Non-critical systems are those that are managed by the infrastructure administrator team.
consider whether a central MySQL service should be setup
Many containers contain their own instance of MySQL. It might be a better idea to centralize the MySQL setups in a single container.
consider whether a central PostgreSQL service should be setup
setup a central syslog service and install syslog clients in each container
Setup package update monitoring for a new container
For Icinga to be able to check the update status of packages on you server you need to install NRPE, a helper service. Install the necessary packages:
sudo aptitude install nagios-plugins-basic nagios-nrpe-server
Put Monitor on the list of allowed hosts to access the NRPE
service by adding the following line to
Tell the NRPE service that there is such a thing as the check_apt command by
creating the file
/etc/nagios/nrpe.d/apt.cfg with the following
# 'check_apt' command definition command[check_apt]=/usr/lib/nagios/plugins/check_apt # 'check_apt_distupgrade' command definition command[check_apt_distupgrade]=/usr/lib/nagios/plugins/check_apt -d
Restart the NRPE service:
sudo service nagios-nrpe-server restart
Check that everything went well by going to https://monitor.cacert.org/, going to the APT service on the host and clicking “Re-schedule the next check of this service”. Make sure that “Force Check” is checked and click “Commit”. Now you should see a page with a green background. If not something went wrong, please contact the Monitor administrators with the details.
That’s it, now the package update status should be properly displayed in Icinga.
All containers should be monitored by Monitor and should therefore have icinga2 installed and managed via Puppet (older systems without Puppet have nagios-nrpe-server installed)
All containers should use etckeeper to put their local setup into version control. All local setup should use
/etcto make sure it is handled by etckeeper
All infrastructure systems must send their mail via Emailout
All infrastructure systems should have an firstname.lastname@example.org alias to reach their admins
document how to setup the system-admin alias on the email system