From e3c3a3dc844a394fc6c016700dcf8ea73aa16728 Mon Sep 17 00:00:00 2001
From: Vincent SELLIER <vincent.sellier@softwareheritage.org>
Date: Tue, 9 Feb 2021 09:24:24 +0100
Subject: [PATCH] icinga: monitor puppet agent activation

Raise a warning if puppet is disabled for 4h and a critical alert
if it's disabled for more than 24h

Related to T2566
---
 .../manifests/icinga2/objects/common_checks.pp   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/site-modules/profile/manifests/icinga2/objects/common_checks.pp b/site-modules/profile/manifests/icinga2/objects/common_checks.pp
index 27aef79b8..72aceaea1 100644
--- a/site-modules/profile/manifests/icinga2/objects/common_checks.pp
+++ b/site-modules/profile/manifests/icinga2/objects/common_checks.pp
@@ -79,4 +79,20 @@ class profile::icinga2::objects::common_checks {
     ignore           => ['-:"check_journal" !in host.vars.plugins', 'host.vars.noagent'],
     target           => '/etc/icinga2/zones.d/global-templates/services.conf',
   }
+
+  ::icinga2::object::service {'puppet_agent':
+    import           => ['generic-service'],
+    apply            => true,
+    check_command    => 'file_age',
+    command_endpoint => 'host.name',
+    vars             => {
+      file_age_file           => '/var/lib/puppet/state/agent_disabled.lock',
+      file_age_warning_time   => '240', # warning after 4h
+      file_age_critical_time  => '1440', # critical after 24h
+      file_age_ignore_missing => 'true',
+    },
+    assign           => ['host.vars.os == Linux'],
+    ignore           => ['host.vars.noagent'],
+    target           => '/etc/icinga2/zones.d/global-templates/services.conf',
+  }
 }
-- 
GitLab