docker-compose.yml

@@ -12,7 +12,7 @@ services:
     build:
       dockerfile: Dockerfile
     container_name: nagios
-    image: docker-registry1.in.thelinuxpro.net:5000/tlp/nagios:241230.0.2
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/nagios:241230.0.1
     networks:
       infra_dev_net:
         ipv4_address: 10.99.23.36

nrpe/etc/nagios/nrpe_pi501.cfg

@@ -1,39 +1,24 @@
 command[check_docker_container_status_ns1]=/usr/lib/nagios/plugins/check_docker --status running --containers ns1
 command[check_docker_container_cpu_ns1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers ns1
 command[check_docker_container_memory_ns1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers ns1
-
 command[check_docker_container_status_gitea]=/usr/lib/nagios/plugins/check_docker --status running --containers gitea 
 command[check_docker_container_cpu_gitea]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers gitea
 command[check_docker_container_memory_gitea]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers gitea 
-
 command[check_docker_container_status_gitea-db-1]=/usr/lib/nagios/plugins/check_docker --status running --containers gitea-db-1 
 command[check_docker_container_cpu_gitea-db-1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers gitea-db-1
 command[check_docker_container_memory_gitea-db-1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers gitea-db-1
-
 command[check_docker_container_status_docker-registry1]=/usr/lib/nagios/plugins/check_docker --status running --containers docker-registry1
 command[check_docker_container_cpu_docker-registry1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers docker-registry1
 command[check_docker_container_memory_docker-registry1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers docker-registry1
-
 command[check_docker_container_status_thelinux_pro]=/usr/lib/nagios/plugins/check_docker --status running --containers thelinux_pro
 command[check_docker_container_cpu_thelinux_pro]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers thelinux_pro
 command[check_docker_container_memory_thelinux_pro]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers thelinux_pro
-
-command[check_docker_container_status_nginx-certbot-nginx-1]=/usr/lib/nagios/plugins/check_docker --status running --containers nginx-certbot-nginx-1
-command[check_docker_container_cpu_nginx-certbot-nginx-1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers nginx-certbot-nginx-1
-command[check_docker_container_memory_nginx-certbot-nginx-1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers nginx-certbot-nginx-1
-
-command[check_docker_container_status_nginx-certbot-certbot-1]=/usr/lib/nagios/plugins/check_docker --status running --containers nginx-certbot-certbot-1
-command[check_docker_container_cpu_nginx-certbot-certbot-1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers nginx-certbot-certbot-1
-command[check_docker_container_memory_nginx-certbot-certbot-1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers nginx-certbot-certbot-1
-
 command[check_docker_container_status_pihole1]=/usr/lib/nagios/plugins/check_docker --status running --containers pihole1
 command[check_docker_container_cpu_pihole1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers pihole1
 command[check_docker_container_memory_pihole1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers pihole1
-
 command[check_docker_container_status_kameronkenny_com_web1]=/usr/lib/nagios/plugins/check_docker --status running --containers kameronkenny.com_web1
 command[check_docker_container_cpu_kameronkenny_com_web1]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers kameronkenny.com_web1
 command[check_docker_container_memory_kameronkenny_com_web1]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers kameronkenny.com_web1
-
 command[check_docker_container_status_jenkins]=/usr/lib/nagios/plugins/check_docker --status running --containers jenkins
 command[check_docker_container_cpu_jenkins]=/usr/lib/nagios/plugins/check_docker --cpu 90:95 --containers jenkins
 command[check_docker_container_memory_jenkins]=/usr/lib/nagios/plugins/check_docker --memory 90:95:% --containers jenkins

overlay/opt/nagios/etc/nagios.cfg

@@ -26,14 +26,14 @@ log_file=/opt/nagios/var/nagios.log
 # if you wish (as shown below), or keep them all in a single config file.
 
 # You can specify individual object config files as shown below:
-#cfg_file=/opt/nagios/etc/objects/000-commands.cfg
+cfg_file=/opt/nagios/etc/objects/commands.cfg
-#cfg_file=/opt/nagios/etc/objects/contacts.cfg
+cfg_file=/opt/nagios/etc/objects/contacts.cfg
-#cfg_file=/opt/nagios/etc/objects/timeperiods.cfg
+cfg_file=/opt/nagios/etc/objects/timeperiods.cfg
-#cfg_file=/opt/nagios/etc/objects/001-templates.cfg
+cfg_file=/opt/nagios/etc/objects/templates.cfg
 
 # Definitions for monitoring the local (Linux) host
-#cfg_file=/opt/nagios/etc/objects/localhost.cfg
+cfg_file=/opt/nagios/etc/objects/localhost.cfg
-#cfg_file=/opt/nagios/etc/objects/101-docker-hosts.cfg
+cfg_file=/opt/nagios/etc/objects/docker-hosts.cfg
 
 # Definitions for monitoring a Windows machine
 #cfg_file=/opt/nagios/etc/objects/windows.cfg
@@ -49,7 +49,7 @@ log_file=/opt/nagios/var/nagios.log
 # extension) in a particular directory by using the cfg_dir
 # directive as shown below:
 
-cfg_dir=/opt/nagios/etc/objects
+#cfg_dir=/opt/nagios/etc/objects
 
 #cfg_dir=/opt/nagios/etc/servers
 #cfg_dir=/opt/nagios/etc/printers

overlay/opt/nagios/etc/objects/000-commands.cfg

@@ -152,11 +152,6 @@ define command{
         command_line    $USER1$/check_http -S -I $HOSTADDRESS$ -H $HOSTNAME$
         }
 
-define command{
-	command_name	check_ssl_cert
-	command_line	$USER1$/check_ssl_certificate -a "-servername $HOSTNAME$" -H $HOSTADDRESS$ -w 21 -c 7
-	}
-
 # 'check_ssh' command definition
 define command{
 	command_name	check_ssh

overlay/opt/nagios/etc/objects/302-web-services-hostgroup.cfg

@@ -12,10 +12,3 @@ define service{
 	service_description	HTTPS
 	check_command		check_https
 }
-
-define service{
-	use			generic-service,graphed-service
-	hostgroup_name		web-hosts
-	service_description	SSL Certificate
-	check_command		check_ssl_cert
-}

overlay/opt/nagios/etc/objects/401-docker-services.cfg

@@ -1,6 +1,4 @@
 ### Service Definitions per docker host
-
-## PI501
 define service{
 	use			local-service,graphed-service
 	host_name		pi501.in.thelinuxpro.net
@@ -44,7 +42,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: ns1
 	check_command		check_nrpe!check_docker_container_memory_ns1
-	register		0
 }
 
 define service{
@@ -66,7 +63,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: gitea
 	check_command		check_nrpe!check_docker_container_memory_gitea
-	register		0
 }
 
 define service{
@@ -88,7 +84,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: gitea-db-1
 	check_command		check_nrpe!check_docker_container_memory_gitea-db-1
-	register		0
 }
 
 define service{
@@ -110,7 +105,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: docker-registry1
 	check_command		check_nrpe!check_docker_container_memory_docker-registry1
-	register		0
 }
 
 define service{
@@ -132,51 +126,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: thelinux_pro
 	check_command		check_nrpe!check_docker_container_memory_thelinux_pro
-	register		0
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container Status: nginx-certbot-nginx-1
-	check_command		check_nrpe!check_docker_container_status_nginx-certbot-nginx-1
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container CPU: nginx-certbot-nginx-1
-	check_command		check_nrpe!check_docker_container_cpu_nginx-certbot-nginx-1
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container Memory: nginx-certbot-nginx-1
-	check_command		check_nrpe!check_docker_container_memory_nginx-certbot-nginx-1
-	register		0
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container Status: nginx-certbot-certbot-1
-	check_command		check_nrpe!check_docker_container_status_nginx-certbot-certbot-1
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container CPU: nginx-certbot-certbot-1
-	check_command		check_nrpe!check_docker_container_cpu_nginx-certbot-certbot-1
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container Memory: nginx-certbot-certbot-1
-	check_command		check_nrpe!check_docker_container_memory_nginx-certbot-certbot-1
-	register		0
 }
 
 define service{
@@ -198,7 +147,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: pihole1
 	check_command		check_nrpe!check_docker_container_memory_pihole1
-	register		0
 }
 
 define service{
@@ -220,7 +168,6 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: kameronkenny_com_web1
 	check_command		check_nrpe!check_docker_container_memory_kameronkenny_com_web1
-	register		0
 }
 
 define service{
@@ -242,24 +189,8 @@ define service{
 	host_name		pi501.in.thelinuxpro.net
 	service_description	Container Memory: jenkins
 	check_command		check_nrpe!check_docker_container_memory_jenkins
-	register		0
 }
 
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container Status: kameronkenny.com_web1
-	check_command		check_nrpe!check_docker_container_status_kameronkenny.com_web1
-}
-
-define service{
-	use			local-service,graphed-service
-	host_name		pi501.in.thelinuxpro.net
-	service_description	Container CPU: kameronkenny.com_web1
-	check_command		check_nrpe!check_docker_container_cpu_kameronkenny.com_web1
-}
-
-## PI502
 define service{
 	use			local-service,graphed-service
 	host_name		pi502.in.thelinuxpro.net
@@ -279,7 +210,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: ns2
 	check_command		check_nrpe!check_docker_container_memory_ns2
-	register		0
 }
 
 define service{
@@ -301,7 +231,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: blackbox-exporter
 	check_command		check_nrpe!check_docker_container_memory_blackbox-exporter
-	register		0
 }
 
 define service{
@@ -323,7 +252,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: grafana
 	check_command		check_nrpe!check_docker_container_memory_grafana
-	register		0
 }
 
 define service{
@@ -345,7 +273,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: pihole-exporter
 	check_command		check_nrpe!check_docker_container_memory_pihole-exporter
-	register		0
 }
 
 define service{
@@ -367,7 +294,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: unpoller
 	check_command		check_nrpe!check_docker_container_memory_unpoller
-	register		0
 }
 
 define service{
@@ -389,7 +315,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: pihole2
 	check_command		check_nrpe!check_docker_container_memory_pihole2
-	register		0
 }
 
 define service{
@@ -411,7 +336,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: prometheus
 	check_command		check_nrpe!check_docker_container_memory_prometheus
-	register		0
 }
 
 define service{
@@ -433,7 +357,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: syslog-ng
 	check_command		check_nrpe!check_docker_container_memory_syslog-ng
-	register		0
 }
 
 define service{
@@ -455,7 +378,6 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: telegraf
 	check_command		check_nrpe!check_docker_container_memory_telegraf
-	register		0
 }
 
 define service{
@@ -477,10 +399,8 @@ define service{
 	host_name		pi502.in.thelinuxpro.net
 	service_description	Container Memory: influxdb_telegraf-influxdb-1
 	check_command		check_nrpe!check_docker_container_memory_influxdb_telegraf-influxdb-1
-	register		0
 }
 
-## PI503
 define service{
 	use			local-service,graphed-service
 	host_name		pi503.in.thelinuxpro.net
@@ -500,6 +420,5 @@ define service{
 	host_name		pi503.in.thelinuxpro.net
 	service_description	Container Memory: nagios
 	check_command		check_nrpe!check_docker_container_memory_nagios
-	register		0
 }
 

overlay/opt/nagios/libexec/check_ssl_certificate

@@ -1,199 +0,0 @@
-#!/usr/bin/perl -w
-#
-# check_ssl_certificate
-#   Nagios script to check ssl certificate expirations
-#
-# Copyright (c) 2006-2008 David Alden <alden@math.ohio-state.edu>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-#
-#
-# Changes:
-#   10/30/2008 dja <alden@math.ohio-state.edu>
-#      - fixed a bug which caused it to not deal with certs that expire
-#        on a single digit day (thanks to Christian Sava, Kyle Smith &
-#        Raphael Berlamont)
-#
-#   10/09/2007 dja <alden@math.ohio-state.edu>
-#      - fixed a bug which caused it to improperly report expired certs
-#        (thanks to Hassan Alusesi for pointing this out)
-#      - no longer use temporary files or Date::Manip
-#        (thanks to tommybobbins on NagiosExchange)
-#      - added the printing of the Common Name (CN) if verbose is specified
-#        (thanks to mp72 on NagiosExchange)
-#
-#
-# Description:
-#   This script will check if an SSL certificate is going to expire.  For
-# example, to check the IMAP certificate on an imaps port:
-#
-# check_ssl_certificate -H 1.1.1.1 -p 993
-#
-#
-# Installation:
-#   Edit this script, replacing the line:
-#       use lib "/usr/lib/nagios/plugins";
-#   with the path to your nagios plugins directory (where utils.pm is
-#   located).  Also edit the line:
-#       my $openssl = "/usr/bin/openssl";
-#   with the path to your openssl binary.  Then copy the script into
-#   your nagios plugins directory.
-#
-#
-use strict;
-use Time::Local;
-use Getopt::Long;
-use lib "/usr/lib64/nagios/plugins";
-use utils qw(%ERRORS &print_revision &support &usage);
-
-my $PROGNAME="check_ssl_certificates";
-my $REVISION="1.2";
-
-#
-$ENV{PATH}="/usr/sbin:/usr/bin:/bin";
-
-#
-my $openssl = "/usr/bin/openssl";
-
-my $critical = 7;
-my $help;
-my $host;
-my $port = 443;
-my $additional = '';
-my $verbose;
-my $version;
-my $warning = 30;
-
-#
-my %months = ('Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4,
-	      'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9,
-	      'Nov' => 10, 'Dec' => 11);
-
-#
-Getopt::Long::Configure('bundling');
-if (GetOptions(
-	       "a=s" => \$additional,
-	       "c:s" => \$critical,
-	       "h"   => \$help,
-	       "H:s" => \$host,
-	       "o=s" => \$openssl,
-	       "p=i" => \$port,
-	       "v"   => \$verbose,
-	       "V"   => \$version,
-	       "w:s" => \$warning,
-	      ) == 0) {
-
-  print_usage();
-  exit $ERRORS{'UNKNOWN'}
-}
-
-if ($version) {
-  print_revision($PROGNAME, "\$Revision: $REVISION \$");
-  exit $ERRORS{'OK'};
-}
-
-if ($help) {
-  print_help();
-  exit $ERRORS{'OK'};
-}
-
-if (! utils::is_hostname($host)) {
-  usage("");
-  exit $ERRORS{'UNKNOWN'};
-}
-
-open(OPENSSL, "$openssl s_client -connect $host:$port $additional < /dev/null 2>&1 | $openssl x509 -enddate -noout |") ||
-  die "unable to open $openssl: $!";
-
-my $date;
-while (<OPENSSL>) {
-  if ($_ =~ /^notAfter=(.*)/) {
-    $date = $1;
-    chomp($date);
-#    last;
-  }
-}
-close(OPENSSL);
-
-$date =~ s/ +/ /g;
-
-my ($month, $day, $hour, $min, $sec, $year, $tz) = split(/[\s+|:]/, $date);
-print "m=$month, d=$day, h=$hour, m=$min, s=$sec, y=$year, z=$tz\n";
-
-my $daysLeft = int((timegm($sec, $min, $hour, $day, $months{$month}, $year - 1900) - time()) / 86400);
-
-my $cn="this certificate";
-if ($verbose) {
-
-  open(OPENSSL, "$openssl s_client -connect $host:$port $additional < /dev/null 2>&1 |") ||
-    die "unable to open $openssl: $!";
-
-  while (<OPENSSL>) {
-    next unless $_ =~ /Certificate chain/;
-
-    while (<OPENSSL>) {
-      next unless $_ =~ /CN=(.*)/;
-      ($cn) = split(/\//, $1);
-      $cn .= "[$host]" if ($cn ne $host);
-      last;
-    }
-  }
-}
-
-if ($daysLeft < 0) {
-  print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
-} elsif ($daysLeft <= $critical) {
-  print "$PROGNAME: CRITICAL - only $daysLeft day(s) left for $cn.\n";
-  exit $ERRORS{'CRITICAL'};
-} elsif ($daysLeft <= $warning) {
-  print "$PROGNAME: WARNING - only $daysLeft day(s) left for $cn.\n";
-  exit $ERRORS{'WARNING'};
-} elsif ($verbose) {
-  print "$PROGNAME: $daysLeft day(s) left for $cn.\n";
-}
-
-exit $ERRORS{'OK'};
-
-sub print_help {
-  print_revision($PROGNAME, "\$Revision: $REVISION \$");
-  print "Copyright (c) 2006 David Alden
-
-Check if an SSL certificate is close to expiring
-
-";
-
-  print_usage();
-
-  print "
--a <add>   add the text to the openssl line, used for checking the smtp ssl
-           certificate with starttls (\"-a '-starttls smtp'\")
--c <num>   exit with CRITICAL status if number of days left is less than <num>
--h         show this help script
--H <host>  check the certificate on the indicated host
--o <path>  path to openssl binary
--p <port>  check the certificate on the specified port
--w <num>   exit with WARNING status if number of days left is less than <num>
--v         show the number of days left
--V         show version and license information
-";
-
-  support();
-}
-
-
-sub print_usage {
-  print "Usage: $PROGNAME -H <host> [-p <port>] [-c <low>:<high>] [-w <low>:<high>]\n";
-  return();
-}