Re: FBR: Enable --sni for nagios ssl cert checks, and add a few missing ones.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 23, 2018 at 11:54:59AM -0400, Ricky Elrod wrote:
> I'd like to enable --sni on the Nagios cert check to force it to check
> the correct certificate on some of our sites (which use SNI).
> 
> I'd also like to add checks for whatcanidoforfedora.org,
> release-monitoring.org, and pagure.io.
> 
> +1's?

+1 for me


Pierre
 
 
> diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg
> b/roles/nagios_server/files/nagios/commands/httpd.cfg
> index 944cb50..21843f4 100644
> --- a/roles/nagios_server/files/nagios/commands/httpd.cfg
> +++ b/roles/nagios_server/files/nagios/commands/httpd.cfg
> @@ -63,7 +63,7 @@ define command{
> 
>  define command{
>         command_name    check_ssl_cert
> -       command_line    $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$
> +       command_line    $USER1$/check_http --sni -I $HOSTADDRESS$ -H
> $ARG1$ -C $ARG2$
>  }
> 
>  define command{
> diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg
> b/roles/nagios_server/files/nagios/services/ssl.cfg
> index 150411d..81e4b4a 100644
> --- a/roles/nagios_server/files/nagios/services/ssl.cfg
> +++ b/roles/nagios_server/files/nagios/services/ssl.cfg
> @@ -32,3 +32,24 @@ define service {
>    check_command         check_ssl_cert!pkgs.fedoraproject.org!60
>    use                   defaulttemplate
>  }
> +
> +define service {
> +  hostgroup_name        proxies
> +  service_description   https-whatcanidoforfedora-cert
> +  check_command         check_ssl_cert!whatcanidoforfedora.org!25
> +  use                   defaulttemplate
> +}
> +
> +define service {
> +  host_name             anitya-frontend01.fedoraproject.org
> +  service_description   https-release-monitoring-cert
> +  check_command         check_ssl_cert!release-monitoring.org!60
> +  use                   defaulttemplate
> +}
> +
> +define service {
> +  host_name             pagure-proxy01.fedoraproject.org
> +  service_description   https-pagure-cert
> +  check_command         check_ssl_cert!pagure.io!60
> +  use                   defaulttemplate
> +}
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux