nagios module in PuppetAgain

RESOLVED FIXED

Status

Release Engineering
Platform Support
P2
normal
RESOLVED FIXED
6 years ago
4 years ago

People

(Reporter: dustin, Assigned: dustin)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Assignee)

Description

6 years ago
We will need to install and set up NRPE on non-atboot slaves using PuppetAgain, similar to how that is done with the old manifests.
(Assignee)

Comment 1

6 years ago
Created attachment 623887 [details] [diff] [review]
733545.patch

I chose to use virtual resources instead of classes here so that I don't have to make dozens of tiny modules/nagios/manifests/check_whatever.pp files.
Assignee: nobody → dustin
Attachment #623887 - Flags: review?
Attachment #623887 - Flags: feedback?(arich)
(Assignee)

Updated

6 years ago
Attachment #623887 - Flags: review? → review?(kmoir)
(Assignee)

Comment 2

6 years ago
Kim, this is blocking getting nrpe monitoring for the centos6 builders in scl1, so an expeditious review would be appreciated :)
Comment on attachment 623887 [details] [diff] [review]
733545.patch

It would be nice to split out all of the checks into /etc/nrpe.d instead of having a monolithic nrpe.cfg file (for things that are specific to classes of machines, e.g. check_ide_smart on physical machines that have IDE drives or mysql connectivity on buildbot servers, etc).

Also, some checks (like (check_ide_smart) require modifications to sudoers which can be accomplished with the /etc/sudoers.d construct (we should turn on the ability to use the directory-based controls for sudo if we don't already).

If we're using ensure => latest, I presume we're locking package dependencies in our private repo so we don't get surprise upgrades.
Attachment #623887 - Flags: feedback?(arich) → feedback+
(Assignee)

Comment 4

6 years ago
(In reply to Amy Rich [:arich] [:arr] from comment #3)
> It would be nice to split out all of the checks into /etc/nrpe.d instead of
> having a monolithic nrpe.cfg file (for things that are specific to classes
> of machines, e.g. check_ide_smart on physical machines that have IDE drives
> or mysql connectivity on buildbot servers, etc).

They do - the only checks in nrpe.cfg itself are those that ship with nrpe by default.

> Also, some checks (like (check_ide_smart) require modifications to sudoers
> which can be accomplished with the /etc/sudoers.d construct (we should turn
> on the ability to use the directory-based controls for sudo if we don't
> already).

Good point - I'll fix that and post a new patch.

> If we're using ensure => latest, I presume we're locking package
> dependencies in our private repo so we don't get surprise upgrades.

The dynamic repos (e.g., centos-updates, epel) are frozen, and will be upgraded periodically.  If we get "surprises" there, we'll at least expect them and can work around.  I'm not especially worried about NRPE, as I would be with e.g., gcc.
(Assignee)

Updated

6 years ago
Attachment #623887 - Attachment is obsolete: true
Attachment #623887 - Flags: review?(kmoir)
(Assignee)

Comment 5

6 years ago
Created attachment 623900 [details] [diff] [review]
sudoers.patch

Refactor sudoers to allow dynamically adding new rules
Attachment #623900 - Flags: review?(kmoir)
(Assignee)

Comment 6

6 years ago
Created attachment 623901 [details] [diff] [review]
733545.patch

Updated version of the nrpe module.

I decided to use classes instead of virtual resources because it allows me to add extra includes, e.g., the sudoers::custom in nrpe::check::ide_smart.  The result is pretty verbose, but also very easy to follow.

I'll have updated docs on the wiki in a few minutes - please peruse those as well

https://wiki.mozilla.org/ReleaseEngineering/Puppet/Modules/sudoers
https://wiki.mozilla.org/ReleaseEngineering/Puppet/Modules/nrpe
Attachment #623901 - Flags: review?(kmoir)
Attachment #623901 - Flags: feedback?(jwatkins)

Updated

6 years ago
Attachment #623900 - Flags: review?(kmoir) → review+

Updated

6 years ago
Attachment #623901 - Flags: review?(kmoir) → review+
(Assignee)

Updated

6 years ago
Attachment #623900 - Flags: checked-in+
(Assignee)

Updated

6 years ago
Attachment #623901 - Flags: feedback?(jwatkins) → checked-in+
(Assignee)

Comment 7

6 years ago
This is done.  Nagios seems no longer to be checking NRPE things on these hosts, so I can't test beyond the runs of check_nrpe that I've done.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Attachment #623901 - Flags: feedback+
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.