Puppet Class: keyholder::monitoring

Defined in:
modules/keyholder/manifests/monitoring.pp

Overview

Class: keyholder::monitoring

Provisions an Icinga check that ensures the keyholder is armed with all configured identities.

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'modules/keyholder/manifests/monitoring.pp', line 6

class keyholder::monitoring(
    Wmflib::Ensure $ensure = present
) {

    $plugin_path = '/usr/lib/nagios/plugins/check_keyholder'

    file { $plugin_path:
        ensure => $ensure,
        source => 'puppet:///modules/keyholder/check_keyholder',
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
    }

    sudo::user { 'nagios_check_keyholder':
        ensure     => $ensure,
        user       => 'nagios',
        privileges => [ "ALL = NOPASSWD: ${plugin_path}" ],
        require    => File[$plugin_path],
    }

    nrpe::monitor_service { 'keyholder':
        ensure       => $ensure,
        description  => 'Keyholder SSH agent',
        nrpe_command => "/usr/bin/sudo ${plugin_path}",
        require      => Sudo::User['nagios_check_keyholder'],
        notes_url    => 'https://wikitech.wikimedia.org/wiki/Keyholder',
    }
}