[MediaWiki-commits] [Gerrit] operations/puppet[production]: salt: add Icinga plugin to check for unaccepted keys

Thu, 15 Sep 2016 18:58:50 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311079

Change subject: salt: add Icinga plugin to check for unaccepted keys
......................................................................

salt: add Icinga plugin to check for unaccepted keys

Add a simple Icinga plugin script to check for unaccepted
salt keys and install it on the master via the salt module.

Bug: T144801
Change-Id: If15055ca58673b12dfa0f64f214fece7335d1085
---
A modules/salt/files/check_unaccepted_keys
M modules/salt/manifests/master.pp
2 files changed, 29 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/79/311079/1

diff --git a/modules/salt/files/check_unaccepted_keys 
b/modules/salt/files/check_unaccepted_keys
new file mode 100755
index 0000000..afde985
--- /dev/null
+++ b/modules/salt/files/check_unaccepted_keys
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Icinga plugin to check for unaccepted salt keys (T144801)
+# Daniel Zahn - Wikimedia Foundation Inc.
+
+num_keys=$(sudo /usr/bin/salt-key -l un | wc -l)
+let num_keys=num_keys-1
+
+# echo "There are ${num_keys} unaccepted keys"
+
+if [[ $num_keys -gt 0 ]] ; then
+    echo "CRITICAL- ${num_keys} unaccepted salt keys"
+    exit 2
+elif [[ $num_keys -eq 0 ]] ; then
+    echo "OK- No unaccepted salt keys"
+    exit 0
+fi
+
+echo "UNKOWN- check plugin script"
+exit 3
+
diff --git a/modules/salt/manifests/master.pp b/modules/salt/manifests/master.pp
index c3d0e25..251bc3b 100644
--- a/modules/salt/manifests/master.pp
+++ b/modules/salt/manifests/master.pp
@@ -89,5 +89,14 @@
         group  => 'root',
     }
 
+    # Icinga plugin to check for unaccepted keys (T144801)
+    file { '/usr/local/lib/nagios/plugins/check_unaccepted_keys':
+        ensure => present,
+        mode   => '0550',
+        owner  => 'root',
+        group  => 'root',
+        source => 'puppet:///modules/salt/check_unaccepted_keys',
+    }
+
     include salt::orchestration
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/311079
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If15055ca58673b12dfa0f64f214fece7335d1085
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to