Dzahn has submitted this change and it was merged.
Change subject: labs kvm ssl cert monitoring: fix it
......................................................................
labs kvm ssl cert monitoring: fix it
This is a follow-up to I83ba82a25e8e87 which didn't
quite work yet because the plugin needs to be executed
locally where the certs are, so we need to turn this into
an NRPE check.
And check_ssl.cfg is the config for check_ssl, a different plugin
from check_ssl_certfile.
Bug:T116332
Change-Id: I44fb35f362898d178d11f300c23ff227e59de5ba
---
M modules/nagios_common/files/check_commands/check_ssl.cfg
M modules/openstack/manifests/nova/compute.pp
2 files changed, 12 insertions(+), 7 deletions(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/nagios_common/files/check_commands/check_ssl.cfg
b/modules/nagios_common/files/check_commands/check_ssl.cfg
index cfd0fcc..23c8cd6 100644
--- a/modules/nagios_common/files/check_commands/check_ssl.cfg
+++ b/modules/nagios_common/files/check_commands/check_ssl.cfg
@@ -10,8 +10,3 @@
command_line $USER1$/check_ssl --warning 60 --critical 30 -H
$HOSTADDRESS$ -p 636 --cn $ARG1$
}
-# check SSL certs file directly, regardless of port
-define command{
- command_name check_ssl_certfile
- command_line $USER1$/check_ssl_certfile $ARG1$
-}
diff --git a/modules/openstack/manifests/nova/compute.pp
b/modules/openstack/manifests/nova/compute.pp
index a8422f6..039818e 100644
--- a/modules/openstack/manifests/nova/compute.pp
+++ b/modules/openstack/manifests/nova/compute.pp
@@ -30,9 +30,19 @@
target => "/etc/ssl/localcerts/${certname}.crt",
require => Sslcert::Certificate[$certname],
}
- monitoring::service { 'kvm_cert':
+
+ file { '/usr/local/lib/nagios/plugins/check_ssl_certfile':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source =>
'puppet:///modules/nagios_common/check_commands/check_ssl_certfile',
+ }
+
+ # T116332
+ nrpe::monitor_service { 'kvm_ssl_cert':
description => 'kvm ssl cert',
- check_command =>
"check_ssl_certfile!/etc/ssl/localcerts/${certname}.crt",
+ nrpe_command => "/usr/local/lib/nagios/plugins/check_ssl_certfile
${certname}",
}
file { '/var/lib/nova/cacert.pem':
--
To view, visit https://gerrit.wikimedia.org/r/249328
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I44fb35f362898d178d11f300c23ff227e59de5ba
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: John F. Lewis <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
