Add ssl-cert-check to cacti server
Add monitoring of SSL certificates for openstack websites Change-Id: I50b6a8aced7ae563381eb948ce4e8f854a6d85a9 Reviewed-on: https://review.openstack.org/30490 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
This commit is contained in:
Elizabeth Krumbach
Jenkins
parent
fa1bb4f3f7
commit
6ee09c0918
@ -86,6 +86,7 @@ node 'jenkins-dev.openstack.org' {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node 'cacti.openstack.org' {
|
node 'cacti.openstack.org' {
|
||||||
|
include openstack_project::ssl_cert_check
|
||||||
class { 'openstack_project::cacti':
|
class { 'openstack_project::cacti':
|
||||||
sysadmins => hiera('sysadmins'),
|
sysadmins => hiera('sysadmins'),
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,5 @@
|
|||||||
|
review.openstack.org 443
|
||||||
|
jenkins.openstack.org 443
|
||||||
|
etherpad.openstack.org 443
|
||||||
|
wiki.openstack.org 443
|
||||||
|
www.openstack.org 443
|
||||||
16
modules/openstack_project/manifests/ssl_cert_check.pp
Normal file
16
modules/openstack_project/manifests/ssl_cert_check.pp
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# Class to configure ssl-cert-check on a node.
|
||||||
|
class openstack_project::ssl_cert_check {
|
||||||
|
class { '::ssl_cert_check':
|
||||||
|
domainlist_file => '/var/lib/certcheck/ssldomains',
|
||||||
|
email => 'root',
|
||||||
|
days => '30'
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/var/lib/certcheck/ssldomains':
|
||||||
|
ensure => present,
|
||||||
|
owner => 'certcheck',
|
||||||
|
group => 'certcheck',
|
||||||
|
mode => '0444',
|
||||||
|
source => 'puppet:///modules/openstack_project/ssl_cert_check/ssldomains'
|
||||||
|
}
|
||||||
|
}
|
||||||
41
modules/ssl_cert_check/manifests/init.pp
Normal file
41
modules/ssl_cert_check/manifests/init.pp
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# == Class: ssl_cert_check
|
||||||
|
#
|
||||||
|
class ssl_cert_check(
|
||||||
|
$domainlist_file = '',
|
||||||
|
$email = '',
|
||||||
|
$days = ''
|
||||||
|
) {
|
||||||
|
package { 'ssl-cert-check':
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
|
||||||
|
file {'/var/lib/certcheck':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'certcheck',
|
||||||
|
group => 'certcheck',
|
||||||
|
mode => '0755',
|
||||||
|
require => User['certcheck'],
|
||||||
|
}
|
||||||
|
|
||||||
|
group { 'certcheck':
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
|
||||||
|
user { 'certcheck':
|
||||||
|
ensure => present,
|
||||||
|
home => '/var/lib/certcheck',
|
||||||
|
shell => '/bin/bash',
|
||||||
|
gid => 'certcheck',
|
||||||
|
managehome => true,
|
||||||
|
require => Group['certcheck'],
|
||||||
|
}
|
||||||
|
|
||||||
|
cron { 'check ssl certificates':
|
||||||
|
user => 'certcheck',
|
||||||
|
command => "ssl-cert-check -a -q -f ${domainlist_file} -x ${days} -e ${email}",
|
||||||
|
hour => '12',
|
||||||
|
minute => '04',
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:sw=2:ts=2:expandtab:textwidth=79
|
||||||
Loading…
x
Reference in New Issue
Block a user