--- Prometheus::Alert::Rule[check_ferm_active_0a49a83c39a62ff3ce80e7146072d174].orig
+++ Prometheus::Alert::Rule[check_ferm_active_0a49a83c39a62ff3ce80e7146072d174]
+ site => eqiad
+ ensure => absent
+ instance => ops
+ description => NRPE CHECK: Check whether ferm is active by checking the default input chain
+ severity => info
+ for => 3m
+ team => observability
+ logs => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_ferm_active))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))
+ expr => (nagios_nrpe_check_result{alert_rule_hash="0a49a83c39a62ff3ce80e7146072d174",check_name="check_ferm_active", status=~"(WARNING|CRITICAL)", severity=~"(warning|critical)"} > 0) * on (instance) group_left (team) role_owner
+ summary => NRPE CHECK: Check whether ferm is active by checking the default input chain
+ group => nrpechecks
+ def_label_whitelst => ['team', 'severity']
+ alert_name => nrpe_Check_whether_ferm_is_active_by_checking_the_default_input_chain
+ dashboard => TODO
+ runbook => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf].orig
+++ File[/etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf]
+ notify => Service[rsyslog]
+ ensure => absent
+ group => root
+ owner => root
+ mode => 0444
- Content differences:
--- /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf.orig
+++ /etc/rsyslog.d/25-nrpe2nodexp-ferm-active.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+if $programname contains "nrpe2nodexp-ferm_active" then {
+ if ($msg contains "\"ecs.version\": \"1.7.0\"") then {
+ # Send logs to kafka
+ set $.log_outputs = "kafka ecs_170 local";
+ } else {
+ # Filter out non-relevant nrpe2nodexp messages
+ stop
+ }
+}
- Nrpe::Monitor_service[ferm_active]
- Parameters differences:
--- Nrpe::Monitor_service[ferm_active].orig
+++ Nrpe::Monitor_service[ferm_active]
+ check_interval => 1
+ ensure => absent
+ enable_nrpe2nodexp => False
+ description => Check whether ferm is active by checking the default input chain
+ alertmanager_team => observability
+ critical => False
+ enable_icinga_check => True
+ nrpe2nodexp_parse_perf_data => False
+ contact_group => admins
+ retry_interval => 1
+ migration_task => T321808
+ notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
+ timeout => 10
+ retries => 3
- Systemd::Unit[nrpe2nodexp-ferm_active.timer]
- Parameters differences:
--- Systemd::Unit[nrpe2nodexp-ferm_active.timer].orig
+++ Systemd::Unit[nrpe2nodexp-ferm_active.timer]
+ ensure => absent
+ unit => nrpe2nodexp-ferm_active.timer
+ override_filename => puppet-override.conf
+ restart => False
+ require => ['Class[Systemd]']
+ override => False
- Systemd::Service[nrpe2nodexp-ferm_active]
- Parameters differences:
--- Systemd::Service[nrpe2nodexp-ferm_active].orig
+++ Systemd::Service[nrpe2nodexp-ferm_active]
+ ensure => absent
+ migration_task => T407130
+ require => Systemd::Unit[nrpe2nodexp-ferm_active.service]
+ override => False
+ service_params => {}
+ monitoring_enabled => False
+ monitoring_contact_group => admins
+ monitoring_critical => False
+ unit_type => timer
+ restart => False
- Rsyslog::Conf[nrpe2nodexp-ferm_active]
- Parameters differences:
--- Rsyslog::Conf[nrpe2nodexp-ferm_active].orig
+++ Rsyslog::Conf[nrpe2nodexp-ferm_active]
+ ensure => absent
+ priority => 25
+ mode => 0444
- Nrpe::Check[check_ferm_active]
- Parameters differences:
--- Nrpe::Check[check_ferm_active].orig
+++ Nrpe::Check[check_ferm_active]
+ ensure => absent
+ before => Monitoring::Service[ferm_active]
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
+ refreshonly => True
+ command => /bin/systemctl daemon-reload
- Systemd::Unit[nrpe2nodexp-ferm_active.service]
- Parameters differences:
--- Systemd::Unit[nrpe2nodexp-ferm_active.service].orig
+++ Systemd::Unit[nrpe2nodexp-ferm_active.service]
+ ensure => absent
+ unit => nrpe2nodexp-ferm_active.service
+ override_filename => puppet-override.conf
+ restart => False
+ require => ['Class[Systemd]']
+ override => False
- File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]
- Parameters differences:
--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer].orig
+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.timer]
+ notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.timer (nrpe2nodexp-ferm_active.timer)]
+ ensure => absent
+ group => root
+ owner => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/nrpe2nodexp-ferm_active.timer.orig
+++ /lib/systemd/system/nrpe2nodexp-ferm_active.timer
@@ -0,0 +1,14 @@
+[Unit]
+Description=Periodic execution of nrpe2nodexp-ferm_active.service
+
+[Timer]
+Unit=nrpe2nodexp-ferm_active.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnUnitInactiveSec=1min
+OnActiveSec=1s
+RandomizedDelaySec=60
+FixedRandomDelay=true
+
+[Install]
+WantedBy=multi-user.target
- Monitoring::Exported_nagios_service[pki1002 ferm_active]
- Parameters differences:
--- Monitoring::Exported_nagios_service[pki1002 ferm_active].orig
+++ Monitoring::Exported_nagios_service[pki1002 ferm_active]
+ passive_checks_enabled => 1
+ ensure => absent
+ host_name => pki1002
+ check_command => nrpe_check!check_ferm_active!10
+ check_period => 24x7
+ notifications_enabled => 1
+ notification_period => 24x7
+ active_checks_enabled => 1
+ service_description => Check whether ferm is active by checking the default input chain
+ notification_interval => 0
+ is_volatile => 0
+ check_interval => 1
+ max_check_attempts => 3
+ servicegroups => pki_eqiad
+ retry_interval => 1
+ notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
+ check_freshness => 0
+ contact_groups => admins
+ notification_options => c,r,f
- Systemd::Timer[nrpe2nodexp-ferm_active]
- Parameters differences:
--- Systemd::Timer[nrpe2nodexp-ferm_active].orig
+++ Systemd::Timer[nrpe2nodexp-ferm_active]
+ accuracy => 15sec
+ ensure => absent
+ fixed_random_delay => True
+ unit_name => nrpe2nodexp-ferm_active.service
+ splay => 60
+ timer_intervals => [{'start': 'OnUnitInactiveSec', 'interval': '1min'}, {'interval': '1s', 'start': 'OnActiveSec'}]
- Systemd::Timer::Job[nrpe2nodexp-ferm_active]
- Parameters differences:
--- Systemd::Timer::Job[nrpe2nodexp-ferm_active].orig
+++ Systemd::Timer::Job[nrpe2nodexp-ferm_active]
+ logfile_group => root
+ ensure => absent
+ description => execution of nrpe2nodexp for the check_ferm_active command.
+ command => /usr/local/bin/nrpe2nodexp --alert-rule-hash "0a49a83c39a62ff3ce80e7146072d174" --timeout 10 --check-command "check_ferm_active"
+ send_mail_to => root@pki1002.eqiad.wmnet
+ interval => [{'start': 'OnUnitInactiveSec', 'interval': '1min'}]
+ splay => 60
+ user => nagios
+ logging_enabled => False
+ syslog_match_startswith => True
+ logfile_perms => all
+ send_mail_only_on_error => True
+ monitoring_contact_groups => admins
+ private_tmp => False
+ logfile_basedir => /var/log
+ success_exit_status => []
+ logfile_name => syslog.log
+ syslog_identifier => nrpe2nodexp-ferm_active
+ syslog_force_stop => True
+ fixed_random_delay => True
+ send_mail => False
+ monitoring_enabled => False
+ ignore_errors => True
+ group => prometheus-node-exporter
+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ environment => {}
- Sudo::User[nrpe-check_ferm_active]
- Parameters differences:
--- Sudo::User[nrpe-check_ferm_active].orig
+++ Sudo::User[nrpe-check_ferm_active]
+ ensure => absent
+ privileges => []
+ user => nagios
+ require => ['Class[Sudo]']
+ tag => nrpe::check
- File[/etc/sudoers.d/nrpe-check_ferm_active]
- Parameters differences:
--- File[/etc/sudoers.d/nrpe-check_ferm_active].orig
+++ File[/etc/sudoers.d/nrpe-check_ferm_active]
+ group => root
+ ensure => absent
+ require => Package[nagios-nrpe-server]
+ owner => root
- File[/etc/nagios/nrpe.d/check_ferm_active.cfg]
- Parameters differences:
--- File[/etc/nagios/nrpe.d/check_ferm_active.cfg].orig
+++ File[/etc/nagios/nrpe.d/check_ferm_active.cfg]
+ notify => Service[nagios-nrpe-server]
+ ensure => absent
+ group => root
+ tag => nrpe::check
+ require => Package[nagios-nrpe-server]
+ owner => root
+ mode => 0444
- Content differences:
--- /etc/nagios/nrpe.d/check_ferm_active.cfg.orig
+++ /etc/nagios/nrpe.d/check_ferm_active.cfg
@@ -0,0 +1,2 @@
+# File generated by puppet. DO NOT edit by hand
+command[check_ferm_active]=
- File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]
- Parameters differences:
--- File[/lib/systemd/system/nrpe2nodexp-ferm_active.service].orig
+++ File[/lib/systemd/system/nrpe2nodexp-ferm_active.service]
+ notify => Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
+ ensure => absent
+ group => root
+ owner => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/nrpe2nodexp-ferm_active.service.orig
+++ /lib/systemd/system/nrpe2nodexp-ferm_active.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=execution of nrpe2nodexp for the check_ferm_active command.
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=nagios
+
+Group=prometheus-node-exporter
+SyslogIdentifier=nrpe2nodexp-ferm_active
+ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash "0a49a83c39a62ff3ce80e7146072d174" --timeout 10 --check-command "check_ferm_active"
- File[/var/lib/prometheus/node.d/check_ferm_active.prom]
- Parameters differences:
--- File[/var/lib/prometheus/node.d/check_ferm_active.prom].orig
+++ File[/var/lib/prometheus/node.d/check_ferm_active.prom]
+ group => root
+ ensure => absent
+ owner => root
- Monitoring::Service[ferm_active]
- Parameters differences:
--- Monitoring::Service[ferm_active].orig
+++ Monitoring::Service[ferm_active]
+ check_interval => 1
+ ensure => absent
+ passive => False
+ description => Check whether ferm is active by checking the default input chain
+ critical => False
+ config_dir => /etc/nagios
+ contact_group => admins
+ retry_interval => 1
+ migration_task => T321808
+ freshness => 36000
+ check_command => nrpe_check!check_ferm_active!10
+ host => pki1002
+ notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/check_ferm
+ retries => 3
- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-ferm_active.service (nrpe2nodexp-ferm_active.service)]
+ refreshonly => True
+ command => /bin/systemctl daemon-reload