X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=config%2Fnagios-master.cfg;h=625c471bc310866e8dd6814189d955047a58759c;hb=33010000c54cdee9cff1fbd8a1876238c9173498;hp=22d6ca1e89e1a88d957050eb433c602cbdbc2fe8;hpb=f6d52fa3c425d0eb5203132df53a23b84d4824c6;p=mirror%2Fdsa-nagios.git diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg index 22d6ca1..625c471 100644 --- a/config/nagios-master.cfg +++ b/config/nagios-master.cfg @@ -19,6 +19,16 @@ servers: hostgroups: notacomputer pingable: false check_command: dsa_check_always_ok + gw-1und1: + parents: gw-ubcece + hostgroups: notacomputer + pingable: false + check_command: dsa_check_always_ok + gw-1und1-sec: + parents: gw-ubcece + hostgroups: notacomputer + pingable: false + check_command: dsa_check_always_ok gw-accumu: address: 130.239.18.97 parents: gw-ubcece @@ -77,7 +87,11 @@ servers: parents: gw-ubcece hostgroups: layer3-infrastructure gw-karlsruhe: - address: 129.143.166.229 + address: 129.143.57.177 + parents: gw-ubcece + hostgroups: layer3-infrastructure + gw-leaseweb: + address: 185.17.185.190 parents: gw-ubcece hostgroups: layer3-infrastructure gw-man-da: @@ -85,7 +99,7 @@ servers: parents: gw-ubcece hostgroups: layer3-infrastructure gw-marist: - address: 148.100.96.1 + address: 148.100.88.1 parents: gw-ubcece hostgroups: layer3-infrastructure gw-osuosl: @@ -144,12 +158,12 @@ servers: # {{{ gw-1und1 powell: address: 87.106.64.223 - parents: gw-ubcece + parents: gw-1und1 hostgroups: computers, service, acpid-hosts, wheezy pkgmirror-1and1: address: 213.165.95.4 parents: powell - hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula + hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula, apache-https babin: address: 213.165.95.6 parents: powell @@ -158,8 +172,7 @@ servers: # {{{ gw-1und1-sec schumann: address: 212.227.126.54 - parents: gw-ubcece - #parents: gw-1und1-sec + parents: gw-1und1-sec hostgroups: computers, acpid-hosts, service, wheezy chopin: address: 195.20.242.124 @@ -175,8 +188,7 @@ servers: hostgroups: computers, service, hasbootfs, hassrvfs, kvmdomains, apache2-hosts, wheezy, apache-https wieck: address: 195.20.242.89 - parents: gw-ubcece - #parents: gw-1und1-sec + parents: gw-1und1-sec hostgroups: computers, service, apache2-hosts, rsyncd-hosts, acpid-hosts, xinetd-hosts, wheezy, security_mirror, hasvarlogfs, no-bacula # }}} # {{{ gw-accumu @@ -194,10 +206,6 @@ servers: address: 217.140.96.56 parents: gw-arm hostgroups: computers, hasbootfs, hassrvfs, porterbox, wheezy, deadslow - alain: - address: 217.140.96.58 - parents: gw-arm - hostgroups: computers, hasbootfs, hassrvfs, buildd, wheezy, deadslow alwyn: address: 217.140.96.59 parents: gw-arm @@ -270,6 +278,14 @@ servers: address: 5.153.231.248 parents: gw-bytemark hostgroups: computers, bm-bl, acpid-hosts, service, wheezy + bm-bl9: + address: 5.153.231.249 + parents: gw-bytemark + hostgroups: computers, bm-bl, acpid-hosts, service, wheezy, openstack-conpute + bm-bl10: + address: 5.153.231.250 + parents: gw-bytemark + hostgroups: computers, bm-bl, acpid-hosts, service, wheezy, openstack-compute milanollo: address: 5.153.231.2 @@ -282,11 +298,11 @@ servers: picconi: address: 5.153.231.3 parents: gw-bytemark - hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs, heavy-exim, spamd + hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs, heavy-exim, spamd, apache-https senfter: address: 5.153.231.4 parents: gw-bytemark - hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula + hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, no-bacula, apache-https adayevskaya: address: 5.153.231.5 parents: gw-bytemark @@ -309,60 +325,86 @@ servers: address: 5.153.231.10 parents: gw-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy, postgres91-hosts + ganeti-bytemark: + address: 82.195.75.111 + parents: gw-bytemark + hostgroups: notacomputer coccia: address: 5.153.231.11 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy, autofs, nfs-client backuphost: address: 5.153.231.12 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy philp: address: 5.153.231.13 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts couper: address: 5.153.231.14 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts, nfs-client, autofs rainier: - address: 5.153.231.15 - parents: gw-bytemark + address: 5.153.231.16 + parents: ganeti-bytemark hostgroups: computers, kvmdomains, wheezy, no-bacula rapoport: - address: 5.153.231.16 - parents: gw-bytemark + address: 5.153.231.15 + parents: ganeti-bytemark hostgroups: computers, kvmdomains, wheezy, no-bacula delfin: address: 5.153.231.17 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, hassrvfs, kvmdomains, wheezy, apache2-hosts wuiet: address: 5.153.231.18 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, general, kvmdomains, wheezy, service, apache-https, apache2-hosts, heavy-exim, xinetd-hosts dinis: address: 5.153.231.19 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, general, kvmdomains, wheezy donizetti: address: 5.153.231.20 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs + moszumanska: + address: 5.153.231.21 + parents: ganeti-bytemark + contact_groups: alioth-admins + hostgroups: computers, general, wheezy, postgres91-hosts, apache2-hosts, acpid-hosts, apache-https, brokensamhain, no-bacula, bind9-hosts, xinetd-hosts, alioth, heavy-exim, spamd + no-servicegroups: true dillon: address: 5.153.231.22 - parents: gw-bytemark - hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs + parents: ganeti-bytemark + hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs, hassrvfs ticharich: address: 5.153.231.23 - parents: gw-bytemark + parents: ganeti-bytemark hostgroups: computers, general, kvmdomains, wheezy, nfs-client, autofs, apache2-hosts, apache-https, service + diamond: + address: 5.153.231.24 + parents: ganeti-bytemark + hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts, no-bacula + petrova: + address: 5.153.231.25 + parents: ganeti-bytemark + hostgroups: computers, kvmdomains, wheezy, apache2-hosts + oyens: + address: 5.153.231.26 + parents: ganeti-bytemark + hostgroups: computers, kvmdomains, wheezy, apache2-hosts, openstack-controller + barriere: + address: 5.153.231.27 + parents: ganeti-bytemark + hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, porterbox # }}} # {{{ gw-c3sl santoro: address: 200.17.202.197 parents: gw-c3sl - hostgroups: computers, service, apache2-hosts, rsyncd-hosts, xinetd-hosts, hassrvfs, wheezy, high-RTT, security_mirror, no-bacula + hostgroups: computers, service, apache2-hosts, rsyncd-hosts, xinetd-hosts, hassrvfs, wheezy, high-RTT, security_mirror, no-bacula, apache-https contacts: faw # }}} # {{{ gw-carnet @@ -379,7 +421,7 @@ servers: gluck: address: 150.203.164.38 parents: gw-cecsit - hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, security_mirror, no-bacula + hostgroups: computers, service, apache2-hosts, rsyncd-hosts, dl380, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, security_mirror, no-bacula, apache-https # }}} # {{{ gw-conova sompek: @@ -395,7 +437,7 @@ servers: senfl: address: 128.31.0.51 parents: gw-csail - hostgroups: computers, service, dl360, acpid-hosts, hassrvfs, apache2-hosts, rsyncd-hosts, bind9-hosts, xinetd-hosts, squeeze + hostgroups: computers, service, dl360, acpid-hosts, hassrvfs, apache2-hosts, rsyncd-hosts, bind9-hosts, xinetd-hosts, squeeze, apache-https steffani: address: 128.31.0.36 parents: gw-csail @@ -408,18 +450,18 @@ servers: hostgroups: computers, sw-raid, hassrvfs, wheezy # }}} # {{{ gw-ftcollins - alkman: - address: 192.25.206.63 - parents: gw-ftcollins - hostgroups: computers, buildd, acpid-hosts, wheezy - merulo: - address: 192.25.206.58 - parents: gw-ftcollins - hostgroups: computers, porterbox, hasusrfs, wheezy - mundy: - address: 192.25.206.62 - parents: gw-ftcollins - hostgroups: computers, buildd, hassrvfs, sw-raid, acpid-hosts, wheezy + #alkman: + # address: 192.25.206.63 + # parents: gw-ftcollins + # hostgroups: computers, buildd, acpid-hosts, wheezy + #merulo: + # address: 192.25.206.58 + # parents: gw-ftcollins + # hostgroups: computers, porterbox, hasusrfs, wheezy + #mundy: + # address: 192.25.206.62 + # parents: gw-ftcollins + # hostgroups: computers, buildd, hassrvfs, sw-raid, acpid-hosts, wheezy spohr: address: 192.25.206.33 parents: gw-ftcollins @@ -457,6 +499,32 @@ servers: parents: gw-isc hostgroups: computers, service, apache2-hosts, rsyncd-hosts, acpid-hosts, dl360, hasorgfs, xinetd-hosts, wheezy, security_mirror, no-bacula # }}} + # {{{ gw-leaseweb + lw01: + address: 185.17.185.177 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl180 + lw02: + address: 185.17.185.178 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl180 + lw03: + address: 185.17.185.179 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl180 + lw04: + address: 185.17.185.180 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl180 + lw05: + address: 185.17.185.181 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl120, sw-raid + lw06: + address: 185.17.185.182 + parents: gw-leaseweb + hostgroups: computers, service, acpid-hosts, wheezy, dl120, sw-raid + # }}} # {{{ gw-karlsruhe zemlinsky: address: 129.143.160.6 @@ -499,7 +567,7 @@ servers: vento: address: 82.195.75.98 parents: ganeti3 - hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, heavy-exim + hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, apache-https, heavy-exim lully: address: 82.195.75.99 parents: ganeti3 @@ -512,14 +580,10 @@ servers: address: 82.195.75.102 parents: gw-man-da hostgroups: computers, service, dl360, acpid-hosts, wheezy - diamond: - address: 82.195.75.108 - parents: ganeti3 - hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts, no-bacula draghi: address: 82.195.75.106 parents: ganeti3 - hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, bind9-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, wheezy + hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https, wheezy geo1: address: 82.195.75.105 parents: ganeti3 @@ -532,6 +596,10 @@ servers: address: 82.195.75.107 parents: ganeti3 hostgroups: computers, service, apache2-hosts, rsyncd-hosts, kvmdomains, xinetd-hosts, wheezy + stockhausen: + address: 82.195.75.108 + parents: ganeti3 + hostgroups: computers, service, kvmdomains, wheezy, acpid-hosts, jetty-hosts ganeti3: address: 82.195.75.111 parents: gw-man-da @@ -539,7 +607,7 @@ servers: wilder: address: 82.195.75.112 parents: ganeti3 - hostgroups: computers, service, hassrvfs, apache2-hosts, kvmdomains, wheezy, acpid-hosts, apache2-hosts, apache-https, rsyncd-hosts, xinetd-hosts + hostgroups: computers, service, hassrvfs, apache2-hosts, kvmdomains, wheezy, acpid-hosts, apache-https, rsyncd-hosts, xinetd-hosts vieuxtemps: address: 82.195.75.113 parents: ganeti3 @@ -552,18 +620,22 @@ servers: address: 82.195.75.91 parents: ganeti3 hostgroups: computers, service, kvmdomains, wheezy, bind9-hosts + vogler: + address: 82.195.75.92 + parents: ganeti3 + hostgroups: computers, service, kvmdomains, wheezy # }}} # {{{ gw-marist - zappa: - address: 148.100.96.103 + zani: + address: 148.100.88.22 parents: gw-marist - hostgroups: computers, buildd, hassrvfs, squeeze, incomingmailrelayed + hostgroups: computers, buildd, hassrvfs, wheezy, incomingmailrelayed, ping-suckers # }}} # {{{ gw-osuosl busoni: address: 140.211.15.34 parents: gw-osuosl - hostgroups: computers, service, dl360, hassrvfs, acpid-hosts, wheezy, hasvarlogfs, apache2-hosts, no-bacula + hostgroups: computers, service, dl360, hassrvfs, acpid-hosts, wheezy, hasvarlogfs, apache2-hosts, no-bacula, apache-https byrd: address: 140.211.166.20 parents: gw-osuosl @@ -571,7 +643,7 @@ servers: buxtehude: address: 140.211.166.26 parents: byrd - hostgroups: computers, service, hassrvfs, acpid-hosts, apache2-hosts, heavy-exim, postgres91-hosts, wheezy, hasvarlogfs + hostgroups: computers, service, hassrvfs, acpid-hosts, apache2-hosts, heavy-exim, postgres91-hosts, wheezy, hasvarlogfs, apache-https # malo TODO mayer: address: 140.211.166.78 @@ -592,7 +664,7 @@ servers: rietz: address: 140.211.166.43 parents: gw-osuosl - hostgroups: computers, service, rsyncd-hosts, dl385, hassrvfs, acpid-hosts, xinetd-hosts, wheezy, bind9-hosts + hostgroups: computers, service, rsyncd-hosts, dl385, hassrvfs, acpid-hosts, xinetd-hosts, wheezy #, bosserver rietz2: address: 140.211.166.44 @@ -604,7 +676,7 @@ servers: caballero: address: 193.201.200.200 parents: gw-rapidswitch - hostgroups: computers, buildd, sw-raid, squeeze + hostgroups: computers, buildd, sw-raid, wheezy, hassrvfs, acpid-hosts # }}} # {{{ gw-sanger sibelius: @@ -641,6 +713,10 @@ servers: address: 86.59.118.152 parents: gw-sil hostgroups: computers, buildd, wheezy + eberlin: + address: 86.59.118.155 + parents: gw-sil + hostgroups: computers, buildd, wheezy # }}} # {{{ gw-ubcece sw-ubcece: @@ -717,10 +793,6 @@ servers: address: 206.12.19.13 parents: sw-ubcece-kais hostgroups: computers, hashomefs, sw-raid, rsyncd-hosts, apache2-hosts, xinetd-hosts, service, nfs-server, squeeze, hassrvfs - paganini: - address: 206.12.19.10 - parents: sw-ubcece-kais - hostgroups: computers, hasbootfs, aacraid, hassrvfs, nfs-client, service, squeeze, autofs respighi: address: 206.12.19.11 parents: sw-ubcece-kais @@ -790,7 +862,7 @@ servers: nono: address: 206.12.19.123 parents: traetta - hostgroups: computers, service, kvmdomains, wheezy, heavy-exim, xinetd-hosts, apache2-hosts, apache-https + hostgroups: computers, service, kvmdomains, wheezy, heavy-exim, xinetd-hosts, apache2-hosts, apache-https, broken_https_default_vhost reger: address: 206.12.19.124 parents: ganeti2 @@ -823,14 +895,10 @@ servers: address: 206.12.19.134 parents: ganeti2 hostgroups: computers, service, kvmdomains, wheezy, xinetd-hosts, nfs-client, autofs - barriere: - address: 206.12.19.135 - parents: ganeti2 - hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, porterbox diabelli: address: 206.12.19.136 parents: traetta - hostgroups: computers, service, hasbootfs, kvmdomains, wheezy, apache2-hosts, apache-https + hostgroups: computers, service, hasbootfs, kvmdomains, wheezy, apache2-hosts, apache-https, broken_https_default_vhost bizet: address: 206.12.19.137 parents: ganeti2 @@ -846,11 +914,11 @@ servers: beach: address: 206.12.19.140 parents: ganeti2 - hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, xinetd-hosts, hassrvfs, nfs-server, rsyncd-hosts, no-bacula + hostgroups: computers, service, kvmdomains, wheezy, apache2-hosts, xinetd-hosts, hassrvfs, nfs-server, rsyncd-hosts, no-bacula, apache-https ullmann: address: 206.12.19.141 parents: ganeti2 - hostgroups: computers, service, kvmdomains, wheezy, postgres91-hosts, nfs-client, apache2-hosts, autofs + hostgroups: computers, service, kvmdomains, wheezy, postgres91-hosts, nfs-client, apache2-hosts, autofs, apache-https sonntag: address: 206.12.19.142 parents: ganeti2 @@ -859,10 +927,6 @@ servers: address: 206.12.19.143 parents: ganeti2 hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, apache-https - stanley: - address: 206.12.19.145 - parents: ganeti2 - hostgroups: computers, service, kvmdomains, wheezy, hassrvfs, apache2-hosts, no-bacula muffat: address: 206.12.19.146 parents: ganeti2 @@ -890,12 +954,16 @@ servers: address: 130.89.148.12 parents: klecker hostgroups: secondary-IPs + klecker-archive: + address: 130.89.148.13 + parents: klecker + hostgroups: secondary-IPs + klecker-static: + address: 130.89.148.14 + parents: klecker + hostgroups: secondary-IPs # }}} # {{{ gw-ynic - hildegard: - address: 144.32.168.74 - parents: gw-ynic - hostgroups: computers, hasbootfs, hassrvfs, armhf, wheezy, deadslow, buildd howells: address: 144.32.168.75 parents: gw-ynic @@ -998,6 +1066,12 @@ hostgroups: dl585: alias: HP DL385 hosts private: 1 + dl180: + alias: HP DL180 + private: 1 + dl120: + alias: HP DL120 + private: 1 sw-raid: alias: Hosts with Linux software raid private: 1 @@ -1043,6 +1117,9 @@ hostgroups: apache2-hosts: alias: hosts running apache2 private: 1 + jetty-hosts: + alias: hosts running jetty + private: 1 varnish-hosts: alias: hosts running varnish private: 1 @@ -1086,6 +1163,9 @@ hostgroups: apache-https: alias: hosts with https services private: 1 + broken_https_default_vhost: + alias: https default vhost does not say 200 OK + private: 1 no-bacula: alias: hosts which are not being backed up with bacula @@ -1143,15 +1223,23 @@ hostgroups: # i.e. no port 25 private: 1 - ntpsuckers: - alias: "hosts who's ntp offset is often unknown" - private: 1 - brokensamhain: alias: machines that can not run samhain private: 1 high-RTT: - alias: machines with hight round trip times + alias: machines with high round trip times + private: 1 + ping-suckers: + alias: machines that just suck at icmp + private: 1 + alioth: + alias: machines that just are just awkward + private: 1 + openstack-compute: + alias: nodes that run OpenStack compute + private: 1 + openstack-controller: + alias: nodes that run OpenStack controller private: 1 security_mirror: @@ -1171,8 +1259,6 @@ servicegroups: alias: backup checks kernel: alias: kernel checks - weaksshkeys: - alias: weak ssh keys apt: alias: apt upgrade status samhain: @@ -1181,7 +1267,7 @@ servicegroups: alias: time stuff security: alias: security - servicegroup_members: apt, weaksshkeys, kernel, samhain + servicegroup_members: apt, kernel, samhain ############################# # services @@ -1191,7 +1277,7 @@ services: name: PING check: "check_ping!350.0,20%!600.0,40%" hostgroups: pingable - excludehostgroups: layer3-infrastructure, high-RTT + excludehostgroups: layer3-infrastructure, high-RTT, ping-suckers normal_check_interval: 5 max_check_attempts: 4 retry_check_interval: 1 @@ -1202,6 +1288,13 @@ services: normal_check_interval: 5 max_check_attempts: 4 retry_check_interval: 1 + - + name: PING + check: "check_ping!600.0,90%!900.0,95%" + hostgroups: ping-suckers + normal_check_interval: 5 + max_check_attempts: 4 + retry_check_interval: 1 - name: PING check: "check_ping!2000.0,60%!3000.0,80%" @@ -1215,6 +1308,7 @@ services: ############ Disk Usage ############ #### + - name: disk usage - all servicegroups: diskspace @@ -1278,11 +1372,6 @@ services: servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home" hostgroups: hashomefs - - - name: disk usage on /x - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x" - hosts: caballero - name: disk usage on /var/lib/postgresql servicegroups: diskspace @@ -1316,12 +1405,12 @@ services: - name: disk usage on /srv/farm-snapshot/farm-misc servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 95 90 /srv/farm-snapshot/farm-misc" + nrpe: "/usr/lib/nagios/plugins/check_disk 97 95 /srv/farm-snapshot/farm-misc" hosts: sibelius - - name: disk usage on /var/lib/postgresql/9.1/dak + name: disk usage on /var/lib/postgresql/9.1 servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /var/lib/postgresql/9.1/dak" + nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /var/lib/postgresql/9.1" hosts: franck - name: disk usage on /srv/ftp-master.debian.org @@ -1404,7 +1493,7 @@ services: servicegroups: backup nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u bacula -C bacula-fd -a '/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf'" hostgroups: computers - excludehostgroups: freebsd + excludehostgroups: freebsd, alioth - name: process - bacula-fd servicegroups: backup @@ -1511,6 +1600,12 @@ services: nrpe: "/usr/lib/nagios/plugins/dsa-check-uptime" hostgroups: computers #### + - + name: processes - samhain zombies + nrpe: "/usr/lib/nagios/plugins/check_procs 3 6 -s Z -u root -a samhain" + event_handler: dsa_event_handler_restart_samhain + hostgroups: computers + excludehostgroups: brokensamhain - name: processes - zombies nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z" @@ -1548,13 +1643,6 @@ services: depends: process - sshd normal_check_interval: 60 notification_interval: 1440 - - - - name: ssh - weak keys - servicegroups: weaksshkeys - nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys" - hostgroups: computers - normal_check_interval: 60 #### - name: network service - nrpe @@ -1600,7 +1688,7 @@ services: hostgroups: computers depends: process - ntpd excludehosts: ancina - excludehostgroups: ntpsuckers, deadslow + excludehostgroups: deadslow servicegroups: time # - @@ -1638,11 +1726,29 @@ services: remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$" runfrom: lotti hostgroups: computers + excludehostgroups: alioth - name: remote logging on lully remotecheck: "/usr/lib/nagios/plugins/dsa-check-log-age-loghost $HOSTNAME$" runfrom: lully hostgroups: computers + excludehostgroups: alioth + - + name: MQ connection on rainier + remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa" + runfrom: rainier + hostgroups: computers + normal_check_interval: 60 + retry_check_interval: 15 + excludehostgroups: alioth + - + name: MQ connection on rapoport + remotecheck: "/usr/lib/nagios/plugins/dsa-check-mq-connection $HOSTNAME$ ud dsa" + runfrom: rapoport + hostgroups: computers + normal_check_interval: 60 + retry_check_interval: 15 + excludehostgroups: alioth ### MAIL STUFF ### - @@ -1778,23 +1884,23 @@ services: - name: process - weightd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (master)'" - hostgroups: heavy-postfix + hostgroups: heavy-postfix, alioth - name: process - weightd - cache nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -a 'policyd-weight (cache)'" - hostgroups: heavy-postfix + hostgroups: heavy-postfix, alioth depends: process - weightd - master - name: process - weightd - child nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -a 'policyd-weight (child)'" - hostgroups: heavy-postfix + hostgroups: heavy-postfix, alioth depends: process - weightd - master ### - name: unwanted process - policyd-weight nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight" hostgroups: computers - excludehostgroups: heavy-postfix, deadslow + excludehostgroups: heavy-postfix, deadslow, alioth ### @@ -1885,15 +1991,12 @@ services: nrpe: "/usr/lib/nagios/plugins/dsa-check-config" hostgroups: computers normal_check_interval: 60 + excludehostgroups: alioth - name: setup - local hostname etc-hosts nrpe: 'if getent ahosts `hostname` | grep -q 127.0; then echo "Warning: local hostname resolves to 127/8 address"; exit 1; else echo "OK: Hostname resolves to non-127/8 address."; exit 0; fi' hostgroups: computers normal_check_interval: 60 - - - name: setup - ud-ldap freshness - nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness" - hostgroups: computers - name: system - available entropy nrpe: "/usr/lib/nagios/plugins/dsa-check-entropy" @@ -1916,6 +2019,7 @@ services: name: process - unbound nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u unbound -C unbound -a '/usr/sbin/unbound'" hostgroups: unbound-hosts, squeeze, wheezy + excludehostgroups: alioth ### - name: process - uptimed @@ -1965,10 +2069,6 @@ services: name: "host SSL cert" nrpe: "if [ -e /etc/ssl/certs/thishost.pem ]; then /usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/certs/thishost.pem; else echo 'No thishost.pem on this host.'; fi" hostgroups: computers - - - name: "pg SSL cert" - nrpe: "/usr/lib/nagios/plugins/dsa-check-cert-expire /etc/ssl/certs/pg-ubcece.debian.org-chained.pem" - hosts: danzi ############ Processes/Services that only run on some computers ############ #### @@ -1998,22 +2098,30 @@ services: hostgroups: sw-raid ### + - + name: process - ud-replicated + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C ud-replicated -a '/usr/bin/python /usr/bin/ud-replicated'" + hostgroups: computers + excludehostgroups: squeeze, freebsd, alioth + - + name: process - ud-replicated + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C python2.7 -a '/usr/bin/python /usr/bin/ud-replicated'" + hostgroups: freebsd - name: process - monit nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C monit -a '/usr/sbin/monit -d 300 -I -c /etc/monit/monitrc -s /var/lib/monit/monit.state'" - hostgroups: computers - excludehosts: quantz - excludehostgroups: armhf + hostgroups: squeeze - name: process - monit nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C monit -a '/usr/bin/monit -d 300 -I -c /etc/monit/monitrc -s /var/lib/monit/monit.state'" - hostgroups: wheezy + hostgroups: computers + excludehostgroups: squeeze, alioth - name: HW - hpacucli status servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli" normal_check_interval: 120 - hostgroups: dl385, dl380, dl360, bl460 + hostgroups: dl385, dl380, dl360, bl460, dl180 excludehosts: schein, rietz - name: HW - hpacucli status @@ -2040,6 +2148,13 @@ services: normal_check_interval: 120 hostgroups: dl585 ### + - + name: HW - edac status + nrpe: "/usr/lib/nagios/plugins/dsa-check-edac" + normal_check_interval: 120 + hosts: lw05, lw06 + #hostgroups: computers + #excludehosts: villa, lobos, senfl, schein - name: HW - hpasmcli status nrpe: "/usr/lib/nagios/plugins/dsa-check-hpasm" @@ -2187,6 +2302,16 @@ services: # there is always one extra process per check currently running.. nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C icinga -a '/usr/sbin/icinga -d /etc/icinga/icinga.cfg'" hosts: tchaikovsky + ### + - + name: process - jetty - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a 'jsvc.exec'" + hostgroups: jetty-hosts + - + name: process - jetty - worker + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u jetty -a 'jsvc.exec -user jetty'" + hostgroups: jetty-hosts + depends: process - jetty - master ### - @@ -2229,6 +2354,7 @@ services: check: check_https hostgroups: apache-https excludehosts: handel,menotti + excludehostgroups: broken_https_default_vhost depends: "process - apache2 - master" normal_check_interval: 120 - @@ -2237,6 +2363,12 @@ services: hosts: handel,menotti depends: "process - apache2 - master" normal_check_interval: 120 + - + name: network service - https + check: dsa_check_https_any_status + hostgroups: broken_https_default_vhost + depends: "process - apache2 - master" + normal_check_interval: 120 - name: network service - https cert check: dsa_check_cert!443 @@ -2340,7 +2472,7 @@ services: hostgroups: computers - name: process - postgresql91 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:4 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'" + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'" hostgroups: postgres91-hosts - name: postgresql backups @@ -2353,7 +2485,7 @@ services: name: process - stunnel4 - puppet-ekeyd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/puppet-ekeyd.conf'" hostgroups: squeeze, wheezy - excludehostgroups: freebsd + excludehostgroups: freebsd, alioth #### - name: process - UPS - nut usbhid-ups - ups1 @@ -2453,6 +2585,13 @@ services: ############ MISC OTHER Stuff ############ ##### + - + name: puppetmaster cert + nrpe: "/usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem" + hosts: handel + normal_check_interval: 60 + max_check_attempts: 2 + retry_check_interval: 5 - name: mirror sync - bugs check: "dsa_check_mirrorsync_skew!bugs.debian.org!project/trace/bugs-master.debian.org!120:600" @@ -2477,38 +2616,48 @@ services: retry_check_interval: 5 - name: DNS SOA sync - debian.org - check: "dsa_check_soas_add!draghi.debian.org!debian.org" + check: "dsa_check_soas_add!denis.debian.org!debian.org" hosts: global - name: DNS SOA sync - debian.net - check: "dsa_check_soas_add!draghi.debian.org!debian.net" + check: "dsa_check_soas_add!denis.debian.org!debian.net" hosts: global - name: DNS SOA sync - debian.com - check: "dsa_check_soas_add!draghi.debian.org!debian.com" + check: "dsa_check_soas_add!denis.debian.org!debian.com" hosts: global - name: DNS SOA sync - mirror.debian.net - check: "dsa_check_soas_add!draghi.debian.org!mirror.debian.net" + check: "dsa_check_soas_add!denis.debian.org!mirror.debian.net" hosts: global - name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa - check: "dsa_check_soas_add!draghi.debian.org!144-28.118.59.86.in-addr.arpa" + check: "dsa_check_soas_add!denis.debian.org!144-28.118.59.86.in-addr.arpa" hosts: global - name: DNS SOA sync - alioth.debian.org check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org" hosts: global - - name: DNS SEC - signature expiry + name: DNS - delegation and signature expiry + hosts: global + remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-rrsig-expiration-many --warn 20d --critical 7d --geozonedir /srv/dns.debian.org/repositories/auto-dns/zones /srv/dns.debian.org/repositories/domains" + runfrom: denis + - + name: DNS - security delegations hosts: global - remotecheck: "/usr/lib/nagios/plugins/dsa-check-zone-rrsig-expiration-many --warn 20d --critical 7d --geozonedir /srv/dns.debian.org/geo/zones /srv/dns.debian.org/var/gitdns/domains" - runfrom: orff + remotecheck: "/usr/lib/nagios/plugins/dsa-check-dnssec-delegation --dir /srv/dns.debian.org/repositories/domains --dir /srv/dns.debian.org/repositories/auto-dns/zones check-header" + runfrom: denis - - name: DNS SEC - delegations + name: DNS - key coverage hosts: global - remotecheck: "/usr/lib/nagios/plugins/dsa-check-dnssec-delegation --dir /srv/dns.debian.org/var/gitdns/domains --dir /srv/dns.debian.org/geo/zones check-header" - runfrom: orff + remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/coverage" + runfrom: denis + - + name: DNS - DS expiry + hosts: global + remotecheck: "/usr/lib/nagios/plugins/dsa-check-statusfile /srv/dns.debian.org/var/nagios/ds" + runfrom: denis ############ - @@ -2526,8 +2675,64 @@ services: hosts: giustini - name: event log - remotecheck: "/usr/lib/nagios/plugins/dsa-check-msa-eventlog --start=7778 $HOSTADDRESS$ public" + remotecheck: "/usr/lib/nagios/plugins/dsa-check-msa-eventlog --start=8867 $HOSTADDRESS$ public" runfrom: dijkstra hosts: giustini + ############ + - + name: current chroots + nrpe: "/usr/lib/nagios/plugins/dsa-check-dchroots-current" + hostgroups: porterbox + normal_check_interval: 60 + retry_check_interval: 15 + ############ + - + name: process - openstack - keystone + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C keystone-all -a '/usr/bin/python /usr/bin/keystone-all'" + hostgroups: openstack-controller + - + name: process - openstack - memcached + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nobody -C memcached -a '/usr/bin/memcached -m 64 -p 11211 -u nobody -l 127.0.0.1'" + hostgroups: openstack-controller + - + name: process - openstack - glance-registry + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u glance -C glance-registry -a '/usr/bin/python /usr/bin/glance-registry'" + hostgroups: openstack-controller + - + name: process - openstack - nova-api + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-api -a '/usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-api.log'" + hostgroups: openstack-controller + - + name: process - openstack - nova-compute + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-compute -a '/usr/bin/python /usr/bin/nova-compute --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-compute.log --config-file=/etc/nova/nova-compute.conf'" + hostgroups: openstack-compute + - + name: process - openstack - nova-cert + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-cert -a '/usr/bin/python /usr/bin/nova-cert --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-cert.log'" + hostgroups: openstack-controller + - + name: process - openstack - nova-conductor + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-conductor -a '/usr/bin/python /usr/bin/nova-conductor --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-conductor.log'" + hostgroups: openstack-controller + - + name: process - openstack - nova-consoleauth + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-consoleauth -a '/usr/bin/python /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-consoleauth.log'" + hostgroups: openstack-controller + - + name: process - openstack - nova-scheduler + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-scheduler -a '/usr/bin/python /usr/bin/nova-consoleauth --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-scheduler.log'" + hostgroups: openstack-controller + - + name: process - openstack - nova-spicehtml5proxy + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-spicehtml5proxy -a '/usr/bin/python /usr/bin/nova-spicehtml5proxy --log-file /var/log/nova/nova-consoleproxy.log'" + hostgroups: openstack-controller + - + name: process - openstack - neutron-server + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u neutron -C neutron-server -a '/usr/bin/python2.7 /usr/bin/neutron-server --config-file=/etc/neutron/neutron.conf --log-file=/var/log/neutron/neutron-server.log --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini'" + hostgroups: openstack-controller + - + name: process - openstack - nova-compute + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u nova -C nova-compute -a '/usr/bin/python /usr/bin/nova-compute --config-file=/etc/nova/nova.conf --log-file /var/log/nova/nova-compute.log --config-file=/etc/nova/nova-compute.conf'" + hostgroups: openstack-controller # vim: set ts=2 sw=2 et ai si fdm=marker: