From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun, 31 Mar 2019 19:04:28 +0000 (+0200)
Subject: Add a check for puppet client cert expiration
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e88536af180f92dee0a035de9fce7e3b6ecf2bb8;hp=23da63fdcf009e97c001c123eba66a652b8588bb;p=mirror%2Fdsa-nagios.git

Add a check for puppet client cert expiration

It has been noticed while regenerating the puppet CA certificate that a
few puppet client certificate were also about to expire. We didn't have
any check in nagios for that, but thanks to Heartbleed this has not been
an issue.
---

diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg
index af2a92b..363e159 100644
--- a/config/nagios-master.cfg
+++ b/config/nagios-master.cfg
@@ -2928,6 +2928,13 @@ services:
     hostgroups: computers
     check_interval:  60
     retry_interval: 15
+  -
+    name: puppet - client cert
+    nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/$HOSTNAME$.debian.org.pem"
+    hostgroups: computers
+    check_interval: 60
+    max_check_attempts: 2
+    retry_interval: 5
   ####
   -
     name: ping peer on mgmt network