diff options
4 files changed, 2 insertions, 294 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index c7bc59c..5c31b43 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -697,21 +697,7 @@ node 'cdr1.sunet.se' { } node 'sto-tug-kvm2.swamid.se' { - package {'nagios-nrpe-server': - ensure => 'installed', - } -> - ufw::allow { "allow-nrpe-v4": - from => '109.105.111.111', - ip => 'any', - proto => 'tcp', - port => 5666 - } - ufw::allow { "allow-nrpe-v6": - from => '2001:948:4:6::111', - ip => 'any', - proto => 'tcp', - port => 5666 - } + class { 'sunet::nagios': } file {'/var/docker': ensure => 'directory', } -> diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily b/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily index 0759dca..5878023 100644 --- a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily +++ b/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily @@ -1,6 +1,6 @@ # m h dom mon dow user command 0 23 * * * root /usr/local/bin/scriptherder --mode wrap --name flog_update_institutions -- /usr/bin/curl https://meta.eduroam.se/institution.xml -so /opt/flog/institution.xml -1 0 * * * root /usr/local/bin/scriptherder --mode wrap --syslog --name flog_db_backup -- /usr/local/bin/postgres_backup +1 0 * * * root /usr/local/bin/scriptherder --mode wrap --syslog --name flog_db_backup -- docker exec flog_db /usr/local/bin/backup # Run aggregation and caching for eduroam data 20 0 * * * root /usr/local/bin/scriptherder --mode wrap --name flog_daily_eduroam -- /usr/bin/docker run --rm -it -a stdout -a stderr -v /opt/flog/dotenv:/opt/flog/.env -v /var/log/flog_cron/:/opt/flog/logs/ -v /opt/flog/institution.xml:/opt/flog/institution.xml -v /opt/flog/dotenv:/opt/flog/.env -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --link flog_db:flog_db.docker docker.sunet.se/flog/flog_app /bin/sh -e /usr/local/bin/daily_eduroam # Run aggregation and caching for sso data diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg deleted file mode 100644 index 043ea90..0000000 --- a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg +++ /dev/null @@ -1,246 +0,0 @@ -############################################################################# -# Sample NRPE Config File -# Written by: Ethan Galstad (nagios@nagios.org) -# -# Last Modified: 11-23-2007 -# -# NOTES: -# This is a sample configuration file for the NRPE daemon. It needs to be -# located on the remote host that is running the NRPE daemon, not the host -# from which the check_nrpe client is being executed. -############################################################################# - - -# LOG FACILITY -# The syslog facility that should be used for logging purposes. - -log_facility=daemon - - - -# PID FILE -# The name of the file in which the NRPE daemon should write it's process ID -# number. The file is only written if the NRPE daemon is started by the root -# user and is running in standalone mode. - -pid_file=/var/run/nagios/nrpe.pid - - - -# PORT NUMBER -# Port number we should wait for connections on. -# NOTE: This must be a non-priviledged port (i.e. > 1024). -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -server_port=5666 - - - -# SERVER ADDRESS -# Address that nrpe should bind to in case there are more than one interface -# and you do not want nrpe to bind on all interfaces. -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -#server_address=127.0.0.1 - - - -# NRPE USER -# This determines the effective user that the NRPE daemon should run as. -# You can either supply a username or a UID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_user=nagios - - - -# NRPE GROUP -# This determines the effective group that the NRPE daemon should run as. -# You can either supply a group name or a GID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_group=nagios - - - -# ALLOWED HOST ADDRESSES -# This is an optional comma-delimited list of IP address or hostnames -# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask -# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently -# supported. -# -# Note: The daemon only does rudimentary checking of the client's IP -# address. I would highly recommend adding entries in your /etc/hosts.allow -# file to allow only the specified host to connect to the port -# you are running this daemon on. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -allowed_hosts=109.105.111.111,2001:948:4:6::111 - - - -# COMMAND ARGUMENT PROCESSING -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments to commands that are executed. This option only works -# if the daemon was configured with the --enable-command-args configure script -# option. -# -# *** ENABLING THIS OPTION IS A SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow arguments, 1=allow command arguments - -dont_blame_nrpe=0 - - - -# BASH COMMAND SUBTITUTION -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments that contain bash command substitutions of the form -# $(...). This option only works if the daemon was configured with both -# the --enable-command-args and --enable-bash-command-substitution configure -# script options. -# -# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow bash command substitutions, -# 1=allow bash command substitutions - -allow_bash_command_substitution=0 - - - -# COMMAND PREFIX -# This option allows you to prefix all commands with a user-defined string. -# A space is automatically added between the specified prefix string and the -# command line from the command definition. -# -# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** -# Usage scenario: -# Execute restricted commmands using sudo. For this to work, you need to add -# the nagios user to your /etc/sudoers. An example entry for alllowing -# execution of the plugins from might be: -# -# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ -# -# This lets the nagios user run all commands in that directory (and only them) -# without asking for a password. If you do this, make sure you don't give -# random users write access to that directory or its contents! - -# command_prefix=/usr/bin/sudo - - - -# DEBUGGING OPTION -# This option determines whether or not debugging messages are logged to the -# syslog facility. -# Values: 0=debugging off, 1=debugging on - -debug=0 - - - -# COMMAND TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# allow plugins to finish executing before killing them off. - -command_timeout=60 - - - -# CONNECTION TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# wait for a connection to be established before exiting. This is sometimes -# seen where a network problem stops the SSL being established even though -# all network sessions are connected. This causes the nrpe daemons to -# accumulate, eating system resources. Do not set this too low. - -connection_timeout=300 - - - -# WEEK RANDOM SEED OPTION -# This directive allows you to use SSL even if your system does not have -# a /dev/random or /dev/urandom (on purpose or because the necessary patches -# were not applied). The random number generator will be seeded from a file -# which is either a file pointed to by the environment valiable $RANDFILE -# or $HOME/.rnd. If neither exists, the pseudo random number generator will -# be initialized and a warning will be issued. -# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness - -#allow_weak_random_seed=1 - - - -# INCLUDE CONFIG FILE -# This directive allows you to include definitions from an external config file. - -#include=<somefile.cfg> - - - -# INCLUDE CONFIG DIRECTORY -# This directive allows you to include definitions from config files (with a -# .cfg extension) in one or more directories (with recursion). - -#include_dir=<somedirectory> -#include_dir=<someotherdirectory> - - - -# COMMAND DEFINITIONS -# Command definitions that this daemon will run. Definitions -# are in the following format: -# -# command[<command_name>]=<command_line> -# -# When the daemon receives a request to return the results of <command_name> -# it will execute the command specified by the <command_line> argument. -# -# Unlike Nagios, the command line cannot contain macros - it must be -# typed exactly as it should be executed. -# -# Note: Any plugins that are used in the command lines must reside -# on the machine that this daemon is running on! The examples below -# assume that you have plugins installed in a /usr/local/nagios/libexec -# directory. Also note that you will have to modify the definitions below -# to match the argument format the plugins expect. Remember, these are -# examples only! - - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / -command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 - - -# The following examples allow user-supplied arguments and can -# only be used if the NRPE daemon was compiled with support for -# command arguments *AND* the dont_blame_nrpe directive in this -# config file is set to '1'. This poses a potential security risk, so -# make sure you read the SECURITY file before doing this. - -#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ - -# -# local configuration: -# if you'd prefer, you can instead place directives here -include=/etc/nagios/nrpe_local.cfg - -# -# you can place your config snipplets into nrpe.d/ -# only snipplets ending in .cfg will get included -include_dir=/etc/nagios/nrpe.d/ - diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup b/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup deleted file mode 100755 index a2b4986..0000000 --- a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash -# -# Simplistic postgres backup -# -set -e - -BACKUPROOT="/var/docker/postgresql_data/backup" -DBCONTAINER="flog_db" - -if [ ! -d ${BACKUPROOT} ]; then - echo "$0: Directory ${BACKUPROOT} does not exist - aborting." - exit 1 -fi - -set -e - -# keep seven days worth of dumps -rm -rf ${BACKUPROOT}/postgres-dumpall-flogdb.gz.7 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.7 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3 -test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2 - -echo "Running postgres pg_dumpall..." - -cd ${BACKUPROOT} -/usr/bin/docker exec ${DBCONTAINER} sudo -u postgres /usr/bin/pg_dumpall | /bin/gzip > postgres-dumpall-flogdb.gz - -mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1 - |