--- Prometheus::Alert::Rule[check_check_security_group_default_to_project_trove_status_f44247532d2c83470598bd50afba5d68].orig
+++ Prometheus::Alert::Rule[check_check_security_group_default_to_project_trove_status_f44247532d2c83470598bd50afba5d68]
+ severity => info
+ def_label_whitelst => ['team', 'severity']
+ instance => ops
+ site => codfw
+ group => nrpechecks
+ runbook => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ dashboard => TODO
+ alert_name => nrpe_Check_unit_status_of_security_group_default_to_project_trove
+ logs => https://logstash.wikimedia.org/app/dashboards#/view/2d343ac0-6df8-11f0-8e08-7fab0da52b33?_g=(filters:!((query:(match_phrase:(event.module:check_check_security_group_default_to_project_trove_status))),(query:(match_phrase:(host.name:{{$labels.instance|stripPort}})))))
+ description => NRPE CHECK: Check unit status of security_group_default_to_project_trove
+ expr => (nagios_nrpe_check_result{alert_rule_hash="f44247532d2c83470598bd50afba5d68",check_name="check_check_security_group_default_to_project_trove_status", status=~"(WARNING|CRITICAL)", severity=~"(warning|critical)"} > 0) * on (instance) group_left (team) role_owner
+ ensure => absent
+ for => 11m
+ team => observability
+ summary => NRPE CHECK: Check unit status of security_group_default_to_project_trove
File[/etc/logrotate.d/security_group_default_to_project_trove]
- Parameters differences:
--- File[/etc/logrotate.d/security_group_default_to_project_trove].orig
+++ File[/etc/logrotate.d/security_group_default_to_project_trove]
+ group => root
+ owner => root
+ mode => 0444
+ ensure => present
- Content differences:
--- /etc/logrotate.d/security_group_default_to_project_trove.orig
+++ /etc/logrotate.d/security_group_default_to_project_trove
@@ -0,0 +1,12 @@
+# logrotate(8) config for security_group_default_to_project_trove
+
+/var/log/security_group_default_to_project_trove/*.log {
+ daily
+ copytruncate
+ missingok
+ compress
+ delaycompress
+ notifempty
+ rotate 15
+ size 256M
+}
- Exec[systemd daemon-reload for security_group_default_to_project_trove.service (security_group_default_to_project_trove.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for security_group_default_to_project_trove.service (security_group_default_to_project_trove.service)].orig
+++ Exec[systemd daemon-reload for security_group_default_to_project_trove.service (security_group_default_to_project_trove.service)]
+ refreshonly => True
+ command => /bin/systemctl daemon-reload
- Nrpe::Check[check_check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Nrpe::Check[check_check_security_group_default_to_project_trove_status].orig
+++ Nrpe::Check[check_check_security_group_default_to_project_trove_status]
+ before => Monitoring::Service[check_security_group_default_to_project_trove_status]
+ ensure => present
+ command => /usr/local/lib/nagios/plugins/check_systemd_unit_status security_group_default_to_project_trove
- Logrotate::Conf[security_group_default_to_project_trove]
- Parameters differences:
--- Logrotate::Conf[security_group_default_to_project_trove].orig
+++ Logrotate::Conf[security_group_default_to_project_trove]
+ ensure => present
- File[/var/log/security_group_default_to_project_trove]
- Parameters differences:
--- File[/var/log/security_group_default_to_project_trove].orig
+++ File[/var/log/security_group_default_to_project_trove]
+ backup => False
+ owner => root
+ force => True
+ ensure => directory
+ group => root
+ mode => 0755
- File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]
- Parameters differences:
--- File[/usr/local/lib/nagios/plugins/check_systemd_unit_status].orig
+++ File[/usr/local/lib/nagios/plugins/check_systemd_unit_status]
+ owner => root
+ ensure => file
+ group => root
+ source => puppet:///modules/systemd/check_systemd_unit_status
+ mode => 0555
+ tag => nrpe::plugin
+ require => File[/usr/local/lib/nagios/plugins/]
- Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
- Parameters differences:
--- Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer].orig
+++ Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
+ override => False
+ restart => False
+ unit => nrpe2nodexp-check_security_group_default_to_project_trove_status.timer
+ ensure => absent
+ override_filename => puppet-override.conf
+ require => ['Class[Systemd]']
- Systemd::Service[security_group_default_to_project_trove]
- Parameters differences:
--- Systemd::Service[security_group_default_to_project_trove].orig
+++ Systemd::Service[security_group_default_to_project_trove]
+ monitoring_contact_group => admins
+ override => False
+ service_params => {}
+ migration_task => T407130
+ require => Systemd::Unit[security_group_default_to_project_trove.service]
+ restart => False
+ ensure => present
+ monitoring_enabled => False
+ unit_type => timer
+ monitoring_critical => False
- File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
- Parameters differences:
--- File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.timer].orig
+++ File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
+ owner => root
+ notify => Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.timer (nrpe2nodexp-check_security_group_default_to_project_trove_status.timer)]
+ ensure => absent
+ group => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.timer.orig
+++ /lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.timer
@@ -0,0 +1,14 @@
+[Unit]
+Description=Periodic execution of nrpe2nodexp-check_security_group_default_to_project_trove_status.service
+
+[Timer]
+Unit=nrpe2nodexp-check_security_group_default_to_project_trove_status.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnUnitInactiveSec=5min
+OnActiveSec=1s
+RandomizedDelaySec=300
+FixedRandomDelay=true
+
+[Install]
+WantedBy=multi-user.target
- File[/etc/rsyslog.d/25-nrpe2nodexp-check-security-group-default-to-project-trove-status.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/25-nrpe2nodexp-check-security-group-default-to-project-trove-status.conf].orig
+++ File[/etc/rsyslog.d/25-nrpe2nodexp-check-security-group-default-to-project-trove-status.conf]
+ owner => root
+ notify => Service[rsyslog]
+ ensure => absent
+ group => root
+ mode => 0444
- Content differences:
--- /etc/rsyslog.d/25-nrpe2nodexp-check-security-group-default-to-project-trove-status.conf.orig
+++ /etc/rsyslog.d/25-nrpe2nodexp-check-security-group-default-to-project-trove-status.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+if $programname contains "nrpe2nodexp-check_security_group_default_to_project_trove_status" then {
+ if ($msg contains "\"ecs.version\": \"1.7.0\"") then {
+ # Send logs to kafka
+ set $.log_outputs = "kafka ecs_170 local";
+ } else {
+ # Filter out non-relevant nrpe2nodexp messages
+ stop
+ }
+}
- Rsyslog::Conf[security_group_default_to_project_trove]
- Parameters differences:
--- Rsyslog::Conf[security_group_default_to_project_trove].orig
+++ Rsyslog::Conf[security_group_default_to_project_trove]
+ require => File[/var/log/security_group_default_to_project_trove]
+ mode => 0444
+ priority => 40
+ ensure => present
- File[/lib/systemd/system/security_group_default_to_project_trove.timer]
- Parameters differences:
--- File[/lib/systemd/system/security_group_default_to_project_trove.timer].orig
+++ File[/lib/systemd/system/security_group_default_to_project_trove.timer]
+ owner => root
+ notify => Exec[systemd daemon-reload for security_group_default_to_project_trove.timer (security_group_default_to_project_trove.timer)]
+ ensure => present
+ group => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/security_group_default_to_project_trove.timer.orig
+++ /lib/systemd/system/security_group_default_to_project_trove.timer
@@ -0,0 +1,12 @@
+[Unit]
+Description=Periodic execution of security_group_default_to_project_trove.service
+
+[Timer]
+Unit=security_group_default_to_project_trove.service
+# Accuracy sets the maximum time interval around the execution time we want to allow
+AccuracySec=15sec
+OnCalendar=*-*-* *:00/30:00
+RandomizedDelaySec=0
+
+[Install]
+WantedBy=multi-user.target
- File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.service]
- Parameters differences:
--- File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.service].orig
+++ File[/lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.service]
+ owner => root
+ notify => Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.service (nrpe2nodexp-check_security_group_default_to_project_trove_status.service)]
+ ensure => absent
+ group => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.service.orig
+++ /lib/systemd/system/nrpe2nodexp-check_security_group_default_to_project_trove_status.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=execution of nrpe2nodexp for the check_check_security_group_default_to_project_trove_status command.
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=nagios
+
+Group=prometheus-node-exporter
+SyslogIdentifier=nrpe2nodexp-check_security_group_default_to_project_trove_status
+ExecStart=-/usr/local/bin/nrpe2nodexp --alert-rule-hash "f44247532d2c83470598bd50afba5d68" --timeout 10 --check-command "check_check_security_group_default_to_project_trove_status"
- File[/var/lib/prometheus/node.d/check_check_security_group_default_to_project_trove_status.prom]
- Parameters differences:
--- File[/var/lib/prometheus/node.d/check_check_security_group_default_to_project_trove_status.prom].orig
+++ File[/var/lib/prometheus/node.d/check_check_security_group_default_to_project_trove_status.prom]
+ group => root
+ owner => root
+ ensure => absent
- Systemd::Timer[security_group_default_to_project_trove]
- Parameters differences:
--- Systemd::Timer[security_group_default_to_project_trove].orig
+++ Systemd::Timer[security_group_default_to_project_trove]
+ unit_name => security_group_default_to_project_trove.service
+ ensure => present
+ timer_intervals => [{'start': 'OnCalendar', 'interval': '*-*-* *:00/30:00'}]
+ fixed_random_delay => False
+ splay => 0
+ accuracy => 15sec
- File[/lib/systemd/system/security_group_default_to_project_trove.service]
- Parameters differences:
--- File[/lib/systemd/system/security_group_default_to_project_trove.service].orig
+++ File[/lib/systemd/system/security_group_default_to_project_trove.service]
+ owner => root
+ notify => Exec[systemd daemon-reload for security_group_default_to_project_trove.service (security_group_default_to_project_trove.service)]
+ ensure => present
+ group => root
+ mode => 0444
- Content differences:
--- /lib/systemd/system/security_group_default_to_project_trove.service.orig
+++ /lib/systemd/system/security_group_default_to_project_trove.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Apply security group default to project trove
+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/sbin/add-security-group-to-project --os-cloud novadmin --security-group-name default --project-id trove
+TimeoutStartSec=890
- Systemd::Timer::Job[nrpe2nodexp-check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Systemd::Timer::Job[nrpe2nodexp-check_security_group_default_to_project_trove_status].orig
+++ Systemd::Timer::Job[nrpe2nodexp-check_security_group_default_to_project_trove_status]
+ send_mail_only_on_error => True
+ syslog_match_startswith => True
+ environment => {}
+ group => prometheus-node-exporter
+ interval => [{'start': 'OnUnitInactiveSec', 'interval': '5min'}]
+ monitoring_contact_groups => admins
+ fixed_random_delay => True
+ splay => 300
+ logging_enabled => False
+ syslog_force_stop => True
+ description => execution of nrpe2nodexp for the check_check_security_group_default_to_project_trove_status command.
+ send_mail => False
+ command => /usr/local/bin/nrpe2nodexp --alert-rule-hash "f44247532d2c83470598bd50afba5d68" --timeout 10 --check-command "check_check_security_group_default_to_project_trove_status"
+ success_exit_status => []
+ send_mail_to => root@cloudcontrol2010-dev.codfw.wmnet
+ ignore_errors => True
+ logfile_group => root
+ logfile_basedir => /var/log
+ private_tmp => False
+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ logfile_name => syslog.log
+ logfile_perms => all
+ syslog_identifier => nrpe2nodexp-check_security_group_default_to_project_trove_status
+ ensure => absent
+ monitoring_enabled => False
+ user => nagios
- Service[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
- Parameters differences:
--- Service[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer].orig
+++ Service[nrpe2nodexp-check_security_group_default_to_project_trove_status.timer]
+ provider => systemd
+ before => ['Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.timer (nrpe2nodexp-check_security_group_default_to_project_trove_status.timer)]']
+ enable => False
+ ensure => stopped
- Class[Openstack::Apply_security_groups]
- Parameters differences:
--- Class[Openstack::Apply_security_groups].orig
+++ Class[Openstack::Apply_security_groups]
+ project_and_security_group => {'trove': 'default'}
+ ensure => present
- Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.service]
- Parameters differences:
--- Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.service].orig
+++ Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.service]
+ override => False
+ restart => False
+ unit => nrpe2nodexp-check_security_group_default_to_project_trove_status.service
+ ensure => absent
+ override_filename => puppet-override.conf
+ require => ['Class[Systemd]']
- Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.service (nrpe2nodexp-check_security_group_default_to_project_trove_status.service)]
- Parameters differences:
--- Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.service (nrpe2nodexp-check_security_group_default_to_project_trove_status.service)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.service (nrpe2nodexp-check_security_group_default_to_project_trove_status.service)]
+ refreshonly => True
+ command => /bin/systemctl daemon-reload
- File[/etc/rsyslog.d/40-security-group-default-to-project-trove.conf]
- Parameters differences:
--- File[/etc/rsyslog.d/40-security-group-default-to-project-trove.conf].orig
+++ File[/etc/rsyslog.d/40-security-group-default-to-project-trove.conf]
+ owner => root
+ notify => Service[rsyslog]
+ ensure => present
+ group => root
+ mode => 0444
- Content differences:
--- /etc/rsyslog.d/40-security-group-default-to-project-trove.conf.orig
+++ /etc/rsyslog.d/40-security-group-default-to-project-trove.conf
@@ -0,0 +1,10 @@
+# rsyslog.conf(5) configuration file for services.
+# This file is managed by Puppet.
+if $programname startswith "security_group_default_to_project_trove" then {
+ action(
+ type="omfile" file="/var/log/security_group_default_to_project_trove/syslog.log"
+ fileOwner="root" fileGroup="root"
+ fileCreateMode="0644"
+ )
+ & stop
+}
- Rsyslog::Conf[nrpe2nodexp-check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Rsyslog::Conf[nrpe2nodexp-check_security_group_default_to_project_trove_status].orig
+++ Rsyslog::Conf[nrpe2nodexp-check_security_group_default_to_project_trove_status]
+ mode => 0444
+ priority => 25
+ ensure => absent
- Systemd::Service[nrpe2nodexp-check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Systemd::Service[nrpe2nodexp-check_security_group_default_to_project_trove_status].orig
+++ Systemd::Service[nrpe2nodexp-check_security_group_default_to_project_trove_status]
+ monitoring_contact_group => admins
+ override => False
+ service_params => {}
+ migration_task => T407130
+ require => Systemd::Unit[nrpe2nodexp-check_security_group_default_to_project_trove_status.service]
+ restart => False
+ ensure => absent
+ monitoring_enabled => False
+ unit_type => timer
+ monitoring_critical => False
- Systemd::Unit[security_group_default_to_project_trove.service]
- Parameters differences:
--- Systemd::Unit[security_group_default_to_project_trove.service].orig
+++ Systemd::Unit[security_group_default_to_project_trove.service]
+ override => False
+ restart => False
+ unit => security_group_default_to_project_trove.service
+ ensure => present
+ override_filename => puppet-override.conf
+ require => ['Class[Systemd]']
- Service[security_group_default_to_project_trove.timer]
- Parameters differences:
--- Service[security_group_default_to_project_trove.timer].orig
+++ Service[security_group_default_to_project_trove.timer]
+ ensure => running
+ enable => True
+ provider => systemd
- Systemd::Monitor[security_group_default_to_project_trove]
- Parameters differences:
--- Systemd::Monitor[security_group_default_to_project_trove].orig
+++ Systemd::Monitor[security_group_default_to_project_trove]
+ contact_group => admins
+ migration_task => T407130
+ ensure => present
+ check_interval => 10
+ retries => 2
+ notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ critical => False
- Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.timer (nrpe2nodexp-check_security_group_default_to_project_trove_status.timer)]
- Parameters differences:
--- Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.timer (nrpe2nodexp-check_security_group_default_to_project_trove_status.timer)].orig
+++ Exec[systemd daemon-reload for nrpe2nodexp-check_security_group_default_to_project_trove_status.timer (nrpe2nodexp-check_security_group_default_to_project_trove_status.timer)]
+ refreshonly => True
+ command => /bin/systemctl daemon-reload
- Systemd::Unit[security_group_default_to_project_trove.timer]
- Parameters differences:
--- Systemd::Unit[security_group_default_to_project_trove.timer].orig
+++ Systemd::Unit[security_group_default_to_project_trove.timer]
+ override => False
+ restart => False
+ unit => security_group_default_to_project_trove.timer
+ ensure => present
+ override_filename => puppet-override.conf
+ require => ['Class[Systemd]']
- File[/etc/nagios/nrpe.d/check_check_security_group_default_to_project_trove_status.cfg]
- Parameters differences:
--- File[/etc/nagios/nrpe.d/check_check_security_group_default_to_project_trove_status.cfg].orig
+++ File[/etc/nagios/nrpe.d/check_check_security_group_default_to_project_trove_status.cfg]
+ owner => root
+ notify => Service[nagios-nrpe-server]
+ ensure => present
+ group => root
+ mode => 0444
+ tag => nrpe::check
+ require => Package[nagios-nrpe-server]
- Content differences:
--- /etc/nagios/nrpe.d/check_check_security_group_default_to_project_trove_status.cfg.orig
+++ /etc/nagios/nrpe.d/check_check_security_group_default_to_project_trove_status.cfg
@@ -0,0 +1,2 @@
+# File generated by puppet. DO NOT edit by hand
+command[check_check_security_group_default_to_project_trove_status]=/usr/local/lib/nagios/plugins/check_systemd_unit_status security_group_default_to_project_trove
- Sudo::User[nrpe-check_check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Sudo::User[nrpe-check_check_security_group_default_to_project_trove_status].orig
+++ Sudo::User[nrpe-check_check_security_group_default_to_project_trove_status]
+ privileges => []
+ ensure => absent
+ user => nagios
+ tag => nrpe::check
+ require => ['Class[Sudo]']
- Monitoring::Exported_nagios_service[cloudcontrol2010-dev check_security_group_default_to_project_trove_status]
- Parameters differences:
--- Monitoring::Exported_nagios_service[cloudcontrol2010-dev check_security_group_default_to_project_trove_status].orig
+++ Monitoring::Exported_nagios_service[cloudcontrol2010-dev check_security_group_default_to_project_trove_status]
+ check_period => 24x7
+ notification_options => c,r,f
+ max_check_attempts => 2
+ check_interval => 10
+ notification_interval => 0
+ notification_period => 24x7
+ notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ servicegroups => wmcs_codfw
+ contact_groups => admins
+ passive_checks_enabled => 1
+ active_checks_enabled => 1
+ service_description => Check unit status of security_group_default_to_project_trove
+ host_name => cloudcontrol2010-dev
+ retry_interval => 1
+ is_volatile => 0
+ check_freshness => 0
+ ensure => present
+ notifications_enabled => 0
+ check_command => nrpe_check!check_check_security_group_default_to_project_trove_status!10
- Nrpe::Plugin[check_systemd_unit_status]
- Parameters differences:
--- Nrpe::Plugin[check_systemd_unit_status].orig
+++ Nrpe::Plugin[check_systemd_unit_status]
+ source => puppet:///modules/systemd/check_systemd_unit_status
+ ensure => present
- Class[Profile::Openstack::Base::Cumin_access]
- Parameters differences:
--- Class[Profile::Openstack::Base::Cumin_access].orig
+++ Class[Profile::Openstack::Base::Cumin_access]
+ project_and_security_group_for_cumin_access => {'trove': 'default'}
- Systemd::Timer::Job[security_group_default_to_project_trove]
- Parameters differences:
--- Systemd::Timer::Job[security_group_default_to_project_trove].orig
+++ Systemd::Timer::Job[security_group_default_to_project_trove]
+ send_mail_only_on_error => True
+ syslog_match_startswith => True
+ environment => {}
+ interval => {'start': 'OnCalendar', 'interval': '*-*-* *:00/30:00'}
+ monitoring_contact_groups => admins
+ fixed_random_delay => False
+ require => ['File[/usr/local/sbin/add-security-group-to-project]']
+ logging_enabled => True
+ syslog_force_stop => True
+ description => Apply security group default to project trove
+ send_mail => False
+ command => /usr/local/sbin/add-security-group-to-project --os-cloud novadmin --security-group-name default --project-id trove
+ success_exit_status => []
+ send_mail_to => root@cloudcontrol2010-dev.codfw.wmnet
+ ignore_errors => False
+ logfile_group => root
+ logfile_basedir => /var/log
+ private_tmp => False
+ monitoring_notes_url => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state
+ logfile_name => syslog.log
+ logfile_perms => all
+ ensure => present
+ monitoring_enabled => True
+ user => root
+ max_runtime_seconds => 890