nagios: add checks for ssl certs on fcos and ocp4 endpoints, change to just checking proxy01

Add checks for ssl certs on fcos openshift endpoints.
Add checks for ocp4 wildcard certs.
Change check to only use proxy01/proxy01.stg instead of all proxies.
Ideally we really do want to check all proxies, but in practice this
results in like 70 alerts anytime the cert is going to expire.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/nagios_server/files/nagios/services/ssl.cfg

@@ -1,19 +1,19 @@
 define service {
-  hostgroup_name        proxies
+  hostgroup_name        oneproxy
   service_description   https-admin.fedoraproject.org
   check_command         check_ssl_cert!admin.fedoraproject.org!60
   use                   defaulttemplate
 }
 
 define service {
-  hostgroup_name        proxies
+  hostgroup_name        oneproxy
   service_description   https-fedoraproject.org-cert
   check_command         check_ssl_cert!fedoraproject.org!60
   use                   defaulttemplate
 }
 
 define service {
-  hostgroup_name        proxies
+  hostgroup_name        oneproxy
   service_description   https-translate.fedoraproject.org-cert
   check_command         check_ssl_cert!translate.fedoraproject.org!60
   use                   defaulttemplate
@@ -27,7 +27,7 @@ define service {
 }
 
 define service {
-  hostgroup_name        proxies
+  hostgroup_name        oneproxy
   service_description   https-whatcanidoforfedora-cert
   check_command         check_ssl_cert!whatcanidoforfedora.org!25
   use                   defaulttemplate
@@ -39,3 +39,51 @@ define service {
   check_command         check_ssl_cert!pagure.io!25
   use                   defaulttemplate
 }
+
+# fedora coreos endpoints
+
+define service {
+  hostgroup_name        oneproxy
+  service_description   https-updates-coreos-cert
+  check_command         check_ssl_cert!updates.coreos.fedoraproject.org!25
+  use                   defaulttemplate
+}
+
+define service {
+  hostgroup_name        oneproxy
+  service_description   https-raw-updates-coreos-cert
+  check_command         check_ssl_cert!raw-updates.coreos.fedoraproject.org!25
+  use                   defaulttemplate
+}
+
+define service {
+  hostgroup_name        oneproxy
+  service_description   https-status-updates-coreos-cert
+  check_command         check_ssl_cert!status.updates.coreos.fedoraproject.org!25
+  use                   defaulttemplate
+}
+
+define service {
+  hostgroup_name        oneproxy
+  service_description   https-status-raw-updates-coreos-cert
+  check_command         check_ssl_cert!status.raw-updates.coreos.fedoraproject.org!25
+  use                   defaulttemplate
+}
+
+# ocp4 cluster prod
+
+define service {
+  hostgroup_name        oneproxy
+  service_description   https-ocp4-prod-cert
+  check_command         check_ssl_cert!console-openshift-console.apps.ocp.fedoraproject.org!25
+  use                   defaulttemplate
+}
+
+# ocp4 cluster stg
+
+define service {
+  hostgroup_name        oneproxy-stg
+  service_description   https-ocp4-stg-cert
+  check_command         check_ssl_cert!console-openshift-console.apps.ocp.stg.fedoraproject.org!25
+  use                   defaulttemplate
+}

roles/nagios_server/tasks/main.yml

@@ -470,6 +470,7 @@
     - nomail.cfg
     - checkswap.cfg
     - checkraid.cfg
+    - other.cfg
   when: nagios_location == 'iad2_internal'
   tags:
   - nagios_server

roles/nagios_server/templates/nagios/hostgroups/other.cfg.j2

@@ -0,0 +1,14 @@
+
+define hostgroup {
+        hostgroup_name  oneproxy
+        alias           just one proxy
+        members         proxy01.iad2.fedoraproject.org
+
+}
+
+define hostgroup {
+        hostgroup_name  oneproxy-stg
+        alias           just one proxy in staging
+        members         proxy01.stg.iad2.fedoraproject.org
+
+}