diff --git a/site-modules/profile/manifests/icinga2/objects/common_checks.pp b/site-modules/profile/manifests/icinga2/objects/common_checks.pp
index 2ab78f7b..91bc0308 100644
--- a/site-modules/profile/manifests/icinga2/objects/common_checks.pp
+++ b/site-modules/profile/manifests/icinga2/objects/common_checks.pp
@@ -1,149 +1,150 @@
# Icinga2 common check definitions
class profile::icinga2::objects::common_checks {
$service_configuration = lookup('icinga2::service_configuration')
$target_file = '/etc/icinga2/zones.d/global-templates/services.conf'
# Done locally on the master
::icinga2::object::service {'ping4':
import => ['generic-service'],
apply => true,
check_command => 'ping4',
assign => ['host.address'],
+ ignore => ['host.vars.noping'],
target => $target_file,
}
::icinga2::object::service {'linux-ssh':
import => ['generic-service'],
apply => true,
check_command => 'ssh',
assign => ['host.vars.os == Linux'],
target => $target_file,
}
# Done remotely on the client: command_endpoint = host.name.
each($service_configuration['load']) |$name, $vars| {
if $name == 'default' {
$assign = 'host.vars.os == Linux'
$ignore = 'host.vars.noagent || host.vars.load'
} else {
$assign = "host.vars.os == Linux && host.vars.load == ${name}"
$ignore = 'host.vars.noagent'
}
::icinga2::object::service {"linux_load_${name}":
import => ['generic-service'],
service_name => 'load',
apply => true,
check_command => 'load',
command_endpoint => 'host.name',
assign => [$assign],
ignore => [$ignore],
target => $target_file,
vars => $vars,
}
}
::icinga2::object::service {'linux_disks':
import => ['generic-service'],
apply => 'disk_name => config in host.vars.disks',
check_command => 'disk',
command_endpoint => 'host.name',
vars => 'vars + config',
assign => ['host.vars.os == Linux'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'apt':
import => ['generic-service'],
apply => true,
check_command => 'apt',
command_endpoint => 'host.name',
check_interval => '3h',
vars => {
apt_timeout => '120',
apt_only_critical => 'true',
},
assign => ['host.vars.os == Linux'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'ntp':
import => ['generic-service'],
apply => true,
check_command => 'ntp_peer',
command_endpoint => 'host.name',
vars => {
ntp_address => 'localhost',
},
assign => ['host.vars.os == Linux'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'journalbeat':
import => ['generic-service'],
apply => true,
check_command => 'check_journal',
command_endpoint => 'host.name',
assign => ['host.vars.os == Linux'],
ignore => ['-:"check_journal" !in host.vars.plugins', 'host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'puppet_agent':
import => ['generic-service'],
apply => true,
check_command => 'file_age',
command_endpoint => 'host.name',
vars => {
file_age_file => '/var/lib/puppet/state/agent_disabled.lock',
file_age_warning_time => '14400', # in seconds, warning after 4h
file_age_critical_time => '86400', # in seconds, critical after 24h
file_age_ignoremissing => 'true',
},
assign => ['host.vars.os == Linux'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'check_systemd':
import => ['generic-service'],
apply => true,
name => "Check systemd state",
check_command => "check_systemd",
command_endpoint => 'host.name',
assign => ['host.vars.os == Linux'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'check_postfix':
import => ['generic-service'],
apply => true,
name => "Check postfix service",
check_command => "check_systemd",
command_endpoint => 'host.name',
assign => ['host.vars.os == Linux'],
vars => {
systemd_units => ['postfix@-.service'],
},
ignore => ['host.vars.noagent'],
target => $target_file,
}
::icinga2::object::service {'logstash_errors':
import => ['generic-service'],
apply => true,
check_command => 'check_logstash_errors.sh',
command_endpoint => 'host.name',
assign => ['check_logstash_errors.sh in host.vars.plugins'],
ignore => ['host.vars.noagent'],
target => $target_file,
}
}
diff --git a/site-modules/profile/manifests/icinga2/objects/static_checks.pp b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
index 752df8fc..1bd0bd89 100644
--- a/site-modules/profile/manifests/icinga2/objects/static_checks.pp
+++ b/site-modules/profile/manifests/icinga2/objects/static_checks.pp
@@ -1,170 +1,171 @@
# Static checks on the icinga master
class profile::icinga2::objects::static_checks {
$checks_file = '/etc/icinga2/conf.d/static-checks.conf'
::icinga2::object::host {'www.softwareheritage.org':
import => ['generic-host'],
check_command => 'dummy',
address => 'www.softwareheritage.org',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "HTTP-only host",
},
}
::icinga2::object::host {'softwareheritage.org':
import => ['generic-host'],
check_command => 'dummy',
address => 'softwareheritage.org',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "HTTP-only host",
},
}
::icinga2::object::host {'graphql.staging.swh.network':
import => ['generic-host'],
check_command => 'dummy',
address => 'graphql.staging.swh.network',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "HTTP-only host",
},
}
::icinga2::object::host {'ArgoCD Kubernetes cluster':
import => ['generic-host'],
host_name => 'k8s-argo.internal.admin.swh.network',
check_command => 'dummy',
address => 'k8s-argocd.internal.admin.swh.network',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "HTTP-only host",
+ noping => true,
},
}
::icinga2::object::service {'Software Heritage Homepage':
import => ['generic-service'],
host_name => 'www.softwareheritage.org',
check_command => 'http',
target => $checks_file,
vars => {
http_vhost => 'www.softwareheritage.org',
http_uri => '/',
http_ssl => true,
http_sni => true,
http_string => 'Software Heritage',
},
}
::icinga2::object::service {'Software Heritage Homepage (redirect to www)':
import => ['generic-service'],
host_name => 'softwareheritage.org',
check_command => 'http',
target => $checks_file,
vars => {
http_vhost => 'softwareheritage.org',
http_uri => '/',
http_ssl => true,
http_sni => true,
},
}
::icinga2::object::host {'swh-logging-prod':
check_command => 'dummy',
address => '127.0.0.1',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "virtual host for clustered checks",
},
}
::icinga2::object::service {'swh-logging-prod cluster':
host_name => 'swh-logging-prod',
check_command => 'check_escluster',
target => $checks_file,
}
::icinga2::object::checkcommand {'check_escluster':
import => ['plugin-check-command'],
command => '/usr/lib/nagios/plugins/icinga_check_elasticsearch.sh',
target => $checks_file,
}
::icinga2::object::host {'DNS resolvers':
check_command => 'dummy',
address => '127.0.0.1',
target => $checks_file,
vars => {
dummy_state => 0, # up
dummy_text => "virtual host for clustered checks",
},
}
::icinga2::object::service {'SOA':
host_name => 'DNS resolvers',
check_command => 'check_resolvers',
target => $checks_file,
}
::icinga2::object::checkcommand {'check_resolvers':
import => ['plugin-check-command'],
command => [
'/usr/lib/nagios/plugins/dsa-nagios-checks_checks_dsa-check-soas.txt',
'internal.softwareheritage.org',
],
target => $checks_file,
}
$prometheus_host = lookup('prometheus::server::fqdn')
::icinga2::object::service {'Postgresql replication lag (belvedere -> somerset)':
check_command => 'check_prometheus_metric',
target => $checks_file,
host_name => 'belvedere.internal.softwareheritage.org',
vars => {
prometheus_metric_name => 'pg replication_lag belvedere somerset',
prometheus_query => profile::icinga2::literal_var(
'sum(sql_pg_stat_replication{instance="belvedere.internal.softwareheritage.org", host=":5433", application_name="softwareheritage_replica"})'
),
prometheus_query_type => 'vector',
prometheus_metric_warning => '1073741824', # 1GiB 1*1024*1024*1024
prometheus_metric_critical => '2147483648', # 2GiB 2*1024*1024*1024
},
}
::icinga2::object::service {'Software Heritage Staging Graphql Instance':
import => ['generic-service'],
host_name => 'graphql.staging.swh.network',
check_command => 'http',
target => $checks_file,
vars => {
http_vhost => 'graphql.staging.swh.network',
http_uri => '/',
http_ssl => true,
http_sni => true,
http_string => 'GraphQL Playground',
},
}
::icinga2::object::service {'Software Heritage ArgoCD Instance':
import => ['generic-service'],
host_name => 'k8s-argo.internal.admin.swh.network',
check_command => 'http',
target => $checks_file,
vars => {
http_vhost => 'argocd.internal.admin.swh.network',
http_uri => '/',
http_ssl => true,
http_sni => true,
http_string => 'Argo CD',
},
}
}