Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/87574
Change subject: base: cleanup sudo definitions for check-raid.py
......................................................................
base: cleanup sudo definitions for check-raid.py
We had three separate definitions for check-raid's sudo, using both
sudo_user & file resources, two of which were complete redundant. Get
rid of all that and just replace with a simple, sane, sudo definition.
Also indent the nrpe checks in the same class
Change-Id: I4fa36450a09aa1237d866e6572a7761c9947c02b
---
M modules/base/manifests/monitoring/host.pp
1 file changed, 20 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/74/87574/1
diff --git a/modules/base/manifests/monitoring/host.pp
b/modules/base/manifests/monitoring/host.pp
index fa4ec7d..68b5cd5 100644
--- a/modules/base/manifests/monitoring/host.pp
+++ b/modules/base/manifests/monitoring/host.pp
@@ -33,20 +33,27 @@
source => 'puppet:///modules/base/monitoring/check-raid.py';
}
- sudo_user { [ 'nagios', 'icinga' ]: privileges => ['ALL = NOPASSWD:
/usr/local/bin/check-raid.py'] }
- nrpe::monitor_service { 'raid' : description => 'RAID', nrpe_command
=> 'sudo /usr/local/bin/check-raid.py' }
- nrpe::monitor_service { 'disk_space' : description => 'Disk space',
nrpe_command => '/usr/lib/nagios/plugins/check_disk -w 6% -c 3% -l -e' }
- nrpe::monitor_service { 'dpkg' : description => 'DPKG', nrpe_command
=> '/usr/local/lib/nagios/plugins/check_dpkg' }
+ # FIXME: this used to be redundant sudo for check-raid
+ # they can be removed when they're deployed across the fleet
+ file { [ '/etc/sudoers.d/nrpe', '/etc/sudoers.d/icinga' ]:
+ ensure => absent,
+ }
- ## this is only needed for the raid checks.
- ## should be able to move into sudo_user def above once puppet is
caught up
- if $::lsbdistid == 'Ubuntu' and versioncmp($::lsbdistrelease, '10.04')
>= 0 {
- file { '/etc/sudoers.d/nrpe':
- owner => root,
- group => root,
- mode => '0440',
- content => "nagios ALL = (root) NOPASSWD:
/usr/local/bin/check-raid.py\n",
- }
+ sudo_user { 'nagios':
+ privileges => ['ALL = NOPASSWD: /usr/local/bin/check-raid.py'],
+ }
+ nrpe::monitor_service { 'raid':
+ description => 'RAID',
+ nrpe_command => '/usr/bin/sudo /usr/local/bin/check-raid.py',
+ }
+
+ nrpe::monitor_service { 'disk_space':
+ description => 'Disk space',
+ nrpe_command => '/usr/lib/nagios/plugins/check_disk -w 6% -c 3% -l
-e',
+ }
+ nrpe::monitor_service { 'dpkg':
+ description => 'DPKG',
+ nrpe_command => '/usr/local/lib/nagios/plugins/check_dpkg',
}
}
}
--
To view, visit https://gerrit.wikimedia.org/r/87574
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4fa36450a09aa1237d866e6572a7761c9947c02b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
