Check mw* servers directly for SSL

modules/monitoring/manifests/init.pp

@@ -208,6 +208,11 @@
  $redirects = loadyaml('/etc/puppetlabs/puppet/ssl-cert/redirects.yaml')
  $sslcerts = $ssl + $redirects
 
+ $servers = query_nodes('Class[Role::Mediawiki]')
+ .flatten()
+ .unique()
+ .sort()
+
  file { '/etc/icinga2/conf.d/ssl.conf':
  ensure => 'present',
  content => template('monitoring/ssl.conf.erb'),

modules/monitoring/templates/ssl.conf.erb

@@ -17,6 +17,17 @@ apply Service "m.miraheze.org - LetsEncrypt" {
  assign where "sslchecks" in host.groups
 }
 
+<% @servers.each do |server| -%>
+ apply Service "<%= server %> SSL Check" {
+ import "generic-service"
+ check_command = "check_ssl_expire"
+ check_interval = 30m
+ notes_url = "https://meta.miraheze.org/wiki/Tech:Icinga/MediaWiki_Monitoring#SSL_Validity_Checks"
+ vars.host = "<%= server %>"
+ vars.time = "30"
+ assign where "sslchecks" in host.groups
+ }
+
 <% @sslcerts.each_pair do | name, property | -%>
 apply Service "<%= property['url'] %> - <%= property['ca'] %>" {
  import "generic-service"