I'd like to enable --sni on the Nagios cert check to force it to check the correct certificate on some of our sites (which use SNI).
I'd also like to add checks for whatcanidoforfedora.org, release-monitoring.org, and pagure.io.
+1's?
diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg b/roles/nagios_server/files/nagios/commands/httpd.cfg index 944cb50..21843f4 100644 --- a/roles/nagios_server/files/nagios/commands/httpd.cfg +++ b/roles/nagios_server/files/nagios/commands/httpd.cfg @@ -63,7 +63,7 @@ define command{
define command{ command_name check_ssl_cert - command_line $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$ + command_line $USER1$/check_http --sni -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$ }
define command{ diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg b/roles/nagios_server/files/nagios/services/ssl.cfg index 150411d..81e4b4a 100644 --- a/roles/nagios_server/files/nagios/services/ssl.cfg +++ b/roles/nagios_server/files/nagios/services/ssl.cfg @@ -32,3 +32,24 @@ define service { check_command check_ssl_cert!pkgs.fedoraproject.org!60 use defaulttemplate } + +define service { + hostgroup_name proxies + service_description https-whatcanidoforfedora-cert + check_command check_ssl_cert!whatcanidoforfedora.org!25 + use defaulttemplate +} + +define service { + host_name anitya-frontend01.fedoraproject.org + service_description https-release-monitoring-cert + check_command check_ssl_cert!release-monitoring.org!60 + use defaulttemplate +} + +define service { + host_name pagure-proxy01.fedoraproject.org + service_description https-pagure-cert + check_command check_ssl_cert!pagure.io!60 + use defaulttemplate +}
On Fri, Mar 23, 2018 at 11:54:59AM -0400, Ricky Elrod wrote:
I'd like to enable --sni on the Nagios cert check to force it to check the correct certificate on some of our sites (which use SNI).
I'd also like to add checks for whatcanidoforfedora.org, release-monitoring.org, and pagure.io.
+1's?
+1 for me
Pierre
diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg b/roles/nagios_server/files/nagios/commands/httpd.cfg index 944cb50..21843f4 100644 --- a/roles/nagios_server/files/nagios/commands/httpd.cfg +++ b/roles/nagios_server/files/nagios/commands/httpd.cfg @@ -63,7 +63,7 @@ define command{
define command{ command_name check_ssl_cert
command_line $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$
command_line $USER1$/check_http --sni -I $HOSTADDRESS$ -H$ARG1$ -C $ARG2$ }
define command{ diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg b/roles/nagios_server/files/nagios/services/ssl.cfg index 150411d..81e4b4a 100644 --- a/roles/nagios_server/files/nagios/services/ssl.cfg +++ b/roles/nagios_server/files/nagios/services/ssl.cfg @@ -32,3 +32,24 @@ define service { check_command check_ssl_cert!pkgs.fedoraproject.org!60 use defaulttemplate }
+define service {
- hostgroup_name proxies
- service_description https-whatcanidoforfedora-cert
- check_command check_ssl_cert!whatcanidoforfedora.org!25
- use defaulttemplate
+}
+define service {
- host_name anitya-frontend01.fedoraproject.org
- service_description https-release-monitoring-cert
- check_command check_ssl_cert!release-monitoring.org!60
- use defaulttemplate
+}
+define service {
- host_name pagure-proxy01.fedoraproject.org
- service_description https-pagure-cert
- check_command check_ssl_cert!pagure.io!60
- use defaulttemplate
+} _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org
+1 here... but I wonder after freeze if we couldn't automate the list of certs somehow in ansible so we always automatically monitor any cert we setup.
kevin
infrastructure@lists.fedoraproject.org
-
Kevin Fenzi -
Pierre-Yves Chibon -
Ricky Elrod