I'd like to enable --sni on the Nagios cert check to force it to check
the correct certificate on some of our sites (which use SNI).
I'd also like to add checks for whatcanidoforfedora.org,
release-monitoring.org, and pagure.io.
+1's?
diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg
b/roles/nagios_server/files/nagios/commands/httpd.cfg
index 944cb50..21843f4 100644
--- a/roles/nagios_server/files/nagios/commands/httpd.cfg
+++ b/roles/nagios_server/files/nagios/commands/httpd.cfg
@@ -63,7 +63,7 @@ define command{
define command{
command_name check_ssl_cert
- command_line $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$
+ command_line $USER1$/check_http --sni -I $HOSTADDRESS$ -H
$ARG1$ -C $ARG2$
}
define command{
diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg
b/roles/nagios_server/files/nagios/services/ssl.cfg
index 150411d..81e4b4a 100644
--- a/roles/nagios_server/files/nagios/services/ssl.cfg
+++ b/roles/nagios_server/files/nagios/services/ssl.cfg
@@ -32,3 +32,24 @@ define service {
check_command check_ssl_cert!pkgs.fedoraproject.org!60
use defaulttemplate
}
+
+define service {
+ hostgroup_name proxies
+ service_description https-whatcanidoforfedora-cert
+ check_command check_ssl_cert!whatcanidoforfedora.org!25
+ use defaulttemplate
+}
+
+define service {
+ host_name anitya-frontend01.fedoraproject.org
+ service_description https-release-monitoring-cert
+ check_command check_ssl_cert!release-monitoring.org!60
+ use defaulttemplate
+}
+
+define service {
+ host_name pagure-proxy01.fedoraproject.org
+ service_description https-pagure-cert
+ check_command check_ssl_cert!pagure.io!60
+ use defaulttemplate
+}
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
