hosts, rsyncd-hosts, apache2-hosts, jessie, apache-https
    mipsel-manda-01:
      address: 82.195.75.72
      parents: gw-man-da
@@ -1006,11 +1018,11 @@ servers:
    glinka:
      address: 206.12.19.126
      parents: ganeti2
-    hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs, xinetd-hosts
+    hostgroups: computers, service, kvmdomains, jessie, apache2-hosts, nfs-client, autofs, xinetd-hosts
    tye:
      address: 206.12.19.129
      parents: ganeti2
-    hostgroups: computers, service, kvmdomains, wheezy, heavy-exim, apache2-hosts, nfs-client, autofs, hassrvfs
+    hostgroups: computers, service, kvmdomains, jessie, heavy-exim, apache2-hosts, apache-https, nfs-client, autofs, hassrvfs
    elgar:
      address: 206.12.19.130
      parents: ganeti2
@@ -1058,7 +1070,7 @@ servers:
    mirror-umn:
      address: 128.101.240.212
      parents: gw-umn
-    hostgroups: computers, service, apache2-hosts, dl360, hpnewraid, hassrvfs, xinetd-hosts, jessie, security_mirror
+    hostgroups: computers, service, apache2-hosts, apache-https, dl360, hpnewraid, hassrvfs, xinetd-hosts, jessie, security_mirror
    mirror-umn2:
      address: 128.101.240.215
      parents: mirror-umn
@@ -1094,7 +1106,7 @@ servers:
    klecker:
      address: 130.89.148.10
      parents: gw-utwente
-    hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, xinetd-hosts, jessie, incomingmailrelayed2025, hassrvfs
+    hostgroups: computers, service, apache2-hosts, apache-https, rsyncd-hosts, dl380, xinetd-hosts, jessie, incomingmailrelayed2025, hassrvfs
    klecker-ftp:
      address: 130.89.148.12
      parents: klecker
@@ -1431,12 +1443,17 @@ services:
      servicegroups: diskspace
      nrpe: "/usr/lib/nagios/plugins/check_disk -w 5% -c 2%  -A -X devpts -X proc -X linprocfs -X devfs -X fdescfs -X sysfs -X nfs -X nfs4 --ignore-eregi-path='/home/buildd/build-tr|/var/lib/schroot/mount|/proc/sys/fs/binfmt_misc'"
      hostgroups: computers
-    excludehosts: sibelius
+    excludehosts: sibelius, rietz
    -
      name: disk usage - all
      servicegroups: diskspace
      nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc -X linprocfs -X devfs -X fdescfs -X sysfs -X nfs -x nfs4 -x /srv/farm-snapshot/farm-misc 95 98"
      hosts: sibelius
+  -
+    name: disk usage - all
+    servicegroups: diskspace
+    nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc -X linprocfs -X devfs -X fdescfs -X sysfs -X nfs -x nfs4 -x /srv -x /home 95 98"
+    hosts: rietz
  
    -
      name: disk usage on /
@@ -2004,6 +2021,16 @@ services:
      name: "sso CRL"
      nrpe: "if [ -e /var/lib/dsa/sso/ca.crl ]; then /usr/lib/nagios/plugins/dsa-check-crl-expire -w 129600 -c 86400 /var/lib/dsa/sso/ca.crl; else echo 'No sso/ca.crl on this host.'; fi"
      hostgroups: computers
+  -
+    name: SSL certs - puppet
+    hosts: global
+    remotecheck: "/usr/lib/nagios/plugins/dsa-check-cert-expire-dir /etc/puppet/modules/ssl/files/servicecerts"
+    runfrom: handel
+  -
+    name: SSL certs - LE
+    hosts: global
+    remotecheck: "/usr/lib/nagios/plugins/dsa-check-cert-expire-dir /etc/puppet/modules/ssl/files/from-letsencrypt"
+    runfrom: handel
    # }}}
    # {{{ HW health/raid
    -