[MediaWiki-commits] [Gerrit] operations/puppet[production]: role: add ssh blackbox probes for bastions

Filippo Giunchedi (Code Review) Wed, 23 Aug 2017 03:29:54 -0700

Filippo Giunchedi has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/373261 )


Change subject: role: add ssh blackbox probes for bastions
......................................................................

role: add ssh blackbox probes for bastions

ICMP probing requires either root or CAP_NET_RAW. While deciding whether
to use it or not, turn on ssh probing as well as tcp probing doesn't
require elevated privileges.

Bug: T169860
Change-Id: Ic2ad862b1a6cccff119496ba79bcc06549aa98d3
---
M modules/role/manifests/prometheus/ops.pp
1 file changed, 26 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/61/373261/1

diff --git a/modules/role/manifests/prometheus/ops.pp 
b/modules/role/manifests/prometheus/ops.pp
index 39b17c7..3b3bb1b 100644
--- a/modules/role/manifests/prometheus/ops.pp
+++ b/modules/role/manifests/prometheus/ops.pp
@@ -43,6 +43,27 @@
         ],
       },
       {
+        'job_name'        => 'blackbox_ssh',
+        'metrics_path'    => '/probe',
+        'params'          => {
+          'module' => [ 'ssh_banner' ],
+        },
+        'file_sd_configs' => [
+          { 'files' => [ "${targets_path}/blackbox_ssh_*.yaml" ] }
+        ],
+        'relabel_configs' => [
+          { 'source_labels' => ['__address__'],
+            'target_label'  => '__param_target',
+          },
+          { 'source_labels' => ['__param_target'],
+            'target_label'  => 'instance',
+          },
+          { 'target_label' => '__address__',
+            'replacement'  => '127.0.0.1:9115',
+          },
+        ],
+      },
+      {
         'job_name'        => 'blackbox_tcp',
         'metrics_path'    => '/probe',
         'params'          => {
@@ -107,10 +128,14 @@
       },
     ]
 
-    # Ping all bastions from all machines running prometheus::ops
+    # Ping and SSH probes for all bastions from all machines running
+    # prometheus::ops
     file { "${targets_path}/blackbox_icmp_bastions.yaml":
       content => ordered_yaml([{'targets' => 
$::network::constants::special_hosts[$::realm]['bastion_hosts']}]),
     }
+    file { "${targets_path}/blackbox_ssh_bastions.yaml":
+      content => ordered_yaml([{'targets' => 
$::network::constants::special_hosts[$::realm]['bastion_hosts']}]),
+    }
 
     # Add one job for each of mysql 'group' (i.e. their broad function)
     # Each job will look for new files matching the glob and load the job

-- 
To view, visit https://gerrit.wikimedia.org/r/373261
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic2ad862b1a6cccff119496ba79bcc06549aa98d3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: role: add ssh blackbox probes for bastions

Reply via email to