Add a check for puppet client cert expiration

It has been noticed while regenerating the puppet CA certificate that a
few puppet client certificate were also about to expire. We didn't have
any check in nagios for that, but thanks to Heartbleed this has not been
an issue.

diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg
index af2a92b..363e159 100644 (file)
--- a/config/nagios-master.cfg
+++ b/config/nagios-master.cfg
@@ -2928,6 +2928,13 @@ services:
     hostgroups: computers
     check_interval:  60
     retry_interval: 15
+  -
+    name: puppet - client cert
+    nrpe: "sudo -u puppet /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/$HOSTNAME$.debian.org.pem"
+    hostgroups: computers
+    check_interval: 60
+    max_check_attempts: 2
+    retry_interval: 5
   ####
   -
     name: ping peer on mgmt network