This is easy enough to change, but... one reason we wanted all the proxies checked was in case we rolled out a new cert and somehow some subset of them didn't update and still had the old cert.

ie, we could just check one, but then we might miss if there's others that are effected.

Not sure whats best here...

@codeblock you still want to try and do this some different way?

I wonder if we could make them all depend on each other as far as nagios knows and the other ones would all be deps of the first one in the case where they are all bad, but only one would alert in the case of one bad?

I'll take a look, lets see what I can come up with
@lgriffin

I wonder if this will work. It checks the certs on koji.fp.o and proxy03.fp.o and suppresses warnings of the koji and proxies hostgroups when this check already returns WARN or CRIT. pagure as a single host can send out notifications whenever necessary.
caveat: we won't get notifications about ssl certs from koji and proxies hostgroups until the certs on koji.fp.o and proxie03.fp.o get fixed.

diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg b/roles/nagios_server/files/nagios/services/ssl.cfg
index 275571cc9..b857c8fd2 100644
--- a/roles/nagios_server/files/nagios/services/ssl.cfg
+++ b/roles/nagios_server/files/nagios/services/ssl.cfg
@@ -39,3 +39,19 @@ define service {
check_command check_ssl_cert!pagure.io!60
use defaulttemplate
}
+
+define servicedependency {
+ host_name koji.fedoraproject.org
+ dependent_hostgroup_name koji
+ dependent_service_description koji hosts running SSL checks
+ notification_failure_criteria w,c
+ execution_failure_criteria w,c
+}
+
+define servicedependency {
+ host_name proxy03.fedoraproject.org
+ dependent_hostgroup_name proxies
+ dependent_service_description Proxies running SSL checks
+ notification_failure_criteria w,c
+ execution_failure_criteria w,c
+}

Added.