Akosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/93965
Change subject: Check for administratively disabled puppet
......................................................................
Check for administratively disabled puppet
Using NRPE we check if a host has had it puppet administrative disabled
aka puppetd --disable. This should help getting an easier overview of
when something like that is happening and hopefully why
Change-Id: I646c25ccb5ce1b9c41d45c5c30fb3172e86225f2
---
A modules/base/files/monitoring/check_puppet_disabled
M modules/base/manifests/monitoring/host.pp
2 files changed, 26 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/65/93965/1
diff --git a/modules/base/files/monitoring/check_puppet_disabled
b/modules/base/files/monitoring/check_puppet_disabled
new file mode 100755
index 0000000..becbc99
--- /dev/null
+++ b/modules/base/files/monitoring/check_puppet_disabled
@@ -0,0 +1,16 @@
+#!/bin/bash
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///modules/base/monitoring/check_puppet_disabled
+#####################################################################
+#
+# if lock file exists and has 0 size, then the lock is not part of a puppetrun
+# (Normal puppetrun locks contain process pid)
+#
+
+FILE=/var/lib/puppet/state/puppetdlock
+
+test -f $FILE && ! test -s $FILE && echo "WARNING: Orphan puppetlock detected"
&& exit 1
+
+echo "OK"
+exit 0
diff --git a/modules/base/manifests/monitoring/host.pp
b/modules/base/manifests/monitoring/host.pp
index 68b5cd5..2266622 100644
--- a/modules/base/manifests/monitoring/host.pp
+++ b/modules/base/manifests/monitoring/host.pp
@@ -32,11 +32,12 @@
mode => '0555',
source => 'puppet:///modules/base/monitoring/check-raid.py';
}
-
- # FIXME: this used to be redundant sudo for check-raid
- # they can be removed when they're deployed across the fleet
- file { [ '/etc/sudoers.d/nrpe', '/etc/sudoers.d/icinga' ]:
- ensure => absent,
+ file { '/usr/local/lib/nagios/plugins/check_puppet_disabled':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => '0555',
+ source =>
'puppet:///modules/base/monitoring/check_puppet_disabled';
}
sudo_user { 'nagios':
@@ -55,5 +56,9 @@
description => 'DPKG',
nrpe_command => '/usr/local/lib/nagios/plugins/check_dpkg',
}
+ nrpe::monitor_service { 'puppet_disabled':
+ description => 'puppet disabled',
+ nrpe_command =>
'/usr/local/lib/nagios/plugins/check_puppet_disabled',
+ }
}
}
--
To view, visit https://gerrit.wikimedia.org/r/93965
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I646c25ccb5ce1b9c41d45c5c30fb3172e86225f2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Akosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
