|
/
Zope
/
gocept svn checkins
/
Archive
/
2008
/
2008-12
/
SVN: r7348 - in gocept.infrastructure/feature_vm_starting/puppet/modules: net_analyzer/files/nagios/globals net_analyzer/manifests net_analyzer/templates/nagios sys_portage/files sys_portage/manifests
[
SVN: r7341 - in gocept.infrastructure/feature_vm_s... ]
[
SVN: r7350 - in gocept.infrastructure/feature_vm_s... ]
SVN: r7348 - in gocept.infrastructure/feature_vm_starting/puppet/modules: net_analyzer/files/nagios/globals net_analyzer/manifests net_analyzer/templates/nagios sys_portage/files sys_portage/manifests
Christian Kauhaus <kc(at)gocept.com> |
2008-12-19 12:45:32 |
[ FULL ]
|
Author: ckauhaus
Date: Fri Dec 19 12:45:30 2008
New Revision: 7348
Log:
relaxed check interval for GLSA to 60 minutes
Added:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/check_glsa.sh
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/files/nagios/globals/checkcommands.cfg
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/defines.pp
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/templates/nagios/service.cfg.erb
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/files/nagios/globals/checkcommands.cfg
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/files/nagios/globals/checkcommands.cfg (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/files/nagios/globals/checkcommands.cfg Fri
Dec 19 12:45:30 2008
(at)(at) -9,6 +9,11 (at)(at)
}
define command {
+ command_name customcheck
+ command_line /usr/local/nagios/plugins/check_$ARG1$ -H $HOSTADDRESS$
$ARG2$
+}
+
+define command {
command_name check_nrpe
command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -t 120
-c $ARG1$
}
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/defines.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/defines.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/defines.pp Fri
Dec 19 12:45:30 2008
(at)(at) -21,28 +21,37 (at)(at)
}
}
-define net_analyzer::service($command = false, $ensure = "present",
- $type = "direct", $check = "check",
- $dependent_servicegroup = false) {
+
+define net_analyzer::service($command=false, $ensure="present",
+ $type="direct", $dependent_servicegroup=false,
+ $interval=false, $custom_check=false) {
$directory = "/etc/nagios/hosts/$hostname"
$service = $title
$safetitle = filename_safe($title)
$file = "$safetitle.cfg"
+ $real_command = $command ? {
+ false => $service,
+ default => $command
+ }
case $type {
"direct": {
$servicegroups = "direct"
- $check_command = $command ? {
- false => "$check!$title",
- default => "$check!$command"
+ $check_command = $custom_check ? {
+ false => "check!$real_command",
+ true => "customcheck!$real_command"
}
}
"nrpe": {
$servicegroups = "nrpe"
$check_command = "check_nrpe!$safetitle"
+ $path = $custom_check ? {
+ false => "/usr/lib/nagios/plugins",
+ true => "/usr/local/nagios/plugins"
+ }
file { "/etc/nagios/nrpe/$file":
content => "\
-command[$safetitle]=/usr/lib/nagios/plugins/${check}_${command}\n"
+command[$safetitle]=${path}/check_${real_command}\n"
}
}
}
(at)(at) -56,6 +65,7 (at)(at)
}
}
+
define net_analyzer::hostgroup($comment) {
$hostgroups = "/etc/nagios/hostgroups"
$hostgroup_name = $title
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp Fri
Dec 19 12:45:30 2008
(at)(at) -36,7 +36,7 (at)(at)
"/etc/nagios/nrpe.cfg":
source => "puppet:///net_analyzer/nagios/nrpe.cfg",
require => Package["nagios-nrpe"];
- "/etc/nagios/nrpe":
+ ["/etc/nagios/nrpe", "/usr/local/nagios",
"/usr/local/nagios/plugins"]:
ensure => directory
}
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/templates/nagios/service.cfg.erb
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/templates/nagios/service.cfg.erb (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/templates/nagios/service.cfg.erb Fri
Dec 19 12:45:30 2008
(at)(at) -4,6 +4,9 (at)(at)
service_description <%= service %>
check_command <%= check_command %>
servicegroups <%= servicegroups %>
+<% if interval -%>
+ check_interval <%= interval %>
+<% end -%>
}
<% if dependent_servicegroup -%>
Added:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/check_glsa.sh
==============================================================================
--- (empty file)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/check_glsa.sh Fri
Dec 19 12:45:30 2008
(at)(at) -0,0 +1,89 (at)(at)
+#!/bin/bash
+#
+# Current version of this script available from:
+# http://dev.gentoo.org/~wschlich/misc/nagios/nagios-plugins-extra/
+# Found via:
+# http://www.gentoo.org/doc/en/nagios-guide.xml
+#
+# Nagios check script for GLSAs (Gentoo Linux Security Advisories)
+# Created by Wolfram Schlich <wschlich(at)gentoo.org>
+# Distributed under the terms of the GNU General Public License v3
+#
+# External dependencies:
+# - glsa-check from gentoolkit
+# - sed
+#
+
+##
+## nagios state specific exit codes
+##
+
+declare -i state_ok=0
+declare -i state_warning=1
+declare -i state_critical=2
+declare -i state_unknown=3
+declare -i state_dependent=4
+
+##
+## settings
+##
+
+declare -i msg_cut=150
+
+##
+## functions
+##
+
+function usage() {
+ echo
+ echo "Usage: ${0##*/}"
+ echo
+ echo " CRIT when the amount of GLSAs affecting the system is >= 1"
+ echo
+}
+
+##
+## main()
+##
+
+if [[ ! -x "$(type -p glsa-check 2>/dev/null)" ]]; then
+ echo "ERROR - 'glsa-check' not executable"
+ exit ${state_unknown}
+fi
+
+if [[ ! -x "$(type -p sed 2>/dev/null)" ]]; then
+ echo "ERROR - 'sed' not executable"
+ exit ${state_unknown}
+fi
+
+declare -a glsa_aff_ids=( $(glsa-check -n -t affected 2>/dev/null) )
+if [[ ${?} -ne 0 ]]; then
+ echo "ERROR - trouble running glsa-check to get list of GLSAs"
+ exit ${state_unknown}
+fi
+for ((i=0; i<${#glsa_aff_ids[*]}; i++)); do
+ glsa_id=${glsa_aff_ids[${i}]}
+ glsa_pkg=$(glsa-check -n -l ${glsa_id} 2>/dev/null | sed -e
's/^.*[[:space:]]([[:space:]]\(.*\)[[:space:]]).*$/\1/g')
+ if [[ ${?} -ne 0 ]]; then
+ echo "ERROR - trouble running glsa-check to get package name for GLSA
${glsa_id}"
+ exit ${state_unknown}
+ fi
+ #glsa_aff_str="${glsa_aff_str:+${glsa_aff_str} }${glsa_id}:${glsa_pkg}"
+ glsa_aff_str="${glsa_aff_str:+${glsa_aff_str} }${glsa_pkg}"
+done
+if [[ ${#glsa_aff_ids[(at)]} -gt 0 ]]; then
+ msg="CRITICAL - affecting GLSAs: ${glsa_aff_str}"
+ if [[ ${#msg} -ge ${msg_cut} ]]; then
+ echo "${msg:0:${msg_cut}}[...]"
+ else
+ echo "${msg}"
+ fi
+ exit ${state_critical}
+else
+ echo "OK - system not affected by any GLSAs"
+ exit ${state_ok}
+fi
+
+## should never reach this
+echo "ERROR - there's an error in the matrix!"
+exit ${state_unknown}
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp Fri
Dec 19 12:45:30 2008
(at)(at) -71,9 +71,15 (at)(at)
mode => 0755;
}
- net_analyzer::service { "portage convergence":
- type => "nrpe",
- command =>
- "file_age -w 43200 -c 86400 -f /var/state/portage_convergence"
+ net_analyzer::service {
+ "portage convergence":
+ type => "nrpe",
+ command =>
+ "file_age -w 43200 -c 86400 -f /var/state/portage_convergence";
+ "GLSA":
+ type => "nrpe",
+ command => "glsa",
+ custom_check => true,
+ interval => 60
}
}
|
SVN: r7353 - gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests
Christian Kauhaus <kc(at)gocept.com> |
2008-12-19 14:36:38 |
[ FULL ]
|
Author: ckauhaus
Date: Fri Dec 19 14:36:37 2008
New Revision: 7353
Log:
implemented auto-expire of Nagios checks to get rid of old definitions that are
not in use anymore
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/net_analyzer/manifests/nagios.pp Fri
Dec 19 14:36:37 2008
(at)(at) -55,6 +55,7 (at)(at)
class net_analyzer::nagios_server inherits net_analyzer::nagios_client {
include www_apache::apache
+ include app_admin::tmpwatch
package { "nagios":
notify => Service["nagios"]
(at)(at) -80,7 +81,9 (at)(at)
owner => "nagios",
group => "apache";
["/etc/nagios/hosts", "/etc/nagios/hostgroups"]:
- ensure => directory;
+ ensure => directory,
+ checksum => md5,
+ recurse => true;
"/etc/nagios/cgi.cfg":
content => template("net_analyzer/nagios/cgi.cfg.erb"),
owner => "nagios",
(at)(at) -94,9 +97,15 (at)(at)
File <<| tag == "nagios_server" |>>
- exec { "update-hostgroups":
- command => "/usr/local/sbin/update-hostgroups
/etc/nagios/hostgroups",
- notify => Service["nagios"]
+ exec {
+ "update-hostgroups":
+ command => "/usr/local/sbin/update-hostgroups
/etc/nagios/hostgroups",
+ notify => Service["nagios"];
+ "purge old Nagios checks":
+ command => "tmpwatch --all --mtime 30d \
+ /etc/nagios/hosts/ /etc/nagios/hostgroups/",
+ subscribe => [File["/etc/nagios/hosts"],
+ File["/etc/nagios/hostgroups"]];
}
Service["nagios"] {
|
SVN: r7354 - in gocept.infrastructure/feature_vm_starting/puppet: modules/sys_portage/files modules/sys_portage/manifests plugins/facter
Christian Kauhaus <kc(at)gocept.com> |
2008-12-19 15:58:11 |
[ FULL ]
|
Author: ckauhaus
Date: Fri Dec 19 15:58:10 2008
New Revision: 7354
Log:
collect world files from all hosts and rebuild packages on each binhost
Added:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/rebuild-world.sh
gocept.infrastructure/feature_vm_starting/puppet/plugins/facter/
gocept.infrastructure/feature_vm_starting/puppet/plugins/facter/portage_world.rb
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/binhost.pp
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp
Added:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/rebuild-world.sh
==============================================================================
--- (empty file)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/files/rebuild-world.sh Fri
Dec 19 15:58:10 2008
(at)(at) -0,0 +1,22 (at)(at)
+#!/bin/bash
+# Rebuild all packages mentioned in the collected world files that reside in
+# DIR. Useful only on a binhost. Build logs go to
/var/log/portage/rebuild.log.
+# Copyright (c) 2008 gocept gmbh & co. kg
+# See also LICENSE.txt
+# Managed by Puppet: do not edit this file directly. It will be overwritten!
+set -e
+
+dir="$1"
+if [[ -z ${dir} ]]; then
+ echo "Usage: $0 DIR" >&2
+ exit 1
+fi
+
+log="/var/log/portage/rebuild.log"
+
+date >> ${log}
+packages=$(find ${dir} -type f | xargs cat | sort -u)
+if ! emerge -1eq ${packages} >> ${log} 2>&1; then
+ echo "$0: emerge failed, see ${log} for trouble shooting"
+ exit 1
+fi
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/binhost.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/binhost.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/binhost.pp Fri
Dec 19 15:58:10 2008
(at)(at) -4,7 +4,27 (at)(at)
# Configuration for nodes that serve binary packages to others.
class sys_portage::portage::binhost inherits sys_portage::portage {
include net_ftp::pure_ftpd
+ include sys_process::at
register_service { "binhost.${architecture}.${location}": }
+ file {
+ "/usr/local/sbin/rebuild-world":
+ source => "puppet:///sys_portage/rebuild-world.sh",
+ mode => 0755;
+ "/var/lib/portage-gocept/world":
+ ensure => directory,
+ checksum => md5,
+ recurse => true;
+ }
+
+ File <<| tag == "portage_world_$architecture" |>>
+
+ exec { "rebuild world packages":
+ command => "echo rebuild-world /var/lib/portage-gocept/world |
batch",
+ subscribe => [File["/var/lib/portage-gocept/world"],
+ File["/etc/make.conf"],
+ File["/etc/portage"]]
+ }
+
}
Modified:
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp
==============================================================================
---
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp (original)
+++
gocept.infrastructure/feature_vm_starting/puppet/modules/sys_portage/manifests/portage.pp Fri
Dec 19 15:58:10 2008
(at)(at) -31,10 +31,10 (at)(at)
package {
["portage", "portage-utils", "gentoolkit"]:
- require => [
- File["/etc/make.conf"],
+ require => [File["/etc/make.conf"],
File["/etc/portage"],
- File["/etc/make.profile"]]
+ File["/etc/make.profile"]],
+ noop => false
}
$puppet_server = $location::puppetmaster
(at)(at) -72,6 +72,11 (at)(at)
mode => 0755;
}
+ (at)(at)file { "/var/lib/portage-gocept/world/$hostname":
+ content => $portage_world,
+ tag => "portage_world_$architecture"
+ }
+
net_analyzer::service {
"portage convergence":
type => "nrpe",
Added:
gocept.infrastructure/feature_vm_starting/puppet/plugins/facter/portage_world.rb
==============================================================================
--- (empty file)
+++
gocept.infrastructure/feature_vm_starting/puppet/plugins/facter/portage_world.rb Fri
Dec 19 15:58:10 2008
(at)(at) -0,0 +1,9 (at)(at)
+# Copyright (c) 2008 gocept gmbh & co. kg
+# See also LICENSE.txt
+
+# Contents of the world file
+Facter.add("portage_world") do
+ setcode do
+ File.read("/var/lib/portage/world")
+ end
+end
|
|
