X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=config%2Fnagios-master.cfg;h=8f46b7a44dc443073aa52d0dd4c6db053e91a5d7;hb=637e5f965db829fc40539b1786bc700e1677bfd1;hp=a432e4e729a08aa8841efcc3b3a67075efe12a5f;hpb=e313f7d1d139ad3de5ae8d99a49f33244fc3aacb;p=mirror%2Fdsa-nagios.git diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg index a432e4e..8f46b7a 100644 --- a/config/nagios-master.cfg +++ b/config/nagios-master.cfg @@ -85,10 +85,6 @@ servers: address: 72.52.94.70 parents: gw-ubcece hostgroups: layer3-infrastructure - gw-karlsruhe: - address: 129.143.59.214 - parents: gw-ubcece - hostgroups: layer3-infrastructure gw-leaseweb: address: 185.17.185.190 parents: gw-ubcece @@ -143,7 +139,7 @@ servers: parents: gw-ubcece hostgroups: layer3-infrastructure gw-unicamp: - address: 177.220.10.129 + address: 143.106.167.113 parents: gw-ubcece hostgroups: layer3-infrastructure gw-utwente: @@ -409,9 +405,7 @@ servers: moszumanska: address: 5.153.231.21 parents: ganeti-bytemark - contact_groups: alioth-admins - hostgroups: computers, general, wheezy, postgres91-hosts, apache2-hosts, acpid-hosts, apache-https, brokensamhain, no-bacula, bind9-hosts, xinetd-hosts, alioth, heavy-exim, spamd - no-servicegroups: true + hostgroups: secondary-IPs dillon: address: 5.153.231.22 parents: ganeti-bytemark @@ -447,7 +441,7 @@ servers: x86-bm-01: address: 5.153.231.32 parents: ganeti-bytemark - hostgroups: computers, kvmdomains, stretch, no-bacula, systemd-timesyncd + hostgroups: computers, pybuildd, hassrvfs, kvmdomains, stretch, systemd-timesyncd tate: address: 5.153.231.33 parents: ganeti-bytemark @@ -597,7 +591,7 @@ servers: pkgmirror-csail: address: 128.31.0.51 parents: ganeti-csail - hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, hassrvfs, systemd-timesyncd + hostgroups: computers, service, kvmdomains, stretch, apache2-hosts, no-bacula, apache-https, hassrvfs, systemd-timesyncd, varnish-hosts usper: address: 128.31.0.69 parents: ganeti-csail @@ -643,7 +637,7 @@ servers: x86-grnet-01: address: 194.177.211.203 parents: ganeti-grnet - hostgroups: computers, buildd, hassrvfs, kvmdomains, stretch, systemd-timesyncd + hostgroups: computers, pybuildd, hassrvfs, kvmdomains, stretch, systemd-timesyncd vittoria: address: 194.177.211.205 parents: ganeti-grnet @@ -687,27 +681,32 @@ servers: lw01: address: 185.17.185.177 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw02: address: 185.17.185.178 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw03: address: 185.17.185.179 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw04: address: 185.17.185.180 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-server, rsyncd-hosts + hostgroups: computers, service, stretch, dl180, nfs-server, rsyncd-hosts lw07: address: 185.17.185.187 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-client, autofs, hassrvfs, postgres94-hosts, apache2-hosts + hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts + lw07-2: + address: 185.17.185.185 + parents: lw07 + hostgroups: secondary-IPs, https-service + lw08: address: 185.17.185.189 parents: gw-leaseweb - hostgroups: computers, service, jessie, dl180, nfs-client, autofs, hassrvfs, apache2-hosts + hostgroups: computers, service, stretch, dl180, nfs-client, autofs, hassrvfs, apache2-hosts lw09: address: 185.17.185.181 parents: gw-leaseweb @@ -717,13 +716,6 @@ servers: parents: gw-leaseweb hostgroups: computers, service, stretch, dl180 # }}} - # {{{ gw-karlsruhe - zemlinsky: - address: 129.143.160.6 - parents: gw-karlsruhe - hostgroups: computers, buildd, stretch - contacts: pkern - # }}} # {{{ gw-manda czerny: address: 82.195.75.109 @@ -818,7 +810,7 @@ servers: zani: address: 148.100.88.22 parents: gw-marist - hostgroups: computers, buildd, hassrvfs, stretch, incomingmailrelayed + hostgroups: computers, pybuildd, hassrvfs, stretch, incomingmailrelayed # }}} # {{{ gw-osuosl byrd: @@ -842,20 +834,20 @@ servers: address: 140.211.166.197 parents: pieta hostgroups: computers, hassrvfs, buildd, jessie - partch: - address: 140.211.15.152 - parents: gw-osuosl - hostgroups: computers, jessie, hassrvfs, porterbox, sw-raid # }}} # {{{ gw-sanger sallinen: address: 193.62.202.26 parents: gw-sanger - hostgroups: computers, service, stretch, dl380, nfs-client, autofs, postgres96-hosts + hostgroups: computers, service, stretch, dl380, nfs-client, autofs, postgres96-hosts, apache2-hosts, haproxy-hosts, haproxy-https-host, varnish-hosts + sallinen-2: + address: 193.62.202.27 + parents: sallinen + hostgroups: secondary-IPs, https-service sibelius: address: 193.62.202.28 parents: gw-sanger - hostgroups: computers, postgres94-hosts, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server + hostgroups: computers, postgres94-hosts, service, apache2-hosts, sw-raid, jessie, rsyncd-hosts, hasvarlogfs, multipath-hosts, nfs-server, varnish-hosts contacts: tjrc1, dave smetana: address: 193.62.202.29 @@ -995,11 +987,19 @@ servers: godard: address: 209.87.16.44 parents: ubc-gateway - hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd, postfix-hosts, postgres96-hosts, manyprocesses + hostgroups: computers, service, kvmdomains, stretch, hassrvfs, apache2-hosts, apache-https, systemd-timesyncd, postfix-hosts, postgres96-hosts, crazymanyprocesses debussy: address: 209.87.16.46 parents: ubc-gateway hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https, broken_https_default_vhost + kantuser: + address: 209.87.16.47 + parents: ubc-gateway + hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts + grabbe: + address: 209.87.16.48 + parents: ubc-gateway + hostgroups: computers, service, kvmdomains, stretch, systemd-timesyncd, apache2-hosts, apache-https # }}} # {{{ gw-umn #saens: @@ -1025,19 +1025,19 @@ servers: # }}} # {{{ gw-unicamp prokofiev: - address: 177.220.10.140 + address: 143.106.167.124 parents: gw-unicamp hostgroups: computers, stretch, service, manyprocesses powerpc-unicamp-01: - address: 177.220.10.141 + address: 143.106.167.120 parents: prokofiev hostgroups: computers, hassrvfs, buildd, jessie ppc64el-unicamp-01: - address: 177.220.10.142 + address: 143.106.167.121 parents: prokofiev hostgroups: computers, hassrvfs, buildd, stretch plummer: - address: 177.220.10.143 + address: 143.106.167.122 parents: prokofiev hostgroups: computers, porterbox, hassrvfs, stretch # }}} @@ -1113,6 +1113,8 @@ hostgroups: alias: machines running services buildd: alias: buildd systems + pybuildd: + alias: buildd systems running pybuildd general: alias: general purpose developer accessible machines @@ -1192,9 +1194,6 @@ hostgroups: xinetd-hosts: alias: hosts providing services via xinetd private: 1 - postgres91-hosts: - alias: hosts running postgres91 - private: 1 postgres94-hosts: alias: hosts running postgres94 private: 1 @@ -1227,6 +1226,17 @@ hostgroups: private: 1 manyprocesses: alias: hosts with lots and lots of (kernel) processes + crazymanyprocesses: + alias: hosts with stupidly lots of processes + varnish-hosts: + alias: hosts running varnish + private: 1 + haproxy-hosts: + alias: hosts running haproxy + private: 1 + haproxy-https-host: + alias: "host providing https on the standard port via haproxy" + private: 1 no-bacula: alias: hosts which are not being backed up with bacula @@ -1482,6 +1492,38 @@ services: servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /storage/snapshot-farm-10" hosts: lw10 + + - + name: disk usage on nfs farm 1 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-1" + hosts: lw07 + - + name: disk usage on nfs farm 2 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-2" + hosts: lw07 + - + name: disk usage on nfs farm 3 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-3" + hosts: lw07 + - + name: disk usage on nfs farm 4 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-4" + hosts: lw07 + - + name: disk usage on nfs farm 09 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-09" + hosts: lw07 + - + name: disk usage on nfs farm 10 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 95 97 /auto.dsa/snapshot-10" + hosts: lw07 + - name: disk usage on /srv/morgue.debian.org/ servicegroups: diskspace @@ -1535,11 +1577,15 @@ services: name: processes - total nrpe: "/usr/lib/nagios/plugins/check_procs 620 700" hostgroups: computers - excludehostgroups: manyprocesses + excludehostgroups: manyprocesses, crazymanyprocesses - name: processes - total hostgroups: manyprocesses nrpe: "/usr/lib/nagios/plugins/check_procs 1500 1700" + - + name: processes - total + hostgroups: crazymanyprocesses + nrpe: "/usr/lib/nagios/plugins/check_procs 15000 25000" - name: free memory - mb nrpe: "/usr/lib/nagios/plugins/dsa-check-memory -m mb" @@ -1599,7 +1645,7 @@ services: remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula $HOSTNAME$.debian.org" runfrom: dinis hostgroups: computers - excludehostgroups: buildd, porterbox, no-bacula + excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - @@ -1608,7 +1654,7 @@ services: remotecheck: "/usr/lib/nagios/plugins/dsa-check-bacula -w 1080 -c 1560 $HOSTNAME$.debian.org F" runfrom: dinis hostgroups: computers - excludehostgroups: buildd, porterbox, no-bacula + excludehostgroups: buildd, pybuildd, porterbox, no-bacula check_interval: 60 retry_interval: 15 - @@ -1671,11 +1717,6 @@ services: name: puppetized firewall nrpe: "/usr/lib/nagios/plugins/dsa-check-file -w -f /etc/ferm/conf.d/defs.conf" hostgroups: computers - - - name: process - ulogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'" - hostgroups: computers - excludehostgroups: sparc, jessie, stretch - name: process - ulogd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ulog -C ulogd -a '/usr/sbin/ulogd --daemon --uid ulog'" @@ -1877,11 +1918,6 @@ services: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -p 1 -C systemd-udevd -a '/lib/systemd/systemd-udevd'" hostgroups: jessie, stretch ### - - - name: process - acpid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'" - hostgroups: acpid-hosts - excludehostgroups: jessie, stretch - name: unexpected process - acpid nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid" @@ -1961,11 +1997,6 @@ services: name: "sso CRL" nrpe: "if [ -e /var/lib/dsa/sso/ca.crl ]; then /usr/lib/nagios/plugins/dsa-check-crl-expire -w 129600 -c 86400 /var/lib/dsa/sso/ca.crl; else echo 'No sso/ca.crl on this host.'; fi" hostgroups: computers - - - name: SSL certs - puppet - hosts: global - remotecheck: "/usr/lib/nagios/plugins/dsa-check-cert-expire-dir /etc/puppet/modules/ssl/files/servicecerts" - runfrom: handel - name: SSL certs - LE hosts: global @@ -2102,16 +2133,10 @@ services: nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl" hostgroups: heavy-exim, heavy-postfix depends: process - clamav - clamd - - - name: process - clamav - freshclam - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'" - hostgroups: heavy-exim, heavy-postfix - excludehostgroups: jessie, stretch - name: process - clamav - freshclam nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --foreground=true'" hostgroups: heavy-exim, heavy-postfix - excludehostgroups: wheezy - name: unwanted process - clamav nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd" @@ -2124,18 +2149,11 @@ services: excludehostgroups: heavy-exim, heavy-postfix # }}} # {{{ anti-spam - - - name: process - spamd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" - hostgroups: spamd - excludehosts: picconi - excludehostgroups: jessie, stretch - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir'" hostgroups: spamd excludehosts: picconi - excludehostgroups: wheezy - name: process - spamd - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 20 --min-spare=5 --helper-home-dir'" @@ -2164,16 +2182,10 @@ services: hostgroups: computers ### - - - name: process - postgrey - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" - hostgroups: heavy-exim - excludehostgroups: jessie, stretch - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" hostgroups: heavy-exim - excludehostgroups: wheezy - name: process - postgrey nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -a 'postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'" @@ -2372,15 +2384,52 @@ services: - name: network service - https cert check: dsa_check_cert!443 - hostgroups: apache-https, https-service + hostgroups: apache-https, https-service, haproxy-https-host depends: network service - https check_interval: 60 - name: unwanted network service - https check: dsa_check_port_closed!443 hostgroups: apache2-hosts - excludehostgroups: apache-https + excludehostgroups: apache-https, haproxy-https-host check_interval: 60 + + ### + - + name: process - haproxy - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -a '/usr/sbin/haproxy-systemd-wrapper'" + hostgroups: haproxy-hosts + - + name: process - haproxy - worker + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1:15 -u haproxy -a '/usr/sbin/haproxy '" + hostgroups: haproxy-hosts + depends: process - haproxy - master + - + name: network service - https + check: check_https + hostgroups: haproxy-https-host + depends: "process - haproxy - master" + check_interval: 120 + + - + name: unwanted process - haproxy + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C haproxy" + hostgroups: computers + excludehostgroups: haproxy-hosts + + ### + - + name: process - varnish + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1:15 -u vcache -a '/usr/sbin/varnishd -j unix,user=vcache -F -a '" + hostgroups: varnish-hosts + excludehostgroups: jessie + - + name: unwanted process - varnish + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C varnishd" + hostgroups: computers + excludehostgroups: varnish-hosts + + # }}} # {{{ FTP - @@ -2393,15 +2442,11 @@ services: name: unwanted process - postgresql nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres" hostgroups: computers - excludehostgroups: postgres91-hosts, postgres94-hosts, postgres96-hosts + excludehostgroups: postgres94-hosts, postgres96-hosts - name: unwanted process - postgresql 9.0 nrpe: "/usr/lib/nagios/plugins/check_procs -w 0 -C postgres -a '9.0/bin/postgres'" hostgroups: computers - - - name: process - postgresql91 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.1/bin/postgres'" - hostgroups: postgres91-hosts - name: process - postgresql94 - master nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/9.4/bin/postgres'" @@ -2422,19 +2467,20 @@ services: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:5 -u buildd -C buildd -a '/usr/bin/buildd'" hostgroups: buildd contact_groups: buildd + - + name: process - buildd + servicegroups: buildd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:5 -u buildd -C python3 -a 'buildd.py'" + hostgroups: pybuildd + contact_groups: buildd - name: processes - zombie schroot nrpe: "(/usr/lib/nagios/plugins/check_procs -a schroot -s Zs -c 0 > /dev/null || /usr/lib/nagios/plugins/check_procs -a schroot -s Zs -c 0) && /usr/lib/nagios/plugins/check_procs -a schroot -s ZNs -c 0" - hostgroups: buildd + hostgroups: buildd, pybuildd contact_groups: +buildd check_interval: 5 max_check_attempts: 24 retry_interval: 5 - - - name: processes - lvcreate - nrpe: "/usr/lib/nagios/plugins/check_procs -m 'ELAPSED' -c 500 -C lvcreate -u root -a 'lvcreate'" - hostgroups: buildd - contact_groups: +buildd # }}} # {{{ NFS Stuff - @@ -2894,7 +2940,6 @@ services: name: puppet - agent check nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/puppet-agent" hostgroups: computers - excludehosts: moszumanska check_interval: 60 retry_interval: 15 # }}}