X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=config%2Fnagios-master.cfg;h=27d4b0ad63f2e01bee656863605e38f8492138fb;hb=8a1ed63d72c58225a00c52a45bf4bfbe72307b75;hp=8b3b951b8f2750dbd59689f896103ba7af0dbaa4;hpb=8850496a034dd0cdfab2385fd9c8ead807c9cab6;p=mirror%2Fdsa-nagios.git diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg index 8b3b951..27d4b0a 100644 --- a/config/nagios-master.cfg +++ b/config/nagios-master.cfg @@ -85,10 +85,6 @@ servers: address: 72.52.94.70 parents: gw-ubcece hostgroups: layer3-infrastructure - gw-karlsruhe: - address: 129.143.59.214 - parents: gw-ubcece - hostgroups: layer3-infrastructure gw-leaseweb: address: 185.17.185.190 parents: gw-ubcece @@ -143,7 +139,7 @@ servers: parents: gw-ubcece hostgroups: layer3-infrastructure gw-unicamp: - address: 177.220.10.129 + address: 143.106.167.113 parents: gw-ubcece hostgroups: layer3-infrastructure gw-utwente: @@ -242,15 +238,15 @@ servers: arm-arm-01: address: 217.140.96.58 parents: gw-arm - hostgroups: computers, hassrvfs, buildd, stretch, broken_mq + hostgroups: computers, hassrvfs, buildd, stretch, broken_mq, sw-raid arm-arm-03: address: 217.140.96.60 parents: gw-arm - hostgroups: computers, hassrvfs, buildd, stretch, broken_mq + hostgroups: computers, hassrvfs, buildd, stretch, broken_mq, sw-raid arm-arm-04: address: 217.140.96.61 parents: gw-arm - hostgroups: computers, hassrvfs, buildd, stretch, broken_mq + hostgroups: computers, hassrvfs, buildd, stretch, broken_mq, sw-raid harris: address: 217.140.96.66 parents: gw-arm @@ -409,9 +405,7 @@ servers: moszumanska: address: 5.153.231.21 parents: ganeti-bytemark - contact_groups: alioth-admins - hostgroups: computers, general, wheezy, postgres91-hosts, apache2-hosts, acpid-hosts, apache-https, brokensamhain, no-bacula, bind9-hosts, xinetd-hosts, alioth, heavy-exim, spamd - no-servicegroups: true + hostgroups: secondary-IPs dillon: address: 5.153.231.22 parents: ganeti-bytemark @@ -447,7 +441,7 @@ servers: x86-bm-01: address: 5.153.231.32 parents: ganeti-bytemark - hostgroups: computers, kvmdomains, stretch, no-bacula, systemd-timesyncd + hostgroups: computers, pybuildd, hassrvfs, kvmdomains, stretch, systemd-timesyncd tate: address: 5.153.231.33 parents: ganeti-bytemark @@ -597,7 +591,7 @@ servers: pkgmirror-csail: address: 128.31.0.51 parents: ganeti-csail - hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, hassrvfs, systemd-timesyncd + hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, hassrvfs, systemd-timesyncd, varnish-hosts usper: address: 128.31.0.69 parents: ganeti-csail @@ -687,27 +681,32 @@ servers: lw01: address: 185.17.185.177 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw02: address: 185.17.185.178 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw03: address: 185.17.185.179 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw04: address: 185.17.185.180 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw07: address: 185.17.185.187 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-client, autofs, hassrvfs, postgres94-hosts, apache2-hosts + hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts + lw07-2: + address: 185.17.185.185 + parents: lw07 + hostgroups: secondary-IPs, https-service + lw08: address: 185.17.185.189 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-client, autofs, hassrvfs, apache2-hosts + hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, apache2-hosts lw09: address: 185.17.185.181 parents: gw-leaseweb @@ -717,13 +716,6 @@ servers: parents: gw-leaseweb hostgroups: computers, service, stretch, dl180 # }}} - # {{{ gw-karlsruhe - zemlinsky: - address: 129.143.160.6 - parents: gw-karlsruhe - hostgroups: computers, buildd, stretch - contacts: pkern - # }}} # {{{ gw-manda czerny: address: 82.195.75.109 @@ -842,20 +834,20 @@ servers: address: 140.211.166.197 parents: pieta hostgroups: computers, hassrvfs, buildd, jessie - partch: - address: 140.211.15.152 - parents: gw-osuosl - hostgroups: computers, jessie, hassrvfs, porterbox, sw-raid # }}} # {{{ gw-sanger sallinen: address: 193.62.202.26 parents: gw-sanger - hostgroups: computers, service, stretch, dl380, nfs-client, autofs, postgres96-hosts + hostgroups: computers, service, stretch, dl380, nfs-client, autofs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts + sallinen-2: + address: 193.62.202.27 + parents: sallinen + hostgroups: secondary-IPs, https-service sibelius: address: 193.62.202.28 parents: gw-sanger - hostgroups: computers, postgres94-hosts, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server + hostgroups: computers, postgres94-hosts, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server, varnish-hosts contacts: tjrc1, dave smetana: address: 193.62.202.29 @@ -1000,6 +992,14 @@ servers: address: 209.87.16.46 parents: ubc-gateway hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https, broken_https_default_vhost + kantuser: + address: 209.87.16.47 + parents: ubc-gateway + hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts + grabbe: + address: 209.87.16.48 + parents: ubc-gateway + hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https # }}} # {{{ gw-umn #saens: @@ -1025,19 +1025,19 @@ servers: # }}} # {{{ gw-unicamp prokofiev: - address: 177.220.10.140 + address: 143.106.167.124 parents: gw-unicamp hostgroups: computers, stretch, service, manyprocesses powerpc-unicamp-01: - address: 177.220.10.141 + address: 143.106.167.120 parents: prokofiev hostgroups: computers, hassrvfs, buildd, jessie ppc64el-unicamp-01: - address: 177.220.10.142 + address: 143.106.167.121 parents: prokofiev hostgroups: computers, hassrvfs, buildd, stretch plummer: - address: 177.220.10.143 + address: 143.106.167.122 parents: prokofiev hostgroups: computers, porterbox, hassrvfs, stretch # }}} @@ -1194,9 +1194,6 @@ hostgroups: xinetd-hosts: alias: hosts providing services via xinetd private: 1 - postgres91-hosts: - alias: hosts running postgres91 - private: 1 postgres94-hosts: alias: hosts running postgres94 private: 1 @@ -1231,6 +1228,15 @@ hostgroups: alias: hosts with lots and lots of (kernel) processes crazymanyprocesses: alias: hosts with stupidly lots of processes + varnish-hosts: + alias: hosts running varnish + private: 1 + haproxy-hosts: + alias: hosts running haproxy + private: 1 + haproxy-https-host: + alias: "host providing https on the standard port via haproxy" + private: 1 no-bacula: alias: hosts which are not being backed up with bacula @@ -1486,6 +1492,38 @@ services: servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-10" hosts: lw10 + + - + name: disk usage on nfs farm 1 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-1" + hosts: lw07 + - + name: disk usage on nfs farm 2 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-2" + hosts: lw07 + - + name: disk usage on nfs farm 3 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-3" + hosts: lw07 + - + name: disk usage on nfs farm 4 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-4" + hosts: lw07 + - + name: disk usage on nfs farm 09 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-09" + hosts: lw07 + - + name: disk usage on nfs farm 10 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-10" + hosts: lw07 + - name: disk usage on /srv/morgue.debian.org/ servicegroups: diskspace @@ -1607,7 +1645,7 @@ services: remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula $HOSTNAME$.debian.org" runfrom: dinis hostgroups: computers - excludehostgroups: buildd, porterbox, no-bacula + excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - @@ -1616,7 +1654,7 @@ services: remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula -w 1080 -c 1560 $HOSTNAME$.debian.org F" runfrom: dinis hostgroups: computers - excludehostgroups: buildd, porterbox, no-bacula + excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - @@ -1679,11 +1717,6 @@ services: name: puppetized firewall nrpe: "/usr/lib/nagios/plugins/dsa-check-file -w -f /etc/ferm/conf.d/defs.conf" hostgroups: computers - - - name: process - ulogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'" - hostgroups: computers - excludehostgroups: sparc, jessie, stretch - name: process - ulogd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ulog -C ulogd -a '/usr/sbin/ulogd --daemon --uid ulog'" @@ -1885,11 +1918,6 @@ services: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -p 1 -C systemd-udevd -a '/lib/systemd/systemd-udevd'" hostgroups: jessie, stretch ### - - - name: process - acpid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'" - hostgroups: acpid-hosts - excludehostgroups: jessie, stretch - name: unexpected process - acpid nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid" @@ -1969,11 +1997,6 @@ services: name: "sso CRL" nrpe: "if [ -e /var/lib/dsa/sso/ca.crl ]; then /usr/lib/nagios/plugins/dsa-check-crl-expire -w 129600 -c 86400 /var/lib/dsa/sso/ca.crl; else echo 'No sso/ca.crl on this host.'; fi" hostgroups: computers - - - name: SSL certs - puppet - hosts: global - remotecheck: "/usr/lib/nagios/plugins/dsa-check-cert-expire-dir /etc/puppet/modules/ssl/files/servicecerts" - runfrom: handel - name: SSL certs - LE hosts: global @@ -2110,16 +2133,10 @@ services: nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl" hostgroups: heavy-exim, heavy-postfix depends: process - clamav - clamd - - - name: process - clamav - freshclam - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'" - hostgroups: heavy-exim, heavy-postfix - excludehostgroups: jessie, stretch - name: process - clamav - freshclam nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --foreground=true'" hostgroups: heavy-exim, heavy-postfix - excludehostgroups: wheezy - name: unwanted process - clamav nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd" @@ -2132,18 +2149,11 @@ services: excludehostgroups: heavy-exim, heavy-postfix # }}} # {{{ anti-spam - - - name: process - spamd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" - hostgroups: spamd - excludehosts: picconi - excludehostgroups: jessie, stretch - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir'" hostgroups: spamd excludehosts: picconi - excludehostgroups: wheezy - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 20 --min-spare=5 --helper-home-dir'" @@ -2172,16 +2182,10 @@ services: hostgroups: computers ### - - - name: process - postgrey - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" - hostgroups: heavy-exim - excludehostgroups: jessie, stretch - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" hostgroups: heavy-exim - excludehostgroups: wheezy - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'" @@ -2380,15 +2384,52 @@ services: - name: network service - https cert check: dsa_check_cert!443 - hostgroups: apache-https, https-service + hostgroups: apache-https, https-service, haproxy-https-host depends: network service - https check_interval: 60 - name: unwanted network service - https check: dsa_check_port_closed!443 hostgroups: apache2-hosts - excludehostgroups: apache-https + excludehostgroups: apache-https, haproxy-https-host check_interval: 60 + + ### + - + name: process - haproxy - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a '/usr/sbin/haproxy-systemd-wrapper'" + hostgroups: haproxy-hosts + - + name: process - haproxy - worker + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1:15 -u haproxy -a '/usr/sbin/haproxy '" + hostgroups: haproxy-hosts + depends: process - haproxy - master + - + name: network service - https + check: check_https + hostgroups: haproxy-https-host + depends: "process - haproxy - master" + check_interval: 120 + + - + name: unwanted process - haproxy + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C haproxy" + hostgroups: computers + excludehostgroups: haproxy-hosts + + ### + - + name: process - varnish + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1:15 -u vcache -a '/usr/sbin/varnishd -j unix,user=vcache -F -a '" + hostgroups: varnish-hosts + excludehostgroups: jessie + - + name: unwanted process - varnish + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C varnishd" + hostgroups: computers + excludehostgroups: varnish-hosts + + # }}} # {{{ FTP - @@ -2401,15 +2442,11 @@ services: name: unwanted process - postgresql nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres" hostgroups: computers - excludehostgroups: postgres91-hosts, postgres94-hosts, postgres96-hosts + excludehostgroups: postgres94-hosts, postgres96-hosts - name: unwanted process - postgresql 9.0 nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres -a '9.0/bin/postgres'" hostgroups: computers - - - name: process - postgresql91 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'" - hostgroups: postgres91-hosts - name: process - postgresql94 - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.4/bin/postgres'" @@ -2903,7 +2940,6 @@ services: name: puppet - agent check nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/puppet-agent" hostgroups: computers - excludehosts: moszumanska check_interval: 60 retry_interval: 15 # }}}