icinga reports notebook1001 as a DOWN host. but it is actually up.
There are iptables rules on it that don't appear to be puppetized and probably prevent icinga from connecting to it.
From puppet just base::firewall is included but there are things like
Chain DOCKER-ISOLATION (1 references)
That should probably be done with ferm rules (and base::firewall would leave the standard holes for icinga open)