From e88536af180f92dee0a035de9fce7e3b6ecf2bb8 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun, 31 Mar 2019 21:04:28 +0200
Subject: [PATCH 1/1] Add a check for puppet client cert expiration

It has been noticed while regenerating the puppet CA certificate that a
few puppet client certificate were also about to expire. We didn't have
any check in nagios for that, but thanks to Heartbleed this has not been
an issue.
---
 config/nagios-master.cfg | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg
index af2a92b..363e159 100644
--- a/config/nagios-master.cfg
+++ b/config/nagios-master.cfg
@@ -2928,6 +2928,13 @@ services:
     hostgroups: computers
     check_interval:  60
     retry_interval: 15
+  -
+    name: puppet - client cert
+    nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/$HOSTNAME$.debian.org.pem"
+    hostgroups: computers
+    check_interval: 60
+    max_check_attempts: 2
+    retry_interval: 5
   ####
   -
     name: ping peer on mgmt network
-- 
2.20.1