zones.d/master/services.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

template Service "generic-network-service" {
	import "generic-service"
	zone = "master"
}

/**
 * Basic node health checks
 */

apply Service "ping4" {
	import "generic-network-service"

	check_command = "ping4"

	assign where host.address
}

apply Service "ping6" {
	import "generic-network-service"

	check_command = "ping6"

	assign where host.address6
}

apply Service "ssh" {
	import "generic-network-service"

	check_command = "ssh"

	vars.ssh_port = host.vars.ssh_port || 222

	assign where (host.address || host.address6) && host.vars.kernel == "linux"
}

/**
 * Network Service checks
 */

apply Service "dns-" for (dns_zone => config in host.vars.dns_zones) {
	import "generic-network-service"

	check_command = "dig"

	vars += {
		dig_server = host.address || host.address6
		dig_lookup = dns_zone
		dig_warning = 0.1s
		dig_critical = 0.15s
	}
	vars += config
}

apply Service "ssh-" for (name => config in host.vars.extra_sshd) {
	import "generic-network-service"

	check_command = "ssh"

	vars += config
}

template Service "http" {
	import "generic-network-service"

	check_command = "http"

	vars += {
		http_vhost = http_vhost
		http_sni = true
		http_warn_time = 0.2s
		http_critical_time = 0.3s
	}
	vars += config
}

apply Service "https-" for (http_vhost => config in host.vars.http_vhosts) {
	import "http"

	vars.http_ssl = true
}

apply Service "https-cert-" for (http_vhost => config in host.vars.http_vhosts) {
	import "http"

	vars.http_certificate = "25,10"
}