Add Icinga API certificate check

global-templates/commands.conf

@@ -41,8 +41,8 @@ object CheckCommand "custom_ca_cert" {
   vars.ssl_cert_noauth = true
   vars.ssl_cert_ignore_maximum_validity = true
   vars.ssl_cert_allow_empty_san = true
-  vars.ssl_cert_warn = 90
+  vars.ssl_cert_warn = 456
-  vars.ssl_cert_critical = 30
+  vars.ssl_cert_critical = 396
 }
 
 /*

global-templates/services.conf

@@ -56,6 +56,34 @@ apply Service "icinga" {
   assign where host.name == NodeName
 }
 
+apply Service "icinga API certificate" {
+  import "generic-service"
+
+  check_command = "ssl_cert"
+  check_interval = 6h
+  retry_interval = 15m
+
+  vars.ssl_cert_address = "localhost"
+  vars.ssl_cert_file = "/var/lib/icinga2/certs/" + NodeName + ".crt"
+  vars.ssl_cert_ignore_sct = true
+  vars.ssl_cert_warn = 30
+  vars.ssl_cert_rootssl_cert = "/var/lib/icinga2/certs/ca.crt"
+
+  assign where host.name == NodeName
+}
+
+apply Service "icinga CA certificate" {
+  import "generic-service"
+
+  check_command = "custom_ca_cert"
+  check_interval = 1d
+  retry_interval = 6h
+
+  vars.ssl_cert_file = "/var/lib/icinga2/certs/ca.crt"
+  vars.ssl_cert_warn = 396
+  vars.ssl_cert_critical = 376
+}
+
 apply Service "kernel-status" {
   import "generic-service"
 

master/hosts.conf

@@ -121,7 +121,7 @@ object Host "beholder" {
     ssl_cert_warn = 30
   }
 
-  vars.ca_certs["Icinga"] = {
+  vars.ca_certs["Icinga master"] = {
     ssl_cert_file = "/var/lib/icinga2/ca/ca.crt"
   }
 }