From 0bc898160b57b69bb766c97f25a5b9545eb91ee3 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Fri, 28 Mar 2025 22:04:58 -0400
Subject: mysql/icinga fixes

---
 .../etc/icinga2/conf.d/groups.conf.icinga_server   |  5 ++++
 .../etc/icinga2/conf.d/services.conf.icinga_server | 32 ++++++++++++++++++++++
 .../local/etc/mysql/conf.d/server.cnf.mysql_server |  1 -
 .../local/etc/poudriere.d/make.conf.pkg_repository |  2 +-
 files/usr/local/var/krb5kdc/kadm5.acl.idm_server   |  2 +-
 5 files changed, 39 insertions(+), 3 deletions(-)

(limited to 'files')

diff --git a/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
index f6f13b8..6665a78 100644
--- a/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/groups.conf.icinga_server
@@ -43,6 +43,11 @@ object HostGroup "postgresql-servers" {
   assign where regex("^postgres[0-9]+", host.name)
 }
 
+object HostGroup "mysql-servers" {
+  display_name = "MySQL Servers"
+  assign where regex("^mysql[0-9]+", host.name)
+}
+
 object HostGroup "dav-servers" {
   display_name = "DAV Servers"
   assign where regex("^dav[0-9]+", host.name)
diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
index ce08657..dbff174 100644
--- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -165,6 +165,16 @@ apply Service "postgres" {
   assign where "postgresql-servers" in host.groups
 }
 
+apply Service "mysql" {
+  check_command = "mysql"
+  vars.mysql_warning = ${icinga_response_time_warn}
+  vars.mysql_critical = ${icinga_response_time_crit}
+  vars.mysql_username = "${icinga_username}"
+  vars.mysql_password = IcingaPassword
+  vars.mysql_ssl = true
+  assign where "mysql-servers" in host.groups
+}
+
 apply Service "eap-cert" {
   check_command = "eapol"
   vars.eapol_secret = IcingaRadiusSecret
@@ -233,6 +243,28 @@ apply Service for (vhost in host.vars.xmpp_vhosts) {
   vars.tcp_expect = "<?xml version='1.0'"
 }
 
+apply Service "mollysocket" {
+  check_command = "http"
+  display_name = "mollysocket status"
+  vars.http_vhost = "\$address\$"
+  vars.http_port = 8443
+  vars.http_expect = "HTTP/1.1 200 OK"
+  vars.http_ssl = true
+  vars.http_warn_time = ${icinga_response_time_warn}
+  vars.http_critical_time = ${icinga_response_time_crit}
+  assign where ("xmpp-servers" in host.groups)
+}
+
+apply Service "mollysocket-cert" {
+  check_command = "http"
+  display_name = "mollysocket certificate"
+  vars.http_port = 8443
+  vars.http_vhost = "\$address\$"
+  vars.http_ssl = true
+  vars.http_certificate = ${icinga_cert_days_warn} + "," + ${icinga_cert_days_crit}
+  assign where ("xmpp-servers" in host.groups)
+}
+
 // Expect HTTP 200
 apply Service "http" {
   check_command = "http"
diff --git a/files/usr/local/etc/mysql/conf.d/server.cnf.mysql_server b/files/usr/local/etc/mysql/conf.d/server.cnf.mysql_server
index 2f514ae..4b51ccd 100644
--- a/files/usr/local/etc/mysql/conf.d/server.cnf.mysql_server
+++ b/files/usr/local/etc/mysql/conf.d/server.cnf.mysql_server
@@ -18,5 +18,4 @@ pam_use_cleartext_plugin
 ssl_ca                    = ${site_cacert_path}
 ssl_cert                  = ${mysql_tls_cert}
 ssl_key                   = ${mysql_tls_key}
-require_secure_transport
 max_allowed_packet        = ${mysql_max_packet_size}
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index eeda66f..aa961ea 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -58,7 +58,7 @@ multimedia_qt6-multimedia_SET=PULSEAUDIO
 multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM
 multimedia_webcamd_UNSET=DVB INPUT RADIO
 net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP
-net-mgmt_monitoring-plugins_SET=LDAP SSH_PORTABLE PGSQL RADIUS DNS_BINDTOOLS
+net-mgmt_monitoring-plugins_SET=LDAP SSH_PORTABLE PGSQL MYSQL RADIUS DNS_BINDTOOLS
 net-mgmt_monitoring-plugins_UNSET=DNS_BASE
 net_asterisk18_SET=NEWG711 G729 NCURSES
 net_asterisk18_UNSET=DAHDI FREETDS RADIUS NEWT
diff --git a/files/usr/local/var/krb5kdc/kadm5.acl.idm_server b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server
index 9f7507e..77ab9cf 100644
--- a/files/usr/local/var/krb5kdc/kadm5.acl.idm_server
+++ b/files/usr/local/var/krb5kdc/kadm5.acl.idm_server
@@ -1,2 +1,2 @@
 */admin@${realm} * *
-${boxconf_username}@${realm} * *
+${boxconf_username}@${realm} xe *
-- 
cgit v1.2.3