From 41c393e5f7d45c95fed2fdb83fb642b8be6f4e43 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 19 Aug 2023 11:59:32 +0200 Subject: [PATCH] Add Icinga API certificate check --- global-templates/commands.conf | 4 ++-- global-templates/services.conf | 28 ++++++++++++++++++++++++++++ master/hosts.conf | 2 +- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/global-templates/commands.conf b/global-templates/commands.conf index 9a1e0e1..3ebd37d 100644 --- a/global-templates/commands.conf +++ b/global-templates/commands.conf @@ -41,8 +41,8 @@ object CheckCommand "custom_ca_cert" { vars.ssl_cert_noauth = true vars.ssl_cert_ignore_maximum_validity = true vars.ssl_cert_allow_empty_san = true - vars.ssl_cert_warn = 90 - vars.ssl_cert_critical = 30 + vars.ssl_cert_warn = 456 + vars.ssl_cert_critical = 396 } /* diff --git a/global-templates/services.conf b/global-templates/services.conf index 0a15ca3..90aa068 100644 --- a/global-templates/services.conf +++ b/global-templates/services.conf @@ -56,6 +56,34 @@ apply Service "icinga" { assign where host.name == NodeName } +apply Service "icinga API certificate" { + import "generic-service" + + check_command = "ssl_cert" + check_interval = 6h + retry_interval = 15m + + vars.ssl_cert_address = "localhost" + vars.ssl_cert_file = "/var/lib/icinga2/certs/" + NodeName + ".crt" + vars.ssl_cert_ignore_sct = true + vars.ssl_cert_warn = 30 + vars.ssl_cert_rootssl_cert = "/var/lib/icinga2/certs/ca.crt" + + assign where host.name == NodeName +} + +apply Service "icinga CA certificate" { + import "generic-service" + + check_command = "custom_ca_cert" + check_interval = 1d + retry_interval = 6h + + vars.ssl_cert_file = "/var/lib/icinga2/certs/ca.crt" + vars.ssl_cert_warn = 396 + vars.ssl_cert_critical = 376 +} + apply Service "kernel-status" { import "generic-service" diff --git a/master/hosts.conf b/master/hosts.conf index bf4be09..d853e7a 100644 --- a/master/hosts.conf +++ b/master/hosts.conf @@ -121,7 +121,7 @@ object Host "beholder" { ssl_cert_warn = 30 } - vars.ca_certs["Icinga"] = { + vars.ca_certs["Icinga master"] = { ssl_cert_file = "/var/lib/icinga2/ca/ca.crt" } }